Mathis/allianceauth
1
0
Fork 0
mirror of https://gitlab.com/allianceauth/allianceauth.git synced 2025-07-13 22:40:16 +02:00
Code Issues Packages Projects Releases Wiki Activity

Correct corputils permission handling around API display.

Browse Source 
Now allows users with corp_apis permission to see some APIs when searching, if result is in corp.
Correct type mismatch when determining if user with corp_apis can see member list.
Correctly pull EveWho memberlist in corp mode when API missing from settings.py
Closes #552
This commit is contained in:
Adarnof 2016-10-26 01:02:35 +00:00
parent f9dd03dc0f
commit 4ea7fdeaf2
2 changed files with 34 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
corputils/views.py
View File

@ -59,7 +59,7 @@ def corp_member_view(request, corpid=None, year=datetime.date.today().year, mont
try: try:
user_main = EveCharacter.objects.get( user_main = EveCharacter.objects.get(
character_id=AuthServicesInfo.objects.get_or_create(user=request.user)[0].main_char_id) character_id=AuthServicesInfo.objects.get_or_create(user=request.user)[0].main_char_id)
user_corp_id = int(user_main.corporation_id) user_corp_id = user_main.corporation_id
except (ValueError, EveCharacter.DoesNotExist): except (ValueError, EveCharacter.DoesNotExist):
user_corp_id = settings.CORP_ID user_corp_id = settings.CORP_ID
@ -88,9 +88,7 @@ def corp_member_view(request, corpid=None, year=datetime.date.today().year, mont
corpid = membercorplist[0][0] corpid = membercorplist[0][0]
corp = EveCorporationInfo.objects.get(corporation_id=corpid) corp = EveCorporationInfo.objects.get(corporation_id=corpid)
if request.user.has_perm('auth.alliance_apis') or (request.user.has_perm('auth.corp_apis') and user_corp_id == corpid):
if request.user.has_perm('auth.alliance_apis') or (
request.user.has_perm('auth.corp_apis') and (user_corp_id == corpid)):
logger.debug("Retreiving and sending API-information") logger.debug("Retreiving and sending API-information")
if settings.IS_CORP: if settings.IS_CORP:
@ -201,9 +199,24 @@ def corp_member_view(request, corpid=None, year=datetime.date.today().year, mont
context["this_month"] = start_of_month context["this_month"] = start_of_month
return render(request, 'registered/corputils.html', context=context) return render(request, 'registered/corputils.html', context=context)
else:
logger.warn('User %s (%s) not authorized to view corp stats for corp id %s' % (request.user, user_corp_id, corpid))
return redirect("auth_dashboard") return redirect("auth_dashboard")
def can_see_api(user, character):
if user.has_perm('auth.alliance_apis'):
return True
try:
user_main = EveCharacter.objects.get(
character_id=AuthServicesInfo.objects.get_or_create(user=user)[0].main_char_id)
if user.has_perm('auth.corp_apis') and user_main.corporation_id == character.corporation_id:
return True
except EveCharacter.DoesNotExist:
return False
return False
@login_required @login_required
def corputils_search(request, corpid=settings.CORP_ID): def corputils_search(request, corpid=settings.CORP_ID):
logger.debug("corputils_search called by user %s" % request.user) logger.debug("corputils_search called by user %s" % request.user)
@ -233,14 +246,11 @@ def corputils_search(request, corpid=settings.CORP_ID):
searchstring = form.cleaned_data['search_string'] searchstring = form.cleaned_data['search_string']
logger.debug("Searching for player with character name %s for user %s" % (searchstring, request.user)) logger.debug("Searching for player with character name %s for user %s" % (searchstring, request.user))
member_list = {}
if settings.IS_CORP: if settings.IS_CORP:
try: member_list = EveApiManager.get_corp_membertracking(settings.CORP_API_ID, settings.CORP_API_VCODE)
member_list = EveApiManager.get_corp_membertracking(settings.CORP_API_ID, if not member_list:
settings.CORP_API_VCODE) logger.debug('Unable to fetch members from API. Pulling from EveWho')
except APIError:
logger.debug("Corp API does not have membertracking scope, using EveWho data instead.")
member_list = EveWhoManager.get_corporation_members(corpid)
else:
member_list = EveWhoManager.get_corporation_members(corpid) member_list = EveWhoManager.get_corporation_members(corpid)
SearchResult = namedtuple('SearchResult', SearchResult = namedtuple('SearchResult',
@ -254,8 +264,12 @@ def corputils_search(request, corpid=settings.CORP_ID):
user = char.user user = char.user
mainid = int(AuthServicesInfo.objects.get_or_create(user=user)[0].main_char_id) mainid = int(AuthServicesInfo.objects.get_or_create(user=user)[0].main_char_id)
main = EveCharacter.objects.get(character_id=mainid) main = EveCharacter.objects.get(character_id=mainid)
api_registered = True if can_see_api(request.user, char):
apiinfo = EveApiKeyPair.objects.get(api_id=char.api_id) api_registered = True
apiinfo = EveApiKeyPair.objects.get(api_id=char.api_id)
else:
api_registered = False
apiinfo = None
except EveCharacter.DoesNotExist: except EveCharacter.DoesNotExist:
api_registered = False api_registered = False
char = None char = None
@ -282,4 +296,6 @@ def corputils_search(request, corpid=settings.CORP_ID):
else: else:
logger.debug("Returning empty search form for user %s" % request.user) logger.debug("Returning empty search form for user %s" % request.user)
return redirect("auth_corputils") return redirect("auth_corputils")
else:
logger.warn('User %s not authorized to view corp stats for corp ID %s' % (request.user, corpid))
return redirect("auth_dashboard") return redirect("auth_dashboard")

13
stock/templates/registered/corputilssearchview.html
View File

@ -10,11 +10,9 @@
{% block content %} {% block content %}
<div class="col-lg-12"> <div class="col-lg-12">
{% if perms.auth.corputils %} <h1 class="page-header text-center">{% trans "Member Search Results" %}</h1>
<h1 class="page-header text-center">{% trans "Member Search Results" %} <h2 class="text-center"><a href="{% url 'auth_corputils_corp_view' corp.corporation_id %}">{{ corp.corporation_name }}</a></h2>
</h1> <div class="container-fluid">
<h2 class="text-center"><a href="{% url 'auth_corputils_corp_view' corp.corporation_id %}">{{ corp.corporation_name }}</a></h2>
<div class="container-fluid">
<div class="panel panel-default"> <div class="panel panel-default">
<nav class="navbar navbar-default"> <nav class="navbar navbar-default">
@ -43,7 +41,7 @@
<th class="col-md-2">{% trans "Fleet statistics" %}</th> <th class="col-md-2">{% trans "Fleet statistics" %}</th>
{% else %} {% else %}
<th class="col-md-5">{% trans "Killboard" %}</th> <th class="col-md-5">{% trans "Killboard" %}</th>
{% endif %} {% endif %}
<th class="col-md-2">{% trans "API JackKnife" %}</th> <th class="col-md-2">{% trans "API JackKnife" %}</th>
</tr> </tr>
{% for result in results %} {% for result in results %}
@ -53,7 +51,7 @@
</td> </td>
<td>{{ result.name }}</td> <td>{{ result.name }}</td>
<td> <td>
{% if result.api_registered%} {% if result.api_registered%}
{{ result.main.character_name }} {{ result.main.character_name }}
{% else %} {% else %}
<span class="label label-danger">{% trans "No API registered!" %}</span> <span class="label label-danger">{% trans "No API registered!" %}</span>
@ -91,6 +89,5 @@
</div> </div>
</div> </div>
</div> </div>
{% endif %}
</div> </div>
{% endblock content %} {% endblock content %}