diff options
Diffstat (limited to 'ishtar_common/views.py')
| -rw-r--r-- | ishtar_common/views.py | 35 |
1 files changed, 20 insertions, 15 deletions
diff --git a/ishtar_common/views.py b/ishtar_common/views.py index 29e7e5fe5..e1ecbfdcf 100644 --- a/ishtar_common/views.py +++ b/ishtar_common/views.py @@ -1700,19 +1700,22 @@ class ImportPreFormView(IshtarMixin, LoginRequiredMixin, FormView): return HttpResponseRedirect(self.get_success_url()) -def get_permissions_for_actions(user, imprt, owns, can_edit_all, can_delete_all, can_edit_own, can_delete_own): - can_edit, can_delete = False, False +def get_permissions_for_actions(user, imprt, owns, permissions): + can_view, can_edit, can_delete = False, False, False is_own = None - if can_edit_own or can_delete_own: # need to check owner + if permissions["can_edit_own"] or permissions["can_delete_own"] \ + or permissions["can_view_own"]: # need to check owner if imprt.importer_type_id not in owns: # "is_own" only query once by importer type owns[imprt.importer_type.pk] = imprt.importer_type.is_own(user.ishtaruser) is_own = owns[imprt.importer_type_id] - if can_edit_all or (can_edit_own and is_own): + if permissions["can_view_all"] or (permissions["can_view_own"] and is_own): + can_view = True + if permissions["can_edit_all"] or (permissions["can_edit_own"] and is_own): can_edit = True - if can_delete_all or (can_delete_own and is_own): + if permissions["can_delete_all"] or (permissions["can_delete_own"] and is_own): can_delete = True - return can_edit, can_delete + return can_view, can_edit, can_delete class ImportListView(IshtarMixin, LoginRequiredMixin, ListView): @@ -1735,15 +1738,17 @@ class ImportListView(IshtarMixin, LoginRequiredMixin, ListView): q2 = self._queryset_filter(models.ImportGroup.query_can_access(user, ["view_import", "change_import"])) q2 = q2.order_by("-end_date", "-creation_date", "-pk") values = list(reversed(sorted(list(q1) + list(q2), key=lambda x: (x.end_date or x.creation_date)))) - can_edit_all, can_delete_all, can_edit_own, can_delete_own = models.Import.get_permissions_for_actions( + permissions = models.Import.get_permissions_for_actions( user, self.request.session ) imports = [] owns = {} for imprt in values: - can_edit, can_delete = get_permissions_for_actions( - user, imprt, owns, can_edit_all, can_delete_all, can_edit_own, can_delete_own + can_view, can_edit, can_delete = get_permissions_for_actions( + user, imprt, owns, permissions ) + if not can_view: + continue imprt.action_list = imprt.get_actions(can_edit=can_edit, can_delete=can_delete) imports.append(imprt) self.imports_len = len(imports) @@ -1757,7 +1762,7 @@ class ImportListView(IshtarMixin, LoginRequiredMixin, ListView): return imports def post(self, request, *args, **kwargs): - can_edit_all, can_delete_all, can_edit_own, can_delete_own = models.Import.get_permissions_for_actions( + permissions = models.Import.get_permissions_for_actions( request.user, request.session ) owns = {} @@ -1773,8 +1778,8 @@ class ImportListView(IshtarMixin, LoginRequiredMixin, ListView): imprt = model.objects.get(pk=int(field.split("-")[-1])) except (models.Import.DoesNotExist, ValueError): continue - can_edit, can_delete = get_permissions_for_actions( - request.user, imprt, owns, can_edit_all, can_delete_all, can_edit_own, can_delete_own + can_view, can_edit, can_delete = get_permissions_for_actions( + request.user, imprt, owns, permissions ) action = request.POST[field] if can_delete and action == "D": @@ -2337,11 +2342,11 @@ def import_get_status(request, current_right=None): "number_of_line": item.number_of_line, "progress_percent": item.progress_percent, }) - can_edit_all, can_delete_all, can_edit_own, can_delete_own = models.Import.get_permissions_for_actions( + permissions = models.Import.get_permissions_for_actions( request.user, request.session ) - can_edit, can_delete = get_permissions_for_actions( - request.user, item, {}, can_edit_all, can_delete_all, can_edit_own, can_delete_own + can_view, can_edit, can_delete = get_permissions_for_actions( + request.user, item, {}, permissions ) item_dct["actions"] = [ (key, str(lbl)) |