From 31ef78cec0cd2ba3ccc91c4bafd89831e73abe20 Mon Sep 17 00:00:00 2001 From: Étienne Loks Date: Thu, 20 Jan 2022 17:10:43 +0100 Subject: External sources - limit access in admin, limit by profile --- ishtar_common/context_processors.py | 30 ++++++++++++++++++------------ 1 file changed, 18 insertions(+), 12 deletions(-) (limited to 'ishtar_common/context_processors.py') diff --git a/ishtar_common/context_processors.py b/ishtar_common/context_processors.py index 7e96bddbd..e1754e935 100644 --- a/ishtar_common/context_processors.py +++ b/ishtar_common/context_processors.py @@ -48,18 +48,6 @@ def get_base_context(request): menu.init() request.session['MENU'] = menu """ # menu is now in cache - put it back in session later? - if "EXTERNAL_SOURCES" not in request.session: - q = ApiExternalSource.objects - # TODO: check permissions - request.session["EXTERNAL_SOURCES"] = {} - if q.count(): - for source in q.all(): - request.session["EXTERNAL_SOURCES"][f"{source.id}||{source.name}"] = [ - f"{app_label}-{model_name}" - for app_label, model_name in ApiKeyMatch.objects.values_list( - "search_model__app_label", "search_model__model" - ).distinct() - ] current_action = None if "CURRENT_ACTION" in request.session: @@ -83,6 +71,24 @@ def get_base_context(request): menu.init() if hasattr(request.user, "ishtaruser") and request.user.ishtaruser: + if ( + request.user.ishtaruser.current_profile + and "EXTERNAL_SOURCES" not in request.session + ): + q = ApiExternalSource.objects.filter( + profiles=request.user.ishtaruser.current_profile + ) + request.session["EXTERNAL_SOURCES"] = {} + if q.count(): + for source in q.all(): + request.session["EXTERNAL_SOURCES"][ + f"{source.id}||{source.name}" + ] = [ + f"{app_label}-{model_name}" + for app_label, model_name in ApiKeyMatch.objects.values_list( + "search_model__app_label", "search_model__model" + ).distinct() + ] if request.user.ishtaruser.has_right("administrator", session=request.session): dct["ADMIN"] = True if ( -- cgit v1.2.3