Implements permission masks

2025-06-28 20:33:00 +02:00 · 2020-03-19 16:12:52 +01:00
parent d083894e9b
commit 95315cdbe2
15 changed files with 133 additions and 78 deletions
--- a/apps/permission/admin.py
+++ b/apps/permission/admin.py
@ -3,7 +3,15 @@

 from django.contrib import admin

-from .models import Permission
+from .models import Permission, PermissionMask
+
+
+@admin.register(PermissionMask)
+class PermissionMaskAdmin(admin.ModelAdmin):
+    """
+    Admin customisation for Permission
+    """
+    list_display = ('rank', 'description')


@admin.register(Permission)
--- a/apps/permission/models.py
+++ b/apps/permission/models.py
@ -50,6 +50,20 @@ class InstancedPermission:
        return self.__repr__()


+class PermissionMask(models.Model):
+    rank = models.PositiveSmallIntegerField(
+        verbose_name=_('rank'),
+    )
+
+    description = models.CharField(
+        max_length=255,
+        verbose_name=_('description'),
+    )
+
+    def __str__(self):
+        return self.description
+
+
 class Permission(models.Model):

    PERMISSION_TYPES = [
@ -85,6 +99,11 @@ class Permission(models.Model):

    type = models.CharField(max_length=15, choices=PERMISSION_TYPES)

+    mask = models.ForeignKey(
+        PermissionMask,
+        on_delete=models.PROTECT,
+    )
+
    field = models.CharField(max_length=255, blank=True)

    description = models.CharField(max_length=255, blank=True)
--- a/apps/permission/signals.py
+++ b/apps/permission/signals.py
@ -2,7 +2,7 @@
 # SPDX-License-Identifier: GPL-3.0-or-later

 from django.core.exceptions import PermissionDenied
-from logs.middlewares import get_current_authenticated_user
+from note_kfet.middlewares import get_current_authenticated_user


 EXCLUDED = [
--- a/apps/permission/templatetags/perms.py
+++ b/apps/permission/templatetags/perms.py
@ -4,7 +4,7 @@
 from django.contrib.contenttypes.models import ContentType
 from django.template.defaultfilters import stringfilter

-from logs.middlewares import get_current_authenticated_user
+from note_kfet.middlewares import get_current_authenticated_user, get_current_session
 from django import template

 from member.backends import PermissionBackend
@ -19,7 +19,7 @@ def not_empty_model_list(model_name):
    user = get_current_authenticated_user()
    if user is None:
        return False
-    elif user.is_superuser:
+    elif user.is_superuser and get_current_session().get("permission_mask", 0) >= 42:
        return True
    spl = model_name.split(".")
    ct = ContentType.objects.get(app_label=spl[0], model=spl[1])
@ -32,7 +32,7 @@ def not_empty_model_change_list(model_name):
    user = get_current_authenticated_user()
    if user is None:
        return False
-    elif user.is_superuser:
+    elif user.is_superuser and get_current_session().get("permission_mask", 0) >= 42:
        return True
    spl = model_name.split(".")
    ct = ContentType.objects.get(app_label=spl[0], model=spl[1])