summaryrefslogtreecommitdiff
path: root/ishtar_common/admin.py
diff options
context:
space:
mode:
Diffstat (limited to 'ishtar_common/admin.py')
-rw-r--r--ishtar_common/admin.py110
1 files changed, 105 insertions, 5 deletions
diff --git a/ishtar_common/admin.py b/ishtar_common/admin.py
index ce66e535c..f67a99e01 100644
--- a/ishtar_common/admin.py
+++ b/ishtar_common/admin.py
@@ -42,7 +42,7 @@ from django.contrib.auth.models import Group, User
from django.contrib.contenttypes.models import ContentType
from django.contrib.sites.admin import SiteAdmin
from django.contrib.sites.models import Site
-from django.contrib.gis.forms import PointField, OSMWidget, MultiPolygonField
+from django.contrib.gis.forms import PointField, OSMWidget
from django.contrib.gis.geos import GEOSGeometry, MultiPolygon
from django.contrib.gis.gdal.error import GDALException
from django.contrib.gis.geos.error import GEOSException
@@ -58,7 +58,7 @@ from django.db.models.fields import (
)
from django.db.models.fields.related import ForeignKey
from django.forms import BaseInlineFormSet
-from django.http import HttpResponseRedirect, HttpResponse
+from django.http import HttpResponseRedirect, HttpResponse, Http404
from django.shortcuts import render
from django.urls import reverse
from django.utils.decorators import method_decorator
@@ -470,8 +470,8 @@ class ImportedObjectAdmin(admin.ModelAdmin):
return fields + ("imports", "imports_updated")
return fields
- END_FIELDS = ["data", "last_modified", "created", "need_update", "locked", "lock_user",
- "main_geodata", "geodata", "qrcode"]
+ END_FIELDS = ["data", "last_modified", "created", "need_update", "locked",
+ "lock_user", "main_geodata", "geodata", "qrcode"]
def get_fields(self, request, obj=None, **kwargs):
"""
@@ -520,7 +520,19 @@ class MyGroupAdmin(GroupAdmin):
css = {"all": ("media/admin.css",)}
-admin_site.register(User, UserAdmin)
+class IshtarUserAdmin(UserAdmin):
+ fieldsets = (
+ (None, {'fields': ('username', 'password')}),
+ (_('Personal info'), {'fields': ('first_name', 'last_name', 'email')}),
+ (_('Permissions'), {
+ 'fields': ('is_active', 'is_staff', 'is_superuser')
+ }),
+ (_('Important dates'), {'fields': ('last_login', 'date_joined')}),
+ )
+ pass
+
+
+admin_site.register(User, IshtarUserAdmin)
admin_site.register(Group, MyGroupAdmin)
admin_site.register(Site, SiteAdmin)
@@ -770,6 +782,46 @@ class PersonAdmin(HistorizedObjectAdmin):
admin_site.register(models.Person, PersonAdmin)
+class PermissionRequestAdminForm(forms.ModelForm):
+ class Meta:
+ model = models_common.PermissionRequest
+ exclude = []
+
+ def __init__(self, *args, **kwargs):
+ super().__init__(*args, **kwargs)
+ choices = []
+ for ct in ContentType.objects.all():
+ klass = ct.model_class()
+ if not klass:
+ continue
+ if getattr(klass, "SHOW_URL", None) and hasattr(klass, "history_creator_id"):
+ choices.append((ct.pk, ct.name))
+ self.fields["model"].choices = [("", "-" * 9)] + list(
+ sorted(choices, key=lambda x: x[1])
+ )
+
+ def clean(self):
+ limit_to_attached_areas = self.cleaned_data.get("limit_to_attached_areas", "")
+ if not limit_to_attached_areas:
+ return self.cleaned_data
+ model = self.cleaned_data["model"]
+ if model.model not in ("operation", "contextrecord", "find",
+ "archaeologicalsite", "file"):
+ raise forms.ValidationError(_("This model do not accept area limitation."))
+ return self.cleaned_data
+
+
+@admin.register(models_common.PermissionRequest, site=admin_site)
+class PermissionRequestAdmin(admin.ModelAdmin):
+ prepopulated_fields = {"slug": ("name",)}
+ search_fields = ("model__model__unaccent", "name")
+ list_display = (
+ "model", "name", "active", "include_associated_items",
+ "include_upstream_items", "limit_to_attached_areas"
+ )
+ form = PermissionRequestAdminForm
+
+
MAIN_ITEM_READONLY_FIELDS = [
"history_creator",
"history_modifier",
@@ -1593,6 +1645,54 @@ admin_site.register(models.Area, AreaAdmin)
class ProfileTypeAdmin(GeneralTypeAdmin):
model = models.ProfileType
filter_vertical = ("groups",)
+ autocomplete_fields = ("permission_requests",)
+
+ def check_permission(self, request, object_id):
+ # check that all "own" permission has a request associated
+ try:
+ obj = models.ProfileType.objects.get(pk=int(object_id))
+ except models.ProfileType.DoesNotExist:
+ return Http404()
+ permissions_needed = set()
+ permissions_not_needed = set()
+ for group in obj.groups.all():
+ for perm in group.permissions.all():
+ sp = perm.codename.split("_")
+ perm_type = (sp[0], sp[-1])
+ if sp[1] == "own":
+ permissions_needed.add(perm_type)
+ else:
+ permissions_not_needed.add(perm_type)
+ for permission_request in obj.permission_requests.all():
+ model = permission_request.model.model
+ for perm_type, perm_model in list(permissions_needed):
+ if model == perm_model:
+ permissions_needed.remove((perm_type, perm_model))
+ for permission in list(permissions_needed):
+ if permission in permissions_not_needed:
+ permissions_needed.remove(permission)
+ if permissions_needed:
+ permission_needed = ", ".join(
+ sorted(set([model for __, model in permissions_needed]))
+ )
+ messages.add_message(
+ request,
+ messages.ERROR,
+ mark_safe(str(_(
+ """Permission requests are needed for theses models:
+<strong>{permission_needed}.</strong><br>
+Associate the profile type \"<strong>{obj}</strong>\" with correct permission request
+otherwise default request will be used (Ishtar v4.4) or no permission will be
+granted (Ishtar >= v5).""")).format(permission_needed=permission_needed, obj=obj))
+ )
+
+ def change_view(self, request, object_id, form_url="", extra_context=None):
+ returned = super().change_view(
+ request, object_id, form_url=form_url, extra_context=extra_context
+ )
+ if not request.POST or not request.POST.get("_continue", False):
+ self.check_permission(request, object_id)
+ return returned
admin_site.register(models.ProfileType, ProfileTypeAdmin)
generated by cgit v1.2.3 (git 2.39.1) at 2025-10-16 22:23:32 +0000