2025-summer/team-3
12
Fork 0
Code Issues Pull requests Projects Releases Activity

respect base_mapdata_access in editor

Browse source
This commit is contained in:
Laura Klünder 2018-11-20 22:54:29 +01:00
parent bb1bb69d00
commit bf761c1a1c
9 changed files with 89 additions and 29 deletions
Download patch file Download diff file Expand all files Collapse all files

14
src/c3nav/control/models.py
View file

@ -39,6 +39,15 @@ class UserPermissions(models.Model):
def get_cache_key(pk):
return 'control:permissions:%d' % pk
@classmethod
def cache_key_for_request(cls):
def __init__(self, *args, **kwargs):
super().__init__(*args, **kwargs)
if self.user_id and self.user.is_superuser:
for field in UserPermissions._meta.get_fields():
if isinstance(field, models.BooleanField):
setattr(self, field.name, True)
@classmethod
def get_for_user(cls, user, force=False) -> 'UserPermissions':
if not user.is_authenticated:
@ -65,5 +74,10 @@ class UserPermissions(models.Model):
cache_key = self.get_cache_key(self.pk)
cache.set(cache_key, self, 900)
@property
def can_access_base_mapdata(self):
return False
return settings.PUBLIC_BASE_MAPDATA or self.base_mapdata_access
get_permissions_for_user_lazy = lazy(UserPermissions.get_for_user, UserPermissions)

7
src/c3nav/editor/api.py
View file

@ -73,7 +73,10 @@ class EditorViewSet(ViewSet):
@api_etag(etag_func=etag_func, cache_parameters={'level': str, 'space': str})
def geometries(self, request, *args, **kwargs):
if not can_access_editor(request):
return PermissionDenied
raise PermissionDenied
if not request.user_permissions.can_access_base_mapdata:
raise PermissionDenied
Level = request.changeset.wrap_model('Level')
Space = request.changeset.wrap_model('Space')
@ -214,7 +217,7 @@ class EditorViewSet(ViewSet):
@api_etag(etag_func=MapUpdate.current_cache_key, cache_parameters={})
def geometrystyles(self, request, *args, **kwargs):
if not can_access_editor(request):
return PermissionDenied
raise PermissionDenied
return Response({
'building': '#aaaaaa',

12
src/c3nav/editor/forms.py
View file

@ -41,10 +41,14 @@ class EditorFormBase(I18nModelFormMixin, ModelForm):
self.fields['space'].widget = HiddenInput()
if 'geometry' in self.fields:
# hide geometry widget
self.fields['geometry'].widget = HiddenInput()
if not creating:
self.initial['geometry'] = json.dumps(mapping(self.instance.geometry), separators=(',', ':'))
if not request.user_permissions.can_access_base_mapdata:
# can't see this geometry in editor
self.fields.pop('geometry')
else:
# hide geometry widget
self.fields['geometry'].widget = HiddenInput()
if not creating:
self.initial['geometry'] = json.dumps(mapping(self.instance.geometry), separators=(',', ':'))
if self._meta.model.__name__ == 'Source' and self.request.user.is_superuser:
Source = self.request.changeset.wrap_model('Source')

2
src/c3nav/editor/templates/editor/fragment_child_models.html
View file

@ -7,7 +7,7 @@
{{ model.title }}
</a>
{% endfor %}
{% if graph_url %}
{% if can_edit_graph and graph_url %}
<a href="{{ graph_url }}" class="list-group-item">
{% trans 'Graph' %}
</a>

2
src/c3nav/editor/templates/editor/index.html
View file

@ -4,7 +4,7 @@
<h3>{% trans 'c3nav map editor' %}</h3>
{% bootstrap_messages %}
{% if can_edit %}
{% if can_create_level %}
<p>
<a class="btn btn-default btn-xs" accesskey="n" href="{% url 'editor.levels.create' %}">
{% trans 'Level' as model_title %}

2
src/c3nav/editor/templates/editor/level.html
View file

@ -32,7 +32,7 @@
{% if level.on_top_of is None %}
<h3>{% trans 'Levels on top' %}</h3>
{% if can_edit %}
{% if can_create_level %}
<p>
<a class="btn btn-default btn-xs" accesskey="n" href="{% url 'editor.levels_on_top.create' on_top_of=level.pk %}">
<i class="glyphicon glyphicon-plus"></i> {% blocktrans %}New {{ model_title }}{% endblocktrans %}

2
src/c3nav/editor/templates/editor/list.html
View file

@ -16,7 +16,7 @@
{% endif %}
</h3>
{% bootstrap_messages %}
{% if can_edit %}
{% if can_create_level %}
<a class="btn btn-default btn-xs" accesskey="n" href="{{ create_url }}">
<i class="glyphicon glyphicon-plus"></i> {% blocktrans %}New {{ model_title }}{% endblocktrans %}
</a>

3
src/c3nav/editor/views/base.py
View file

@ -56,4 +56,5 @@ def etag_func(request, *args, **kwargs):
request.changeset = changeset
return (get_language() + ':' + changeset.raw_cache_key_by_changes + ':' +
AccessPermission.cache_key_for_request(request, with_update=False) + ':' + str(request.user.pk or 0))
AccessPermission.cache_key_for_request(request, with_update=False) + ':' +
str(request.user.pk or 0) + ':' + str(int(request.user_permissions.can_access_base_mapdata)))

74
src/c3nav/editor/views/edit.py
View file

@ -45,7 +45,8 @@ def main_index(request):
Level = request.changeset.wrap_model('Level')
return render(request, 'editor/index.html', {
'levels': Level.objects.filter(Level.q_for_request(request), on_top_of__isnull=True),
'can_edit': request.changeset.can_edit(request),
'can_create_level': (request.user_permissions.can_access_base_mapdata and
request.changeset.can_edit(request)),
'child_models': [
child_model(request, 'LocationGroupCategory'),
child_model(request, 'LocationGroup'),
@ -64,17 +65,25 @@ def level_detail(request, pk):
qs = Level.objects.filter(Level.q_for_request(request))
level = get_object_or_404(qs.select_related('on_top_of').prefetch_related('levels_on_top'), pk=pk)
if request.user_permissions.can_access_base_mapdata:
submodels = ('Building', 'Space', 'Door')
else:
submodels = ('Space', )
return render(request, 'editor/level.html', {
'levels': Level.objects.filter(Level.q_for_request(request), on_top_of__isnull=True),
'level': level,
'level_url': 'editor.levels.detail',
'level_as_pk': True,
'can_edit': request.changeset.can_edit(request),
'can_edit_graph': request.user_permissions.can_access_base_mapdata,
'can_create_level': (request.user_permissions.can_access_base_mapdata and
request.changeset.can_edit(request)),
'child_models': [child_model(request, model_name, kwargs={'level': pk}, parent=level)
for model_name in ('Building', 'Space', 'Door')],
for model_name in submodels],
'levels_on_top': level.levels_on_top.filter(Level.q_for_request(request)).all(),
'geometry_url': '/api/editor/geometries/?level='+str(level.primary_level_pk),
'geometry_url': ('/api/editor/geometries/?level='+str(level.primary_level_pk)
if request.user_permissions.can_access_base_mapdata else None),
})
@ -86,18 +95,24 @@ def space_detail(request, level, pk):
qs = Space.objects.filter(Space.q_for_request(request))
space = get_object_or_404(qs.select_related('level'), level__pk=level, pk=pk)
if request.user_permissions.can_access_base_mapdata:
submodels = ('POI', 'Area', 'Obstacle', 'LineObstacle', 'Stair', 'Ramp', 'Column',
'Hole', 'AltitudeMarker', 'LeaveDescription', 'CrossDescription',
'WifiMeasurement')
else:
submodels = ('POI', 'Area', 'AltitudeMarker', 'LeaveDescription', 'CrossDescription')
return render(request, 'editor/space.html', {
'levels': Level.objects.filter(Level.q_for_request(request), on_top_of__isnull=True),
'level': space.level,
'level_url': 'editor.spaces.list',
'space': space,
'can_edit': request.changeset.can_edit(request),
'can_edit_graph': request.user_permissions.can_access_base_mapdata,
'child_models': [child_model(request, model_name, kwargs={'space': pk}, parent=space)
for model_name in ('POI', 'Area', 'Obstacle', 'LineObstacle', 'Stair', 'Ramp', 'Column',
'Hole', 'AltitudeMarker', 'LeaveDescription', 'CrossDescription',
'WifiMeasurement')],
'geometry_url': '/api/editor/geometries/?space='+pk,
for model_name in submodels],
'geometry_url': ('/api/editor/geometries/?space='+pk
if request.user_permissions.can_access_base_mapdata else None),
})
@ -121,6 +136,9 @@ def edit(request, pk=None, model=None, level=None, space=None, on_top_of=None, e
can_edit = request.changeset.can_edit(request)
if pk is None and not request.user_permissions.can_access_base_mapdata:
raise PermissionDenied
obj = None
if pk is not None:
# Edit existing map item
@ -131,9 +149,13 @@ def edit(request, pk=None, model=None, level=None, space=None, on_top_of=None, e
if level is not None:
kwargs.update({'level__pk': level})
qs = qs.select_related('level')
can_edit = False
elif space is not None:
kwargs.update({'space__pk': space})
qs = qs.select_related('space')
else:
if not request.user_permissions.can_access_base_mapdata:
can_edit = False
obj = get_object_or_404(qs, **kwargs)
elif level is not None:
level = get_object_or_404(Level.objects.filter(Level.q_for_request(request)), pk=level)
@ -144,6 +166,7 @@ def edit(request, pk=None, model=None, level=None, space=None, on_top_of=None, e
pk=on_top_of)
new = obj is None
# noinspection PyProtectedMember
ctx = {
'path': request.path,
@ -169,12 +192,14 @@ def edit(request, pk=None, model=None, level=None, space=None, on_top_of=None, e
})
if not new:
ctx.update({
'geometry_url': '/api/editor/geometries/?level='+str(obj.primary_level_pk),
'geometry_url': ('/api/editor/geometries/?level='+str(obj.primary_level_pk)
if request.user_permissions.can_access_base_mapdata else None),
'on_top_of': obj.on_top_of,
})
elif on_top_of:
ctx.update({
'geometry_url': '/api/editor/geometries/?level=' + str(on_top_of.pk),
'geometry_url': ('/api/editor/geometries/?level=' + str(on_top_of.pk)
if request.user_permissions.can_access_base_mapdata else None),
'on_top_of': on_top_of,
'back_url': reverse('editor.levels.detail', kwargs={'pk': on_top_of.pk}),
})
@ -183,14 +208,16 @@ def edit(request, pk=None, model=None, level=None, space=None, on_top_of=None, e
ctx.update({
'level': obj.level,
'back_url': reverse('editor.spaces.detail', kwargs={'level': obj.level.pk, 'pk': pk}),
'geometry_url': '/api/editor/geometries/?space='+pk,
'geometry_url': ('/api/editor/geometries/?space='+pk
if request.user_permissions.can_access_base_mapdata else None),
'nozoom': True,
})
elif model == Space and new:
ctx.update({
'level': level,
'back_url': reverse('editor.spaces.list', kwargs={'level': level.pk}),
'geometry_url': '/api/editor/geometries/?level='+str(level.primary_level_pk),
'geometry_url': ('/api/editor/geometries/?level='+str(level.primary_level_pk)
if request.user_permissions.can_access_base_mapdata else None),
'nozoom': True,
})
elif hasattr(model, 'level'):
@ -199,7 +226,8 @@ def edit(request, pk=None, model=None, level=None, space=None, on_top_of=None, e
ctx.update({
'level': level,
'back_url': reverse('editor.'+related_name+'.list', kwargs={'level': level.pk}),
'geometry_url': '/api/editor/geometries/?level='+str(level.primary_level_pk),
'geometry_url': ('/api/editor/geometries/?level='+str(level.primary_level_pk)
if request.user_permissions.can_access_base_mapdata else None),
})
elif hasattr(model, 'space'):
if not new:
@ -208,7 +236,8 @@ def edit(request, pk=None, model=None, level=None, space=None, on_top_of=None, e
ctx.update({
'level': space.level,
'back_url': reverse('editor.'+related_name+'.list', kwargs={'space': space.pk}),
'geometry_url': '/api/editor/geometries/?space='+str(space.pk),
'geometry_url': ('/api/editor/geometries/?space='+str(space.pk)
if request.user_permissions.can_access_base_mapdata else None),
})
else:
kwargs = {}
@ -357,6 +386,7 @@ def list_objects(request, model=None, level=None, space=None, explicit_edit=Fals
Space = request.changeset.wrap_model('Space')
can_edit = request.changeset.can_edit(request)
can_create = request.user_permissions.can_access_base_mapdata and can_edit
ctx = {
'path': request.path,
@ -364,7 +394,7 @@ def list_objects(request, model=None, level=None, space=None, explicit_edit=Fals
'model_title': model._meta.verbose_name,
'model_title_plural': model._meta.verbose_name_plural,
'explicit_edit': explicit_edit,
'can_edit': can_edit,
'can_create': can_create,
}
queryset = model.objects.all().order_by('id')
@ -382,7 +412,8 @@ def list_objects(request, model=None, level=None, space=None, explicit_edit=Fals
'levels': Level.objects.filter(Level.q_for_request(request), on_top_of__isnull=True),
'level': level,
'level_url': request.resolver_match.url_name,
'geometry_url': '/api/editor/geometries/?level='+str(level.primary_level_pk),
'geometry_url': ('/api/editor/geometries/?level='+str(level.primary_level_pk)
if request.user_permissions.can_access_base_mapdata else None),
})
elif space is not None:
reverse_kwargs['space'] = space
@ -418,7 +449,8 @@ def list_objects(request, model=None, level=None, space=None, explicit_edit=Fals
'space': space,
'back_url': reverse('editor.spaces.detail', kwargs={'level': space.level.pk, 'pk': space.pk}),
'back_title': _('back to space'),
'geometry_url': '/api/editor/geometries/?space='+str(space.pk),
'geometry_url': ('/api/editor/geometries/?space='+str(space.pk)
if request.user_permissions.can_access_base_mapdata else None),
})
else:
ctx.update({
@ -441,6 +473,9 @@ def list_objects(request, model=None, level=None, space=None, explicit_edit=Fals
def connect_nodes(request, active_node, clicked_node, edge_settings_form):
if not request.user_permissions.can_access_base_mapdata:
raise PermissionDenied
changeset_exceeded = get_changeset_exceeded(request)
graphedge_changes = {}
if changeset_exceeded:
@ -476,6 +511,9 @@ def connect_nodes(request, active_node, clicked_node, edge_settings_form):
@sidebar_view
@etag(etag_func)
def graph_edit(request, level=None, space=None):
if not request.user_permissions.can_access_base_mapdata:
raise PermissionDenied
Level = request.changeset.wrap_model('Level')
Space = request.changeset.wrap_model('Space')
GraphNode = request.changeset.wrap_model('GraphNode')