added permission for access to source files

src/c3nav/control/migrations/0014_userpermissions_sources_access.py

@@ -0,0 +1,20 @@
+# Generated by Django 5.0.3 on 2024-08-11 20:54
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("control", "0013_userpermissions_nonpublic_themes"),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name="userpermissions",
+            name="sources_access",
+            field=models.BooleanField(
+                default=False, verbose_name="can access sources in editor"
+            ),
+        ),
+    ]

src/c3nav/control/models.py

@@ -21,6 +21,7 @@ class UserPermissions(models.Model):
     direct_edit = models.BooleanField(default=False, verbose_name=_('can activate direct editing'))
     max_changeset_changes = models.PositiveSmallIntegerField(default=10, verbose_name=_('max changes per changeset'))
     editor_access = models.BooleanField(default=False, verbose_name=_('can always access editor'))
+    sources_access = models.BooleanField(default=False, verbose_name=_('can access sources in editor'))
     base_mapdata_access = models.BooleanField(default=False, verbose_name=_('can always access base map data'))
     manage_map_updates = models.BooleanField(default=False, verbose_name=_('manage map updates'))
 

src/c3nav/editor/views/edit.py

@@ -749,7 +749,7 @@ def graph_edit(request, level=None, space=None):
 
 
 def sourceimage(request, filename):
-    if not request.user.is_superuser:
+    if not request.user_permissions.sources_access:
         raise PermissionDenied
 
     if not can_access_editor(request):