From 2010326ca8f97ca05ebb9ec22b4ae095726dc44c Mon Sep 17 00:00:00 2001
From: Jonathan Weth <git@jonathanweth.de>
Date: Fri, 21 Jul 2023 20:16:36 +0200
Subject: [PATCH] Fix holiday permissions
---
aleksis/core/rules.py | 27 ++++++++++++++++++++++++++-
aleksis/core/schema/holiday.py | 13 +++++++------
2 files changed, 33 insertions(+), 7 deletions(-)
diff --git a/aleksis/core/rules.py b/aleksis/core/rules.py
index ae2f12129..2251a5044 100644
--- a/aleksis/core/rules.py
+++ b/aleksis/core/rules.py
@@ -1,7 +1,7 @@
import rules
from rules import is_superuser
-from .models import AdditionalField, Announcement, Group, GroupType, Person
+from .models import AdditionalField, Announcement, Group, GroupType, Holiday, Person
from .util.predicates import (
has_any_object,
has_global_perm,
@@ -412,3 +412,28 @@ rules.add_perm("core.view_progress_rule", view_progress_predicate)
view_calendar_feed_predicate = has_person
rules.add_perm("core.view_calendar_feed_rule", view_calendar_feed_predicate)
+
+# Holidays
+
+view_holiday_predicate = has_person & (
+ has_global_perm("core.view_holiday") | has_object_perm("core.view_holiday")
+)
+rules.add_perm("core.view_holiday_rule", view_holiday_predicate)
+
+view_holidays_predicate = has_person & (
+ has_global_perm("core.view_holiday") | has_any_object("core.view_holiday", Holiday)
+)
+rules.add_perm("core.view_holidays_rule", view_holidays_predicate)
+
+edit_holiday_predicate = has_person & (
+ has_global_perm("core.change_holiday") | has_object_perm("core.change_holiday")
+)
+rules.add_perm("core.edit_holiday_rule", edit_holiday_predicate)
+
+create_holiday_predicate = has_person & (has_global_perm("core.add_holiday"))
+rules.add_perm("core.create_holiday_rule", create_holiday_predicate)
+
+delete_holiday_predicate = has_person & (
+ has_global_perm("core.delete_holiday") | has_object_perm("core.delete_holiday")
+)
+rules.add_perm("core.delete_holiday_rule", delete_holiday_predicate)
diff --git a/aleksis/core/schema/holiday.py b/aleksis/core/schema/holiday.py
index b742b373e..4ac8e8239 100644
--- a/aleksis/core/schema/holiday.py
+++ b/aleksis/core/schema/holiday.py
@@ -4,6 +4,7 @@ from graphene_django_cud.mutations import (
DjangoBatchPatchMutation,
DjangoCreateMutation,
)
+from guardian.shortcuts import get_objects_for_user
from ..models import Holiday
from .base import (
@@ -28,29 +29,29 @@ class HolidayType(PermissionsTypeMixin, DjangoFilterMixin, DjangoObjectType):
@classmethod
def get_queryset(cls, queryset, info):
- return queryset # FIXME filter this queryset based on permissions
+ return get_objects_for_user(info.context.user, "core.view_holiday", queryset)
class HolidayCreateMutation(DjangoCreateMutation):
class Meta:
model = Holiday
- permissions = ("core.create_holiday",)
+ permissions = ("core.create_holiday_rule",)
only_fields = ("holiday_name", "date_start", "date_end")
class HolidayDeleteMutation(DeleteMutation):
klass = Holiday
- permission_required = "core.delete_holiday"
+ permission_required = "core.delete_holiday_rule"
class HolidayBatchDeleteMutation(PermissionBatchDeleteMixin, DjangoBatchDeleteMutation):
class Meta:
model = Holiday
- permissions = ("core.delete_holiday",)
+ permissions = ("core.delete_holiday_rule",)
class HolidayBatchPatchMutation(PermissionBatchPatchMixin, DjangoBatchPatchMutation):
class Meta:
model = Holiday
- permissions = ("core.change_holiday",)
- only_fields = ("holiday_name", "date_start", "date_end")
+ permissions = ("core.edit_holiday_rule",)
+ only_fields = ("id", "holiday_name", "date_start", "date_end")
--
GitLab