From 26e3b520a236c6afdf3282b71a4f959b328de551 Mon Sep 17 00:00:00 2001
From: Étienne Loks <etienne.loks@iggdrasil.net>
Date: Thu, 9 Jan 2025 17:21:58 +0100
Subject: 🐛 add permission for created object to the current user (fix #6118)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 ishtar_common/wizards.py | 17 ++++++++++++++---
 1 file changed, 14 insertions(+), 3 deletions(-)

(limited to 'ishtar_common/wizards.py')

diff --git a/ishtar_common/wizards.py b/ishtar_common/wizards.py
index e5da4c8f6..f7305a573 100644
--- a/ishtar_common/wizards.py
+++ b/ishtar_common/wizards.py
@@ -32,6 +32,7 @@ from formtools.wizard.views import (
     StepsHelper,
 )
 
+from django.contrib.contenttypes.models import ContentType
 from django.contrib.sites.models import Site
 from django.core.exceptions import ObjectDoesNotExist
 from django.core.files.images import ImageFile
@@ -50,8 +51,8 @@ from django.utils.safestring import mark_safe
 
 from ishtar_common import models, models_rest
 from ishtar_common.forms import CustomForm, reverse_lazy
-from ishtar_common.utils import get_all_field_names, get_person_gdpr_log, MultiValueDict,\
-    put_session_message
+from ishtar_common.utils import get_all_field_names, \
+    get_person_gdpr_log, MultiValueDict, put_session_message
 
 logger = logging.getLogger(__name__)
 
@@ -1101,6 +1102,7 @@ class Wizard(IshtarWizard):
             if not lbl and hasattr(obj, "_generate_cached_label"):
                 lbl = obj._generate_cached_label()
             msg += str(_("{} created.")).format(lbl)
+
         messages.add_message(self.request, messages.INFO, msg)
         if self.redirect_url:
             url = reverse(self.redirect_url)
@@ -1118,7 +1120,16 @@ class Wizard(IshtarWizard):
         return return_object and (obj, res) or res
 
     def post_save(self):
-        return
+        # add permission for the created object to the current user
+        if self.modification or self.deletion or not self.request.user.ishtaruser:
+            return
+        ct = ContentType.objects.get_for_model(self.current_object)
+        for profile in self.request.user.ishtaruser.person.profiles.all():
+            for permission_type in ("view", "change", "delete"):
+                profile.generate_permission(
+                    ct, permission_type,
+                    obj_id=self.current_object.pk
+                )
 
     def get_deleted(self, keys):
         """
-- 
cgit v1.2.3