Additional permissions for non-api viewing.

Migration to convert permissions from old users.
2025-07-12 14:00:17 +02:00 · 2016-12-14 20:40:12 -05:00 · 2016-12-14 20:40:12 -05:00 · 4ee10e0c31
commit 4ee10e0c31
parent 5f88e7e1a5
6 changed files with 142 additions and 12 deletions
--- a/corputils/managers.py
+++ b/corputils/managers.py
@ -14,11 +14,11 @@ class CorpStatsQuerySet(models.QuerySet):
            char = EveCharacter.objects.get(character_id=auth.main_char_id)
            # build all accepted queries
            queries = []
-            if user.has_perm('corputils.corp_apis'):
+            if user.has_perm('corputils.view_corp_corpstats'):
                queries.append(models.Q(corp__corporation_id=char.corporation_id))
-            if user.has_perm('corputils.alliance_apis'):
+            if user.has_perm('corputils.view_alliance_corpstats'):
                queries.append(models.Q(corp__alliance__alliance_id=char.alliance_id))
-            if user.has_perm('corputils.blue_apis'):
+            if user.has_perm('corputils.view_blue_corpstats'):
                queries.append(models.Q(corp__is_blue=True))

            # filter based on queries
--- a/corputils/migrations/0001_initial.py
+++ b/corputils/migrations/0001_initial.py
@ -1,5 +1,5 @@
 # -*- coding: utf-8 -*-
-# Generated by Django 1.10.1 on 2016-12-13 22:24
+# Generated by Django 1.10.1 on 2016-12-14 21:36
 from __future__ import unicode_literals

 from django.db import migrations, models
@ -26,7 +26,7 @@ class Migration(migrations.Migration):
                ('token', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to='esi.Token')),
            ],
            options={
-                'default_permissions': ('add', 'change', 'remove', 'view'),
+                'default_permissions': ('add', 'change', 'remove', 'view_corp', 'view_alliance', 'view_blue'),
                'verbose_name': 'corp stats',
                'verbose_name_plural': 'corp stats',
                'permissions': (('corp_apis', 'Can view API keys of members of their corporation.'), ('alliance_apis', 'Can view API keys of members of their alliance.'), ('blue_apis', 'Can view API keys of members of blue corporations.')),
--- a/corputils/migrations/0002_migrate_permissions.py
+++ b/corputils/migrations/0002_migrate_permissions.py
@ -0,0 +1,125 @@
+# -*- coding: utf-8 -*-
+# Generated by Django 1.10.1 on 2016-12-14 21:48
+from __future__ import unicode_literals
+
+from django.db import migrations
+from django.db.models import Q
+
+PERMISSIONS = {
+    'user': [
+        'corp_apis',
+        'alliance_apis',
+    ],
+    'corpstats': {
+        'corp_apis': 'Can view API keys of members of their corporation.',
+        'alliance_apis': 'Can view API keys of members of their alliance.',
+        'blue_apis': 'Can view API keys of members of blue corporations.',
+        'view_corp_corpstats': 'Can view_corp corpstats',
+        'view_alliance_corpstats': 'Can view_alliance corpstats',
+        'view_blue_corpstats': 'Can view_blue corpstats',
+    }
+}
+
+def user_permissions_dict(apps):
+    Permission = apps.get_model('auth', 'Permission')
+    ContentType = apps.get_model('contenttypes', 'ContentType')
+    User = apps.get_model('auth', 'User')
+    CorpStats = apps.get_model('corputils', 'CorpStats')
+
+    user_ct = ContentType.objects.get_for_model(User)
+    corpstats_ct = ContentType.objects.get_for_model(CorpStats)
+
+    return {
+        'user': {x: Permission.objects.get_or_create(name=x, codename=x, content_type=user_ct)[0] for x in PERMISSIONS['user']},
+        'corpstats': {x: Permission.objects.get_or_create(codename=x, content_type=corpstats_ct)[0] for x, y in PERMISSIONS['corpstats'].items()},
+    }
+
+def users_with_permission(apps, perm):
+    User = apps.get_model('auth', 'User')
+    return User.objects.filter(user_permissions=perm.pk)
+
+def groups_with_permission(apps, perm):
+    Group = apps.get_model('auth', 'Group')
+    return Group.objects.filter(permissions=perm.pk)
+
+def forward(apps, schema_editor):
+    perm_dict = user_permissions_dict(apps)
+
+    corp_users = users_with_permission(apps, perm_dict['user']['corp_apis'])
+    for u in corp_users:
+        u.user_permissions.add(perm_dict['corpstats']['corp_apis'].pk)
+        u.user_permissions.add(perm_dict['corpstats']['view_corp_corpstats'].pk)
+
+    alliance_users = users_with_permission(apps, perm_dict['user']['alliance_apis'])
+    for u in alliance_users:
+        u.user_permissions.add(perm_dict['corpstats']['alliance_apis'].pk)
+        u.user_permissions.add(perm_dict['corpstats']['view_alliance_corpstats'].pk)
+
+    corp_groups = groups_with_permission(apps, perm_dict['user']['corp_apis'])
+    for g in corp_groups:
+        g.permissions.add(perm_dict['corpstats']['corp_apis'].pk)
+        g.permissions.add(perm_dict['corpstats']['view_corp_corpstats'].pk)
+
+    alliance_groups = groups_with_permission(apps, perm_dict['user']['alliance_apis'])
+    for g in alliance_groups:
+        g.permissions.add(perm_dict['corpstats']['alliance_apis'].pk)
+        g.permissions.add(perm_dict['corpstats']['view_alliance_corpstats'].pk)
+
+    for name, perm in perm_dict['user'].items():
+        perm.delete()
+    
+def reverse(apps, schema_editor):        
+    perm_dict = user_permissions_dict(apps)
+
+    corp_users = users_with_permission(apps, perm_dict['corpstats']['view_corp_corpstats'])
+    corp_api_users = users_with_permission(apps, perm_dict['corpstats']['corp_apis'])
+    corp_us = corp_users | corp_api_users
+    for u in corp_us.distinct():
+        u.user_permissions.add(perm_dict['user']['corp_apis'].pk)
+    for u in corp_users:
+        u.user_permissions.remove(perm_dict['corpstats']['view_corp_corpstats'].pk)
+    for u in corp_api_users:
+        u.user_permissions.remove(perm_dict['corpstats']['corp_apis'].pk)
+        
+
+    alliance_users = users_with_permission(apps, perm_dict['corpstats']['view_alliance_corpstats'])
+    alliance_api_users = users_with_permission(apps, perm_dict['corpstats']['alliance_apis'])
+    alliance_us = alliance_users | alliance_api_users
+    for u in alliance_us.distinct():
+        u.user_permissions.add(perm_dict['user']['alliance_apis'].pk)
+    for u in alliance_users:
+        u.user_permissions.remove(perm_dict['corpstats']['view_alliance_corpstats'].pk)
+    for u in alliance_api_users:
+        u.user_permissions.remove(perm_dict['corpstats']['alliance_apis'].pk)
+
+    corp_groups = groups_with_permission(apps, perm_dict['corpstats']['view_corp_corpstats'])
+    corp_api_groups = groups_with_permission(apps, perm_dict['corpstats']['corp_apis'])
+    corp_gs = corp_groups | corp_api_groups
+    for g in corp_groups.distinct():
+        g.permissions.add(perm_dict['user']['corp_apis'].pk)
+    for g in corp_groups:
+        g.permissions.remove(perm_dict['corpstats']['view_corp_corpstats'].pk)
+    for g in corp_api_groups:
+        g.permissions.remove(perm_dict['corpstats']['corp_apis'].pk)
+
+    alliance_groups = groups_with_permission(apps, perm_dict['corpstats']['view_alliance_corpstats'])
+    alliance_api_groups = groups_with_permission(apps, perm_dict['corpstats']['alliance_apis'])
+    alliance_gs = alliance_groups | alliance_api_groups
+    for g in alliance_gs.distinct():
+        g.permissions.add(perm_dict['user']['alliance_apis'].pk)
+    for g in alliance_groups:
+        g.permissions.remove(perm_dict['corpstats']['view_alliance_corpstats'].pk)
+    for g in alliance_api_groups:
+        g.permissions.remove(perm_dict['corpstats']['alliance_apis'].pk)
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('corputils', '0001_initial'),
+        ('authentication', '0005_delete_perms'),
+    ]
+
+    operations = [
+        migrations.RunPython(forward, reverse),
+    ]
--- a/corputils/models.py
+++ b/corputils/models.py
@ -31,7 +31,9 @@ class CorpStats(models.Model):
            'add',
            'change',
            'remove',
-            'view',
+            'view_corp',
+            'view_alliance',
+            'view_blue',
        )
        verbose_name = "corp stats"
        verbose_name_plural = "corp stats"
--- a/corputils/views.py
+++ b/corputils/views.py
@ -1,6 +1,6 @@
 from __future__ import unicode_literals
 from django.conf import settings
-from django.contrib.auth.decorators import login_required, permission_required
+from django.contrib.auth.decorators import login_required, permission_required, user_passes_test
 from django.shortcuts import render, redirect, get_object_or_404
 from django.contrib import messages
 from django.core.exceptions import PermissionDenied
@ -23,8 +23,11 @@ def get_page(model_list, page_num):
        members = p.page(p.num_pages)
    return members

+def access_corpstats_test(user):
+    return user.has_perm('corputils.view_corp_corpstats') or user.has_perm('corputils.view_alliance_corpstats') or user.has_perm('corputils.view_blue_corpstats')
+
@login_required
-@permission_required('corputils.view_corpstats')
+@user_passes_test(access_corpstats_test)
@permission_required('corputils.add_corpstats')
@token_required(scopes='esi-corporations.read_corporation_membership.v1')
 def corpstats_add(request, token):
@ -48,7 +51,7 @@ def corpstats_add(request, token):
    return redirect('corputils:view')

@login_required
-@permission_required('corputils.view_corpstats')
+@user_passes_test(access_corpstats_test)
 def corpstats_view(request, corp_id=None):
    corpstats = None
    show_apis = False
@ -88,7 +91,7 @@ def corpstats_view(request, corp_id=None):
    return render(request, 'corputils/corpstats.html', context=context)

@login_required
-@permission_required('corputils.view_corpstats')
+@user_passes_test(access_corpstats_test)
 def corpstats_update(request, corp_id):
    corp = get_object_or_404(EveCorporationInfo, corporation_id=corp_id)
    corpstats = get_object_or_404(CorpStats, corp=corp)
@ -99,7 +102,7 @@ def corpstats_update(request, corp_id):
    return redirect('corputils:view_corp', corp_id=corp.corporation_id)

@login_required
-@permission_required('corputils.view_corpstats')
+@user_passes_test(access_corpstats_test)
 def corpstats_search(request):
    results = []
    search_string = request.GET.get('search_string', None)
--- a/stock/templates/public/base.html
+++ b/stock/templates/public/base.html
@ -157,7 +157,7 @@
                            </li>
                        {% endif %}

-                        {% if perms.corputils.view_corpstats %}
+                        {% if perms.corputils.view_corp_corpstats or perms.corputils.view_alliance_corpstats or perms.corputils.view_blue_corpstats %}
                            <li>
                                <a class="{% navactive request 'corputils:view corputils:search' %}" href="{% url 'corputils:view' %}">
                                    <i class="fa fa-share-alt fa-fw grayiconecolor"></i>{% trans " Corporation Stats" %}