stash
This commit is contained in:
parent
2c09540a1b
commit
125232d1c5
6 changed files with 27 additions and 47 deletions
|
|
@ -21,14 +21,8 @@ class UserSerializer(serializers.ModelSerializer):
|
||||||
fields = ('id', 'username', 'email', 'first_name', 'last_name', 'permissions')
|
fields = ('id', 'username', 'email', 'first_name', 'last_name', 'permissions')
|
||||||
read_only_fields = ('id', 'username', 'email', 'first_name', 'last_name', 'permissions')
|
read_only_fields = ('id', 'username', 'email', 'first_name', 'last_name', 'permissions')
|
||||||
|
|
||||||
def collect_permissions(self, obj):
|
|
||||||
for permission in obj.get_all_permissions():
|
|
||||||
yield "*:" + permission
|
|
||||||
for permission in obj.event_permissions.all():
|
|
||||||
yield permission.event.slug + ":" + permission.permission.codename
|
|
||||||
|
|
||||||
def get_permissions(self, obj):
|
def get_permissions(self, obj):
|
||||||
return list(self.collect_permissions(obj))
|
return list(set(obj.get_permissions()))
|
||||||
|
|
||||||
|
|
||||||
@receiver(post_save, sender=ExtendedUser)
|
@receiver(post_save, sender=ExtendedUser)
|
||||||
|
|
|
||||||
|
|
@ -1,20 +0,0 @@
|
||||||
# Generated by Django 4.2.7 on 2023-12-13 02:29
|
|
||||||
|
|
||||||
from django.db import migrations, models
|
|
||||||
import django.db.models.deletion
|
|
||||||
|
|
||||||
|
|
||||||
class Migration(migrations.Migration):
|
|
||||||
|
|
||||||
dependencies = [
|
|
||||||
('inventory', '0001_initial'),
|
|
||||||
('authentication', '0004_legacy_user'),
|
|
||||||
]
|
|
||||||
|
|
||||||
operations = [
|
|
||||||
migrations.AlterField(
|
|
||||||
model_name='eventpermission',
|
|
||||||
name='event',
|
|
||||||
field=models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.CASCADE, to='inventory.event'),
|
|
||||||
),
|
|
||||||
]
|
|
||||||
|
|
@ -52,6 +52,11 @@ class UserApiTest(TestCase):
|
||||||
self.assertEqual(response.json()['last_name'], '')
|
self.assertEqual(response.json()['last_name'], '')
|
||||||
permissions = response.json()['permissions']
|
permissions = response.json()['permissions']
|
||||||
self.assertEqual(len(permissions), 5)
|
self.assertEqual(len(permissions), 5)
|
||||||
|
self.assertTrue('*:add_item' in permissions)
|
||||||
|
self.assertTrue('*:view_item' in permissions)
|
||||||
|
self.assertTrue('*:view_event' in permissions)
|
||||||
|
self.assertTrue('testevent:delete_item' in permissions)
|
||||||
|
self.assertTrue('*:add_event' in permissions)
|
||||||
|
|
||||||
def test_register_user(self):
|
def test_register_user(self):
|
||||||
anonymous = Client()
|
anonymous = Client()
|
||||||
|
|
|
||||||
|
|
@ -97,7 +97,7 @@ class ItemSerializer(serializers.ModelSerializer):
|
||||||
|
|
||||||
@api_view(['GET'])
|
@api_view(['GET'])
|
||||||
@permission_classes([IsAuthenticated])
|
@permission_classes([IsAuthenticated])
|
||||||
@permission_required('inventory.view_item', raise_exception=True)
|
@permission_required('view_item', raise_exception=True)
|
||||||
def search_items(request, event_slug, query):
|
def search_items(request, event_slug, query):
|
||||||
try:
|
try:
|
||||||
event = Event.objects.get(slug=event_slug)
|
event = Event.objects.get(slug=event_slug)
|
||||||
|
|
@ -117,11 +117,11 @@ def item(request, event_slug):
|
||||||
try:
|
try:
|
||||||
event = Event.objects.get(slug=event_slug)
|
event = Event.objects.get(slug=event_slug)
|
||||||
if request.method == 'GET':
|
if request.method == 'GET':
|
||||||
if not request.user.has_event_perm(event, 'inventory.view_item'):
|
if not request.user.has_event_perm(event, 'view_item'):
|
||||||
return Response(status=403)
|
return Response(status=403)
|
||||||
return Response(ItemSerializer(Item.objects.filter(event=event), many=True).data)
|
return Response(ItemSerializer(Item.objects.filter(event=event), many=True).data)
|
||||||
elif request.method == 'POST':
|
elif request.method == 'POST':
|
||||||
if not request.user.has_event_perm(event, 'inventory.add_item'):
|
if not request.user.has_event_perm(event, 'add_item'):
|
||||||
return Response(status=403)
|
return Response(status=403)
|
||||||
validated_data = ItemSerializer(data=request.data)
|
validated_data = ItemSerializer(data=request.data)
|
||||||
if validated_data.is_valid():
|
if validated_data.is_valid():
|
||||||
|
|
@ -138,18 +138,19 @@ def item_by_id(request, event_slug, id):
|
||||||
event = Event.objects.get(slug=event_slug)
|
event = Event.objects.get(slug=event_slug)
|
||||||
item = Item.objects.get(event=event, uid=id)
|
item = Item.objects.get(event=event, uid=id)
|
||||||
if request.method == 'GET':
|
if request.method == 'GET':
|
||||||
if not request.user.has_event_perm(event, 'inventory.view_item'):
|
if not request.user.has_event_perm(event, 'view_item'):
|
||||||
return Response(status=403)
|
return Response(status=403)
|
||||||
return Response(ItemSerializer(item).data)
|
return Response(ItemSerializer(item).data)
|
||||||
elif request.method == 'PUT':
|
elif request.method == 'PUT':
|
||||||
if not request.user.has_event_perm(event, 'inventory.change_item'):
|
if not request.user.has_event_perm(event, 'change_item'):
|
||||||
return Response(status=403)
|
return Response(status=403)
|
||||||
validated_data = ItemSerializer(item, data=request.data)
|
validated_data = ItemSerializer(item, data=request.data)
|
||||||
if validated_data.is_valid():
|
if validated_data.is_valid():
|
||||||
validated_data.save()
|
validated_data.save()
|
||||||
return Response(validated_data.data)
|
return Response(validated_data.data)
|
||||||
|
return Response(validated_data.errors, status=400)
|
||||||
elif request.method == 'DELETE':
|
elif request.method == 'DELETE':
|
||||||
if not request.user.has_event_perm(event, 'inventory.delete_item'):
|
if not request.user.has_event_perm(event, 'delete_item'):
|
||||||
return Response(status=403)
|
return Response(status=403)
|
||||||
item.delete()
|
item.delete()
|
||||||
return Response(status=204)
|
return Response(status=204)
|
||||||
|
|
|
||||||
|
|
@ -11,19 +11,19 @@
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
<ul class="nav nav-tabs flex-nowrap">
|
<ul class="nav nav-tabs flex-nowrap">
|
||||||
<li class="nav-item" v-if="checkPermission(getEventSlug, 'inventory.view_item')">
|
<li class="nav-item" v-if="checkPermission(getEventSlug, 'view_item')">
|
||||||
<router-link :to="{name: 'items', params: {event: getEventSlug}}"
|
<router-link :to="{name: 'items', params: {event: getEventSlug}}"
|
||||||
:class="['nav-link', { active: getActiveView === 'items' || getActiveView === 'item' }]">
|
:class="['nav-link', { active: getActiveView === 'items' || getActiveView === 'item' }]">
|
||||||
Items
|
Items
|
||||||
</router-link>
|
</router-link>
|
||||||
</li>
|
</li>
|
||||||
<li class="nav-item" v-if="checkPermission(getEventSlug, 'tickets.view_issuethread')">
|
<li class="nav-item" v-if="checkPermission(getEventSlug, 'view_issuethread')">
|
||||||
<router-link :to="{name: 'tickets', params: {event: getEventSlug}}"
|
<router-link :to="{name: 'tickets', params: {event: getEventSlug}}"
|
||||||
:class="['nav-link', { active: getActiveView === 'tickets' || getActiveView === 'ticket' }]">
|
:class="['nav-link', { active: getActiveView === 'tickets' || getActiveView === 'ticket' }]">
|
||||||
Tickets
|
Tickets
|
||||||
</router-link>
|
</router-link>
|
||||||
</li>
|
</li>
|
||||||
<li class="nav-item" v-if="checkPermission(getEventSlug, 'inventory.delete_event')">
|
<li class="nav-item" v-if="checkPermission(getEventSlug, 'delete_event')">
|
||||||
<router-link :to="{name: 'admin'}" :class="['nav-link', { active: getActiveView === 'admin' }]">
|
<router-link :to="{name: 'admin'}" :class="['nav-link', { active: getActiveView === 'admin' }]">
|
||||||
Admin
|
Admin
|
||||||
</router-link>
|
</router-link>
|
||||||
|
|
|
||||||
|
|
@ -23,27 +23,27 @@ const routes = [
|
||||||
{path: '/register', name: 'register', component: Register, meta: {requiresAuth: false}},
|
{path: '/register', name: 'register', component: Register, meta: {requiresAuth: false}},
|
||||||
{path: '/howto', name: 'howto', component: HowTo, meta: {requiresAuth: true}},
|
{path: '/howto', name: 'howto', component: HowTo, meta: {requiresAuth: true}},
|
||||||
{path: '/:event/items', name: 'items', component: Items, meta:
|
{path: '/:event/items', name: 'items', component: Items, meta:
|
||||||
{requiresAuth: true, requiresPermission: 'inventory.view_item'}},
|
{requiresAuth: true, requiresPermission: 'view_item'}},
|
||||||
{path: '/:event/item/:uid', name: 'item', component: Items, meta:
|
{path: '/:event/item/:uid', name: 'item', component: Items, meta:
|
||||||
{requiresAuth: true, requiresPermission: 'inventory.view_item'}},
|
{requiresAuth: true, requiresPermission: 'view_item'}},
|
||||||
{path: '/:event/boxes', name: 'boxes', component: Boxes, meta:
|
{path: '/:event/boxes', name: 'boxes', component: Boxes, meta:
|
||||||
{requiresAuth: true, requiresPermission: 'inventory.view_container'}},
|
{requiresAuth: true, requiresPermission: 'view_container'}},
|
||||||
{path: '/:event/box/:uid', name: 'box', component: Boxes, meta:
|
{path: '/:event/box/:uid', name: 'box', component: Boxes, meta:
|
||||||
{requiresAuth: true, requiresPermission: 'inventory.view_container'}},
|
{requiresAuth: true, requiresPermission: 'view_container'}},
|
||||||
{path: '/:event/tickets', name: 'tickets', component: Tickets, meta:
|
{path: '/:event/tickets', name: 'tickets', component: Tickets, meta:
|
||||||
{requiresAuth: true, requiresPermission: 'tickets.view_issuethread'}},
|
{requiresAuth: true, requiresPermission: 'view_issuethread'}},
|
||||||
{path: '/:event/ticket/:id', name: 'ticket', component: Ticket, meta:
|
{path: '/:event/ticket/:id', name: 'ticket', component: Ticket, meta:
|
||||||
{requiresAuth: true, requiresPermission: 'tickets.view_issuethread'}},
|
{requiresAuth: true, requiresPermission: 'view_issuethread'}},
|
||||||
{path: '/admin', name: 'admin', component: Admin, meta:
|
{path: '/admin', name: 'admin', component: Admin, meta:
|
||||||
{requiresAuth: true, requiresPermission: 'inventory.delete_event'}},
|
{requiresAuth: true, requiresPermission: 'delete_event'}},
|
||||||
{path: '/admin/files', name: 'files', component: Files, meta:
|
{path: '/admin/files', name: 'files', component: Files, meta:
|
||||||
{requiresAuth: true, requiresPermission: 'inventory.delete_event'}},
|
{requiresAuth: true, requiresPermission: 'delete_event'}},
|
||||||
{path: '/admin/events', name: 'events', component: Events, meta:
|
{path: '/admin/events', name: 'events', component: Events, meta:
|
||||||
{requiresAuth: true, requiresPermission: 'inventory.delete_event'}},
|
{requiresAuth: true, requiresPermission: 'delete_event'}},
|
||||||
{path: '/admin/debug', name: 'debug', component: Debug, meta:
|
{path: '/admin/debug', name: 'debug', component: Debug, meta:
|
||||||
{requiresAuth: true, requiresPermission: 'inventory.delete_event'}},
|
{requiresAuth: true, requiresPermission: 'delete_event'}},
|
||||||
{path: '/admin/users', name: 'users', component: Events, meta:
|
{path: '/admin/users', name: 'users', component: Events, meta:
|
||||||
{requiresAuth: true, requiresPermission: 'inventory.delete_event'}},
|
{requiresAuth: true, requiresPermission: 'delete_event'}},
|
||||||
{path: '/user', name: 'user', component: Empty, meta: {requiresAuth: true}},
|
{path: '/user', name: 'user', component: Empty, meta: {requiresAuth: true}},
|
||||||
{path: '*', component: Error},
|
{path: '*', component: Error},
|
||||||
];
|
];
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue