Mathis/allianceauth
1
0
Fork 0
mirror of https://gitlab.com/allianceauth/allianceauth.git synced 2025-07-13 14:30:17 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'restrict_group_states' into 'master'

Browse Source 
Restrict groups by state.

See merge request allianceauth/allianceauth!1095
This commit is contained in:
Basraah 2018-10-09 02:06:44 +00:00
commit 5a16c9c495
5 changed files with 57 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
allianceauth/groupmanagement/admin.py
View File

@ -8,8 +8,8 @@ from .models import GroupRequest
class AuthGroupInlineAdmin(admin.StackedInline): class AuthGroupInlineAdmin(admin.StackedInline):
model = AuthGroup model = AuthGroup
filter_horizontal = ('group_leaders',) filter_horizontal = ('group_leaders', 'states',)
fields = ('description', 'group_leaders', 'internal', 'hidden', 'open', 'public') fields = ('description', 'group_leaders', 'states', 'internal', 'hidden', 'open', 'public')
verbose_name_plural = 'Auth Settings' verbose_name_plural = 'Auth Settings'
verbose_name = '' verbose_name = ''

27
allianceauth/groupmanagement/managers.py
View File

@ -1,4 +1,5 @@
from django.contrib.auth.models import Group from django.contrib.auth.models import Group
from django.db.models import Q
class GroupManager: class GroupManager:
@ -6,7 +7,12 @@ class GroupManager:
pass pass
@staticmethod @staticmethod
def get_joinable_groups(): def get_joinable_groups(state):
return Group.objects.select_related('authgroup').exclude(authgroup__internal=True)\
.filter(Q(authgroup__states=state) | Q(authgroup__state=None))
@staticmethod
def get_all_non_internal_groups():
return Group.objects.select_related('authgroup').exclude(authgroup__internal=True) return Group.objects.select_related('authgroup').exclude(authgroup__internal=True)
@staticmethod @staticmethod
@ -14,13 +20,26 @@ class GroupManager:
return Group.objects.select_related('authgroup').filter(authgroup__group_leaders__in=[user]) return Group.objects.select_related('authgroup').filter(authgroup__group_leaders__in=[user])
@staticmethod @staticmethod
def joinable_group(group): def joinable_group(group, state):
""" """
Check if a group is a user joinable group, i.e. Check if a group is a user/state joinable group, i.e.
not an internal group for Corp, Alliance, Members etc not an internal group for Corp, Alliance, Members etc,
or restricted from the user's current state.
:param group: django.contrib.auth.models.Group object :param group: django.contrib.auth.models.Group object
:param state: allianceauth.authentication.State object
:return: bool True if its joinable, False otherwise :return: bool True if its joinable, False otherwise
""" """
if len(group.authgroup.states.all()) != 0 and state not in group.authgroup.states.all():
return False
return not group.authgroup.internal
@staticmethod
def check_internal_group(group):
"""
Check if a group is auditable, i.e not an internal group
:param group: django.contrib.auth.models.Group object
:return: bool True if it is auditable, false otherwise
"""
return not group.authgroup.internal return not group.authgroup.internal
@staticmethod @staticmethod

19
allianceauth/groupmanagement/migrations/0010_authgroup_states.py Normal file
View File

@ -0,0 +1,19 @@
# Generated by Django 2.0.6 on 2018-07-11 00:17
from django.db import migrations, models
class Migration(migrations.Migration):
dependencies = [
('authentication', '0016_ownershiprecord'),
('groupmanagement', '0008_remove_authgroup_permissions'),
]
operations = [
migrations.AddField(
model_name='authgroup',
name='states',
field=models.ManyToManyField(blank=True, help_text='States listed here will have the ability to join this group provided they have the proper permissions.', related_name='valid_states', to='authentication.State'),
),
]

5
allianceauth/groupmanagement/models.py
View File

@ -3,6 +3,7 @@ from django.contrib.auth.models import User
from django.db import models from django.db import models
from django.db.models.signals import post_save from django.db.models.signals import post_save
from django.dispatch import receiver from django.dispatch import receiver
from allianceauth.authentication.models import State
class GroupRequest(models.Model): class GroupRequest(models.Model):
@ -96,6 +97,10 @@ class AuthGroup(models.Model):
"specifically. Use the auth.group_management permission to allow " "specifically. Use the auth.group_management permission to allow "
"a user to manage all groups.") "a user to manage all groups.")
states = models.ManyToManyField(State, related_name='valid_states', blank=True,
help_text="States listed here will have the ability to join this group provided "
"they have the proper permissions.")
description = models.CharField(max_length=512, blank=True, help_text="Description of the group shown to users.") description = models.CharField(max_length=512, blank=True, help_text="Description of the group shown to users.")
def __str__(self): def __str__(self):

15
allianceauth/groupmanagement/views.py
View File

@ -53,7 +53,7 @@ def group_membership(request):
# Get all open and closed groups # Get all open and closed groups
if GroupManager.has_management_permission(request.user): if GroupManager.has_management_permission(request.user):
# Full access # Full access
groups = GroupManager.get_joinable_groups() groups = GroupManager.get_all_non_internal_groups()
else: else:
# Group leader specific # Group leader specific
groups = GroupManager.get_group_leaders_groups(request.user) groups = GroupManager.get_group_leaders_groups(request.user)
@ -100,7 +100,7 @@ def group_membership_list(request, group_id):
# Check its a joinable group i.e. not corp or internal # Check its a joinable group i.e. not corp or internal
# And the user has permission to manage it # And the user has permission to manage it
if not GroupManager.joinable_group(group) or not GroupManager.can_manage_group(request.user, group): if not GroupManager.check_internal_group(group) or not GroupManager.can_manage_group(request.user, group):
logger.warning("User %s attempted to view the membership of group %s but permission was denied" % logger.warning("User %s attempted to view the membership of group %s but permission was denied" %
(request.user, group_id)) (request.user, group_id))
raise PermissionDenied raise PermissionDenied
@ -131,7 +131,7 @@ def group_membership_remove(request, group_id, user_id):
try: try:
# Check its a joinable group i.e. not corp or internal # Check its a joinable group i.e. not corp or internal
# And the user has permission to manage it # And the user has permission to manage it
if not GroupManager.joinable_group(group) or not GroupManager.can_manage_group(request.user, group): if not GroupManager.check_internal_group(group) or not GroupManager.can_manage_group(request.user, group):
logger.warning("User %s attempted to remove a user from group %s but permission was denied" % (request.user, logger.warning("User %s attempted to remove a user from group %s but permission was denied" % (request.user,
group_id)) group_id))
raise PermissionDenied raise PermissionDenied
@ -162,7 +162,7 @@ def group_accept_request(request, group_request_id):
try: try:
group, created = Group.objects.get_or_create(name=group_request.group.name) group, created = Group.objects.get_or_create(name=group_request.group.name)
if not GroupManager.joinable_group(group_request.group) or \ if not GroupManager.joinable_group(group_request.group, group_request.user.profile.state) or \
not GroupManager.can_manage_group(request.user, group_request.group): not GroupManager.can_manage_group(request.user, group_request.group):
raise PermissionDenied raise PermissionDenied
@ -299,7 +299,7 @@ def groups_view(request):
logger.debug("groups_view called by user %s" % request.user) logger.debug("groups_view called by user %s" % request.user)
groups = [] groups = []
group_query = GroupManager.get_joinable_groups() group_query = GroupManager.get_joinable_groups(request.user.profile.state)
if not request.user.has_perm('groupmanagement.request_groups'): if not request.user.has_perm('groupmanagement.request_groups'):
# Filter down to public groups only for non-members # Filter down to public groups only for non-members
@ -321,7 +321,8 @@ def groups_view(request):
def group_request_add(request, group_id): def group_request_add(request, group_id):
logger.debug("group_request_add called by user %s for group id %s" % (request.user, group_id)) logger.debug("group_request_add called by user %s for group id %s" % (request.user, group_id))
group = Group.objects.get(id=group_id) group = Group.objects.get(id=group_id)
if not GroupManager.joinable_group(group): state = request.user.profile.state
if not GroupManager.joinable_group(group, state):
logger.warning("User %s attempted to join group id %s but it is not a joinable group" % logger.warning("User %s attempted to join group id %s but it is not a joinable group" %
(request.user, group_id)) (request.user, group_id))
messages.warning(request, _("You cannot join that group")) messages.warning(request, _("You cannot join that group"))
@ -351,7 +352,7 @@ def group_request_add(request, group_id):
def group_request_leave(request, group_id): def group_request_leave(request, group_id):
logger.debug("group_request_leave called by user %s for group id %s" % (request.user, group_id)) logger.debug("group_request_leave called by user %s for group id %s" % (request.user, group_id))
group = Group.objects.get(id=group_id) group = Group.objects.get(id=group_id)
if not GroupManager.joinable_group(group): if not GroupManager.check_internal_group(group):
logger.warning("User %s attempted to leave group id %s but it is not a joinable group" % logger.warning("User %s attempted to leave group id %s but it is not a joinable group" %
(request.user, group_id)) (request.user, group_id))
messages.warning(request, _("You cannot leave that group")) messages.warning(request, _("You cannot leave that group"))