c3lf/c3lf-system-3
7
0
Fork 0
Code Issues 51 Pull requests Projects 2 Releases Wiki Activity Actions

stash

Browse source
This commit is contained in:
j3d1 2023-12-13 17:12:15 +01:00
parent 2c09540a1b
commit 125232d1c5
6 changed files with 27 additions and 47 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
core/authentication/api_v2.py
View file

@ -21,14 +21,8 @@ class UserSerializer(serializers.ModelSerializer):
fields = ('id', 'username', 'email', 'first_name', 'last_name', 'permissions')
read_only_fields = ('id', 'username', 'email', 'first_name', 'last_name', 'permissions')
def collect_permissions(self, obj):
for permission in obj.get_all_permissions():
yield "*:" + permission
for permission in obj.event_permissions.all():
yield permission.event.slug + ":" + permission.permission.codename
def get_permissions(self, obj):
return list(self.collect_permissions(obj))
return list(set(obj.get_permissions()))
@receiver(post_save, sender=ExtendedUser)

20
core/authentication/migrations/0005_alter_eventpermission_event.py
View file

@ -1,20 +0,0 @@
# Generated by Django 4.2.7 on 2023-12-13 02:29
from django.db import migrations, models
import django.db.models.deletion
class Migration(migrations.Migration):
dependencies = [
('inventory', '0001_initial'),
('authentication', '0004_legacy_user'),
]
operations = [
migrations.AlterField(
model_name='eventpermission',
name='event',
field=models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.CASCADE, to='inventory.event'),
),
]

5
core/authentication/tests/v2/test_users.py
View file

@ -52,6 +52,11 @@ class UserApiTest(TestCase):
self.assertEqual(response.json()['last_name'], '')
permissions = response.json()['permissions']
self.assertEqual(len(permissions), 5)
self.assertTrue('*:add_item' in permissions)
self.assertTrue('*:view_item' in permissions)
self.assertTrue('*:view_event' in permissions)
self.assertTrue('testevent:delete_item' in permissions)
self.assertTrue('*:add_event' in permissions)
def test_register_user(self):
anonymous = Client()

13
core/inventory/api_v2.py
View file

@ -97,7 +97,7 @@ class ItemSerializer(serializers.ModelSerializer):
@api_view(['GET'])
@permission_classes([IsAuthenticated])
@permission_required('inventory.view_item', raise_exception=True)
@permission_required('view_item', raise_exception=True)
def search_items(request, event_slug, query):
try:
event = Event.objects.get(slug=event_slug)
@ -117,11 +117,11 @@ def item(request, event_slug):
try:
event = Event.objects.get(slug=event_slug)
if request.method == 'GET':
if not request.user.has_event_perm(event, 'inventory.view_item'):
if not request.user.has_event_perm(event, 'view_item'):
return Response(status=403)
return Response(ItemSerializer(Item.objects.filter(event=event), many=True).data)
elif request.method == 'POST':
if not request.user.has_event_perm(event, 'inventory.add_item'):
if not request.user.has_event_perm(event, 'add_item'):
return Response(status=403)
validated_data = ItemSerializer(data=request.data)
if validated_data.is_valid():
@ -138,18 +138,19 @@ def item_by_id(request, event_slug, id):
event = Event.objects.get(slug=event_slug)
item = Item.objects.get(event=event, uid=id)
if request.method == 'GET':
if not request.user.has_event_perm(event, 'inventory.view_item'):
if not request.user.has_event_perm(event, 'view_item'):
return Response(status=403)
return Response(ItemSerializer(item).data)
elif request.method == 'PUT':
if not request.user.has_event_perm(event, 'inventory.change_item'):
if not request.user.has_event_perm(event, 'change_item'):
return Response(status=403)
validated_data = ItemSerializer(item, data=request.data)
if validated_data.is_valid():
validated_data.save()
return Response(validated_data.data)
return Response(validated_data.errors, status=400)
elif request.method == 'DELETE':
if not request.user.has_event_perm(event, 'inventory.delete_item'):
if not request.user.has_event_perm(event, 'delete_item'):
return Response(status=403)
item.delete()
return Response(status=204)

6
web/src/components/Navbar.vue
View file

@ -11,19 +11,19 @@
</div>
</div>
<ul class="nav nav-tabs flex-nowrap">
<li class="nav-item" v-if="checkPermission(getEventSlug, 'inventory.view_item')">
<li class="nav-item" v-if="checkPermission(getEventSlug, 'view_item')">
<router-link :to="{name: 'items', params: {event: getEventSlug}}"
:class="['nav-link', { active: getActiveView === 'items' || getActiveView === 'item' }]">
Items
</router-link>
</li>
<li class="nav-item" v-if="checkPermission(getEventSlug, 'tickets.view_issuethread')">
<li class="nav-item" v-if="checkPermission(getEventSlug, 'view_issuethread')">
<router-link :to="{name: 'tickets', params: {event: getEventSlug}}"
:class="['nav-link', { active: getActiveView === 'tickets' || getActiveView === 'ticket' }]">
Tickets
</router-link>
</li>
<li class="nav-item" v-if="checkPermission(getEventSlug, 'inventory.delete_event')">
<li class="nav-item" v-if="checkPermission(getEventSlug, 'delete_event')">
<router-link :to="{name: 'admin'}" :class="['nav-link', { active: getActiveView === 'admin' }]">
Admin
</router-link>

22
web/src/router.js
View file

@ -23,27 +23,27 @@ const routes = [
{path: '/register', name: 'register', component: Register, meta: {requiresAuth: false}},
{path: '/howto', name: 'howto', component: HowTo, meta: {requiresAuth: true}},
{path: '/:event/items', name: 'items', component: Items, meta:
{requiresAuth: true, requiresPermission: 'inventory.view_item'}},
{requiresAuth: true, requiresPermission: 'view_item'}},
{path: '/:event/item/:uid', name: 'item', component: Items, meta:
{requiresAuth: true, requiresPermission: 'inventory.view_item'}},
{requiresAuth: true, requiresPermission: 'view_item'}},
{path: '/:event/boxes', name: 'boxes', component: Boxes, meta:
{requiresAuth: true, requiresPermission: 'inventory.view_container'}},
{requiresAuth: true, requiresPermission: 'view_container'}},
{path: '/:event/box/:uid', name: 'box', component: Boxes, meta:
{requiresAuth: true, requiresPermission: 'inventory.view_container'}},
{requiresAuth: true, requiresPermission: 'view_container'}},
{path: '/:event/tickets', name: 'tickets', component: Tickets, meta:
{requiresAuth: true, requiresPermission: 'tickets.view_issuethread'}},
{requiresAuth: true, requiresPermission: 'view_issuethread'}},
{path: '/:event/ticket/:id', name: 'ticket', component: Ticket, meta:
{requiresAuth: true, requiresPermission: 'tickets.view_issuethread'}},
{requiresAuth: true, requiresPermission: 'view_issuethread'}},
{path: '/admin', name: 'admin', component: Admin, meta:
{requiresAuth: true, requiresPermission: 'inventory.delete_event'}},
{requiresAuth: true, requiresPermission: 'delete_event'}},
{path: '/admin/files', name: 'files', component: Files, meta:
{requiresAuth: true, requiresPermission: 'inventory.delete_event'}},
{requiresAuth: true, requiresPermission: 'delete_event'}},
{path: '/admin/events', name: 'events', component: Events, meta:
{requiresAuth: true, requiresPermission: 'inventory.delete_event'}},
{requiresAuth: true, requiresPermission: 'delete_event'}},
{path: '/admin/debug', name: 'debug', component: Debug, meta:
{requiresAuth: true, requiresPermission: 'inventory.delete_event'}},
{requiresAuth: true, requiresPermission: 'delete_event'}},
{path: '/admin/users', name: 'users', component: Events, meta:
{requiresAuth: true, requiresPermission: 'inventory.delete_event'}},
{requiresAuth: true, requiresPermission: 'delete_event'}},
{path: '/user', name: 'user', component: Empty, meta: {requiresAuth: true}},
{path: '*', component: Error},
];