Fix and simplify permission management with profiles (refs #4046)

author: Étienne Loks <etienne.loks@iggdrasil.net> 2018-04-12 17:43:41 +0200
committer: Étienne Loks <etienne.loks@iggdrasil.net> 2018-06-12 08:39:42 +0200
commit: d4833f06b2e080e07ec3e9a456dc19cfcc1e99ff (patch)
tree: 33dc22e2c83d7f8b3b4b39f22bda97e84d60ab9d /ishtar_common/menu_base.py
parent: 4d245b7651c2d8c6b2d345f33d90cf6844d22969 (diff)
download: Ishtar-d4833f06b2e080e07ec3e9a456dc19cfcc1e99ff.tar.bz2
Ishtar-d4833f06b2e080e07ec3e9a456dc19cfcc1e99ff.zip
1 files changed, 10 insertions, 25 deletions
diff --git a/ishtar_common/menu_base.py b/ishtar_common/menu_base.py
index d18964c40..d88c5c7c9 100644
--- a/ishtar_common/menu_base.py
+++ b/ishtar_common/menu_base.py
@@ -25,9 +25,7 @@ class SectionItem:
                  css=''):
         self.idx = idx
         self._label = label
-        if not childs:
-            childs = []
-        self.childs = childs
+        self.childs = childs or []
         self.available = False
         self.items = {}
         self.profile_restriction = profile_restriction
@@ -76,12 +74,12 @@ class SectionItem:
 
 
 class MenuItem:
-    def __init__(self, idx, label, model=None, access_controls=[],
+    def __init__(self, idx, label, model=None, access_controls=None,
                  profile_restriction=None, css=''):
         self.idx = idx
         self.label = label
         self.model = model
-        self.access_controls = access_controls
+        self.access_controls = access_controls or []
         self.available = False
         self.profile_restriction = profile_restriction
         self.css = css
@@ -102,19 +100,10 @@ class MenuItem:
             return True
         if not hasattr(user, 'ishtaruser'):
             return False
-        # manage by specific idx - person type
-        if user.ishtaruser.has_right(self.idx, session=session):
-            return True
-        prefix = (self.model._meta.app_label + '.') if self.model else ''
         for access_control in self.access_controls:
-            # check by person type
-            if user.ishtaruser.has_right(access_control, session=session):
-                return True
-            access_control = prefix + access_control
-            # check by specific access control
-            if user.ishtaruser.has_perm(access_control, self.model,
-                                        session=session) or \
-               access_control in user.get_group_permissions():
+            # check by profile
+            if user.ishtaruser.person.has_right(access_control,
+                                                session=session):
                 return True
         return False
 
@@ -123,15 +112,11 @@ class MenuItem:
             return False
         if not self.access_controls:
             return True
-        prefix = (self.model._meta.app_label + '.') if self.model else ''
+        if not hasattr(user, 'ishtaruser'):
+            return False
         for access_control in self.access_controls:
-            access_control = prefix + access_control
-            if user.has_perm(access_control, self.model, obj=obj):
-                #              session=session):
-                return True
-        # manage by person type
-        if hasattr(user, 'ishtaruser'):
-            if user.ishtaruser.has_right(self.idx, session=session):
+            if user.ishtaruser.person.has_right(
+                    access_control, obj=obj, session=session):
                 return True
         return False
author	Étienne Loks <etienne.loks@iggdrasil.net>	2018-04-12 17:43:41 +0200
committer	Étienne Loks <etienne.loks@iggdrasil.net>	2018-06-12 08:39:42 +0200
commit	d4833f06b2e080e07ec3e9a456dc19cfcc1e99ff (patch)
tree	33dc22e2c83d7f8b3b4b39f22bda97e84d60ab9d /ishtar_common/menu_base.py
parent	4d245b7651c2d8c6b2d345f33d90cf6844d22969 (diff)
download	Ishtar-d4833f06b2e080e07ec3e9a456dc19cfcc1e99ff.tar.bz2 Ishtar-d4833f06b2e080e07ec3e9a456dc19cfcc1e99ff.zip