fix: add missing sas permission

2025-06-20 01:55:22 +00:00 · 2025-06-17 20:56:13 +02:00 · 2025-06-17 20:56:13 +02:00 · 88755358a6
commit 88755358a6
parent 0e850e5486
2 changed files with 26 additions and 3 deletions
--- a/sas/migrations/0005_alter_sasfile_options.py
+++ b/sas/migrations/0005_alter_sasfile_options.py
@ -0,0 +1,19 @@
+# Generated by Django 5.2.3 on 2025-06-17 18:53
+
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+    dependencies = [("sas", "0004_picturemoderationrequest_and_more")]
+
+    operations = [
+        migrations.AlterModelOptions(
+            name="sasfile",
+            options={
+                "permissions": [
+                    ("moderate_sasfile", "Can moderate SAS files"),
+                    ("view_unmoderated_sasfile", "Can view not moderated SAS files"),
+                ]
+            },
+        ),
+    ]
--- a/sas/models.py
+++ b/sas/models.py
@ -41,6 +41,10 @@ class SasFile(SithFile):

    class Meta:
        proxy = True
+        permissions = [
+            ("moderate_sasfile", "Can moderate SAS files"),
+            ("view_unmoderated_sasfile", "Can view not moderated SAS files"),
+        ]

    def can_be_viewed_by(self, user):
        if user.is_anonymous:
@ -59,7 +63,7 @@ class SasFile(SithFile):
        return self.id in viewable

    def can_be_edited_by(self, user):
-        return user.is_root or user.is_in_group(pk=settings.SITH_GROUP_SAS_ADMIN_ID)
+        return user.has_perm("sas.change_sasfile")


 class PictureQuerySet(models.QuerySet):
@ -69,7 +73,7 @@ class PictureQuerySet(models.QuerySet):
        Warning:
            Calling this queryset method may add several additional requests.
        """
-        if user.is_root or user.is_in_group(pk=settings.SITH_GROUP_SAS_ADMIN_ID):
+        if user.has_perm("sas.moderate_sasfile"):
            return self.all()
        if user.was_subscribed:
            return self.filter(Q(is_moderated=True) | Q(owner=user))
@ -182,7 +186,7 @@ class AlbumQuerySet(models.QuerySet):
        Warning:
            Calling this queryset method may add several additional requests.
        """
-        if user.is_root or user.is_in_group(pk=settings.SITH_GROUP_SAS_ADMIN_ID):
+        if user.has_perm("sas.moderate_sasfile"):
            return self.all()
        if user.was_subscribed:
            return self.filter(Q(is_moderated=True) | Q(owner=user))