From 61446c9cb53a5d511bb6b14f0332ac829d7c67d9 Mon Sep 17 00:00:00 2001
From: magicfelix <felix@felix-zauberer.de>
Date: Tue, 12 Sep 2023 20:22:39 +0200
Subject: [PATCH] Add permission checking
---
aleksis/apps/kolego/rules.py | 28 +++++++++++++++++++++++++++
aleksis/apps/kolego/schema/absence.py | 24 +++++++++++++++--------
2 files changed, 44 insertions(+), 8 deletions(-)
create mode 100644 aleksis/apps/kolego/rules.py
diff --git a/aleksis/apps/kolego/rules.py b/aleksis/apps/kolego/rules.py
new file mode 100644
index 0000000..223f15b
--- /dev/null
+++ b/aleksis/apps/kolego/rules.py
@@ -0,0 +1,28 @@
+import rules
+
+from aleksis.core.util.predicates import (
+ has_global_perm,
+ has_object_perm,
+ has_person,
+)
+
+
+edit_absence_predicate = has_person & (
+ has_global_perm("kolego.change_absence") | has_object_perm("kolego.change_absence")
+)
+rules.add_perm("kolego.edit_absence_rule", edit_absence_predicate)
+
+delete_absence_predicate = has_person & (
+ has_global_perm("kolego.delete_absence") | has_object_perm("kolego.delete_absence")
+)
+rules.add_perm("kolego.delete_absence_rule", delete_absence_predicate)
+
+edit_absencereason_predicate = has_person & (
+ has_global_perm("kolego.change_absencereason") | has_object_perm("kolego.change_absencereason")
+)
+rules.add_perm("kolego.edit_absencereason_rule", edit_absencereason_predicate)
+
+delete_absencereason_predicate = has_person & (
+ has_global_perm("kolego.delete_absencereason") | has_object_perm("kolego.delete_absencereason")
+)
+rules.add_perm("kolego.delete_absencereason_rule", delete_absencereason_predicate)
diff --git a/aleksis/apps/kolego/schema/absence.py b/aleksis/apps/kolego/schema/absence.py
index cbe583b..7327e56 100644
--- a/aleksis/apps/kolego/schema/absence.py
+++ b/aleksis/apps/kolego/schema/absence.py
@@ -32,6 +32,10 @@ class AbsenceReasonType(PermissionsTypeMixin, DjangoFilterMixin, DjangoObjectTyp
"name": ["icontains", "exact"],
}
+ @classmethod
+ def get_queryset(cls, queryset, info):
+ return get_objects_for_user(info.context.user, "kolego.view_absencereason", queryset)
+
class AbsenceType(PermissionsTypeMixin, DjangoFilterMixin, DjangoObjectType):
class Meta:
@@ -42,13 +46,17 @@ class AbsenceType(PermissionsTypeMixin, DjangoFilterMixin, DjangoObjectType):
"comment": ["icontains", "exact"],
}
+ @classmethod
+ def get_queryset(cls, queryset, info):
+ return get_objects_for_user(info.context.user, "kolego.view_absence", queryset)
+
class AbsenceCreateMutation(DjangoCreateMutation):
class Meta:
model = Absence
fields = ("person", "reason", "comment", "datetime_start", "datetime_end")
optional_fields = ("comment", "reason")
- permissions = ("",) # FIXME
+ permissions = ("kolego.add_absence",) # FIXME
@classmethod
def handle_datetime_start(cls, value, name, info) -> int:
@@ -70,19 +78,19 @@ class AbsenceBatchCreateMutation(DjangoBatchCreateMutation):
class Meta:
model = Absence
fields = ("id", "person", "reason", "comment", "datetime_start", "datetime_end")
- permissions = ("",) # FIXME
+ permissions = ("kolego.add_absence",) # FIXME
class AbsenceDeleteMutation(DeleteMutation):
klass = Absence
- permission_required = "" # FIXME
+ permission_required = "kolego.delete_absence" # FIXME
class AbsenceBatchPatchMutation(PermissionBatchPatchMixin, DjangoBatchPatchMutation):
class Meta:
model = Absence
fields = ("id", "person", "reason", "comment", "datetime_start", "datetime_end")
- permissions = ("",) # FIXME
+ permissions = ("kolego.change_absence",) # FIXME
@classmethod
def handle_datetime_start(cls, value, name, info) -> int:
@@ -105,7 +113,7 @@ class AbsenceReasonCreateMutation(DjangoCreateMutation):
model = AbsenceReason
fields = ("short_name", "name")
optional_fields = ("name",)
- permissions = ("",) # FIXME
+ permissions = ("kolego.create_absencereason",) # FIXME
class AbsenceReasonBatchCreateMutation(DjangoBatchCreateMutation):
@@ -113,16 +121,16 @@ class AbsenceReasonBatchCreateMutation(DjangoBatchCreateMutation):
model = AbsenceReason
fields = ("short_name", "name")
optional_fields = ("name",)
- permissions = ("",) # FIXME
+ permissions = ("kolego.create_absencereason",) # FIXME
class AbsenceReasonDeleteMutation(DeleteMutation):
klass = AbsenceReason
- permission_required = "" # FIXME
+ permission_required = "kolego.delete_absencereason" # FIXME
class AbsenceReasonBatchPatchMutation(PermissionBatchPatchMixin, DjangoBatchPatchMutation):
class Meta:
model = AbsenceReason
fields = ("id", "short_name", "name")
- permissions = ("",) # FIXME
+ permissions = ("kolego.change_absencereason",) # FIXME
--
GitLab