diff --git a/corputils/managers.py b/corputils/managers.py index 1c73ab60..8da08ac4 100644 --- a/corputils/managers.py +++ b/corputils/managers.py @@ -14,11 +14,11 @@ class CorpStatsQuerySet(models.QuerySet): char = EveCharacter.objects.get(character_id=auth.main_char_id) # build all accepted queries queries = [] - if user.has_perm('corputils.corp_apis'): + if user.has_perm('corputils.view_corp_corpstats'): queries.append(models.Q(corp__corporation_id=char.corporation_id)) - if user.has_perm('corputils.alliance_apis'): + if user.has_perm('corputils.view_alliance_corpstats'): queries.append(models.Q(corp__alliance__alliance_id=char.alliance_id)) - if user.has_perm('corputils.blue_apis'): + if user.has_perm('corputils.view_blue_corpstats'): queries.append(models.Q(corp__is_blue=True)) # filter based on queries diff --git a/corputils/migrations/0001_initial.py b/corputils/migrations/0001_initial.py index e58d8de4..4fa10a4a 100644 --- a/corputils/migrations/0001_initial.py +++ b/corputils/migrations/0001_initial.py @@ -1,5 +1,5 @@ # -*- coding: utf-8 -*- -# Generated by Django 1.10.1 on 2016-12-13 22:24 +# Generated by Django 1.10.1 on 2016-12-14 21:36 from __future__ import unicode_literals from django.db import migrations, models @@ -26,7 +26,7 @@ class Migration(migrations.Migration): ('token', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to='esi.Token')), ], options={ - 'default_permissions': ('add', 'change', 'remove', 'view'), + 'default_permissions': ('add', 'change', 'remove', 'view_corp', 'view_alliance', 'view_blue'), 'verbose_name': 'corp stats', 'verbose_name_plural': 'corp stats', 'permissions': (('corp_apis', 'Can view API keys of members of their corporation.'), ('alliance_apis', 'Can view API keys of members of their alliance.'), ('blue_apis', 'Can view API keys of members of blue corporations.')), diff --git a/corputils/migrations/0002_migrate_permissions.py b/corputils/migrations/0002_migrate_permissions.py new file mode 100644 index 00000000..8c8aa46f --- /dev/null +++ b/corputils/migrations/0002_migrate_permissions.py @@ -0,0 +1,125 @@ +# -*- coding: utf-8 -*- +# Generated by Django 1.10.1 on 2016-12-14 21:48 +from __future__ import unicode_literals + +from django.db import migrations +from django.db.models import Q + +PERMISSIONS = { + 'user': [ + 'corp_apis', + 'alliance_apis', + ], + 'corpstats': { + 'corp_apis': 'Can view API keys of members of their corporation.', + 'alliance_apis': 'Can view API keys of members of their alliance.', + 'blue_apis': 'Can view API keys of members of blue corporations.', + 'view_corp_corpstats': 'Can view_corp corpstats', + 'view_alliance_corpstats': 'Can view_alliance corpstats', + 'view_blue_corpstats': 'Can view_blue corpstats', + } +} + +def user_permissions_dict(apps): + Permission = apps.get_model('auth', 'Permission') + ContentType = apps.get_model('contenttypes', 'ContentType') + User = apps.get_model('auth', 'User') + CorpStats = apps.get_model('corputils', 'CorpStats') + + user_ct = ContentType.objects.get_for_model(User) + corpstats_ct = ContentType.objects.get_for_model(CorpStats) + + return { + 'user': {x: Permission.objects.get_or_create(name=x, codename=x, content_type=user_ct)[0] for x in PERMISSIONS['user']}, + 'corpstats': {x: Permission.objects.get_or_create(codename=x, content_type=corpstats_ct)[0] for x, y in PERMISSIONS['corpstats'].items()}, + } + +def users_with_permission(apps, perm): + User = apps.get_model('auth', 'User') + return User.objects.filter(user_permissions=perm.pk) + +def groups_with_permission(apps, perm): + Group = apps.get_model('auth', 'Group') + return Group.objects.filter(permissions=perm.pk) + +def forward(apps, schema_editor): + perm_dict = user_permissions_dict(apps) + + corp_users = users_with_permission(apps, perm_dict['user']['corp_apis']) + for u in corp_users: + u.user_permissions.add(perm_dict['corpstats']['corp_apis'].pk) + u.user_permissions.add(perm_dict['corpstats']['view_corp_corpstats'].pk) + + alliance_users = users_with_permission(apps, perm_dict['user']['alliance_apis']) + for u in alliance_users: + u.user_permissions.add(perm_dict['corpstats']['alliance_apis'].pk) + u.user_permissions.add(perm_dict['corpstats']['view_alliance_corpstats'].pk) + + corp_groups = groups_with_permission(apps, perm_dict['user']['corp_apis']) + for g in corp_groups: + g.permissions.add(perm_dict['corpstats']['corp_apis'].pk) + g.permissions.add(perm_dict['corpstats']['view_corp_corpstats'].pk) + + alliance_groups = groups_with_permission(apps, perm_dict['user']['alliance_apis']) + for g in alliance_groups: + g.permissions.add(perm_dict['corpstats']['alliance_apis'].pk) + g.permissions.add(perm_dict['corpstats']['view_alliance_corpstats'].pk) + + for name, perm in perm_dict['user'].items(): + perm.delete() + +def reverse(apps, schema_editor): + perm_dict = user_permissions_dict(apps) + + corp_users = users_with_permission(apps, perm_dict['corpstats']['view_corp_corpstats']) + corp_api_users = users_with_permission(apps, perm_dict['corpstats']['corp_apis']) + corp_us = corp_users | corp_api_users + for u in corp_us.distinct(): + u.user_permissions.add(perm_dict['user']['corp_apis'].pk) + for u in corp_users: + u.user_permissions.remove(perm_dict['corpstats']['view_corp_corpstats'].pk) + for u in corp_api_users: + u.user_permissions.remove(perm_dict['corpstats']['corp_apis'].pk) + + + alliance_users = users_with_permission(apps, perm_dict['corpstats']['view_alliance_corpstats']) + alliance_api_users = users_with_permission(apps, perm_dict['corpstats']['alliance_apis']) + alliance_us = alliance_users | alliance_api_users + for u in alliance_us.distinct(): + u.user_permissions.add(perm_dict['user']['alliance_apis'].pk) + for u in alliance_users: + u.user_permissions.remove(perm_dict['corpstats']['view_alliance_corpstats'].pk) + for u in alliance_api_users: + u.user_permissions.remove(perm_dict['corpstats']['alliance_apis'].pk) + + corp_groups = groups_with_permission(apps, perm_dict['corpstats']['view_corp_corpstats']) + corp_api_groups = groups_with_permission(apps, perm_dict['corpstats']['corp_apis']) + corp_gs = corp_groups | corp_api_groups + for g in corp_groups.distinct(): + g.permissions.add(perm_dict['user']['corp_apis'].pk) + for g in corp_groups: + g.permissions.remove(perm_dict['corpstats']['view_corp_corpstats'].pk) + for g in corp_api_groups: + g.permissions.remove(perm_dict['corpstats']['corp_apis'].pk) + + alliance_groups = groups_with_permission(apps, perm_dict['corpstats']['view_alliance_corpstats']) + alliance_api_groups = groups_with_permission(apps, perm_dict['corpstats']['alliance_apis']) + alliance_gs = alliance_groups | alliance_api_groups + for g in alliance_gs.distinct(): + g.permissions.add(perm_dict['user']['alliance_apis'].pk) + for g in alliance_groups: + g.permissions.remove(perm_dict['corpstats']['view_alliance_corpstats'].pk) + for g in alliance_api_groups: + g.permissions.remove(perm_dict['corpstats']['alliance_apis'].pk) + + +class Migration(migrations.Migration): + + dependencies = [ + ('corputils', '0001_initial'), + ('authentication', '0005_delete_perms'), + ] + + operations = [ + migrations.RunPython(forward, reverse), + ] diff --git a/corputils/models.py b/corputils/models.py index 3a29d058..c00089e3 100644 --- a/corputils/models.py +++ b/corputils/models.py @@ -31,7 +31,9 @@ class CorpStats(models.Model): 'add', 'change', 'remove', - 'view', + 'view_corp', + 'view_alliance', + 'view_blue', ) verbose_name = "corp stats" verbose_name_plural = "corp stats" diff --git a/corputils/views.py b/corputils/views.py index b21254ad..922e75d4 100644 --- a/corputils/views.py +++ b/corputils/views.py @@ -1,6 +1,6 @@ from __future__ import unicode_literals from django.conf import settings -from django.contrib.auth.decorators import login_required, permission_required +from django.contrib.auth.decorators import login_required, permission_required, user_passes_test from django.shortcuts import render, redirect, get_object_or_404 from django.contrib import messages from django.core.exceptions import PermissionDenied @@ -23,8 +23,11 @@ def get_page(model_list, page_num): members = p.page(p.num_pages) return members +def access_corpstats_test(user): + return user.has_perm('corputils.view_corp_corpstats') or user.has_perm('corputils.view_alliance_corpstats') or user.has_perm('corputils.view_blue_corpstats') + @login_required -@permission_required('corputils.view_corpstats') +@user_passes_test(access_corpstats_test) @permission_required('corputils.add_corpstats') @token_required(scopes='esi-corporations.read_corporation_membership.v1') def corpstats_add(request, token): @@ -48,7 +51,7 @@ def corpstats_add(request, token): return redirect('corputils:view') @login_required -@permission_required('corputils.view_corpstats') +@user_passes_test(access_corpstats_test) def corpstats_view(request, corp_id=None): corpstats = None show_apis = False @@ -88,7 +91,7 @@ def corpstats_view(request, corp_id=None): return render(request, 'corputils/corpstats.html', context=context) @login_required -@permission_required('corputils.view_corpstats') +@user_passes_test(access_corpstats_test) def corpstats_update(request, corp_id): corp = get_object_or_404(EveCorporationInfo, corporation_id=corp_id) corpstats = get_object_or_404(CorpStats, corp=corp) @@ -99,7 +102,7 @@ def corpstats_update(request, corp_id): return redirect('corputils:view_corp', corp_id=corp.corporation_id) @login_required -@permission_required('corputils.view_corpstats') +@user_passes_test(access_corpstats_test) def corpstats_search(request): results = [] search_string = request.GET.get('search_string', None) diff --git a/stock/templates/public/base.html b/stock/templates/public/base.html index 5b6bb177..2f0d3e5d 100755 --- a/stock/templates/public/base.html +++ b/stock/templates/public/base.html @@ -157,7 +157,7 @@ {% endif %} - {% if perms.corputils.view_corpstats %} + {% if perms.corputils.view_corp_corpstats or perms.corputils.view_alliance_corpstats or perms.corputils.view_blue_corpstats %}
  • {% trans " Corporation Stats" %}