remove control_panel permission, it's implicit by other permissions

2024-12-12 22:42:45 +00:00 · 2024-12-12 22:42:45 +00:00 · e41324a4c6
commit e41324a4c6
parent ddcac55ba1
3 changed files with 36 additions and 7 deletions
--- a/src/c3nav/control/migrations/0016_remove_userpermissions_control_panel.py
+++ b/src/c3nav/control/migrations/0016_remove_userpermissions_control_panel.py
@ -0,0 +1,17 @@
+# Generated by Django 5.0.8 on 2024-12-12 22:40
+
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('control', '0015_userpermissions_view_users_and_more'),
+    ]
+
+    operations = [
+        migrations.RemoveField(
+            model_name='userpermissions',
+            name='control_panel',
+        ),
+    ]
--- a/src/c3nav/control/models.py
+++ b/src/c3nav/control/models.py
@ -9,6 +9,7 @@ from django.utils.functional import cached_property, lazy
 from django.utils.translation import gettext_lazy as _

 from c3nav.mapdata.models import Space
+from c3nav.mapdata.models.access import AccessPermission


 class UserPermissions(models.Model):
@ -25,7 +26,6 @@ class UserPermissions(models.Model):
    base_mapdata_access = models.BooleanField(default=False, verbose_name=_('can always access base map data'))
    manage_map_updates = models.BooleanField(default=False, verbose_name=_('manage map updates'))

-    control_panel = models.BooleanField(default=False, verbose_name=_('can access control panel'))
    view_users = models.BooleanField(default=False, verbose_name=_('view user list in control panel'))
    grant_permissions = models.BooleanField(default=False, verbose_name=_('can grant control permissions'))
    manage_announcements = models.BooleanField(default=False, verbose_name=_('manage announcements'))
@ -54,6 +54,18 @@ class UserPermissions(models.Model):
                if isinstance(field, models.BooleanField):
                    setattr(self, field.name, True)

+    @property
+    def control_panel(self):
+        return (
+            self.view_users
+            or self.grant_permissions
+            or self.manage_announcements
+            or self.grant_all_access
+            or self.grant_unlimited_access
+            or self.grant_space_access
+            or AccessPermission.get_for_user(user=self.user, can_grant=True)
+        )
+
    @staticmethod
    def get_cache_key(pk):
        return 'control:permissions:%d' % pk
--- a/src/c3nav/mapdata/models/access.py
+++ b/src/c3nav/mapdata/models/access.py
@ -310,7 +310,7 @@ class AccessPermission(models.Model):
        return permissions

    @classmethod
-    def get_for_request(cls, request) -> set[int]:
+    def get_for_request(cls, request, can_grant: bool = False) -> set[int]:
        if not request:
            return AccessRestriction.get_all_public()

@ -320,13 +320,13 @@ class AccessPermission(models.Model):
        cache_key = cls.request_access_permission_key(request)
        access_restriction_ids = cache.get(cache_key, None)
        if access_restriction_ids is None or True:
-            permissions = cls.get_for_request_with_expire_date(request)
+            permissions = cls.get_for_request_with_expire_date(request, can_grant=can_grant)

            access_restriction_ids = set(permissions.keys())

            expire_date = min((e for e in permissions.values() if e), default=timezone.now() + timedelta(seconds=120))
            cache.set(cache_key, access_restriction_ids, max(0.0, (expire_date - timezone.now()).total_seconds()))
-        return set(access_restriction_ids) | AccessRestriction.get_all_public()
+        return set(access_restriction_ids) | (set() if can_grant else AccessRestriction.get_all_public())

    @classmethod
    def get_for_user_with_expire_date(cls, user, can_grant=None):
@ -358,7 +358,7 @@ class AccessPermission(models.Model):
        return permissions

    @classmethod
-    def get_for_user(cls, user) -> set[int]:
+    def get_for_user(cls, user, can_grant: bool = False) -> set[int]:
        from c3nav.control.models import UserPermissions
        if not user or not user.is_authenticated:
            return AccessRestriction.get_all_public()
@ -369,13 +369,13 @@ class AccessPermission(models.Model):
        cache_key = cls.build_access_permission_key(user_id=user.pk)
        access_restriction_ids = cache.get(cache_key, None)
        if access_restriction_ids is None or True:
-            permissions = cls.get_for_user_with_expire_date(user)
+            permissions = cls.get_for_user_with_expire_date(user, can_grant=can_grant)

            access_restriction_ids = set(permissions.keys())

            expire_date = min((e for e in permissions.values() if e), default=timezone.now()+timedelta(seconds=120))
            cache.set(cache_key, access_restriction_ids, max(0.0, (expire_date-timezone.now()).total_seconds()))
-        return set(access_restriction_ids) | AccessRestriction.get_all_public()
+        return set(access_restriction_ids) | (set() if can_grant else AccessRestriction.get_all_public())

    @classmethod
    def cache_key_for_request(cls, request, with_update=True):