c3lf/c3lf-system-3
9
0
Fork 0
Code Issues 55 Pull requests Projects 2 Releases Wiki Activity Actions

stash

Browse source
This commit is contained in:
j3d1 2023-12-13 17:12:15 +01:00
parent 2c09540a1b
commit 125232d1c5
6 changed files with 27 additions and 47 deletions
Download patch file Download diff file Expand all files Collapse all files

8
core/authentication/api_v2.py
View file

@ -21,14 +21,8 @@ class UserSerializer(serializers.ModelSerializer):
fields = ('id', 'username', 'email', 'first_name', 'last_name', 'permissions')
read_only_fields = ('id', 'username', 'email', 'first_name', 'last_name', 'permissions')
def collect_permissions(self, obj):
for permission in obj.get_all_permissions():
yield "*:" + permission
for permission in obj.event_permissions.all():
yield permission.event.slug + ":" + permission.permission.codename
def get_permissions(self, obj):
return list(self.collect_permissions(obj))
return list(set(obj.get_permissions()))
@receiver(post_save, sender=ExtendedUser)

20
core/authentication/migrations/0005_alter_eventpermission_event.py
View file

@ -1,20 +0,0 @@
# Generated by Django 4.2.7 on 2023-12-13 02:29
from django.db import migrations, models
import django.db.models.deletion
class Migration(migrations.Migration):
dependencies = [
('inventory', '0001_initial'),
('authentication', '0004_legacy_user'),
]
operations = [
migrations.AlterField(
model_name='eventpermission',
name='event',
field=models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.CASCADE, to='inventory.event'),
),
]

5
core/authentication/tests/v2/test_users.py
View file

@ -52,6 +52,11 @@ class UserApiTest(TestCase):
self.assertEqual(response.json()['last_name'], '')
permissions = response.json()['permissions']
self.assertEqual(len(permissions), 5)
self.assertTrue('*:add_item' in permissions)
self.assertTrue('*:view_item' in permissions)
self.assertTrue('*:view_event' in permissions)
self.assertTrue('testevent:delete_item' in permissions)
self.assertTrue('*:add_event' in permissions)
def test_register_user(self):
anonymous = Client()

13
core/inventory/api_v2.py
View file

@ -97,7 +97,7 @@ class ItemSerializer(serializers.ModelSerializer):
@api_view(['GET'])
@permission_classes([IsAuthenticated])
@permission_required('inventory.view_item', raise_exception=True)
@permission_required('view_item', raise_exception=True)
def search_items(request, event_slug, query):
try:
event = Event.objects.get(slug=event_slug)
@ -117,11 +117,11 @@ def item(request, event_slug):
try:
event = Event.objects.get(slug=event_slug)
if request.method == 'GET':
if not request.user.has_event_perm(event, 'inventory.view_item'):
if not request.user.has_event_perm(event, 'view_item'):
return Response(status=403)
return Response(ItemSerializer(Item.objects.filter(event=event), many=True).data)
elif request.method == 'POST':
if not request.user.has_event_perm(event, 'inventory.add_item'):
if not request.user.has_event_perm(event, 'add_item'):
return Response(status=403)
validated_data = ItemSerializer(data=request.data)
if validated_data.is_valid():
@ -138,18 +138,19 @@ def item_by_id(request, event_slug, id):
event = Event.objects.get(slug=event_slug)
item = Item.objects.get(event=event, uid=id)
if request.method == 'GET':
if not request.user.has_event_perm(event, 'inventory.view_item'):
if not request.user.has_event_perm(event, 'view_item'):
return Response(status=403)
return Response(ItemSerializer(item).data)
elif request.method == 'PUT':
if not request.user.has_event_perm(event, 'inventory.change_item'):
if not request.user.has_event_perm(event, 'change_item'):
return Response(status=403)
validated_data = ItemSerializer(item, data=request.data)
if validated_data.is_valid():
validated_data.save()
return Response(validated_data.data)
return Response(validated_data.errors, status=400)
elif request.method == 'DELETE':
if not request.user.has_event_perm(event, 'inventory.delete_item'):
if not request.user.has_event_perm(event, 'delete_item'):
return Response(status=403)
item.delete()
return Response(status=204)