add view users permission
This commit is contained in:
Laura Klünder
parent
b32626c6ca
commit
ddcac55ba1
4 changed files with 32 additions and 1 deletions
|
|
@ -0,0 +1,23 @@
|
|||
# Generated by Django 5.0.8 on 2024-12-12 22:28
|
||||
|
||||
from django.db import migrations, models
|
||||
|
||||
|
||||
class Migration(migrations.Migration):
|
||||
|
||||
dependencies = [
|
||||
('control', '0014_userpermissions_sources_access'),
|
||||
]
|
||||
|
||||
operations = [
|
||||
migrations.AddField(
|
||||
model_name='userpermissions',
|
||||
name='view_users',
|
||||
field=models.BooleanField(default=False, verbose_name='view user list in control panel'),
|
||||
),
|
||||
migrations.AlterField(
|
||||
model_name='userpermissions',
|
||||
name='max_changeset_changes',
|
||||
field=models.PositiveSmallIntegerField(default=20, verbose_name='max changes per changeset'),
|
||||
),
|
||||
]
|
||||
|
|
@ -26,6 +26,7 @@ class UserPermissions(models.Model):
|
|||
manage_map_updates = models.BooleanField(default=False, verbose_name=_('manage map updates'))
|
||||
|
||||
control_panel = models.BooleanField(default=False, verbose_name=_('can access control panel'))
|
||||
view_users = models.BooleanField(default=False, verbose_name=_('view user list in control panel'))
|
||||
grant_permissions = models.BooleanField(default=False, verbose_name=_('can grant control permissions'))
|
||||
manage_announcements = models.BooleanField(default=False, verbose_name=_('manage announcements'))
|
||||
grant_all_access = models.BooleanField(default=False, verbose_name=_('can grant access to everything'))
|
||||
|
|
|
|||
|
|
@ -16,7 +16,9 @@
|
|||
<nav>
|
||||
<p>
|
||||
<a href="{% url 'control.index' %}">{% trans 'Overview' %}</a> ·
|
||||
{% if request.user_permissions.view_users %}
|
||||
<a href="{% url 'control.users' %}">{% trans 'Users' %}</a> ·
|
||||
{% endif %}
|
||||
<a href="{% url 'control.access' %}">{% trans 'Access' %}</a> ·
|
||||
{% if request.user_permissions.manage_announcements %}
|
||||
<a href="{% url 'control.announcements' %}">{% trans 'Announcements' %}</a> ·
|
||||
|
|
|
|||
|
|
@ -1,6 +1,7 @@
|
|||
from django.contrib import messages
|
||||
from django.contrib.auth.decorators import login_required
|
||||
from django.contrib.auth.models import User
|
||||
from django.core.exceptions import PermissionDenied
|
||||
from django.db import IntegrityError, transaction
|
||||
from django.db.models import Prefetch
|
||||
from django.shortcuts import get_object_or_404, redirect, render
|
||||
|
|
@ -21,6 +22,7 @@ class UserListView(ControlPanelMixin, ListView):
|
|||
template_name = "control/users.html"
|
||||
ordering = "id"
|
||||
context_object_name = "users"
|
||||
user_permission = "view_users"
|
||||
|
||||
def get_queryset(self):
|
||||
qs = super().get_queryset()
|
||||
|
|
@ -33,6 +35,9 @@ class UserListView(ControlPanelMixin, ListView):
|
|||
@login_required(login_url='site.login')
|
||||
@control_panel_view
|
||||
def user_detail(request, user): # todo: make class based view
|
||||
if not (request.user_permissions.view_users or user == request.user.pk):
|
||||
raise PermissionDenied
|
||||
|
||||
qs = User.objects.select_related(
|
||||
'permissions',
|
||||
).prefetch_related(
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue