2025-summer/team-3
12
Fork 0
Code Issues Pull requests Projects Releases Activity

don't show accessrestrictiongroups to select that the user can't grant

Browse source
This commit is contained in:
Laura Klünder 2024-12-16 10:44:48 +00:00
parent 6b494810cc
commit 13cf207ee6
2 changed files with 10 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

7
src/c3nav/control/forms.py
View file

@ -66,9 +66,9 @@ class AccessPermissionForm(Form):
# get access permission groups # get access permission groups
if request: if request:
groups = AccessRestrictionGroup.qs_for_request(request) groups = AccessRestrictionGroup.qs_for_request(request, can_grant=True)
else: else:
groups = AccessRestrictionGroup.qs_for_user(author) groups = AccessRestrictionGroup.qs_for_user(author, can_grant=True)
groups = groups.prefetch_related( groups = groups.prefetch_related(
Prefetch('members', AccessRestriction.objects.only('pk')) Prefetch('members', AccessRestriction.objects.only('pk'))
) )
@ -99,9 +99,6 @@ class AccessPermissionForm(Form):
"all": tuple(('g%d' % pk) for pk in self.group_contents.keys()) + tuple(restrictions_not_in_group), "all": tuple(('g%d' % pk) for pk in self.group_contents.keys()) + tuple(restrictions_not_in_group),
}) })
from pprint import pprint
pprint(self.access_restriction_choices)
# construct choice field for access permissions # construct choice field for access permissions
choices = [('', _('choose permissions…')), # noqa choices = [('', _('choose permissions…')), # noqa
('all', ngettext_lazy('everything possible (%d permission)', ('all', ngettext_lazy('everything possible (%d permission)',

16
src/c3nav/mapdata/models/access.py
View file

@ -68,29 +68,29 @@ class AccessRestrictionGroup(TitledMixin, models.Model):
default_related_name = 'accessrestrictiongroups' default_related_name = 'accessrestrictiongroups'
@classmethod @classmethod
def qs_for_request(cls, request): def qs_for_request(cls, request, can_grant=None):
return cls.objects.filter(cls.q_for_request(request)) return cls.objects.filter(cls.q_for_request(request, can_grant=can_grant))
@classmethod @classmethod
def q_for_request(cls, request): def q_for_request(cls, request, can_grant=None):
if request.user.is_authenticated and request.user.is_superuser: if request.user.is_authenticated and request.user.is_superuser:
return Q() return Q()
all_permissions = AccessRestriction.get_all() all_permissions = AccessRestriction.get_all()
permissions = AccessPermission.get_for_request(request) permissions = AccessPermission.get_for_request(request, can_grant=can_grant)
# now we filter out groups where the user doesn't have a permission for all members # now we filter out groups where the user doesn't have a permission for all members
filter_perms = all_permissions - permissions filter_perms = all_permissions - permissions
return ~Q(members__pk__in=filter_perms) return ~Q(members__pk__in=filter_perms)
@classmethod @classmethod
def qs_for_user(cls, user): def qs_for_user(cls, user, can_grant=None):
return cls.objects.filter(cls.q_for_user(user)) return cls.objects.filter(cls.q_for_user(user, can_grant=can_grant))
@classmethod @classmethod
def q_for_user(cls, user): def q_for_user(cls, user, can_grant=None):
if user.is_authenticated and user.is_superuser: if user.is_authenticated and user.is_superuser:
return Q() return Q()
all_permissions = AccessRestriction.get_all() all_permissions = AccessRestriction.get_all()
permissions = AccessPermission.get_for_user(user) permissions = AccessPermission.get_for_user(user, can_grant=can_grant)
# now we filter out groups where the user doesn't have a permission for all members # now we filter out groups where the user doesn't have a permission for all members
filter_perms = all_permissions - permissions filter_perms = all_permissions - permissions
return ~Q(members__pk__in=filter_perms) return ~Q(members__pk__in=filter_perms)