diff options
| -rw-r--r-- | ishtar_common/models.py | 51 | ||||
| -rw-r--r-- | ishtar_common/models_common.py | 3 | ||||
| -rw-r--r-- | ishtar_common/models_imports.py | 2 | ||||
| -rw-r--r-- | ishtar_common/templates/ishtar/blocks/sheet_permission_detail.html | 13 | ||||
| -rw-r--r-- | ishtar_common/templates/ishtar/blocks/window_nav.html | 5 | ||||
| -rw-r--r-- | ishtar_common/templates/ishtar/sheet_ishtaruser.html | 489 | ||||
| -rw-r--r-- | ishtar_common/templates/ishtar/sheet_ishtaruser_window.html | 3 | ||||
| -rw-r--r-- | ishtar_common/templates/ishtar/sheet_person.html | 2 | ||||
| -rw-r--r-- | ishtar_common/templatetags/ishtar_helpers.py | 5 | ||||
| -rw-r--r-- | ishtar_common/templatetags/link_to_window.py | 8 | ||||
| -rw-r--r-- | ishtar_common/templatetags/window_tables.py | 5 | ||||
| -rw-r--r-- | ishtar_common/urls.py | 5 | ||||
| -rw-r--r-- | ishtar_common/utils.py | 10 | ||||
| -rw-r--r-- | ishtar_common/views.py | 3 | ||||
| -rw-r--r-- | ishtar_common/views_item.py | 62 |
15 files changed, 634 insertions, 32 deletions
diff --git a/ishtar_common/models.py b/ishtar_common/models.py index 5b2e3fdbf..424648854 100644 --- a/ishtar_common/models.py +++ b/ishtar_common/models.py @@ -3609,7 +3609,8 @@ class UserProfile(models.Model): print("ishtar_common/models.py - 3600", item_ids, ishtar_user, content_type, permission_type) return item_ids - def generate_permission(self, content_type, permission_type): + def generate_permission(self, content_type, permission_type, + base_permission_only=False): ishtar_user = self.person.ishtaruser if self.expiration_date and self.expiration_date < datetime.date.today(): @@ -3618,8 +3619,12 @@ class UserProfile(models.Model): # add base permissions for group in self.profile_type.groups.all(): for perm in group.permissions.filter( + content_type=content_type, codename__startswith=permission_type).all(): ishtar_user.user_ptr.user_permissions.add(perm) + if base_permission_only: + return + q_has_perm = self.profile_type.groups.filter( permissions__content_type=content_type, permissions__codename__startswith=f"{permission_type}_own_", @@ -3772,6 +3777,7 @@ class IshtarUser(FullSearch): SearchVectorConfig("person__town"), SearchVectorConfig("person__attached_to__name"), ] + SHEET_ALTERNATIVES = [] CACHED_LABELS = [] # needed to force search vector update @@ -3926,12 +3932,15 @@ class IshtarUser(FullSearch): def generate_permission(self): # models to treat first in this order to manage cascade permissions model_names = [ + ("archaeological_files", "file"), ("archaeological_operations", "operation"), + ("archaeological_operations", "archaeologicalsite"), ("archaeological_context_records", "contextrecord"), ("archaeological_warehouse", "warehouse"), - ("archaeological_finds", "treatment"), ("archaeological_warehouse", "container"), ("archaeological_finds", "find"), + ("archaeological_finds", "treatmentfile"), + ("archaeological_finds", "treatment"), ] # cascade permission to treat at the end last_model_names = [ @@ -3958,9 +3967,47 @@ class IshtarUser(FullSearch): for ct in content_types: for profile in self.person.profiles.all(): + profile.generate_permission(ct, "add", base_permission_only=True) for permission_type in ("view", "change", "delete"): profile.generate_permission(ct, permission_type) + def has_permission_dict(self): + """ + Get permission dict with permission codename as key and True or False as result. + Used by ishtaruser sheet + """ + permission_list = [] + model_list = [ + ("archaeological_context_records", "contextrecord"), + ("archaeological_files", "file"), + ("archaeological_finds", "find"), + ("archaeological_finds", "treatment"), + ("archaeological_finds", "treatmentfile"), + ("archaeological_operations", "operation"), + ("archaeological_operations", "archaeologicalsite"), + ("archaeological_warehouse", "warehouse"), + ("archaeological_warehouse", "container"), + ("ishtar_common", "document"), + ("ishtar_common", "person"), + ("ishtar_common", "organization"), + ("archaeological_operations", "administrativeact"), + ] + for app_label, model in model_list: + for permission in ("change", "delete", "view"): + permission_list.append( + (app_label, model, f"{permission}_own_{model}") + ) + permission_dict = {} + for app_label, model, permission_codename in permission_list: + ct = ContentType.objects.get(app_label=app_label, model=model) + q = UserObjectPermission.objects.filter( + user_id=self.pk, + permission__codename=permission_codename, + content_type=ct + ) + permission_dict[permission_codename] = q.exists() + return permission_dict + def full_label(self): return self.person.full_label() diff --git a/ishtar_common/models_common.py b/ishtar_common/models_common.py index 920b71584..011c71a8a 100644 --- a/ishtar_common/models_common.py +++ b/ishtar_common/models_common.py @@ -1575,7 +1575,7 @@ class BaseHistorizedItem( null=True, ) ishtar_users = models.ManyToManyField( - "ishtar_common.IshtarUser", blank=True, related_name='%(class)s_permission_associated' + "ishtar_common.IshtarUser", blank=True, related_name='%(class)s_associated' ) class Meta: @@ -3304,6 +3304,7 @@ class MainItem(ShortMenuItem, SerializeItem, SheetItem): SHOW_URL = None DOWN_MODEL_UPDATE = [] INITIAL_VALUES = [] # list of field checkable if changed on save + OLD_SHEET_EXPORT = True def __init__(self, *args, **kwargs): super().__init__(*args, **kwargs) diff --git a/ishtar_common/models_imports.py b/ishtar_common/models_imports.py index ddb23e490..8f4686666 100644 --- a/ishtar_common/models_imports.py +++ b/ishtar_common/models_imports.py @@ -1441,7 +1441,7 @@ class BaseImport(models.Model, OwnPerms, SheetItem): ) state = None - NO_ODTPDF_EXPORT = True + OLD_SHEET_EXPORT = False class Meta: abstract = True diff --git a/ishtar_common/templates/ishtar/blocks/sheet_permission_detail.html b/ishtar_common/templates/ishtar/blocks/sheet_permission_detail.html new file mode 100644 index 000000000..aaf88b034 --- /dev/null +++ b/ishtar_common/templates/ishtar/blocks/sheet_permission_detail.html @@ -0,0 +1,13 @@ +{% load i18n ishtar_helpers window_tables %} + +{% if item|user_can_do:full_permission %} +<h3>{{table_label}}</h3> +<div class="alert alert-info" role="alert"> + <i class="fa fa-info-circle" aria-hidden="true"></i> + {% trans "Permission on all items" %} +</div> +{% else %} +{% if has_own_permission %} +{% dynamic_table_document table_label table_name permission item.pk '' output %} +{% endif %} +{% endif %} diff --git a/ishtar_common/templates/ishtar/blocks/window_nav.html b/ishtar_common/templates/ishtar/blocks/window_nav.html index 63aafb93a..d318fe264 100644 --- a/ishtar_common/templates/ishtar/blocks/window_nav.html +++ b/ishtar_common/templates/ishtar/blocks/window_nav.html @@ -81,7 +81,7 @@ {% endif %} </div> - {% if not item.NO_ODTPDF_EXPORT or extra_templates %} + {% if item.OLD_SHEET_EXPORT or extra_templates or item.HAS_QR_CODE or item.get_absolute_url %} <div class="btn-group btn-group-sm" role="group" aria-label="{% trans 'Export' %}"> <div class="btn btn-sm dropdown btn-secondary"> @@ -93,6 +93,7 @@ </a> <div class="dropdown-menu" aria-labelledby="dropdown-sheet-export-{{window_id}}"> + {% if item.OLD_SHEET_EXPORT %} <a class="dropdown-item" href='{% url show_url item.pk "odt" %}' title='{% trans "Export as OpenOffice.org file"%}'> <i class="fa fa-file-word-o" aria-hidden="true"></i> ODT @@ -100,7 +101,7 @@ <a class="dropdown-item" href='{% url show_url item.pk "pdf" %}' title='{% trans "Export as PDF file"%}'> <i class="fa fa-file-pdf-o" aria-hidden="true"></i> PDF - </a>{% for template_name, template_url in extra_templates %} + </a>{% endif %}{% for template_name, template_url in extra_templates %} <a class="dropdown-item" href='{{template_url}}'> <i class="fa fa-file-word-o" aria-hidden="true"></i> {{template_name}} </a>{% endfor %} diff --git a/ishtar_common/templates/ishtar/sheet_ishtaruser.html b/ishtar_common/templates/ishtar/sheet_ishtaruser.html new file mode 100644 index 000000000..09979c641 --- /dev/null +++ b/ishtar_common/templates/ishtar/sheet_ishtaruser.html @@ -0,0 +1,489 @@ +{% extends "ishtar/sheet.html" %} +{% load i18n ishtar_helpers window_header window_field window_tables %} + +{% block head_title %}<strong><i class="fa fa-user" aria-hidden="true"></i> {% trans "Account" %}</strong> – {{item.person.raw_name}}{% endblock %} + +{% block toolbar %} +{% window_nav item window_id 'show-ishtaruser' %} +{% endblock %} + +{% block content %} +{% if ADMIN %} {# extra check #} +{% with has_permission_dict=item.has_permission_dict %} + +<ul class="nav nav-tabs" id="{{window_id}}-tabs" role="tablist"> + <li class="nav-item"> + <a class="nav-link active" id="{{window_id}}-general-tab" + data-toggle="tab" href="#{{window_id}}-general" role="tab" + aria-controls="{{window_id}}-general" aria-selected="false"> + {% trans "General" %} + </a> + </li> + <li class="nav-item"> + <a class="nav-link" id="{{window_id}}-view-tab" + data-toggle="tab" href="#{{window_id}}-view" role="tab" + aria-controls="{{window_id}}-view" aria-selected="false"> + {% trans "View permissions" %} + </a> + </li> + <li class="nav-item"> + <a class="nav-link" id="{{window_id}}-add-tab" + data-toggle="tab" href="#{{window_id}}-add" role="tab" + aria-controls="{{window_id}}-add" aria-selected="false"> + {% trans "Add permissions" %} + </a> + </li> + <li class="nav-item"> + <a class="nav-link" id="{{window_id}}-change-tab" + data-toggle="tab" href="#{{window_id}}-change" role="tab" + aria-controls="{{window_id}}-change" aria-selected="false"> + {% trans "Modify permissions" %} + </a> + </li> + <li class="nav-item"> + <a class="nav-link" id="{{window_id}}-delete-tab" + data-toggle="tab" href="#{{window_id}}-delete" role="tab" + aria-controls="{{window_id}}-delete" aria-selected="false"> + {% trans "Delete permissions" %} + </a> + </li> +</ul> + +<div class="tab-content" id="{{window_id}}-tab-content"> + <div class="tab-pane fade show active" id="{{window_id}}-general" + role="tabpanel" aria-labelledby="{{window_id}}-general-tab"> + <div class="row"> + {% field_flex_detail _("Person") item.person %} + <dl class="col-12 col-md-6 col-lg-3 flex-wrap"> + <dt>{% trans "Status" %}</dt> + <dd> + {% if item.user_ptr.is_active %} + <i class="fa fa-check-circle text-success" aria-hidden="true"></i> + {%trans "Account activated"%}{% else %} + <i class="fa fa-stop-circle text-warning" aria-hidden="true"></i> + {%trans "Account deactivated"%} + {% endif %} + </dd> + </dl> + {% field_flex _("Profile(s)") item.person.profiles_list %} + </div> + {% if item.is_ishtaradmin %} + <div class="alert alert-warning" role="alert"> + <i class="fa fa-info-circle" aria-hidden="true"></i> + {% trans "Account administrator: all permissions are granted." %} + </div> + {% endif %} + </div> + + <div class="tab-pane fade show" id="{{window_id}}-view" + role="tabpanel" aria-labelledby="{{window_id}}-view-tab"> + <h2>{% trans "View permissions" %}</h2> + {% with permission="view_own" %} + + {% with table_label=_("Archaeological files") %} + {% with table_name="files" %} + {% with full_permission="archaeological_files.view_file" %} + {% with has_own_permission=has_permission_dict.view_own_file %} + {% include "ishtar/blocks/sheet_permission_detail.html"%} + {% endwith %} {% endwith %} {% endwith %} {% endwith %} + + {% with table_label=_("Operations") %} + {% with table_name="operations" %} + {% with full_permission="archaeological_operations.view_operation" %} + {% with has_own_permission=has_permission_dict.view_own_operation %} + {% include "ishtar/blocks/sheet_permission_detail.html"%} + {% endwith %} {% endwith %} {% endwith %} {% endwith %} + + {% with table_label=_("Archaeological sites") %} + {% with table_name="sites" %} + {% with full_permission="archaeological_operations.view_archaeologicalsite" %} + {% with has_own_permission=has_permission_dict.view_own_archaeologicalsite %} + {% include "ishtar/blocks/sheet_permission_detail.html"%} + {% endwith %} {% endwith %} {% endwith %} {% endwith %} + + {% with table_label=_("Context records") %} + {% with table_name="context_records" %} + {% with full_permission="archaeological_context_records.view_contextrecord" %} + {% with has_own_permission=has_permission_dict.view_own_contextrecord %} + {% include "ishtar/blocks/sheet_permission_detail.html"%} + {% endwith %} {% endwith %} {% endwith %} {% endwith %} + + {% with table_label=_("Finds") %} + {% with table_name="finds" %} + {% with full_permission="archaeological_finds.view_find" %} + {% with has_own_permission=has_permission_dict.view_own_find %} + {% include "ishtar/blocks/sheet_permission_detail.html"%} + {% endwith %} {% endwith %} {% endwith %} {% endwith %} + + {% with table_label=_("Treatments") %} + {% with table_name="treatments" %} + {% with full_permission="archaeological_finds.view_treatment" %} + {% with has_own_permission=has_permission_dict.view_own_treatment %} + {% include "ishtar/blocks/sheet_permission_detail.html"%} + {% endwith %} {% endwith %} {% endwith %} {% endwith %} + + {% with table_label=_("Treatment files") %} + {% with table_name="treatment_files" %} + {% with full_permission="archaeological_finds.view_treatmentfile" %} + {% with has_own_permission=has_permission_dict.view_own_treatmentfile %} + {% include "ishtar/blocks/sheet_permission_detail.html"%} + {% endwith %} {% endwith %} {% endwith %} {% endwith %} + + {% with table_label=_("Warehouses") %} + {% with table_name="warehouses" %} + {% with full_permission="archaeological_warehouse.view_warehouse" %} + {% with has_own_permission=has_permission_dict.view_own_warehouse %} + {% include "ishtar/blocks/sheet_permission_detail.html"%} + {% endwith %} {% endwith %} {% endwith %} {% endwith %} + + {% with table_label=_("Containers") %} + {% with table_name="containers" %} + {% with full_permission="archaeological_warehouse.view_container" %} + {% with has_own_permission=has_permission_dict.view_own_container %} + {% include "ishtar/blocks/sheet_permission_detail.html"%} + {% endwith %} {% endwith %} {% endwith %} {% endwith %} + + {% with table_label=_("Documents") %} + {% with table_name="documents" %} + {% with full_permission="ishtar_common.view_document" %} + {% with has_own_permission=has_permission_dict.view_own_document %} + {% include "ishtar/blocks/sheet_permission_detail.html"%} + {% endwith %} {% endwith %} {% endwith %} {% endwith %} + + {% with table_label=_("Administrative acts") %} + {% with table_name="admin_acts" %} + {% with full_permission="archaeological_operations.view_administrativeact" %} + {% with has_own_permission=has_permission_dict.view_own_administrativeact %} + {% include "ishtar/blocks/sheet_permission_detail.html"%} + {% endwith %} {% endwith %} {% endwith %} {% endwith %} + + {% with table_label=_("Organizations") %} + {% with table_name="organizations" %} + {% with full_permission="ishtar_common.view_organization" %} + {% with has_own_permission=has_permission_dict.view_own_organization %} + {% include "ishtar/blocks/sheet_permission_detail.html"%} + {% endwith %} {% endwith %} {% endwith %} {% endwith %} + + {% with table_label=_("Persons") %} + {% with table_name="persons" %} + {% with full_permission="ishtar_common.view_person" %} + {% with has_own_permission=has_permission_dict.view_own_person %} + {% include "ishtar/blocks/sheet_permission_detail.html"%} + {% endwith %} {% endwith %} {% endwith %} {% endwith %} + + {% endwith %} + </div> + + <div class="tab-pane fade show" id="{{window_id}}-add" + role="tabpanel" aria-labelledby="{{window_id}}-add-tab"> + <h2>{% trans "Add permissions" %}</h2> + + {% if item|user_can_do:"archaeological_files.add_file" %} + <h3>{% trans "Archaeological files" %}</h3> + <div class="alert alert-info" role="alert"> + <i class="fa fa-info-circle" aria-hidden="true"></i> + {% trans "Can create items" %} + </div> + {% endif %} + + {% if item|user_can_do:"archaeological_operations.add_operation" %} + <h3>{% trans "Operations" %}</h3> + <div class="alert alert-info" role="alert"> + <i class="fa fa-info-circle" aria-hidden="true"></i> + {% trans "Can create items" %} + </div> + {% endif %} + + {% if item|user_can_do:"archaeological_operations.add_archaeologicalsite" %} + <h3>{% trans "Archaeological sites" %}</h3> + <div class="alert alert-info" role="alert"> + <i class="fa fa-info-circle" aria-hidden="true"></i> + {% trans "Can create items" %} + </div> + {% endif %} + + {% if item|user_can_do:"archaeological_context_records.add_contextrecord" %} + <h3>{% trans "Context records" %}</h3> + <div class="alert alert-info" role="alert"> + <i class="fa fa-info-circle" aria-hidden="true"></i> + {% trans "Can create items" %} + </div> + {% endif %} + + {% if item|user_can_do:"archaeological_finds.add_find" %} + <h3>{% trans "Finds" %}</h3> + <div class="alert alert-info" role="alert"> + <i class="fa fa-info-circle" aria-hidden="true"></i> + {% trans "Can create items" %} + </div> + {% endif %} + + {% if item|user_can_do:"archaeological_treatments.add_treatment" %} + <h3>{% trans "Treatments" %}</h3> + <div class="alert alert-info" role="alert"> + <i class="fa fa-info-circle" aria-hidden="true"></i> + {% trans "Can create items" %} + </div> + {% endif %} + + {% if item|user_can_do:"archaeological_treatmentfiles.add_treatmentfile" %} + <h3>{% trans "Treatment files" %}</h3> + <div class="alert alert-info" role="alert"> + <i class="fa fa-info-circle" aria-hidden="true"></i> + {% trans "Can create items" %} + </div> + {% endif %} + + {% if item|user_can_do:"archaeological_warehouse.add_warehouse" %} + <h3>{% trans "Warehouses" %}</h3> + <div class="alert alert-info" role="alert"> + <i class="fa fa-info-circle" aria-hidden="true"></i> + {% trans "Can create items" %} + </div> + {% endif %} + + {% if item|user_can_do:"archaeological_warehouse.add_container" %} + <h3>{% trans "Containers" %}</h3> + <div class="alert alert-info" role="alert"> + <i class="fa fa-info-circle" aria-hidden="true"></i> + {% trans "Can create items" %} + </div> + {% endif %} + + {% if item|user_can_do:"ishtar_common.add_document" %} + <h3>{% trans "Documents" %}</h3> + <div class="alert alert-info" role="alert"> + <i class="fa fa-info-circle" aria-hidden="true"></i> + {% trans "Can create items" %} + </div> + {% endif %} + + {% if item|user_can_do:"archaeological_operations.add_administrativeact" %} + <h3>{% trans "Administrative acts" %}</h3> + <div class="alert alert-info" role="alert"> + <i class="fa fa-info-circle" aria-hidden="true"></i> + {% trans "Can create items" %} + </div> + {% endif %} + + {% if item|user_can_do:"ishtar_common.add_organization" %} + <h3>{% trans "Organizations" %}</h3> + <div class="alert alert-info" role="alert"> + <i class="fa fa-info-circle" aria-hidden="true"></i> + {% trans "Can create items" %} + </div> + {% endif %} + + {% if item|user_can_do:"ishtar_common.add_person" %} + <h3>{% trans "Persons" %}</h3> + <div class="alert alert-info" role="alert"> + <i class="fa fa-info-circle" aria-hidden="true"></i> + {% trans "Can create items" %} + </div> + {% endif %} + + </div> + + <div class="tab-pane fade show" id="{{window_id}}-change" + role="tabpanel" aria-labelledby="{{window_id}}-change-tab"> + <h2>{% trans "Modify permissions" %}</h2> + {% with permission="change_own" %} + + {% with table_label=_("Archaeological files") %} + {% with table_name="files" %} + {% with full_permission="archaeological_files.change_file" %} + {% with has_own_permission=has_permission_dict.change_own_file %} + {% include "ishtar/blocks/sheet_permission_detail.html"%} + {% endwith %} {% endwith %} {% endwith %} {% endwith %} + + {% with table_label=_("Operations") %} + {% with table_name="operations" %} + {% with full_permission="archaeological_operations.change_operation" %} + {% with has_own_permission=has_permission_dict.change_own_operation %} + {% include "ishtar/blocks/sheet_permission_detail.html"%} + {% endwith %} {% endwith %} {% endwith %} {% endwith %} + + {% with table_label=_("Archaeological sites") %} + {% with table_name="sites" %} + {% with full_permission="archaeological_operations.change_archaeologicalsite" %} + {% with has_own_permission=has_permission_dict.change_own_archaeologicalsite %} + {% include "ishtar/blocks/sheet_permission_detail.html"%} + {% endwith %} {% endwith %} {% endwith %} {% endwith %} + + {% with table_label=_("Context records") %} + {% with table_name="context_records" %} + {% with full_permission="archaeological_context_records.change_contextrecord" %} + {% with has_own_permission=has_permission_dict.change_own_contextrecord %} + {% include "ishtar/blocks/sheet_permission_detail.html"%} + {% endwith %} {% endwith %} {% endwith %} {% endwith %} + + {% with table_label=_("Finds") %} + {% with table_name="finds" %} + {% with full_permission="archaeological_finds.change_find" %} + {% with has_own_permission=has_permission_dict.change_own_find %} + {% include "ishtar/blocks/sheet_permission_detail.html"%} + {% endwith %} {% endwith %} {% endwith %} {% endwith %} + + {% with table_label=_("Treatments") %} + {% with table_name="treatments" %} + {% with full_permission="archaeological_finds.change_treatment" %} + {% with has_own_permission=has_permission_dict.change_own_treatment %} + {% include "ishtar/blocks/sheet_permission_detail.html"%} + {% endwith %} {% endwith %} {% endwith %} {% endwith %} + + {% with table_label=_("Treatment files") %} + {% with table_name="treatment_files" %} + {% with full_permission="archaeological_finds.change_treatmentfile" %} + {% with has_own_permission=has_permission_dict.change_own_treatmentfile %} + {% include "ishtar/blocks/sheet_permission_detail.html"%} + {% endwith %} {% endwith %} {% endwith %} {% endwith %} + + {% with table_label=_("Warehouses") %} + {% with table_name="warehouses" %} + {% with full_permission="archaeological_warehouse.change_warehouse" %} + {% with has_own_permission=has_permission_dict.change_own_warehouse %} + {% include "ishtar/blocks/sheet_permission_detail.html"%} + {% endwith %} {% endwith %} {% endwith %} {% endwith %} + + {% with table_label=_("Containers") %} + {% with table_name="containers" %} + {% with full_permission="archaeological_warehouse.change_container" %} + {% with has_own_permission=has_permission_dict.change_own_container %} + {% include "ishtar/blocks/sheet_permission_detail.html"%} + {% endwith %} {% endwith %} {% endwith %} {% endwith %} + + {% with table_label=_("Documents") %} + {% with table_name="documents" %} + {% with full_permission="ishtar_common.change_document" %} + {% with has_own_permission=has_permission_dict.change_own_document %} + {% include "ishtar/blocks/sheet_permission_detail.html"%} + {% endwith %} {% endwith %} {% endwith %} {% endwith %} + + {% with table_label=_("Administrative acts") %} + {% with table_name="admin_acts" %} + {% with full_permission="archaeological_operations.change_administrativeact" %} + {% with has_own_permission=has_permission_dict.change_own_administrativeact %} + {% include "ishtar/blocks/sheet_permission_detail.html"%} + {% endwith %} {% endwith %} {% endwith %} {% endwith %} + + {% with table_label=_("Organizations") %} + {% with table_name="organizations" %} + {% with full_permission="ishtar_common.change_organization" %} + {% with has_own_permission=has_permission_dict.change_own_organization %} + {% include "ishtar/blocks/sheet_permission_detail.html"%} + {% endwith %} {% endwith %} {% endwith %} {% endwith %} + + {% with table_label=_("Persons") %} + {% with table_name="persons" %} + {% with full_permission="ishtar_common.change_person" %} + {% with has_own_permission=has_permission_dict.change_own_person %} + {% include "ishtar/blocks/sheet_permission_detail.html"%} + {% endwith %} {% endwith %} {% endwith %} {% endwith %} + + {% endwith %} + </div> + + <div class="tab-pane fade show" id="{{window_id}}-delete" + role="tabpanel" aria-labelledby="{{window_id}}-delete-tab"> + <h2>{% trans "Delete permissions" %}</h2> + {% with permission="delete_own" %} + + {% with table_label=_("Archaeological files") %} + {% with table_name="files" %} + {% with full_permission="archaeological_files.delete_file" %} + {% with has_own_permission=has_permission_dict.delete_own_file %} + {% include "ishtar/blocks/sheet_permission_detail.html"%} + {% endwith %} {% endwith %} {% endwith %} {% endwith %} + + {% with table_label=_("Operations") %} + {% with table_name="operations" %} + {% with full_permission="archaeological_operations.delete_operation" %} + {% with has_own_permission=has_permission_dict.delete_own_operation %} + {% include "ishtar/blocks/sheet_permission_detail.html"%} + {% endwith %} {% endwith %} {% endwith %} {% endwith %} + + {% with table_label=_("Archaeological sites") %} + {% with table_name="sites" %} + {% with full_permission="archaeological_operations.delete_archaeologicalsite" %} + {% with has_own_permission=has_permission_dict.delete_own_archaeologicalsite %} + {% include "ishtar/blocks/sheet_permission_detail.html"%} + {% endwith %} {% endwith %} {% endwith %} {% endwith %} + + {% with table_label=_("Context records") %} + {% with table_name="context_records" %} + {% with full_permission="archaeological_context_records.delete_contextrecord" %} + {% with has_own_permission=has_permission_dict.delete_own_contextrecord %} + {% include "ishtar/blocks/sheet_permission_detail.html"%} + {% endwith %} {% endwith %} {% endwith %} {% endwith %} + + {% with table_label=_("Finds") %} + {% with table_name="finds" %} + {% with full_permission="archaeological_finds.delete_find" %} + {% with has_own_permission=has_permission_dict.delete_own_find %} + {% include "ishtar/blocks/sheet_permission_detail.html"%} + {% endwith %} {% endwith %} {% endwith %} {% endwith %} + + {% with table_label=_("Treatments") %} + {% with table_name="treatments" %} + {% with full_permission="archaeological_finds.delete_treatment" %} + {% with has_own_permission=has_permission_dict.delete_own_treatment %} + {% include "ishtar/blocks/sheet_permission_detail.html"%} + {% endwith %} {% endwith %} {% endwith %} {% endwith %} + + {% with table_label=_("Treatment files") %} + {% with table_name="treatment_files" %} + {% with full_permission="archaeological_finds.delete_treatmentfile" %} + {% with has_own_permission=has_permission_dict.delete_own_treatmentfile %} + {% include "ishtar/blocks/sheet_permission_detail.html"%} + {% endwith %} {% endwith %} {% endwith %} {% endwith %} + + {% with table_label=_("Warehouses") %} + {% with table_name="warehouses" %} + {% with full_permission="archaeological_warehouse.delete_warehouse" %} + {% with has_own_permission=has_permission_dict.delete_own_warehouse %} + {% include "ishtar/blocks/sheet_permission_detail.html"%} + {% endwith %} {% endwith %} {% endwith %} {% endwith %} + + {% with table_label=_("Containers") %} + {% with table_name="containers" %} + {% with full_permission="archaeological_warehouse.delete_container" %} + {% with has_own_permission=has_permission_dict.delete_own_container %} + {% include "ishtar/blocks/sheet_permission_detail.html"%} + {% endwith %} {% endwith %} {% endwith %} {% endwith %} + + {% with table_label=_("Documents") %} + {% with table_name="documents" %} + {% with full_permission="ishtar_common.delete_document" %} + {% with has_own_permission=has_permission_dict.delete_own_document %} + {% include "ishtar/blocks/sheet_permission_detail.html"%} + {% endwith %} {% endwith %} {% endwith %} {% endwith %} + + {% with table_label=_("Administrative acts") %} + {% with table_name="admin_acts" %} + {% with full_permission="archaeological_operations.delete_administrativeact" %} + {% with has_own_permission=has_permission_dict.delete_own_administrativeact %} + {% include "ishtar/blocks/sheet_permission_detail.html"%} + {% endwith %} {% endwith %} {% endwith %} {% endwith %} + + {% with table_label=_("Organizations") %} + {% with table_name="organizations" %} + {% with full_permission="ishtar_common.delete_organization" %} + {% with has_own_permission=has_permission_dict.delete_own_organization %} + {% include "ishtar/blocks/sheet_permission_detail.html"%} + {% endwith %} {% endwith %} {% endwith %} {% endwith %} + + {% with table_label=_("Persons") %} + {% with table_name="persons" %} + {% with full_permission="ishtar_common.delete_person" %} + {% with has_own_permission=has_permission_dict.delete_own_person %} + {% include "ishtar/blocks/sheet_permission_detail.html"%} + {% endwith %} {% endwith %} {% endwith %} {% endwith %} + + {% endwith %} + </div> + +</div> + +{% endwith %} +{% endif %} +{% endblock %} diff --git a/ishtar_common/templates/ishtar/sheet_ishtaruser_window.html b/ishtar_common/templates/ishtar/sheet_ishtaruser_window.html new file mode 100644 index 000000000..08db98b20 --- /dev/null +++ b/ishtar_common/templates/ishtar/sheet_ishtaruser_window.html @@ -0,0 +1,3 @@ +{% extends "ishtar/sheet_ishtaruser.html" %} +{% block main_head %}{%endblock%} +{% block main_foot %}{%endblock%} diff --git a/ishtar_common/templates/ishtar/sheet_person.html b/ishtar_common/templates/ishtar/sheet_person.html index 5856e4407..c34997d30 100644 --- a/ishtar_common/templates/ishtar/sheet_person.html +++ b/ishtar_common/templates/ishtar/sheet_person.html @@ -18,7 +18,7 @@ {% field_flex "Type(s)" item.person_types_list %} {% field_flex_detail_multiple "Biographical notes" item.biographical_notes %} {% if ADMIN %} - {% field_flex "Profile(s)" item.profiles_list %} + {% field_flex_detail _("Account") item.ishtaruser %} {% endif %} </div> diff --git a/ishtar_common/templatetags/ishtar_helpers.py b/ishtar_common/templatetags/ishtar_helpers.py index 329f82dde..bfe7efc2a 100644 --- a/ishtar_common/templatetags/ishtar_helpers.py +++ b/ishtar_common/templatetags/ishtar_helpers.py @@ -106,5 +106,10 @@ def can_edit_item(item, context): @register.filter +def user_can_do(ishtar_user, permission): + return ishtar_user.user_ptr.has_perm(permission) + + +@register.filter def format_date(value): return python_format_date(value) diff --git a/ishtar_common/templatetags/link_to_window.py b/ishtar_common/templatetags/link_to_window.py index 210c200c6..285d9b1fd 100644 --- a/ishtar_common/templatetags/link_to_window.py +++ b/ishtar_common/templatetags/link_to_window.py @@ -1,7 +1,7 @@ #!/usr/bin/env python3 # -*- coding: utf-8 -*- -from django.urls import reverse +from django.urls import reverse, NoReverseMatch from django.template import Library from django.utils.safestring import mark_safe @@ -17,11 +17,15 @@ def simple_link_to_window(item, caption=""): lock = "" if getattr(item, "locked", None): lock = ' <i class="fa fa-lock text-danger" aria-hidden="true"></i>' + try: + url = reverse("show-" + item.SLUG, args=[item.pk, '']) + except NoReverseMatch: + url = reverse("show-" + item.SLUG, args=[item.pk]) return mark_safe( ' <a class="display_details" href="#" ' 'onclick="load_window(\'{}\')">' '<i class="fa fa-info-circle" aria-hidden="true"></i>{}{}</a>'.format( - reverse("show-" + item.SLUG, args=[item.pk, '']), lock, caption)) + url, lock, caption)) @register.filter diff --git a/ishtar_common/templatetags/window_tables.py b/ishtar_common/templatetags/window_tables.py index 40475c3d4..5685fbc93 100644 --- a/ishtar_common/templatetags/window_tables.py +++ b/ishtar_common/templatetags/window_tables.py @@ -12,7 +12,7 @@ from django.utils.translation import ugettext_lazy as _ from ishtar_common.forms import reverse_lazy from ishtar_common.widgets import DataTable -from ishtar_common.models import Document +from ishtar_common.models import Document, Organization, Person from archaeological_files.models import File from archaeological_operations.models import Operation, ArchaeologicalSite, \ AdministrativeAct @@ -75,6 +75,9 @@ ASSOCIATED_MODELS['warehouses'] = (Warehouse, 'get-warehouse', '') ASSOCIATED_MODELS['documents'] = (Document, 'get-document', '') ASSOCIATED_MODELS['documents_inside_container'] = (Document, 'get-document', '') +ASSOCIATED_MODELS['organizations'] = (Organization, 'get-organization', '') +ASSOCIATED_MODELS['persons'] = (Person, 'get-person', '') + @register.simple_tag(takes_context=True) def dynamic_table_document( diff --git a/ishtar_common/urls.py b/ishtar_common/urls.py index a98a34882..23d161ffc 100644 --- a/ishtar_common/urls.py +++ b/ishtar_common/urls.py @@ -450,6 +450,11 @@ urlpatterns += [ views.show_person, name="show-person", ), + path( + "show-ishtaruser/<int:pk>/", + check_permissions(["ishtaradmin"])(views.show_ishtaruser), + name="show-ishtaruser", + ), url( r"show-biographicalnote(?:/(?P<pk>.+))?/(?P<type>.+)?$", views.show_biographical_note, diff --git a/ishtar_common/utils.py b/ishtar_common/utils.py index c35824906..bbed4e8a4 100644 --- a/ishtar_common/utils.py +++ b/ishtar_common/utils.py @@ -913,6 +913,16 @@ def deserialize_args_for_tasks(sender, kwargs, extra_kwargs=None): return sender, instance +def get_ishtaruser_gdpr_log(view_name, request, data_type, queryset, slice_query=None): + if not settings.GDPR_LOGGING: + return + Person = apps.get_model("ishtar_common", "Person") + queryset = Person.objects.filter( + ishtaruser__pk__in=queryset.values_list("pk", flat=True) + ) + return get_person_gdpr_log(view_name, request, data_type, queryset, slice_query) + + def get_person_gdpr_log(view_name, request, data_type, queryset, slice_query=None): if not settings.GDPR_LOGGING: return diff --git a/ishtar_common/views.py b/ishtar_common/views.py index 03b029fe2..407128f49 100644 --- a/ishtar_common/views.py +++ b/ishtar_common/views.py @@ -82,6 +82,7 @@ from ishtar_common.utils import ( get_current_item_keys, get_current_item_keys_dict, get_field_labels_from_path, + get_ishtaruser_gdpr_log, get_person_gdpr_log, get_random_item_image_link, get_news_feed, @@ -1228,6 +1229,8 @@ show_person = show_item(models.Person, "person", callback=get_person_gdpr_log) get_person = get_item(models.Person, "get_person", "person", callback=get_person_gdpr_log) +show_ishtaruser = show_item(models.IshtarUser, "ishtaruser", callback=get_ishtaruser_gdpr_log) + show_biographical_note = show_item(models.BiographicalNote, "biographicalnote") new_biographical_note = new_qa_item( models.BiographicalNote, forms.BiographicalNoteForm, page_name=_("New biographical note") diff --git a/ishtar_common/views_item.py b/ishtar_common/views_item.py index 48b83e654..7b10974db 100644 --- a/ishtar_common/views_item.py +++ b/ishtar_common/views_item.py @@ -392,8 +392,12 @@ def show_item(model, name, extra_dct=None, model_for_perms=None, callback=None): if query_own: q = q.filter(query_own).distinct() doc_type = "type" in dct and dct.pop("type") + try: + url = reverse("show-" + name, args=["0", ""]) + except NoReverseMatch: + url = reverse("show-" + name, args=[0]) url_name = ( - "/".join(reverse("show-" + name, args=["0", ""]).split("/")[:-2]) + "/" + "/".join(url.split("/")[:-2]) + "/" ) profile = get_current_profile() sheet_name = name @@ -2203,26 +2207,6 @@ def get_item( ): own = True - query_own = None - if own: - # TODO: verify alt_query_own - """ - if alt_query_own: - query_own = getattr(model, alt_query_own)(q.all()[0]) - else: - query_own = model.get_query_owns(q.all()[0]) - print(query_own) # TODO - get old request to transform them - """ - user_pk = request.user.pk if request else ishtaruser.pk - q = UserObjectPermission.objects.filter( - user_id=user_pk, - permission__codename=f"view_own_{model._meta.model_name}", - content_type=ContentType.objects.get_for_model(model) - ) - query_own = Q( - pk__in=[int(pk) for pk in q.values_list("object_pk", flat=True)] - ) - query_parameters = {} if hasattr(model, "get_query_parameters"): @@ -2329,8 +2313,8 @@ def get_item( request_keys.update(my_extra_request_keys) # manage search on json fields and excluded fields + ishtaruser = request.user.ishtaruser if request else ishtaruser if search_form: - ishtaruser = request.user.ishtaruser if request else ishtaruser available, __, excluded_fields, json_fields = search_form.check_custom_form( ishtaruser ) @@ -2493,6 +2477,40 @@ def get_item( related_name_fields = [query_parameters[k].related_name for k in query_parameters if query_parameters[k].related_name] + # manage own filters + own_key = None + if ishtaruser and ishtaruser.is_ishtaradmin: # admin only... + # force own POV - used by account sheet + for key in ("view_own", "change_own", "delete_own"): + if key in dct_request_items: + own = True + own_key = key + break + query_own = None + if own: + # TODO: verify alt_query_own + """ + if alt_query_own: + query_own = getattr(model, alt_query_own)(q.all()[0]) + else: + query_own = model.get_query_owns(q.all()[0]) + print(query_own) # TODO - get old request to transform them + """ + if own_key: + user_pk = dct_request_items[own_key] + codename = f"{own_key}_{model._meta.model_name}" + else: + user_pk = request.user.pk if request else ishtaruser.pk + codename = f"view_own_{model._meta.model_name}" + q = UserObjectPermission.objects.filter( + user_id=user_pk, + permission__codename=codename, + content_type=ContentType.objects.get_for_model(model) + ) + query_own = Q( + pk__in=[int(pk) for pk in q.values_list("object_pk", flat=True)] + ) + items = None for sub_dct in split_dict(dct): query, exc_query, extras = main_manager( |