remove control_panel permission, it's implicit by other permissions
This commit is contained in:
parent
ddcac55ba1
commit
e41324a4c6
3 changed files with 36 additions and 7 deletions
|
@ -0,0 +1,17 @@
|
||||||
|
# Generated by Django 5.0.8 on 2024-12-12 22:40
|
||||||
|
|
||||||
|
from django.db import migrations
|
||||||
|
|
||||||
|
|
||||||
|
class Migration(migrations.Migration):
|
||||||
|
|
||||||
|
dependencies = [
|
||||||
|
('control', '0015_userpermissions_view_users_and_more'),
|
||||||
|
]
|
||||||
|
|
||||||
|
operations = [
|
||||||
|
migrations.RemoveField(
|
||||||
|
model_name='userpermissions',
|
||||||
|
name='control_panel',
|
||||||
|
),
|
||||||
|
]
|
|
@ -9,6 +9,7 @@ from django.utils.functional import cached_property, lazy
|
||||||
from django.utils.translation import gettext_lazy as _
|
from django.utils.translation import gettext_lazy as _
|
||||||
|
|
||||||
from c3nav.mapdata.models import Space
|
from c3nav.mapdata.models import Space
|
||||||
|
from c3nav.mapdata.models.access import AccessPermission
|
||||||
|
|
||||||
|
|
||||||
class UserPermissions(models.Model):
|
class UserPermissions(models.Model):
|
||||||
|
@ -25,7 +26,6 @@ class UserPermissions(models.Model):
|
||||||
base_mapdata_access = models.BooleanField(default=False, verbose_name=_('can always access base map data'))
|
base_mapdata_access = models.BooleanField(default=False, verbose_name=_('can always access base map data'))
|
||||||
manage_map_updates = models.BooleanField(default=False, verbose_name=_('manage map updates'))
|
manage_map_updates = models.BooleanField(default=False, verbose_name=_('manage map updates'))
|
||||||
|
|
||||||
control_panel = models.BooleanField(default=False, verbose_name=_('can access control panel'))
|
|
||||||
view_users = models.BooleanField(default=False, verbose_name=_('view user list in control panel'))
|
view_users = models.BooleanField(default=False, verbose_name=_('view user list in control panel'))
|
||||||
grant_permissions = models.BooleanField(default=False, verbose_name=_('can grant control permissions'))
|
grant_permissions = models.BooleanField(default=False, verbose_name=_('can grant control permissions'))
|
||||||
manage_announcements = models.BooleanField(default=False, verbose_name=_('manage announcements'))
|
manage_announcements = models.BooleanField(default=False, verbose_name=_('manage announcements'))
|
||||||
|
@ -54,6 +54,18 @@ class UserPermissions(models.Model):
|
||||||
if isinstance(field, models.BooleanField):
|
if isinstance(field, models.BooleanField):
|
||||||
setattr(self, field.name, True)
|
setattr(self, field.name, True)
|
||||||
|
|
||||||
|
@property
|
||||||
|
def control_panel(self):
|
||||||
|
return (
|
||||||
|
self.view_users
|
||||||
|
or self.grant_permissions
|
||||||
|
or self.manage_announcements
|
||||||
|
or self.grant_all_access
|
||||||
|
or self.grant_unlimited_access
|
||||||
|
or self.grant_space_access
|
||||||
|
or AccessPermission.get_for_user(user=self.user, can_grant=True)
|
||||||
|
)
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def get_cache_key(pk):
|
def get_cache_key(pk):
|
||||||
return 'control:permissions:%d' % pk
|
return 'control:permissions:%d' % pk
|
||||||
|
|
|
@ -310,7 +310,7 @@ class AccessPermission(models.Model):
|
||||||
return permissions
|
return permissions
|
||||||
|
|
||||||
@classmethod
|
@classmethod
|
||||||
def get_for_request(cls, request) -> set[int]:
|
def get_for_request(cls, request, can_grant: bool = False) -> set[int]:
|
||||||
if not request:
|
if not request:
|
||||||
return AccessRestriction.get_all_public()
|
return AccessRestriction.get_all_public()
|
||||||
|
|
||||||
|
@ -320,13 +320,13 @@ class AccessPermission(models.Model):
|
||||||
cache_key = cls.request_access_permission_key(request)
|
cache_key = cls.request_access_permission_key(request)
|
||||||
access_restriction_ids = cache.get(cache_key, None)
|
access_restriction_ids = cache.get(cache_key, None)
|
||||||
if access_restriction_ids is None or True:
|
if access_restriction_ids is None or True:
|
||||||
permissions = cls.get_for_request_with_expire_date(request)
|
permissions = cls.get_for_request_with_expire_date(request, can_grant=can_grant)
|
||||||
|
|
||||||
access_restriction_ids = set(permissions.keys())
|
access_restriction_ids = set(permissions.keys())
|
||||||
|
|
||||||
expire_date = min((e for e in permissions.values() if e), default=timezone.now() + timedelta(seconds=120))
|
expire_date = min((e for e in permissions.values() if e), default=timezone.now() + timedelta(seconds=120))
|
||||||
cache.set(cache_key, access_restriction_ids, max(0.0, (expire_date - timezone.now()).total_seconds()))
|
cache.set(cache_key, access_restriction_ids, max(0.0, (expire_date - timezone.now()).total_seconds()))
|
||||||
return set(access_restriction_ids) | AccessRestriction.get_all_public()
|
return set(access_restriction_ids) | (set() if can_grant else AccessRestriction.get_all_public())
|
||||||
|
|
||||||
@classmethod
|
@classmethod
|
||||||
def get_for_user_with_expire_date(cls, user, can_grant=None):
|
def get_for_user_with_expire_date(cls, user, can_grant=None):
|
||||||
|
@ -358,7 +358,7 @@ class AccessPermission(models.Model):
|
||||||
return permissions
|
return permissions
|
||||||
|
|
||||||
@classmethod
|
@classmethod
|
||||||
def get_for_user(cls, user) -> set[int]:
|
def get_for_user(cls, user, can_grant: bool = False) -> set[int]:
|
||||||
from c3nav.control.models import UserPermissions
|
from c3nav.control.models import UserPermissions
|
||||||
if not user or not user.is_authenticated:
|
if not user or not user.is_authenticated:
|
||||||
return AccessRestriction.get_all_public()
|
return AccessRestriction.get_all_public()
|
||||||
|
@ -369,13 +369,13 @@ class AccessPermission(models.Model):
|
||||||
cache_key = cls.build_access_permission_key(user_id=user.pk)
|
cache_key = cls.build_access_permission_key(user_id=user.pk)
|
||||||
access_restriction_ids = cache.get(cache_key, None)
|
access_restriction_ids = cache.get(cache_key, None)
|
||||||
if access_restriction_ids is None or True:
|
if access_restriction_ids is None or True:
|
||||||
permissions = cls.get_for_user_with_expire_date(user)
|
permissions = cls.get_for_user_with_expire_date(user, can_grant=can_grant)
|
||||||
|
|
||||||
access_restriction_ids = set(permissions.keys())
|
access_restriction_ids = set(permissions.keys())
|
||||||
|
|
||||||
expire_date = min((e for e in permissions.values() if e), default=timezone.now()+timedelta(seconds=120))
|
expire_date = min((e for e in permissions.values() if e), default=timezone.now()+timedelta(seconds=120))
|
||||||
cache.set(cache_key, access_restriction_ids, max(0.0, (expire_date-timezone.now()).total_seconds()))
|
cache.set(cache_key, access_restriction_ids, max(0.0, (expire_date-timezone.now()).total_seconds()))
|
||||||
return set(access_restriction_ids) | AccessRestriction.get_all_public()
|
return set(access_restriction_ids) | (set() if can_grant else AccessRestriction.get_all_public())
|
||||||
|
|
||||||
@classmethod
|
@classmethod
|
||||||
def cache_key_for_request(cls, request, with_update=True):
|
def cache_key_for_request(cls, request, with_update=True):
|
||||||
|
|
Loading…
Add table
Add a link
Reference in a new issue