summaryrefslogtreecommitdiff
path: root/ishtar_common/views.py
diff options
context:
space:
mode:
Diffstat (limited to 'ishtar_common/views.py')
-rw-r--r--ishtar_common/views.py130
1 files changed, 59 insertions, 71 deletions
diff --git a/ishtar_common/views.py b/ishtar_common/views.py
index 6411441f1..3a7dc06b7 100644
--- a/ishtar_common/views.py
+++ b/ishtar_common/views.py
@@ -98,11 +98,12 @@ from ishtar_common import tasks
from .views_item import (
check_permission,
display_item,
+ get_autocomplete_query,
get_item,
- show_item,
- new_qa_item,
- modify_qa_item,
get_short_html_detail,
+ modify_qa_item,
+ new_qa_item,
+ show_item,
)
convert_document = None
@@ -866,10 +867,8 @@ def autocomplete_person_permissive(
def autocomplete_user(request):
- ishtaruser = getattr(request.user, "ishtaruser", None)
- if not ishtaruser:
- return HttpResponse("[]", content_type="text/plain")
- if not ishtaruser.has_permission("ishtar_common.view_person"):
+ query = get_autocomplete_query(request, "ishtar_common", "view_person")
+ if query:
return HttpResponse("[]", content_type="text/plain")
q = request.GET.get("term")
limit = request.GET.get("limit", 20)
@@ -877,7 +876,6 @@ def autocomplete_user(request):
limit = int(limit)
except ValueError:
return HttpResponseBadRequest()
- query = Q()
for q in q.split(" "):
qu = (
Q(ishtaruser__person__name__icontains=q)
@@ -899,10 +897,8 @@ def autocomplete_user(request):
def autocomplete_ishtaruser(request):
- ishtaruser = getattr(request.user, "ishtaruser", None)
- if not ishtaruser:
- return HttpResponse("[]", content_type="text/plain")
- if not ishtaruser.has_permission("ishtar_common.view_person"):
+ query = get_autocomplete_query(request, "ishtar_common", "view_person")
+ if query is None:
return HttpResponse("[]", content_type="text/plain")
q = request.GET.get("term", "")
limit = request.GET.get("limit", 20)
@@ -910,7 +906,6 @@ def autocomplete_ishtaruser(request):
limit = int(limit)
except ValueError:
return HttpResponseBadRequest()
- query = Q()
for q in q.split(" "):
qu = (
Q(person__name__unaccent__icontains=q)
@@ -926,14 +921,8 @@ def autocomplete_ishtaruser(request):
def autocomplete_person(
request, person_types=None, attached_to=None, is_ishtar_user=None, permissive=False
):
- ishtaruser = getattr(request.user, "ishtaruser", None)
- if not ishtaruser:
- return HttpResponse("[]", content_type="text/plain")
- all_items = ishtaruser.has_permission("ishtar_common.view_person")
- own_items = False
- if not all_items:
- own_items = ishtaruser.has_permission("ishtar_common.view_own_person")
- if not all_items and not own_items or not request.GET.get("term"):
+ query = get_autocomplete_query(request, "ishtar_common", "view_person")
+ if query is None:
return HttpResponse("[]", content_type="text/plain")
q = request.GET.get("term")
limit = request.GET.get("limit", 20)
@@ -941,7 +930,6 @@ def autocomplete_person(
limit = int(limit)
except ValueError:
return HttpResponseBadRequest()
- query = Q()
for q in q.split(" "):
qu = (
Q(name__unaccent__icontains=q)
@@ -964,10 +952,6 @@ def autocomplete_person(
pass
if is_ishtar_user:
query = query & Q(ishtaruser__isnull=False)
- if own_items:
- if not hasattr(request.user, "ishtaruser"):
- return HttpResponse(json.dumps([]), content_type="text/plain")
- query &= models.Person.get_query_owns(request.user.ishtaruser)
persons = models.Person.objects.filter(query).distinct()[:limit]
data = json.dumps(
[{"id": person.pk, "value": str(person)} for person in persons if person]
@@ -976,14 +960,8 @@ def autocomplete_person(
def autocomplete_import(request):
- ishtaruser = getattr(request.user, "ishtaruser", None)
- if not ishtaruser:
- return HttpResponse("[]", content_type="text/plain")
- all_items = ishtaruser.has_permission("ishtar_common.view_import")
- own_items = False
- if not all_items:
- own_items = ishtaruser.has_permission("ishtar_common.view_own_import")
- if not all_items and not own_items or not request.GET.get("term"):
+ query = get_autocomplete_query(request, "ishtar_common", "view_import")
+ if query is None:
return HttpResponse("[]", content_type="text/plain")
q = request.GET.get("term")
limit = request.GET.get("limit", 20)
@@ -991,14 +969,9 @@ def autocomplete_import(request):
limit = int(limit)
except ValueError:
return HttpResponseBadRequest()
- query = Q()
for q in q.split(" "):
query = query & (Q(name__unaccent__icontains=q) |
Q(group__name__unaccent__icontains=q))
- if own_items:
- if not hasattr(request.user, "ishtaruser"):
- return HttpResponse(json.dumps([]), content_type="text/plain")
- query &= models.Import.get_query_owns(request.user.ishtaruser)
items = models.Import.objects.filter(query).distinct()[:limit]
data = [{"id": item.pk, "value": item.name} for item in items if item]
return HttpResponse(json.dumps(data), content_type="text/plain")
@@ -1085,7 +1058,8 @@ def autocomplete_advanced_town(request, department_id=None, state_id=None):
def autocomplete_document(request):
- if not request.GET.get("term"):
+ query = get_autocomplete_query(request, "ishtar_common", "view_document")
+ if query is None:
return HttpResponse(content_type="text/plain")
q = request.GET.get("term")
q = unicodedata.normalize("NFKD", q).encode("ascii", "ignore").decode()
@@ -1097,12 +1071,11 @@ def autocomplete_document(request):
"authors__person__cached_label__icontains",
"authors_raw__icontains",
]
- query = None
for q in q.split(" "):
qu = Q(**{fields[0]: q})
for field in fields[1:]:
qu |= Q(**{field: q})
- query = qu if not query else query & qu
+ query = query & qu
limit = 20
items = models.Document.objects.filter(query).exclude(title="").distinct()[:limit]
data = json.dumps([{"id": item.pk, "value": str(item)} for item in items])
@@ -1128,18 +1101,10 @@ def department_by_state(request, state_id=""):
def autocomplete_organization(request, orga_type=None):
- ishtaruser = getattr(request.user, "ishtaruser", None)
- if not ishtaruser:
- return HttpResponse("[]", content_type="text/plain")
- if (
- not ishtaruser.has_permission("ishtar_common.view_organization")
- and not ishtaruser.has_permission("ishtar_common.view_own_organization")
- ):
- return HttpResponse("[]", content_type="text/plain")
- if not request.GET.get("term"):
+ query = get_autocomplete_query(request, "ishtar_common", "view_organization")
+ if query is None:
return HttpResponse("[]", content_type="text/plain")
q = request.GET.get("term")
- query = Q()
for q in q.split(" "):
extra = Q(cached_label__unaccent__icontains=q)
query = query & extra
@@ -1157,18 +1122,10 @@ def autocomplete_organization(request, orga_type=None):
def autocomplete_author(request):
- ishtaruser = getattr(request.user, "ishtaruser", None)
- if not ishtaruser:
- return HttpResponse("[]", content_type="text/plain")
- if not ishtaruser.has_permission(
- "ishtar_common.view_author"
- ) and not ishtaruser.has_permission(
- "ishtar_common.view_own_author"):
- return HttpResponse("[]", content_type="text/plain")
- if not request.GET.get("term"):
+ query = get_autocomplete_query(request, "ishtar_common", "view_author")
+ if query is None:
return HttpResponse("[]", content_type="text/plain")
q = request.GET.get("term")
- query = Q()
for q in q.split(" "):
extra = (
Q(person__name__icontains=q)
@@ -1184,10 +1141,8 @@ def autocomplete_author(request):
def autocomplete_biographical_note(request):
- ishtaruser = getattr(request.user, "ishtaruser", None)
- if not ishtaruser:
- return HttpResponse("[]", content_type="text/plain")
- if not ishtaruser.has_permission("ishtar_common.view_person"):
+ query = get_autocomplete_query(request, "ishtar_common", "view_person")
+ if query is None:
return HttpResponse("[]", content_type="text/plain")
q = request.GET.get("term", "")
limit = request.GET.get("limit", 20)
@@ -1195,7 +1150,6 @@ def autocomplete_biographical_note(request):
limit = int(limit)
except ValueError:
return HttpResponseBadRequest()
- query = Q()
for q in q.split(" "):
qu = (
Q(last_name__unaccent__icontains=q)
@@ -1251,13 +1205,47 @@ show_import = show_item(models.Import, "import")
show_import_group = show_item(models.ImportGroup, "importgroup")
+ACTION_MODEL_DICT = {
+ 'import': models.Import,
+ 'account': models.IshtarUser,
+ 'document': models.Document,
+ 'person': models.Person,
+ 'orga': models.Organization,
+ 'organization': models.Organization,
+ 'operation': apps.get_model("archaeological_operations", "Operation"),
+ 'administrativact': apps.get_model(
+ "archaeological_operations", "AdministrativeAct"),
+ 'file': apps.get_model("archaeological_files", "File"),
+ 'site': apps.get_model("archaeological_operations", "ArchaeologicalSite"),
+ 'record': apps.get_model("archaeological_context_records", "ContextRecord"),
+ 'find': apps.get_model("archaeological_finds", "Find"),
+ 'treatment': apps.get_model("archaeological_finds", "Treatment"),
+ 'treatmentfle': apps.get_model("archaeological_finds", "TreatmentFile"),
+ 'exhibition': apps.get_model("archaeological_finds", "Exhibition"),
+ 'container': apps.get_model("archaeological_warehouse", "Container"),
+ 'warehouse': apps.get_model("archaeological_warehouse", "Warehouse"),
+}
+
+
def action(request, action_slug, obj_id=None, *args, **kwargs):
"""
Action management
"""
- if not check_permission(request, action_slug, obj_id):
+ if not check_permission(request, action_slug):
not_permitted_msg = ugettext("Operation not permitted.")
- return HttpResponse(not_permitted_msg)
+ if obj_id:
+ model_name = action.split('_')[0].split("-")[0].split("/")[0]
+ if model_name not in ACTION_MODEL_DICT:
+ print(f"ishtar_common/views - action: {model_name} not in ACTION_MODEL_DICT")
+ return HttpResponse(not_permitted_msg)
+ try:
+ obj = ACTION_MODEL_DICT[model_name].objects.get(pk=obj_id)
+ except ACTION_MODEL_DICT[model_name].DoesNotExist:
+ return HttpResponse(not_permitted_msg)
+ if not check_permission(request, action_slug, obj):
+ return HttpResponse(not_permitted_msg)
+ else:
+ return HttpResponse(not_permitted_msg)
request.session["CURRENT_ACTION"] = action_slug
dct = {}
globals_dct = globals()
@@ -2845,7 +2833,7 @@ class DocumentEditView(DocumentFormMixin, UpdateView):
document = models.Document.objects.get(pk=self.kwargs.get("pk"))
except models.Document.DoesNotExist:
raise Http404()
- if not check_permission(self.request, "document/edit", document.pk):
+ if not check_permission(self.request, "ishtar_common.change_document", document):
raise Http404()
initial = {}
for k in (
@@ -3571,7 +3559,7 @@ class GeoEditView(GeoFormMixin, UpdateView):
except models.GeoVectorData.DoesNotExist:
raise Http404()
- if not check_permission(self.request, "geo/edit", geo.pk):
+ if not check_permission(self.request, "ishtar_common.change_geovectordata", geo):
raise Http404()
initial = {}
generated by cgit v1.2.3 (git 2.39.1) at 2025-10-16 23:28:35 +0000