From de4f1f75bb57e53bee27d086c496d87f62cf3353 Mon Sep 17 00:00:00 2001 From: Étienne Loks Date: Wed, 22 Mar 2017 18:44:27 +0100 Subject: Shortcut menu: hide/show information saved in the session --- ishtar_common/views.py | 26 ++++++++++++++++++++++---- 1 file changed, 22 insertions(+), 4 deletions(-) (limited to 'ishtar_common/views.py') diff --git a/ishtar_common/views.py b/ishtar_common/views.py index 22591164f..c99e78b9c 100644 --- a/ishtar_common/views.py +++ b/ishtar_common/views.py @@ -208,6 +208,16 @@ def get_autocomplete_generic(model, extra={'available': True}): return func +def hide_shortcut_menu(request): + request.session['SHORTCUT_SHOW'] = 'off' + return HttpResponse('OK', mimetype='text/plain') + + +def show_shortcut_menu(request): + request.session['SHORTCUT_SHOW'] = 'on' + return HttpResponse('OK', mimetype='text/plain') + + def activate_all_search(request): request.session['SHORTCUT_SEARCH'] = 'all' return HttpResponse('OK', mimetype='text/plain') @@ -249,9 +259,13 @@ def shortcut_menu(request): CURRENT_ITEMS.append((_(u"Treatment"), Treatment)) if hasattr(request.user, 'ishtaruser') and \ request.user.ishtaruser.advanced_shortcut_menu: - dct = {'current_menu': [], 'menu': [], - 'SHORTCUT_SEARCH': request.session['SHORTCUT_SEARCH'] - if 'SHORTCUT_SEARCH' in request.session else 'own'} + dct = { + 'current_menu': [], 'menu': [], + 'SHORTCUT_SEARCH': request.session['SHORTCUT_SEARCH'] + if 'SHORTCUT_SEARCH' in request.session else 'own', + 'SHORTCUT_SHOW': request.session['SHORTCUT_SHOW'] + if 'SHORTCUT_SHOW' in request.session else 'on' + } for lbl, model in CURRENT_ITEMS: model_name = model.SLUG @@ -267,7 +281,11 @@ def shortcut_menu(request): return render_to_response( 'ishtar/blocks/advanced_shortcut_menu.html', dct, context_instance=RequestContext(request)) - dct = {'current_menu': []} + dct = { + 'current_menu': [], + 'SHORTCUT_SHOW': request.session['SHORTCUT_SHOW'] + if 'SHORTCUT_SHOW' in request.session else 'off' + } current_selected_item = {} for lbl, model in CURRENT_ITEMS: new_selected_item = None -- cgit v1.2.3 From 3652a2da37df6f107e235ba554e6f5bd02e1a70f Mon Sep 17 00:00:00 2001 From: Étienne Loks Date: Tue, 28 Mar 2017 16:46:38 +0200 Subject: Access control: simplify and fix permissions relative to "get_item" --- archaeological_operations/views.py | 2 +- ishtar_common/views.py | 40 ++++++++++++++++++++------------------ 2 files changed, 22 insertions(+), 20 deletions(-) (limited to 'ishtar_common/views.py') diff --git a/archaeological_operations/views.py b/archaeological_operations/views.py index c886d9095..9b420f594 100644 --- a/archaeological_operations/views.py +++ b/archaeological_operations/views.py @@ -1,6 +1,6 @@ #!/usr/bin/env python # -*- coding: utf-8 -*- -# Copyright (C) 2010-2016 Étienne Loks +# Copyright (C) 2010-2017 Étienne Loks # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU Affero General Public License as diff --git a/ishtar_common/views.py b/ishtar_common/views.py index c99e78b9c..d3c9e0897 100644 --- a/ishtar_common/views.py +++ b/ishtar_common/views.py @@ -586,22 +586,30 @@ def get_item(model, func_name, default_name, extra_request_keys=[], # check rights own = True # more restrictive by default allowed = False - if request.user.is_authenticated() and \ - request.user.ishtaruser.has_right('administrator', - session=request.session): + if specific_perms: + available_perms = specific_perms[:] + else: + available_perms = ['view_' + model.__name__.lower(), + 'view_own_' + model.__name__.lower()] + EMPTY = '' + if 'type' in dct: + data_type = dct.pop('type') + if not data_type: + EMPTY = '[]' + data_type = 'json' + if not request.user.is_authenticated(): + return HttpResponse(EMPTY, mimetype='text/plain') + + if request.user.ishtaruser.has_right('administrator', + session=request.session): allowed = True own = False else: for perm, lbl in model._meta.permissions: - # if not specific any perm is relevant (read right) - if specific_perms and perm not in specific_perms: + if perm not in available_perms: continue - cperm = model._meta.app_label + '.' + perm - if request.user.has_perm(cperm)\ - or cperm in request.user.get_all_permissions() \ - or (request.user.is_authenticated() - and request.user.ishtaruser.has_right( - perm, session=request.session)): + if request.user.ishtaruser.has_right( + perm, session=request.session): allowed = True if "_own_" not in perm: own = False @@ -611,12 +619,6 @@ def get_item(model, func_name, default_name, extra_request_keys=[], if full == 'shortcut' and 'SHORTCUT_SEARCH' in request.session and \ request.session['SHORTCUT_SEARCH'] == 'own': own = True - EMPTY = '' - if 'type' in dct: - data_type = dct.pop('type') - if not data_type: - EMPTY = '[]' - data_type = 'json' if not allowed: return HttpResponse(EMPTY, mimetype='text/plain') @@ -898,7 +900,6 @@ def get_item(model, func_name, default_name, extra_request_keys=[], table_cols += model.EXTRA_FULL_FIELDS else: table_cols = model.TABLE_COLS - query_table_cols = [] for cols in table_cols: if type(cols) not in (list, tuple): @@ -916,6 +917,7 @@ def get_item(model, func_name, default_name, extra_request_keys=[], model.CONTEXTUAL_TABLE_COLS[contxt][col] if full == 'shortcut': query_table_cols = ['cached_label'] + table_cols = ['cached_label'] # manage sort tables manual_sort_key = None @@ -1103,7 +1105,7 @@ def get_item(model, func_name, default_name, extra_request_keys=[], if hasattr(model, 'COL_LINK') and k in model.COL_LINK: value = link_ext_template.format(value, value) res[k] = value - if full == 'shortcut': + if full == 'shortcut' and 'cached_label' in res: res['value'] = res.pop('cached_label') rows.append(res) if full == 'shortcut': -- cgit v1.2.3 From b97f9e46a2faaa26484ddb1ef76b01602f2f143d Mon Sep 17 00:00:00 2001 From: Étienne Loks Date: Wed, 29 Mar 2017 18:34:24 +0200 Subject: Access control: put back the specific Django user permission check --- ishtar_common/views.py | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) (limited to 'ishtar_common/views.py') diff --git a/ishtar_common/views.py b/ishtar_common/views.py index d3c9e0897..e483c9476 100644 --- a/ishtar_common/views.py +++ b/ishtar_common/views.py @@ -608,8 +608,11 @@ def get_item(model, func_name, default_name, extra_request_keys=[], for perm, lbl in model._meta.permissions: if perm not in available_perms: continue - if request.user.ishtaruser.has_right( - perm, session=request.session): + cperm = model._meta.app_label + '.' + perm + if request.user.has_perm(cperm) \ + or cperm in request.user.get_all_permissions() \ + or request.user.ishtaruser.has_right( + perm, session=request.session): allowed = True if "_own_" not in perm: own = False -- cgit v1.2.3 From 5148170da0486d7a483cdd4e815a37485cfb907e Mon Sep 17 00:00:00 2001 From: Étienne Loks Date: Fri, 31 Mar 2017 12:49:33 +0200 Subject: Filter autocomplete by own if relevant --- ishtar_common/views.py | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) (limited to 'ishtar_common/views.py') diff --git a/ishtar_common/views.py b/ishtar_common/views.py index e483c9476..4732313ea 100644 --- a/ishtar_common/views.py +++ b/ishtar_common/views.py @@ -445,14 +445,13 @@ def autocomplete_person_permissive(request, person_types=None, def autocomplete_person(request, person_types=None, attached_to=None, is_ishtar_user=None, permissive=False): - if not request.user.has_perm('ishtar_common.view_person', - models.Person) and \ - not request.user.has_perm('ishtar_common.view_own_person', - models.Person) \ - and not request.user.ishtaruser.has_right('person_search', - session=request.session): - return HttpResponse(mimetype='text/plain') - if not request.GET.get('term'): + all_items = request.user.has_perm('ishtar_common.view_person', + models.Person) + own_items = False + if not all_items: + own_items = request.user.has_perm('ishtar_common.view_own_person', + models.Person) + if not all_items and not own_items or not request.GET.get('term'): return HttpResponse(mimetype='text/plain') q = request.GET.get('term') limit = request.GET.get('limit', 20) @@ -479,6 +478,8 @@ def autocomplete_person(request, person_types=None, attached_to=None, pass if is_ishtar_user: query = query & Q(ishtaruser__isnull=False) + if own_items: + query &= models.Person.get_query_owns(request.user) persons = models.Person.objects.filter(query)[:limit] data = json.dumps([{'id': person.pk, 'value': unicode(person)} for person in persons if person]) -- cgit v1.2.3 From da4af2ab5d105f6d2ce442b517e532b7570616e3 Mon Sep 17 00:00:00 2001 From: Étienne Loks Date: Fri, 7 Apr 2017 10:47:39 +0200 Subject: Treatment - Treatment files dashboard: first overview (refs #3381) --- archaeological_finds/models_treatments.py | 10 +++++----- ishtar_common/models.py | 10 ++++------ .../templates/ishtar/dashboards/dashboard_main.html | 11 ++++++++++- ishtar_common/views.py | 18 +++++++++++++++--- 4 files changed, 34 insertions(+), 15 deletions(-) (limited to 'ishtar_common/views.py') diff --git a/archaeological_finds/models_treatments.py b/archaeological_finds/models_treatments.py index 0f7c56678..20e91155a 100644 --- a/archaeological_finds/models_treatments.py +++ b/archaeological_finds/models_treatments.py @@ -30,7 +30,7 @@ from django.utils.translation import ugettext_lazy as _, ugettext from ishtar_common.utils import cached_label_changed from ishtar_common.models import GeneralType, ImageModel, BaseHistorizedItem, \ OwnPerms, HistoricalRecords, Person, Organization, Source, \ - ValueGetter, post_save_cache, ShortMenuItem + ValueGetter, post_save_cache, ShortMenuItem, DashboardFormItem from archaeological_warehouse.models import Warehouse, Container from archaeological_finds.models_finds import Find, FindBasket from archaeological_operations.models import ClosedItem, Operation @@ -69,8 +69,8 @@ post_save.connect(post_save_cache, sender=TreatmentState) post_delete.connect(post_save_cache, sender=TreatmentState) -class Treatment(ValueGetter, BaseHistorizedItem, ImageModel, OwnPerms, - ShortMenuItem): +class Treatment(DashboardFormItem, ValueGetter, BaseHistorizedItem, + ImageModel, OwnPerms, ShortMenuItem): SHOW_URL = 'show-treatment' TABLE_COLS = ('year', 'index', 'treatment_types__label', 'treatment_state__label', @@ -472,8 +472,8 @@ post_save.connect(post_save_cache, sender=TreatmentFileType) post_delete.connect(post_save_cache, sender=TreatmentFileType) -class TreatmentFile(ClosedItem, BaseHistorizedItem, OwnPerms, ValueGetter, - ShortMenuItem): +class TreatmentFile(DashboardFormItem, ClosedItem, BaseHistorizedItem, + OwnPerms, ValueGetter, ShortMenuItem): SLUG = 'treatmentfile' SHOW_URL = 'show-treatmentfile' TABLE_COLS = ['type', 'year', 'index', 'internal_reference', 'name'] diff --git a/ishtar_common/models.py b/ishtar_common/models.py index d8ba637db..988254359 100644 --- a/ishtar_common/models.py +++ b/ishtar_common/models.py @@ -2323,14 +2323,12 @@ class Import(models.Model): conservative_import = models.BooleanField( _(u"Conservative import"), default=False, help_text='If set to true, do not overload existing values') - creation_date = models.DateTimeField(_(u"Creation date"), - auto_now_add=True, blank=True, - null=True) + creation_date = models.DateTimeField( + _(u"Creation date"), auto_now_add=True, blank=True, null=True) end_date = models.DateTimeField(_(u"End date"), blank=True, null=True, editable=False) - seconds_remaining = models.IntegerField(_(u"Remaining seconds"), - blank=True, null=True, - editable=False) + seconds_remaining = models.IntegerField( + _(u"Remaining seconds"), blank=True, null=True, editable=False) class Meta: verbose_name = _(u"Import") diff --git a/ishtar_common/templates/ishtar/dashboards/dashboard_main.html b/ishtar_common/templates/ishtar/dashboards/dashboard_main.html index 93e11d604..6a5a67a63 100644 --- a/ishtar_common/templates/ishtar/dashboards/dashboard_main.html +++ b/ishtar_common/templates/ishtar/dashboards/dashboard_main.html @@ -15,7 +15,16 @@ {% endblock %} {% block content %}
diff --git a/ishtar_common/views.py b/ishtar_common/views.py index 4732313ea..e8a2c9e12 100644 --- a/ishtar_common/views.py +++ b/ishtar_common/views.py @@ -1451,6 +1451,9 @@ def dashboard_main(request, dct, obj_id=None, *args, **kwargs): app_list.append((_(u"Context records"), 'contextrecords')) if profile.find: app_list.append((_(u"Finds"), 'finds')) + if profile.warehouse: + app_list.append((_(u"Treatment requests"), 'treatmentfiles')) + app_list.append((_(u"Treatments"), 'treatments')) dct = {'app_list': app_list} return render_to_response('ishtar/dashboards/dashboard_main.html', dct, context_instance=RequestContext(request)) @@ -1497,18 +1500,27 @@ def dashboard_main_detail(request, item_name): if item_name == 'files' and profile.files: lbl, dashboard = (_(u"Archaeological files"), models.Dashboard(File, **dashboard_kwargs)) - if item_name == 'operations': + elif item_name == 'operations': from archaeological_operations.models import Operation lbl, dashboard = (_(u"Operations"), models.Dashboard(Operation, **dashboard_kwargs)) - if item_name == 'contextrecords' and profile.context_record: + elif item_name == 'contextrecords' and profile.context_record: lbl, dashboard = ( _(u"Context records"), models.Dashboard(ContextRecord, slice=slicing, fltr=fltr)) - if item_name == 'finds' and profile.find: + elif item_name == 'finds' and profile.find: lbl, dashboard = (_(u"Finds"), models.Dashboard(Find, slice=slicing, fltr=fltr)) + elif item_name == 'treatmentfiles' and profile.warehouse: + lbl, dashboard = ( + _(u"Treatment requests"), + models.Dashboard(TreatmentFile, slice=slicing, fltr=fltr)) + elif item_name == 'treatments' and profile.warehouse: + lbl, dashboard = ( + _(u"Treatments"), + models.Dashboard(Treatment, slice=slicing, fltr=fltr, + date_source='start')) if not lbl: raise Http404 dct = {'lbl': lbl, 'dashboard': dashboard, -- cgit v1.2.3