Mathis/allianceauth
1
0
Fork 0
mirror of https://gitlab.com/allianceauth/allianceauth.git synced 2025-07-13 22:40:16 +02:00
Code Issues Packages Projects Releases Wiki Activity

Correct corputils permission handling around API display.

Browse Source 
Now allows users with corp_apis permission to see some APIs when searching, if result is in corp.
Correct type mismatch when determining if user with corp_apis can see member list.
Correctly pull EveWho memberlist in corp mode when API missing from settings.py
Closes #552
This commit is contained in:
Adarnof 2016-10-26 01:02:35 +00:00
parent f9dd03dc0f
commit 4ea7fdeaf2
2 changed files with 34 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
corputils/views.py
View File

@ -59,7 +59,7 @@ def corp_member_view(request, corpid=None, year=datetime.date.today().year, mont
try:
user_main = EveCharacter.objects.get(
character_id=AuthServicesInfo.objects.get_or_create(user=request.user)[0].main_char_id)
user_corp_id = int(user_main.corporation_id)
user_corp_id = user_main.corporation_id
except (ValueError, EveCharacter.DoesNotExist):
user_corp_id = settings.CORP_ID
@ -88,9 +88,7 @@ def corp_member_view(request, corpid=None, year=datetime.date.today().year, mont
corpid = membercorplist[0][0]
corp = EveCorporationInfo.objects.get(corporation_id=corpid)
if request.user.has_perm('auth.alliance_apis') or (
request.user.has_perm('auth.corp_apis') and (user_corp_id == corpid)):
if request.user.has_perm('auth.alliance_apis') or (request.user.has_perm('auth.corp_apis') and user_corp_id == corpid):
logger.debug("Retreiving and sending API-information")
if settings.IS_CORP:
@ -201,9 +199,24 @@ def corp_member_view(request, corpid=None, year=datetime.date.today().year, mont
context["this_month"] = start_of_month
return render(request, 'registered/corputils.html', context=context)
else:
logger.warn('User %s (%s) not authorized to view corp stats for corp id %s' % (request.user, user_corp_id, corpid))
return redirect("auth_dashboard")
def can_see_api(user, character):
if user.has_perm('auth.alliance_apis'):
return True
try:
user_main = EveCharacter.objects.get(
character_id=AuthServicesInfo.objects.get_or_create(user=user)[0].main_char_id)
if user.has_perm('auth.corp_apis') and user_main.corporation_id == character.corporation_id:
return True
except EveCharacter.DoesNotExist:
return False
return False
@login_required
def corputils_search(request, corpid=settings.CORP_ID):
logger.debug("corputils_search called by user %s" % request.user)
@ -233,14 +246,11 @@ def corputils_search(request, corpid=settings.CORP_ID):
searchstring = form.cleaned_data['search_string']
logger.debug("Searching for player with character name %s for user %s" % (searchstring, request.user))
member_list = {}
if settings.IS_CORP:
try:
member_list = EveApiManager.get_corp_membertracking(settings.CORP_API_ID,
settings.CORP_API_VCODE)
except APIError:
logger.debug("Corp API does not have membertracking scope, using EveWho data instead.")
member_list = EveWhoManager.get_corporation_members(corpid)
else:
member_list = EveApiManager.get_corp_membertracking(settings.CORP_API_ID, settings.CORP_API_VCODE)
if not member_list:
logger.debug('Unable to fetch members from API. Pulling from EveWho')
member_list = EveWhoManager.get_corporation_members(corpid)
SearchResult = namedtuple('SearchResult',
@ -254,8 +264,12 @@ def corputils_search(request, corpid=settings.CORP_ID):
user = char.user
mainid = int(AuthServicesInfo.objects.get_or_create(user=user)[0].main_char_id)
main = EveCharacter.objects.get(character_id=mainid)
api_registered = True
apiinfo = EveApiKeyPair.objects.get(api_id=char.api_id)
if can_see_api(request.user, char):
api_registered = True
apiinfo = EveApiKeyPair.objects.get(api_id=char.api_id)
else:
api_registered = False
apiinfo = None
except EveCharacter.DoesNotExist:
api_registered = False
char = None
@ -282,4 +296,6 @@ def corputils_search(request, corpid=settings.CORP_ID):
else:
logger.debug("Returning empty search form for user %s" % request.user)
return redirect("auth_corputils")
else:
logger.warn('User %s not authorized to view corp stats for corp ID %s' % (request.user, corpid))
return redirect("auth_dashboard")

13
stock/templates/registered/corputilssearchview.html
View File

@ -10,11 +10,9 @@
{% block content %}
<div class="col-lg-12">
{% if perms.auth.corputils %}
<h1 class="page-header text-center">{% trans "Member Search Results" %}
</h1>
<h2 class="text-center"><a href="{% url 'auth_corputils_corp_view' corp.corporation_id %}">{{ corp.corporation_name }}</a></h2>
<div class="container-fluid">
<h1 class="page-header text-center">{% trans "Member Search Results" %}</h1>
<h2 class="text-center"><a href="{% url 'auth_corputils_corp_view' corp.corporation_id %}">{{ corp.corporation_name }}</a></h2>
<div class="container-fluid">
<div class="panel panel-default">
<nav class="navbar navbar-default">
@ -43,7 +41,7 @@
<th class="col-md-2">{% trans "Fleet statistics" %}</th>
{% else %}
<th class="col-md-5">{% trans "Killboard" %}</th>
{% endif %}
{% endif %}
<th class="col-md-2">{% trans "API JackKnife" %}</th>
</tr>
{% for result in results %}
@ -53,7 +51,7 @@
</td>
<td>{{ result.name }}</td>
<td>
{% if result.api_registered%}
{% if result.api_registered%}
{{ result.main.character_name }}
{% else %}
<span class="label label-danger">{% trans "No API registered!" %}</span>
@ -91,6 +89,5 @@
</div>
</div>
</div>
{% endif %}
</div>
{% endblock content %}