Add permissions for groups view

8fb38b7a · Jonathan Weth · a74aeeeb · 8fb38b7a · 8fb38b7a · 8fb38b7a
Verified Commit 8fb38b7a authored 4 years ago by Jonathan Weth
--- a/aleksis/core/menus.py
+++ b/aleksis/core/menus.py
@@ -138,7 +138,9 @@ MENUS = {
                    "name": _("Groups"),
                    "url": "groups",
                    "icon": "group",
-                    "validators": ["menu_generator.validators.is_authenticated"],
+                    "validators": [
+                        ("aleksis.core.util.predicates.permission_validator", "core.view_groups")
+                    ],
                },
                {
                    "name": _("Persons and accounts"),

--- a/aleksis/core/rules.py
+++ b/aleksis/core/rules.py
 from rules import add_perm, always_allow

-from aleksis.core.models import Person
+from aleksis.core.models import Person, Group
 from aleksis.core.util.predicates import (
    has_person_predicate,
    has_global_perm,
@@ -30,5 +30,17 @@ change_person_predicate = has_person_predicate & (
 )
 add_perm("core.change_person", change_person_predicate)

+# View groups
+view_groups_predicate = has_person_predicate & (
+    has_global_perm("core.view_group") | has_any_object("core.view_group", Group)
+)
+add_perm("core.view_groups", view_groups_predicate)
+
+# View group
+view_group_predicate = has_person_predicate &(
+    has_global_perm("core.view_group") | has_object_perm("core.view_group")
+)
+add_perm("core.view_group", view_group_predicate)
+
 # People menu (persons + objects)
-add_perm("core.view_people_menu", has_person_predicate & (view_persons_predicate))
+add_perm("core.view_people_menu", has_person_predicate & (view_persons_predicate | view_groups_predicate))
--- a/aleksis/core/views.py
+++ b/aleksis/core/views.py
@@ -96,16 +96,15 @@ def person(request: HttpRequest, id_: Optional[int] = None) -> HttpResponse:
    return render(request, "core/person_full.html", context)


-@login_required
+def get_group_by_pk(request: HttpRequest, id_: int) -> Group:
+    return get_object_or_404(Group, pk=id_)
+
+
+@permission_required("core.view_group", fn=get_group_by_pk)
 def group(request: HttpRequest, id_: int) -> HttpResponse:
    context = {}

-    # Get group and check if it exist
-    try:
-        group = Group.objects.get(pk=id_)
-    except Group.DoesNotExist as e:
-        # Turn not-found object into a 404 error
-        raise Http404 from e
+    group = get_group_by_pk(request, id_)

    context["group"] = group

@@ -131,12 +130,12 @@ def group(request: HttpRequest, id_: int) -> HttpResponse:
    return render(request, "core/group_full.html", context)


-@login_required
+@permission_required("core.view_groups")
 def groups(request: HttpRequest) -> HttpResponse:
    context = {}

    # Get all groups
-    groups = Group.objects.all()
+    groups = get_objects_for_user(request.user, "core.view_group", Group)

    # Build table
    groups_table = GroupsTable(groups)