From c48d81343e71a7194b5e04ad3261d0ec1b90bd84 Mon Sep 17 00:00:00 2001
From: Hangzhi <hangzhi@protonmail.com>
Date: Mon, 20 Apr 2020 19:18:15 +0200
Subject: [PATCH] Replace decorators for dashboard and search with django-rules
 decorators, adding view_dashboard and search rules and additional global
 permission search

---
 aleksis/core/models.py | 1 +
 aleksis/core/rules.py  | 7 +++++++
 aleksis/core/views.py  | 4 ++--
 3 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/aleksis/core/models.py b/aleksis/core/models.py
index 37ba7e4c0..90e710171 100644
--- a/aleksis/core/models.py
+++ b/aleksis/core/models.py
@@ -582,4 +582,5 @@ class GlobalPermissions(ExtensibleModel):
             ("link_persons_accounts", _("Can link persons to accounts")),
             ("manage_data", _("Can manage data")),
             ("impersonate", _("Can impersonate")),
+            ("search", _("Can use search")),
         )
diff --git a/aleksis/core/rules.py b/aleksis/core/rules.py
index 8cadab888..371949baa 100644
--- a/aleksis/core/rules.py
+++ b/aleksis/core/rules.py
@@ -12,6 +12,13 @@ from aleksis.core.util.predicates import (
 
 add_perm("core", always_allow)
 
+# View dashboard
+add_perm("core.view_dashboard", has_person_predicate)
+
+# Use search
+search_predicate = has_person_predicate & has_global_perm("core.search")
+add_perm("core.search", search_predicate)
+
 # View persons
 view_persons_predicate = has_person_predicate & (
     has_global_perm("core.view_person") | has_any_object("core.view_person", Person)
diff --git a/aleksis/core/views.py b/aleksis/core/views.py
index d2721ff88..d566ce328 100644
--- a/aleksis/core/views.py
+++ b/aleksis/core/views.py
@@ -26,7 +26,7 @@ from .tables import GroupsTable, PersonsTable
 from .util import messages
 
 
-@person_required
+@permission_required("core.view_dashboard")
 def index(request: HttpRequest) -> HttpResponse:
     context = {}
 
@@ -347,7 +347,7 @@ def delete_announcement(request: HttpRequest, pk: int) -> HttpResponse:
     return redirect("announcements")
 
 
-@login_required
+@permission_required("core.search")
 def searchbar_snippets(request: HttpRequest) -> HttpResponse:
     query = request.GET.get('q', '')
     limit = int(request.GET.get('limit', '5'))
-- 
GitLab