mirror of
https://gitlab.com/allianceauth/allianceauth.git
synced 2025-07-13 06:20:16 +02:00
Additional permissions for non-api viewing.
Migration to convert permissions from old users.
This commit is contained in:
parent
5f88e7e1a5
commit
4ee10e0c31
@ -14,11 +14,11 @@ class CorpStatsQuerySet(models.QuerySet):
|
|||||||
char = EveCharacter.objects.get(character_id=auth.main_char_id)
|
char = EveCharacter.objects.get(character_id=auth.main_char_id)
|
||||||
# build all accepted queries
|
# build all accepted queries
|
||||||
queries = []
|
queries = []
|
||||||
if user.has_perm('corputils.corp_apis'):
|
if user.has_perm('corputils.view_corp_corpstats'):
|
||||||
queries.append(models.Q(corp__corporation_id=char.corporation_id))
|
queries.append(models.Q(corp__corporation_id=char.corporation_id))
|
||||||
if user.has_perm('corputils.alliance_apis'):
|
if user.has_perm('corputils.view_alliance_corpstats'):
|
||||||
queries.append(models.Q(corp__alliance__alliance_id=char.alliance_id))
|
queries.append(models.Q(corp__alliance__alliance_id=char.alliance_id))
|
||||||
if user.has_perm('corputils.blue_apis'):
|
if user.has_perm('corputils.view_blue_corpstats'):
|
||||||
queries.append(models.Q(corp__is_blue=True))
|
queries.append(models.Q(corp__is_blue=True))
|
||||||
|
|
||||||
# filter based on queries
|
# filter based on queries
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
# -*- coding: utf-8 -*-
|
# -*- coding: utf-8 -*-
|
||||||
# Generated by Django 1.10.1 on 2016-12-13 22:24
|
# Generated by Django 1.10.1 on 2016-12-14 21:36
|
||||||
from __future__ import unicode_literals
|
from __future__ import unicode_literals
|
||||||
|
|
||||||
from django.db import migrations, models
|
from django.db import migrations, models
|
||||||
@ -26,7 +26,7 @@ class Migration(migrations.Migration):
|
|||||||
('token', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to='esi.Token')),
|
('token', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to='esi.Token')),
|
||||||
],
|
],
|
||||||
options={
|
options={
|
||||||
'default_permissions': ('add', 'change', 'remove', 'view'),
|
'default_permissions': ('add', 'change', 'remove', 'view_corp', 'view_alliance', 'view_blue'),
|
||||||
'verbose_name': 'corp stats',
|
'verbose_name': 'corp stats',
|
||||||
'verbose_name_plural': 'corp stats',
|
'verbose_name_plural': 'corp stats',
|
||||||
'permissions': (('corp_apis', 'Can view API keys of members of their corporation.'), ('alliance_apis', 'Can view API keys of members of their alliance.'), ('blue_apis', 'Can view API keys of members of blue corporations.')),
|
'permissions': (('corp_apis', 'Can view API keys of members of their corporation.'), ('alliance_apis', 'Can view API keys of members of their alliance.'), ('blue_apis', 'Can view API keys of members of blue corporations.')),
|
||||||
|
125
corputils/migrations/0002_migrate_permissions.py
Normal file
125
corputils/migrations/0002_migrate_permissions.py
Normal file
@ -0,0 +1,125 @@
|
|||||||
|
# -*- coding: utf-8 -*-
|
||||||
|
# Generated by Django 1.10.1 on 2016-12-14 21:48
|
||||||
|
from __future__ import unicode_literals
|
||||||
|
|
||||||
|
from django.db import migrations
|
||||||
|
from django.db.models import Q
|
||||||
|
|
||||||
|
PERMISSIONS = {
|
||||||
|
'user': [
|
||||||
|
'corp_apis',
|
||||||
|
'alliance_apis',
|
||||||
|
],
|
||||||
|
'corpstats': {
|
||||||
|
'corp_apis': 'Can view API keys of members of their corporation.',
|
||||||
|
'alliance_apis': 'Can view API keys of members of their alliance.',
|
||||||
|
'blue_apis': 'Can view API keys of members of blue corporations.',
|
||||||
|
'view_corp_corpstats': 'Can view_corp corpstats',
|
||||||
|
'view_alliance_corpstats': 'Can view_alliance corpstats',
|
||||||
|
'view_blue_corpstats': 'Can view_blue corpstats',
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
def user_permissions_dict(apps):
|
||||||
|
Permission = apps.get_model('auth', 'Permission')
|
||||||
|
ContentType = apps.get_model('contenttypes', 'ContentType')
|
||||||
|
User = apps.get_model('auth', 'User')
|
||||||
|
CorpStats = apps.get_model('corputils', 'CorpStats')
|
||||||
|
|
||||||
|
user_ct = ContentType.objects.get_for_model(User)
|
||||||
|
corpstats_ct = ContentType.objects.get_for_model(CorpStats)
|
||||||
|
|
||||||
|
return {
|
||||||
|
'user': {x: Permission.objects.get_or_create(name=x, codename=x, content_type=user_ct)[0] for x in PERMISSIONS['user']},
|
||||||
|
'corpstats': {x: Permission.objects.get_or_create(codename=x, content_type=corpstats_ct)[0] for x, y in PERMISSIONS['corpstats'].items()},
|
||||||
|
}
|
||||||
|
|
||||||
|
def users_with_permission(apps, perm):
|
||||||
|
User = apps.get_model('auth', 'User')
|
||||||
|
return User.objects.filter(user_permissions=perm.pk)
|
||||||
|
|
||||||
|
def groups_with_permission(apps, perm):
|
||||||
|
Group = apps.get_model('auth', 'Group')
|
||||||
|
return Group.objects.filter(permissions=perm.pk)
|
||||||
|
|
||||||
|
def forward(apps, schema_editor):
|
||||||
|
perm_dict = user_permissions_dict(apps)
|
||||||
|
|
||||||
|
corp_users = users_with_permission(apps, perm_dict['user']['corp_apis'])
|
||||||
|
for u in corp_users:
|
||||||
|
u.user_permissions.add(perm_dict['corpstats']['corp_apis'].pk)
|
||||||
|
u.user_permissions.add(perm_dict['corpstats']['view_corp_corpstats'].pk)
|
||||||
|
|
||||||
|
alliance_users = users_with_permission(apps, perm_dict['user']['alliance_apis'])
|
||||||
|
for u in alliance_users:
|
||||||
|
u.user_permissions.add(perm_dict['corpstats']['alliance_apis'].pk)
|
||||||
|
u.user_permissions.add(perm_dict['corpstats']['view_alliance_corpstats'].pk)
|
||||||
|
|
||||||
|
corp_groups = groups_with_permission(apps, perm_dict['user']['corp_apis'])
|
||||||
|
for g in corp_groups:
|
||||||
|
g.permissions.add(perm_dict['corpstats']['corp_apis'].pk)
|
||||||
|
g.permissions.add(perm_dict['corpstats']['view_corp_corpstats'].pk)
|
||||||
|
|
||||||
|
alliance_groups = groups_with_permission(apps, perm_dict['user']['alliance_apis'])
|
||||||
|
for g in alliance_groups:
|
||||||
|
g.permissions.add(perm_dict['corpstats']['alliance_apis'].pk)
|
||||||
|
g.permissions.add(perm_dict['corpstats']['view_alliance_corpstats'].pk)
|
||||||
|
|
||||||
|
for name, perm in perm_dict['user'].items():
|
||||||
|
perm.delete()
|
||||||
|
|
||||||
|
def reverse(apps, schema_editor):
|
||||||
|
perm_dict = user_permissions_dict(apps)
|
||||||
|
|
||||||
|
corp_users = users_with_permission(apps, perm_dict['corpstats']['view_corp_corpstats'])
|
||||||
|
corp_api_users = users_with_permission(apps, perm_dict['corpstats']['corp_apis'])
|
||||||
|
corp_us = corp_users | corp_api_users
|
||||||
|
for u in corp_us.distinct():
|
||||||
|
u.user_permissions.add(perm_dict['user']['corp_apis'].pk)
|
||||||
|
for u in corp_users:
|
||||||
|
u.user_permissions.remove(perm_dict['corpstats']['view_corp_corpstats'].pk)
|
||||||
|
for u in corp_api_users:
|
||||||
|
u.user_permissions.remove(perm_dict['corpstats']['corp_apis'].pk)
|
||||||
|
|
||||||
|
|
||||||
|
alliance_users = users_with_permission(apps, perm_dict['corpstats']['view_alliance_corpstats'])
|
||||||
|
alliance_api_users = users_with_permission(apps, perm_dict['corpstats']['alliance_apis'])
|
||||||
|
alliance_us = alliance_users | alliance_api_users
|
||||||
|
for u in alliance_us.distinct():
|
||||||
|
u.user_permissions.add(perm_dict['user']['alliance_apis'].pk)
|
||||||
|
for u in alliance_users:
|
||||||
|
u.user_permissions.remove(perm_dict['corpstats']['view_alliance_corpstats'].pk)
|
||||||
|
for u in alliance_api_users:
|
||||||
|
u.user_permissions.remove(perm_dict['corpstats']['alliance_apis'].pk)
|
||||||
|
|
||||||
|
corp_groups = groups_with_permission(apps, perm_dict['corpstats']['view_corp_corpstats'])
|
||||||
|
corp_api_groups = groups_with_permission(apps, perm_dict['corpstats']['corp_apis'])
|
||||||
|
corp_gs = corp_groups | corp_api_groups
|
||||||
|
for g in corp_groups.distinct():
|
||||||
|
g.permissions.add(perm_dict['user']['corp_apis'].pk)
|
||||||
|
for g in corp_groups:
|
||||||
|
g.permissions.remove(perm_dict['corpstats']['view_corp_corpstats'].pk)
|
||||||
|
for g in corp_api_groups:
|
||||||
|
g.permissions.remove(perm_dict['corpstats']['corp_apis'].pk)
|
||||||
|
|
||||||
|
alliance_groups = groups_with_permission(apps, perm_dict['corpstats']['view_alliance_corpstats'])
|
||||||
|
alliance_api_groups = groups_with_permission(apps, perm_dict['corpstats']['alliance_apis'])
|
||||||
|
alliance_gs = alliance_groups | alliance_api_groups
|
||||||
|
for g in alliance_gs.distinct():
|
||||||
|
g.permissions.add(perm_dict['user']['alliance_apis'].pk)
|
||||||
|
for g in alliance_groups:
|
||||||
|
g.permissions.remove(perm_dict['corpstats']['view_alliance_corpstats'].pk)
|
||||||
|
for g in alliance_api_groups:
|
||||||
|
g.permissions.remove(perm_dict['corpstats']['alliance_apis'].pk)
|
||||||
|
|
||||||
|
|
||||||
|
class Migration(migrations.Migration):
|
||||||
|
|
||||||
|
dependencies = [
|
||||||
|
('corputils', '0001_initial'),
|
||||||
|
('authentication', '0005_delete_perms'),
|
||||||
|
]
|
||||||
|
|
||||||
|
operations = [
|
||||||
|
migrations.RunPython(forward, reverse),
|
||||||
|
]
|
@ -31,7 +31,9 @@ class CorpStats(models.Model):
|
|||||||
'add',
|
'add',
|
||||||
'change',
|
'change',
|
||||||
'remove',
|
'remove',
|
||||||
'view',
|
'view_corp',
|
||||||
|
'view_alliance',
|
||||||
|
'view_blue',
|
||||||
)
|
)
|
||||||
verbose_name = "corp stats"
|
verbose_name = "corp stats"
|
||||||
verbose_name_plural = "corp stats"
|
verbose_name_plural = "corp stats"
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
from __future__ import unicode_literals
|
from __future__ import unicode_literals
|
||||||
from django.conf import settings
|
from django.conf import settings
|
||||||
from django.contrib.auth.decorators import login_required, permission_required
|
from django.contrib.auth.decorators import login_required, permission_required, user_passes_test
|
||||||
from django.shortcuts import render, redirect, get_object_or_404
|
from django.shortcuts import render, redirect, get_object_or_404
|
||||||
from django.contrib import messages
|
from django.contrib import messages
|
||||||
from django.core.exceptions import PermissionDenied
|
from django.core.exceptions import PermissionDenied
|
||||||
@ -23,8 +23,11 @@ def get_page(model_list, page_num):
|
|||||||
members = p.page(p.num_pages)
|
members = p.page(p.num_pages)
|
||||||
return members
|
return members
|
||||||
|
|
||||||
|
def access_corpstats_test(user):
|
||||||
|
return user.has_perm('corputils.view_corp_corpstats') or user.has_perm('corputils.view_alliance_corpstats') or user.has_perm('corputils.view_blue_corpstats')
|
||||||
|
|
||||||
@login_required
|
@login_required
|
||||||
@permission_required('corputils.view_corpstats')
|
@user_passes_test(access_corpstats_test)
|
||||||
@permission_required('corputils.add_corpstats')
|
@permission_required('corputils.add_corpstats')
|
||||||
@token_required(scopes='esi-corporations.read_corporation_membership.v1')
|
@token_required(scopes='esi-corporations.read_corporation_membership.v1')
|
||||||
def corpstats_add(request, token):
|
def corpstats_add(request, token):
|
||||||
@ -48,7 +51,7 @@ def corpstats_add(request, token):
|
|||||||
return redirect('corputils:view')
|
return redirect('corputils:view')
|
||||||
|
|
||||||
@login_required
|
@login_required
|
||||||
@permission_required('corputils.view_corpstats')
|
@user_passes_test(access_corpstats_test)
|
||||||
def corpstats_view(request, corp_id=None):
|
def corpstats_view(request, corp_id=None):
|
||||||
corpstats = None
|
corpstats = None
|
||||||
show_apis = False
|
show_apis = False
|
||||||
@ -88,7 +91,7 @@ def corpstats_view(request, corp_id=None):
|
|||||||
return render(request, 'corputils/corpstats.html', context=context)
|
return render(request, 'corputils/corpstats.html', context=context)
|
||||||
|
|
||||||
@login_required
|
@login_required
|
||||||
@permission_required('corputils.view_corpstats')
|
@user_passes_test(access_corpstats_test)
|
||||||
def corpstats_update(request, corp_id):
|
def corpstats_update(request, corp_id):
|
||||||
corp = get_object_or_404(EveCorporationInfo, corporation_id=corp_id)
|
corp = get_object_or_404(EveCorporationInfo, corporation_id=corp_id)
|
||||||
corpstats = get_object_or_404(CorpStats, corp=corp)
|
corpstats = get_object_or_404(CorpStats, corp=corp)
|
||||||
@ -99,7 +102,7 @@ def corpstats_update(request, corp_id):
|
|||||||
return redirect('corputils:view_corp', corp_id=corp.corporation_id)
|
return redirect('corputils:view_corp', corp_id=corp.corporation_id)
|
||||||
|
|
||||||
@login_required
|
@login_required
|
||||||
@permission_required('corputils.view_corpstats')
|
@user_passes_test(access_corpstats_test)
|
||||||
def corpstats_search(request):
|
def corpstats_search(request):
|
||||||
results = []
|
results = []
|
||||||
search_string = request.GET.get('search_string', None)
|
search_string = request.GET.get('search_string', None)
|
||||||
|
@ -157,7 +157,7 @@
|
|||||||
</li>
|
</li>
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
{% if perms.corputils.view_corpstats %}
|
{% if perms.corputils.view_corp_corpstats or perms.corputils.view_alliance_corpstats or perms.corputils.view_blue_corpstats %}
|
||||||
<li>
|
<li>
|
||||||
<a class="{% navactive request 'corputils:view corputils:search' %}" href="{% url 'corputils:view' %}">
|
<a class="{% navactive request 'corputils:view corputils:search' %}" href="{% url 'corputils:view' %}">
|
||||||
<i class="fa fa-share-alt fa-fw grayiconecolor"></i>{% trans " Corporation Stats" %}
|
<i class="fa fa-share-alt fa-fw grayiconecolor"></i>{% trans " Corporation Stats" %}
|
||||||
|
Loading…
x
Reference in New Issue
Block a user