From 125232d1c5fb2d0ab41e3697a457fabfa63500c1 Mon Sep 17 00:00:00 2001 From: jedi Date: Wed, 13 Dec 2023 17:12:15 +0100 Subject: [PATCH] stash --- core/authentication/api_v2.py | 8 +------ .../0005_alter_eventpermission_event.py | 20 ----------------- core/authentication/tests/v2/test_users.py | 5 +++++ core/inventory/api_v2.py | 13 ++++++----- web/src/components/Navbar.vue | 6 ++--- web/src/router.js | 22 +++++++++---------- 6 files changed, 27 insertions(+), 47 deletions(-) delete mode 100644 core/authentication/migrations/0005_alter_eventpermission_event.py diff --git a/core/authentication/api_v2.py b/core/authentication/api_v2.py index cebb344..8026a9f 100644 --- a/core/authentication/api_v2.py +++ b/core/authentication/api_v2.py @@ -21,14 +21,8 @@ class UserSerializer(serializers.ModelSerializer): fields = ('id', 'username', 'email', 'first_name', 'last_name', 'permissions') read_only_fields = ('id', 'username', 'email', 'first_name', 'last_name', 'permissions') - def collect_permissions(self, obj): - for permission in obj.get_all_permissions(): - yield "*:" + permission - for permission in obj.event_permissions.all(): - yield permission.event.slug + ":" + permission.permission.codename - def get_permissions(self, obj): - return list(self.collect_permissions(obj)) + return list(set(obj.get_permissions())) @receiver(post_save, sender=ExtendedUser) diff --git a/core/authentication/migrations/0005_alter_eventpermission_event.py b/core/authentication/migrations/0005_alter_eventpermission_event.py deleted file mode 100644 index 486f94d..0000000 --- a/core/authentication/migrations/0005_alter_eventpermission_event.py +++ /dev/null @@ -1,20 +0,0 @@ -# Generated by Django 4.2.7 on 2023-12-13 02:29 - -from django.db import migrations, models -import django.db.models.deletion - - -class Migration(migrations.Migration): - - dependencies = [ - ('inventory', '0001_initial'), - ('authentication', '0004_legacy_user'), - ] - - operations = [ - migrations.AlterField( - model_name='eventpermission', - name='event', - field=models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.CASCADE, to='inventory.event'), - ), - ] diff --git a/core/authentication/tests/v2/test_users.py b/core/authentication/tests/v2/test_users.py index de979ed..2011314 100644 --- a/core/authentication/tests/v2/test_users.py +++ b/core/authentication/tests/v2/test_users.py @@ -52,6 +52,11 @@ class UserApiTest(TestCase): self.assertEqual(response.json()['last_name'], '') permissions = response.json()['permissions'] self.assertEqual(len(permissions), 5) + self.assertTrue('*:add_item' in permissions) + self.assertTrue('*:view_item' in permissions) + self.assertTrue('*:view_event' in permissions) + self.assertTrue('testevent:delete_item' in permissions) + self.assertTrue('*:add_event' in permissions) def test_register_user(self): anonymous = Client() diff --git a/core/inventory/api_v2.py b/core/inventory/api_v2.py index 79e25f2..5f5e5ca 100644 --- a/core/inventory/api_v2.py +++ b/core/inventory/api_v2.py @@ -97,7 +97,7 @@ class ItemSerializer(serializers.ModelSerializer): @api_view(['GET']) @permission_classes([IsAuthenticated]) -@permission_required('inventory.view_item', raise_exception=True) +@permission_required('view_item', raise_exception=True) def search_items(request, event_slug, query): try: event = Event.objects.get(slug=event_slug) @@ -117,11 +117,11 @@ def item(request, event_slug): try: event = Event.objects.get(slug=event_slug) if request.method == 'GET': - if not request.user.has_event_perm(event, 'inventory.view_item'): + if not request.user.has_event_perm(event, 'view_item'): return Response(status=403) return Response(ItemSerializer(Item.objects.filter(event=event), many=True).data) elif request.method == 'POST': - if not request.user.has_event_perm(event, 'inventory.add_item'): + if not request.user.has_event_perm(event, 'add_item'): return Response(status=403) validated_data = ItemSerializer(data=request.data) if validated_data.is_valid(): @@ -138,18 +138,19 @@ def item_by_id(request, event_slug, id): event = Event.objects.get(slug=event_slug) item = Item.objects.get(event=event, uid=id) if request.method == 'GET': - if not request.user.has_event_perm(event, 'inventory.view_item'): + if not request.user.has_event_perm(event, 'view_item'): return Response(status=403) return Response(ItemSerializer(item).data) elif request.method == 'PUT': - if not request.user.has_event_perm(event, 'inventory.change_item'): + if not request.user.has_event_perm(event, 'change_item'): return Response(status=403) validated_data = ItemSerializer(item, data=request.data) if validated_data.is_valid(): validated_data.save() return Response(validated_data.data) + return Response(validated_data.errors, status=400) elif request.method == 'DELETE': - if not request.user.has_event_perm(event, 'inventory.delete_item'): + if not request.user.has_event_perm(event, 'delete_item'): return Response(status=403) item.delete() return Response(status=204) diff --git a/web/src/components/Navbar.vue b/web/src/components/Navbar.vue index c24be73..da5caca 100644 --- a/web/src/components/Navbar.vue +++ b/web/src/components/Navbar.vue @@ -11,19 +11,19 @@