From 1573dcf23e898f0e83127069c0dd0afd9fc6414a Mon Sep 17 00:00:00 2001
From: Jonathan Weth <git@jonathanweth.de>
Date: Wed, 14 Jul 2021 12:40:14 +0200
Subject: [PATCH] Use correct permissions in templates
---
aleksis/apps/resint/rules.py | 11 ++++++++---
aleksis/apps/resint/templates/resint/group/list.html | 6 +++---
aleksis/apps/resint/templates/resint/poster/list.html | 2 +-
3 files changed, 12 insertions(+), 7 deletions(-)
diff --git a/aleksis/apps/resint/rules.py b/aleksis/apps/resint/rules.py
index 53d2f7a..2560ef9 100644
--- a/aleksis/apps/resint/rules.py
+++ b/aleksis/apps/resint/rules.py
@@ -25,10 +25,7 @@ def has_poster_group_object_perm(perm: str):
def permission_validator(request: HttpRequest, perm: str, obj) -> bool:
"""Check whether the request user has a permission."""
- print("Am I executed?")
if request.user:
- print("And I", request, request.user, perm, obj)
- print(request.user.has_perm(perm, obj))
return request.user.has_perm(perm, obj)
return False
@@ -81,6 +78,14 @@ upload_poster_predicate = view_posters_predicate & (
) # FIXME FIlter on form
add_perm("resint.upload_poster_rule", upload_poster_predicate)
+# Edit poster
+edit_poster_predicate = view_posters_predicate & (
+ has_global_perm("resint.change_poster")
+ | has_object_perm("resint.change_poster")
+ | has_poster_group_object_perm("resint.change_poster_of_group")
+)
+add_perm("resint.edit_poster_rule", edit_poster_predicate)
+
# Delete poster
delete_poster_predicate = view_posters_predicate & (
has_global_perm("resint.delete_poster")
diff --git a/aleksis/apps/resint/templates/resint/group/list.html b/aleksis/apps/resint/templates/resint/group/list.html
index 33f18e2..f16c75f 100644
--- a/aleksis/apps/resint/templates/resint/group/list.html
+++ b/aleksis/apps/resint/templates/resint/group/list.html
@@ -4,7 +4,7 @@
{% block browser_title %}{% blocktrans %}Poster groups{% endblocktrans %}{% endblock %}
{% block content %}
- {% has_perm "resint.add_postergroup" user as can_add_poster_group %}
+ {% has_perm "resint.add_postergroup_rule" user as can_add_poster_group %}
{% if can_add_poster_group %}
<a class="waves-effect waves-light btn green modal-trigger right" href="{% url "create_poster_group" %}">
<i class="material-icons left">add</i>{% blocktrans %}Create new poster group{% endblocktrans %}
@@ -41,7 +41,7 @@
</a>
</td>
<td>
- {% has_perm "resint.edit_postergroup" user poster_group as can_edit_poster_group %}
+ {% has_perm "resint.edit_postergroup_rule" user poster_group as can_edit_poster_group %}
{% if can_edit_poster_group %}
<a href="{% url 'edit_poster_group' poster_group.id %}"
class="waves-effect waves-light btn-flat orange-text">
@@ -50,7 +50,7 @@
</a>
{% endif %}
- {% has_perm "resint.delete_postergroup" user poster_group as can_delete_poster_group %}
+ {% has_perm "resint.delete_postergroup_rule" user poster_group as can_delete_poster_group %}
{% if can_delete_poster_group %}
<a href="{% url 'delete_poster_group' poster_group.id %}"
class="waves-effect waves-light btn-flat red-text">
diff --git a/aleksis/apps/resint/templates/resint/poster/list.html b/aleksis/apps/resint/templates/resint/poster/list.html
index 38f3bbc..57165a0 100644
--- a/aleksis/apps/resint/templates/resint/poster/list.html
+++ b/aleksis/apps/resint/templates/resint/poster/list.html
@@ -47,7 +47,7 @@
{% endfor %}
</div>
- {% has_perm "resint.upload_poster" user as can_upload_poster %}
+ {% has_perm "resint.upload_poster_rule" user as can_upload_poster %}
{% if can_upload_poster %}
<a class="waves-effect waves-light btn green right" href="{% url "poster_upload" %}">
<i class="material-icons left">add</i>
--
GitLab