summaryrefslogtreecommitdiff
path: root/ishtar_common/views_item.py
diff options
context:
space:
mode:
Diffstat (limited to 'ishtar_common/views_item.py')
-rw-r--r--ishtar_common/views_item.py47
1 files changed, 36 insertions, 11 deletions
diff --git a/ishtar_common/views_item.py b/ishtar_common/views_item.py
index 345bd0025..9f5755eaf 100644
--- a/ishtar_common/views_item.py
+++ b/ishtar_common/views_item.py
@@ -134,6 +134,23 @@ LIST_FIELDS = { # key: hierarchic depth
HIERARCHIC_FIELDS = list(LIST_FIELDS.keys())
+def get_autocomplete_query(request, app, model_name):
+ ishtaruser = getattr(request.user, "ishtaruser", None)
+ if not ishtaruser or not request.GET.get("term"):
+ return
+ if ishtaruser.has_permission(f"{app}.view_{model_name}"):
+ return Q()
+ if not ishtaruser.has_permission(f"{app}.view_own_{model_name}"):
+ return
+ permission_id = Permission.objects.get(codename=f"view_own_{model_name}").id
+ object_ids = [
+ int(pk) for pk in UserObjectPermission.objects.filter(
+ permission_id=permission_id, user_id=request.user.id
+ ).values_list("object_pk", flat=True)
+ ]
+ return Q(pk__in=object_ids)
+
+
def get_autocomplete_queries(request, label_attributes, extra=None):
if not label_attributes:
return [Q(pk__isnull=True)]
@@ -171,9 +188,17 @@ def get_autocomplete_item(model, extra=None):
extra = {}
def func(request, current_right=None, limit=20):
+ meta = model._meta
+ model_name = meta.model_name.lower()
+ if model_name == "basefind":
+ model_name = "find"
+ base_query = get_autocomplete_query(request, meta.app_label, model_name)
+ if base_query is None:
+ return HttpResponse(content_type="text/plain")
result = OrderedDict()
+ base_query = model.objects.filter(base_query)
for query in get_autocomplete_queries(request, ["cached_label"], extra=extra):
- objects = model.objects.filter(query).values("cached_label", "id")[:limit]
+ objects = base_query.filter(query).values("cached_label", "id")[:limit]
for obj in objects:
if obj["id"] not in list(result.keys()):
result[obj["id"]] = obj["cached_label"]
@@ -190,15 +215,15 @@ def get_autocomplete_item(model, extra=None):
return func
-def check_permission(request, action_slug, obj_id=None):
+def check_permission(request, action_slug, obj=None):
main_menu = Menu(request.user)
main_menu.init()
if action_slug not in main_menu.items:
# TODO
return True
- if obj_id:
+ if obj:
return main_menu.items[action_slug].is_available(
- request.user, obj_id
+ request.user, obj
)
return main_menu.items[action_slug].can_be_available(request.user)
@@ -253,12 +278,12 @@ def get_short_html_detail(model):
def func(request, pk):
model_name = model._meta.object_name
not_permitted_msg = ugettext("Operation not permitted.")
- if not check_permission(request, "view_" + model_name.lower(), pk):
- return HttpResponse(not_permitted_msg)
try:
item = model.objects.get(pk=pk)
except model.DoesNotExist:
return HttpResponse(not_permitted_msg)
+ if not check_permission(request, "view_" + model_name.lower(), item):
+ return HttpResponse(not_permitted_msg)
html = item.get_short_html_detail()
return HttpResponse(html)
@@ -270,15 +295,15 @@ def modify_qa_item(model, frm, callback=None):
template = "ishtar/forms/qa_new_item.html"
model_name = model._meta.object_name
not_permitted_msg = ugettext("Operation not permitted.")
- if not check_permission(request, "change_" + model_name.lower(), pk):
- return HttpResponse(not_permitted_msg)
- slug = model.SLUG
- if model.SLUG == "site":
- slug = "archaeologicalsite"
try:
item = model.objects.get(pk=pk)
except model.DoesNotExist:
return HttpResponse(not_permitted_msg)
+ if not check_permission(request, "change_" + model_name.lower(), item):
+ return HttpResponse(not_permitted_msg)
+ slug = model.SLUG
+ if model.SLUG == "site":
+ slug = "archaeologicalsite"
url_slug = "modify-" + slug
dct = {
"page_name": str(_("Modify a %s" % model_name.lower())),
generated by cgit v1.2.3 (git 2.39.1) at 2025-10-16 15:35:26 +0000