From b31dcb7ac0c78b143a8245b4fee2793e0e9b37c8 Mon Sep 17 00:00:00 2001 From: Adarnof Date: Tue, 5 Jan 2016 23:36:17 +0000 Subject: [PATCH] Permission 'jabber_broadcast_all' to restrict groups - without, can only broadcast to own groups - with, can broadcast to all and every group Updated form to check request user for permission and groups when generating form For #159 --- services/forms.py | 17 ++++++++++++----- services/views.py | 5 +++-- util/__init__.py | 1 + 3 files changed, 16 insertions(+), 7 deletions(-) diff --git a/services/forms.py b/services/forms.py index 0696c939..65277517 100644 --- a/services/forms.py +++ b/services/forms.py @@ -1,13 +1,20 @@ from django import forms from django.contrib.auth.models import Group +from util import check_if_user_has_permission class JabberBroadcastForm(forms.Form): - allchoices = [] - allchoices.append(('all', 'all')) - for group in Group.objects.all(): - allchoices.append((str(group.name), str(group.name))) - group = forms.ChoiceField(choices=allchoices, widget=forms.Select) + def __init__(self, user, *args, **kwargs): + super(JabberBroadcastForm, self).__init__(*args, **kwargs) + allchoices = [] + if check_if_user_has_permission(user, 'jabber_broadcast_all'): + allchoices.append(('all', 'all')) + for g in Group.objects.all(): + allchoices.append((str(g.name), str(g.name))) + else: + for g in user.groups.all(): + allchoices.append((str(g.name), str(g.name))) + self.fields['group'] = forms.ChoiceField(choices=allchoices, widget=forms.Select) message = forms.CharField(widget=forms.Textarea) diff --git a/services/views.py b/services/views.py index 1c0e4b06..6cac1456 100755 --- a/services/views.py +++ b/services/views.py @@ -4,6 +4,7 @@ from django.shortcuts import render_to_response from django.contrib.auth.decorators import login_required from django.contrib.auth.decorators import permission_required from django.contrib.auth.decorators import user_passes_test +from django.contrib.auth.models import Group from eveonline.models import EveCharacter from authentication.models import AuthServicesInfo @@ -90,8 +91,8 @@ def jabber_broadcast_view(request): success = True logger.info("Sent jabber broadcast on behalf of user %s" % request.user) else: - form = JabberBroadcastForm() - logger.debug("Returning blank form to user %s" % request.user) + form = JabberBroadcastForm(request.user) + logger.debug("Generated broadcast form for user %s containing %s groups" % (request.user, len(form.fields['group'].choices))) context = {'form': form, 'success': success} return render_to_response('registered/jabberbroadcast.html', context, context_instance=RequestContext(request)) diff --git a/util/__init__.py b/util/__init__.py index f9205361..1d4a35e1 100755 --- a/util/__init__.py +++ b/util/__init__.py @@ -15,6 +15,7 @@ def bootstrap_permissions(): Permission.objects.get_or_create(codename="member", content_type=ct, name="member") Permission.objects.get_or_create(codename="group_management", content_type=ct, name="group_management") Permission.objects.get_or_create(codename="jabber_broadcast", content_type=ct, name="jabber_broadcast") + Permission.objects.get_or_create(codename="jabber_broadcast_all", content_type=ct, name="jabber_broadcast_all") Permission.objects.get_or_create(codename="human_resources", content_type=ct, name="human_resources") Permission.objects.get_or_create(codename="blue_member", content_type=ct, name="blue_member") Permission.objects.get_or_create(codename="corp_stats", content_type=ct, name="corp_stats")