From 897cf68ccc1731372ee3fba6044b6292f7bdc3d3 Mon Sep 17 00:00:00 2001
From: Jenny Danzmayr <mail@evilscientress.de>
Date: Sun, 11 Aug 2024 23:07:22 +0200
Subject: [PATCH] added permission for access to source files

---
 .../0014_userpermissions_sources_access.py    | 20 +++++++++++++++++++
 src/c3nav/control/models.py                   |  1 +
 src/c3nav/editor/views/edit.py                |  2 +-
 3 files changed, 22 insertions(+), 1 deletion(-)
 create mode 100644 src/c3nav/control/migrations/0014_userpermissions_sources_access.py

diff --git a/src/c3nav/control/migrations/0014_userpermissions_sources_access.py b/src/c3nav/control/migrations/0014_userpermissions_sources_access.py
new file mode 100644
index 00000000..c1a65213
--- /dev/null
+++ b/src/c3nav/control/migrations/0014_userpermissions_sources_access.py
@@ -0,0 +1,20 @@
+# Generated by Django 5.0.3 on 2024-08-11 20:54
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("control", "0013_userpermissions_nonpublic_themes"),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name="userpermissions",
+            name="sources_access",
+            field=models.BooleanField(
+                default=False, verbose_name="can access sources in editor"
+            ),
+        ),
+    ]
diff --git a/src/c3nav/control/models.py b/src/c3nav/control/models.py
index 691b69ec..35f9418a 100644
--- a/src/c3nav/control/models.py
+++ b/src/c3nav/control/models.py
@@ -21,6 +21,7 @@ class UserPermissions(models.Model):
     direct_edit = models.BooleanField(default=False, verbose_name=_('can activate direct editing'))
     max_changeset_changes = models.PositiveSmallIntegerField(default=10, verbose_name=_('max changes per changeset'))
     editor_access = models.BooleanField(default=False, verbose_name=_('can always access editor'))
+    sources_access = models.BooleanField(default=False, verbose_name=_('can access sources in editor'))
     base_mapdata_access = models.BooleanField(default=False, verbose_name=_('can always access base map data'))
     manage_map_updates = models.BooleanField(default=False, verbose_name=_('manage map updates'))
 
diff --git a/src/c3nav/editor/views/edit.py b/src/c3nav/editor/views/edit.py
index cb4d3b8c..849ddfb5 100644
--- a/src/c3nav/editor/views/edit.py
+++ b/src/c3nav/editor/views/edit.py
@@ -749,7 +749,7 @@ def graph_edit(request, level=None, space=None):
 
 
 def sourceimage(request, filename):
-    if not request.user.is_superuser:
+    if not request.user_permissions.sources_access:
         raise PermissionDenied
 
     if not can_access_editor(request):