WIP: Improve many views and a bit user permissions (idea for class scale perm)

2024-06-18 12:41:55 +00:00 · 2015-12-08 17:22:50 +01:00 · 2015-12-08 17:22:50 +01:00 · e3cbe70319
commit e3cbe70319
parent 475bff14cb
10 changed files with 116 additions and 13 deletions
--- a/core/migrations/0018_auto_20151208_1558.py
+++ b/core/migrations/0018_auto_20151208_1558.py
@ -0,0 +1,18 @@
+# -*- coding: utf-8 -*-
+from __future__ import unicode_literals
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('core', '0017_auto_20151203_1530'),
+    ]
+
+    operations = [
+        migrations.AlterModelOptions(
+            name='user',
+            options={'permissions': (('can_change_prop', "Can change the user's properties (groups, ...)"),), 'verbose_name': 'user', 'verbose_name_plural': 'users'},
+        ),
+    ]
--- a/core/migrations/0019_auto_20151208_1604.py
+++ b/core/migrations/0019_auto_20151208_1604.py
@ -0,0 +1,18 @@
+# -*- coding: utf-8 -*-
+from __future__ import unicode_literals
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('core', '0018_auto_20151208_1558'),
+    ]
+
+    operations = [
+        migrations.AlterModelOptions(
+            name='user',
+            options={'permissions': (('change_prop', "Can change the user's properties (groups, ...)"),), 'verbose_name_plural': 'users', 'verbose_name': 'user'},
+        ),
+    ]
--- a/core/migrations/0020_auto_20151208_1621.py
+++ b/core/migrations/0020_auto_20151208_1621.py
@ -0,0 +1,18 @@
+# -*- coding: utf-8 -*-
+from __future__ import unicode_literals
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('core', '0019_auto_20151208_1604'),
+    ]
+
+    operations = [
+        migrations.AlterModelOptions(
+            name='user',
+            options={'verbose_name_plural': 'users', 'permissions': (('change_prop_user', "Can change the user's properties (groups, ...)"),), 'verbose_name': 'user'},
+        ),
+    ]
--- a/core/models.py
+++ b/core/models.py
@ -72,6 +72,9 @@ class User(AbstractBaseUser, PermissionsMixin):
    class Meta:
        verbose_name = _('user')
        verbose_name_plural = _('users')
+        permissions = (
+            ("change_prop_user", "Can change the user's properties (groups, ...)"),
+        )

    def get_absolute_url(self):
        """
@ -139,11 +142,14 @@ class User(AbstractBaseUser, PermissionsMixin):
        """
        Determine if the object is owned by the user
        """
-        # TODO: add permission scale validation, to allow some groups other than superuser to manipulate
+        # TODO: add permission (class) scale validation, to allow some groups other than superuser to manipulate
        # all objects of a class if they are in the right group
+        # example: something like user.has_perm("change_"+obj.__class__)
        if not hasattr(obj, "owner_group"):
            return False
-        if self.is_superuser or self.groups.filter(name=obj.owner_group.name).exists():
+        print(str(obj.__class__))
+        print(str(obj.__class__).lower().split('.')[-1])
+        if self.is_superuser or self.groups.filter(name=obj.owner_group.name).exists() or self.has_perm("change_prop_"+str(obj.__class__).lower().split('.')[-1]):
            return True
        return False

@ -158,6 +164,8 @@ class User(AbstractBaseUser, PermissionsMixin):
        for g in obj.edit_group.all():
            if self.groups.filter(name=g.name).exists():
                return True
+        if isinstance(obj, User) and obj == self:
+            return True
        return False

    def can_view(self, obj):
@ -171,8 +179,6 @@ class User(AbstractBaseUser, PermissionsMixin):
        for g in obj.view_group.all():
            if self.groups.filter(name=g.name).exists():
                return True
-        if isinstance(obj, User) and obj == self:
-            return True
        return False

 class LockError(Exception):
@ -212,7 +218,6 @@ class Page(models.Model):
    class Meta:
        unique_together = ('name', 'parent')
        permissions = (
-            #("can_edit", "Can edit the page"),
            ("can_view", "Can view the page"),
        )

--- a/core/templates/core/base.html
+++ b/core/templates/core/base.html
@ -10,12 +10,20 @@
        {% block header %}
        {% if user.is_authenticated %}Hello, {{ user.username }}!{% endif %}
        <ul>
+            {% if not user.is_authenticated %}
            <li><a href="{% url 'core:register' %}">Register</a></li>
            <li><a href="{% url 'core:login' %}">Login</a></li>
+            {% else %}
            <li><a href="{% url 'core:logout' %}">Logout</a></li>
+            {% endif %}
+        </ul>
+        {% if user.is_authenticated %}
+        <ul>
+            <li><a href="{% url 'core:user_profile' user.id %}">Profile</a></li>
            <li><a href="{% url 'core:user_list' %}">Users</a></li>
            <li><a href="{% url 'core:page_list' %}">Pages</a></li>
        </ul>
+        {% endif %}
        {% endblock %}
    </header>

--- a/core/templates/core/user_detail.html
+++ b/core/templates/core/user_detail.html
@ -8,12 +8,18 @@
 <h3>User Profile</h3>
 <p><a href="{% url 'core:user_list' %}">Back to list</a></p>

-{% if user.is_superuser or user.id == profile.id %}
+{{ perms.core }}
 <ul>
-    <li><a href="{% url 'core:user_edit' profile.id %}">Edit</a></li>
-    <li><a href="{% url 'core:user_groups' profile.id %}">Groups</a></li>
-</ul>
+{% if user.id == profile.id %}
+    <li><a href="{% url 'core:user_tools' %}">Tools</a></li>
 {% endif %}
+{% if perms.core.change_user or user.id == profile.id %}
+    <li><a href="{% url 'core:user_edit' profile.id %}">Edit</a></li>
+{% endif %}
+{% if perms.core.change_prop_user %}
+    <li><a href="{% url 'core:user_groups' profile.id %}">Groups</a></li>
+{% endif %}
+</ul>

 <p>
 You're seeing the profile of <strong>{{ profile.get_full_name }}</strong><br/>
--- a/core/templates/core/user_tools.html
+++ b/core/templates/core/user_tools.html
@ -0,0 +1,20 @@
+{% extends "core/base.html" %}
+
+{% block title %}
+    {{ user.get_display_name }}'s tools
+{% endblock %}
+
+{% block content %}
+<h3>User Tools</h3>
+<p><a href="{% url 'core:user_profile' user.id %}">Back to profile</a></p>
+
+<ul>
+{% if perms.core.add_group %}
+    <li><a href="{% url 'core:group_list' %}">Groups</a></li>
+{% endif %}
+</ul>
+
+{% endblock %}
+
+
+
--- a/core/urls.py
+++ b/core/urls.py
@ -3,10 +3,9 @@ from django.conf.urls import url, include
 from core.views import *

 urlpatterns = [
-    #url('^', include('django.contrib.auth.urls')),
-
    url(r'^$', index, name='index'),

+    # Login and co
    url(r'^login/$', login, name='login'),
    url(r'^logout/$', logout, name='logout'),
    url(r'^password_change/$', password_change, name='password_change'),
@ -17,14 +16,18 @@ urlpatterns = [
    url(r'^reset/done/$', password_reset_complete, name='password_reset_complete'),
    url(r'^register$', register, name='register'),

+    # Group handling
    url(r'^group/$', GroupListView.as_view(), name='group_list'),
    url(r'^group/(?P<group_id>[0-9]+)/$', GroupEditView.as_view(), name='group_edit'),

+    # User views
    url(r'^user/$', UserListView.as_view(), name='user_list'),
    url(r'^user/(?P<user_id>[0-9]+)/$', UserView.as_view(), name='user_profile'),
    url(r'^user/(?P<user_id>[0-9]+)/edit$', UserUpdateProfileView.as_view(), name='user_edit'),
    url(r'^user/(?P<user_id>[0-9]+)/groups$', UserUpdateGroupsView.as_view(), name='user_groups'),
+    url(r'^user/tools/$', UserToolsView.as_view(), name='user_tools'),

+    # Page views
    url(r'^page/$', PageListView.as_view(), name='page_list'),
    url(r'^page/(?P<page_name>[a-z0-9/]*)/edit$', PageEditView.as_view(), name='page_edit'),
    url(r'^page/(?P<page_name>[a-z0-9/]*)/prop$', PagePropView.as_view(), name='page_prop'),
--- a/core/views/forms.py
+++ b/core/views/forms.py
@ -27,10 +27,12 @@ class UserGroupsForm(forms.ModelForm):
    required_css_class = 'required'
    class Meta:
        model = User
-        fields = ['groups', 'user_permissions',]
+        fields = ['edit_group', 'view_group', 'groups', 'user_permissions',]
        widgets = {
            'groups': CheckboxSelectMultiple,
            'user_permissions': CheckboxSelectMultiple,
+            'edit_group': CheckboxSelectMultiple,
+            'view_group': CheckboxSelectMultiple,
        }

 class PagePropForm(forms.ModelForm):
--- a/core/views/user.py
+++ b/core/views/user.py
@ -3,7 +3,7 @@ from django.shortcuts import render, redirect, get_object_or_404
 from django.contrib.auth import logout as auth_logout, views
 from django.core.urlresolvers import reverse
 from django.views.generic.edit import UpdateView
-from django.views.generic import ListView, DetailView
+from django.views.generic import ListView, DetailView, TemplateView
 import logging

 from core.views import CanViewMixin, CanEditMixin, CanEditPropMixin
@ -120,3 +120,8 @@ class UserUpdateGroupsView(CanEditPropMixin, UpdateView):
    template_name = "core/user_groups.html"
    form_class = UserGroupsForm

+class UserToolsView(TemplateView):
+    """
+    Displays the logged user's tools
+    """
+    template_name = "core/user_tools.html"