From 75f59c4c39cb288bd3a5a8db2cdcabe88a51053c Mon Sep 17 00:00:00 2001
From: Tom Teichler <tom.teichler@teckids.org>
Date: Sat, 18 Apr 2020 14:52:51 +0200
Subject: [PATCH] Add permissions for view persons groups

---
 aleksis/core/migrations/0023_add_permissions_person.py | 4 ++--
 aleksis/core/models.py                                 | 1 +
 aleksis/core/rules.py                                  | 6 ++++++
 aleksis/core/templates/core/person_full.html           | 7 +++++--
 4 files changed, 14 insertions(+), 4 deletions(-)

diff --git a/aleksis/core/migrations/0023_add_permissions_person.py b/aleksis/core/migrations/0023_add_permissions_person.py
index 1840faca0..7b4ffb22f 100644
--- a/aleksis/core/migrations/0023_add_permissions_person.py
+++ b/aleksis/core/migrations/0023_add_permissions_person.py
@@ -1,4 +1,4 @@
-# Generated by Django 3.0.5 on 2020-04-18 12:23
+# Generated by Django 3.0.5 on 2020-04-18 12:52
 
 from django.db import migrations
 
@@ -12,6 +12,6 @@ class Migration(migrations.Migration):
     operations = [
         migrations.AlterModelOptions(
             name='person',
-            options={'ordering': ['last_name', 'first_name'], 'permissions': (('view_address', 'Can view address'), ('view_contact_details', 'Can view contact details'), ('view_photo', 'Can view photo')), 'verbose_name': 'Person', 'verbose_name_plural': 'Persons'},
+            options={'ordering': ['last_name', 'first_name'], 'permissions': (('view_address', 'Can view address'), ('view_contact_details', 'Can view contact details'), ('view_photo', 'Can view photo'), ('view_person_groups', 'Can view persons groups')), 'verbose_name': 'Person', 'verbose_name_plural': 'Persons'},
         ),
     ]
diff --git a/aleksis/core/models.py b/aleksis/core/models.py
index 13fc60224..2481fcc29 100644
--- a/aleksis/core/models.py
+++ b/aleksis/core/models.py
@@ -99,6 +99,7 @@ class Person(ExtensibleModel):
             ("view_address", _("Can view address")),
             ("view_contact_details", _("Can view contact details")),
             ("view_photo", _("Can view photo")),
+            ("view_person_groups", _("Can view persons groups")),
         )
 
     icon_ = "person"
diff --git a/aleksis/core/rules.py b/aleksis/core/rules.py
index 64cb05477..dd969838d 100644
--- a/aleksis/core/rules.py
+++ b/aleksis/core/rules.py
@@ -42,6 +42,12 @@ view_photo_predicate = has_person_predicate & (
 )
 add_perm("core.view_photo", view_photo_predicate)
 
+# View persons groups
+view_groups_predicate = has_person_predicate & (
+    has_global_perm("core.view_person_groups") | has_object_perm("core.view_person_groups") | is_person
+)
+add_perm("core.view_person_groups", view_groups_predicate)
+
 # Change person
 change_person_predicate = has_person_predicate & (
     has_global_perm("core.change_person") | has_object_perm("core.change_person")
diff --git a/aleksis/core/templates/core/person_full.html b/aleksis/core/templates/core/person_full.html
index a95efea15..e1f936efb 100644
--- a/aleksis/core/templates/core/person_full.html
+++ b/aleksis/core/templates/core/person_full.html
@@ -87,6 +87,9 @@
     </div>
   </div>
 
-  <h5>{% blocktrans %}Groups{% endblocktrans %}</h5>
-  {% render_table groups_table %}
+  {% has_perm 'core.view_person_groups' user person as can_view_groups %}
+  {% if can_view_groups %}
+    <h5>{% blocktrans %}Groups{% endblocktrans %}</h5>
+    {% render_table groups_table %}
+  {% endif %}
 {% endblock %}
-- 
GitLab