diff options
| author | Étienne Loks <etienne.loks@iggdrasil.net> | 2024-11-04 17:55:21 +0100 |
|---|---|---|
| committer | Étienne Loks <etienne.loks@iggdrasil.net> | 2025-02-19 14:43:49 +0100 |
| commit | ba26387f09de20d9537d075dcea5221fb3532a5a (patch) | |
| tree | e8fadab722e806ee1511ac0f996afcc9fb44ce09 /ishtar_common/utils.py | |
| parent | 547a20789faf6bbc9979357c7f65cbe61e56ed07 (diff) | |
| download | Ishtar-ba26387f09de20d9537d075dcea5221fb3532a5a.tar.bz2 Ishtar-ba26387f09de20d9537d075dcea5221fb3532a5a.zip | |
✨ permissions refactoring: manage deletion permissions - ♻ refactoring "can_do"
Diffstat (limited to 'ishtar_common/utils.py')
| -rw-r--r-- | ishtar_common/utils.py | 61 |
1 files changed, 41 insertions, 20 deletions
diff --git a/ishtar_common/utils.py b/ishtar_common/utils.py index 11ff45fa7..c35824906 100644 --- a/ishtar_common/utils.py +++ b/ishtar_common/utils.py @@ -422,44 +422,65 @@ class OwnPerms: """ return None # implement for each object + def can_add(self, request): + meta = self.__class__._meta + return self.can_do( + request, "add", app=meta.app_label, model_name=meta.model_name + ) + def can_view(self, request): meta = self.__class__._meta - perm = f"{meta.app_label}.view_{meta.model_name}" - return self.can_do(request, perm) + return self.can_do( + request, "view", app=meta.app_label, model_name=meta.model_name + ) + + def can_change(self, request): + return self.can_edit(request) def can_edit(self, request): - if not getattr(request.user, "ishtaruser", None): - return False - ishtaruser = request.user.ishtaruser meta = self.__class__._meta - perm = f"{meta.app_label}.change_{meta.model_name}" - if ishtaruser.has_permission(perm): - return True - own_perm = f"{meta.app_label}.change_own_{meta.model_name}" - if not ishtaruser.has_permission(own_perm): - return False - return self.is_own(ishtaruser) + return self.can_do( + request, "change", app=meta.app_label, model_name=meta.model_name + ) + + def can_delete(self, request): + meta = self.__class__._meta + return self.can_do( + request, "delete", app=meta.app_label, model_name=meta.model_name + ) - def can_do(self, request, permission): + def can_do(self, request, permission, app=None, model_name=None): """ Check permission availability for the current object. :param request: request object :param permission: action name eg: "archaelogical_finds.change_find" - "own" - variation is checked + variation is checked - can provide only simple permission (e.g. "change") if app + and model_name are provided + :param app: application name (if permission not fully provided) + :param model_name: model name (if permission not fully provided) :return: boolean """ if not getattr(request.user, "ishtaruser", None): return False - if "_findbasket" in permission: - permission = permission.replace("basket", "") + if (app and not model_name) or (not app and model_name): + return False + + if not app: + app, perm = permission.split(".") + p = perm.split("_") + permission = p[0] + model_name = ('_').join(p[1:]) + + if model_name == "findbasket": + model_name = "find" + ishtaruser = request.user.ishtaruser + full_permission = f"{app}.{permission}_{model_name}" - if ishtaruser.has_permission(permission): + if ishtaruser.has_permission(full_permission): return True - app, perm = permission.split(".") - p = perm.split("_") - own = f"{app}.{p[0]}_own_{('_').join(p[1:])}" + own = f"{app}.{permission}_own_{model_name}" try: return ishtaruser.has_permission(own, self) except WrongAppError: |