From bf5298f8cd845b2c97a9114d9f5951534ab2104e Mon Sep 17 00:00:00 2001 From: Étienne Loks Date: Mon, 26 Nov 2018 20:13:18 +0100 Subject: Sheet: put view perm in response in order to prevent display of non relevant tables --- ishtar_common/views_item.py | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/ishtar_common/views_item.py b/ishtar_common/views_item.py index 517c34ec9..f6332e7e1 100644 --- a/ishtar_common/views_item.py +++ b/ishtar_common/views_item.py @@ -14,6 +14,7 @@ from tempfile import NamedTemporaryFile from django.conf import settings from django.contrib.gis.geos import GEOSException from django.contrib.staticfiles.templatetags.staticfiles import static +from django.core.cache import cache from django.core.exceptions import ObjectDoesNotExist from django.core.urlresolvers import reverse, NoReverseMatch from django.db.models import Q, ImageField @@ -161,6 +162,25 @@ def show_item(model, name, extra_dct=None): dct['sheet_id'] = "%s-%d" % (name, item.pk) dct['window_id'] = "%s-%d-%s" % ( name, item.pk, datetime.datetime.now().strftime('%M%s')) + + # list current perms + if hasattr(request.user, 'ishtaruser') and request.user.ishtaruser: + cache_key = u"{}-{}-{}".format( + settings.PROJECT_SLUG, "current-perms", + request.session.session_key, + ) + permissions = cache.get(cache_key) + if permissions is None: + permissions = [] + profile = request.user.ishtaruser.person.current_profile + for group in profile.profile_type.groups.all(): + for permission in group.permissions.all(): + permissions.append(permission.codename) + cache.set(cache_key, permissions, settings.CACHE_TIMEOUT) + + for perm in permissions: + dct["permission_" + perm] = True + if hasattr(item, 'history'): if date: try: -- cgit v1.2.3