From ed3c53af07433a1cb4c86dbd1959093cdad88112 Mon Sep 17 00:00:00 2001
From: Julian Leucker <leuckerj@gmail.com>
Date: Sun, 20 Mar 2022 22:56:20 +0100
Subject: [PATCH] Use permissions to create personal iCal feeds

---
 .../0040_add_ical_url_global_permission.py      | 17 +++++++++++++++++
 aleksis/core/models.py                          |  1 +
 aleksis/core/rules.py                           |  3 +++
 aleksis/core/views.py                           | 12 ++++++++----
 4 files changed, 29 insertions(+), 4 deletions(-)
 create mode 100644 aleksis/core/migrations/0040_add_ical_url_global_permission.py

diff --git a/aleksis/core/migrations/0040_add_ical_url_global_permission.py b/aleksis/core/migrations/0040_add_ical_url_global_permission.py
new file mode 100644
index 000000000..f3d00404b
--- /dev/null
+++ b/aleksis/core/migrations/0040_add_ical_url_global_permission.py
@@ -0,0 +1,17 @@
+# Generated by Django 3.2.12 on 2022-03-01 09:51
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('core', '0039_personal_ical_url'),
+    ]
+
+    operations = [
+        migrations.AlterModelOptions(
+            name='globalpermissions',
+            options={'default_permissions': (), 'managed': False, 'permissions': (('view_system_status', 'Can view system status'), ('manage_data', 'Can manage data'), ('impersonate', 'Can impersonate'), ('search', 'Can use search'), ('change_site_preferences', 'Can change site preferences'), ('change_person_preferences', 'Can change person preferences'), ('change_group_preferences', 'Can change group preferences'), ('test_pdf', 'Can test PDF generation'), ('invite', 'Can invite persons'), ('use_ical', 'Can create and consume iCal feeds'))},
+        ),
+    ]
diff --git a/aleksis/core/models.py b/aleksis/core/models.py
index 3d2c31fef..4227e76f6 100644
--- a/aleksis/core/models.py
+++ b/aleksis/core/models.py
@@ -1120,6 +1120,7 @@ class GlobalPermissions(GlobalPermissionModel):
             ("change_group_preferences", _("Can change group preferences")),
             ("test_pdf", _("Can test PDF generation")),
             ("invite", _("Can invite persons")),
+            ("use_ical", _("Can create and consume iCal feeds")),
         )
 
 
diff --git a/aleksis/core/rules.py b/aleksis/core/rules.py
index 022fa11a0..b43c43003 100644
--- a/aleksis/core/rules.py
+++ b/aleksis/core/rules.py
@@ -357,3 +357,6 @@ rules.add_perm("core.manage_permissions", manage_person_permissions_predicate)
 
 test_pdf_generation_predicate = has_person & has_global_perm("core.test_pdf")
 rules.add_perm("core.test_pdf_rule", test_pdf_generation_predicate)
+
+use_ical_predicate = has_person & has_global_perm("core.use_ical")
+rules.add_perm("core.use_ical_rule", use_ical_predicate)
diff --git a/aleksis/core/views.py b/aleksis/core/views.py
index 36ef779b8..2175f605f 100644
--- a/aleksis/core/views.py
+++ b/aleksis/core/views.py
@@ -1580,19 +1580,21 @@ class ICalFeedView(DetailView):
             return HttpResponse(status=204)
 
 
-class ICalFeedListView(ListView):
+class ICalFeedListView(PermissionRequiredMixin, ListView):
     model = PersonalICalUrl
     template_name = "core/ical/ical_list.html"
+    permission_required = "core.use_ical_rule"
 
     def get_queryset(self):
         return PersonalICalUrl.objects.filter(person=self.request.user.person)
 
 
-class ICalFeedEditView(AdvancedEditView):
+class ICalFeedEditView(PermissionRequiredMixin, AdvancedEditView):
     model = PersonalICalUrl
     template_name = "core/ical/ical_edit.html"
     success_url = reverse_lazy("ical_feed_list")
     success_message = _("ICal feed updated successfully")
+    permission_required = "core.use_ical_rule"
 
     fields = ["name", "ical_feed"]
 
@@ -1606,21 +1608,23 @@ class ICalFeedEditView(AdvancedEditView):
         return super().form_valid(form)
 
 
-class ICalFeedDeleteView(AdvancedDeleteView):
+class ICalFeedDeleteView(PermissionRequiredMixin, AdvancedDeleteView):
     model = PersonalICalUrl
     template_name = "core/pages/delete.html"
     success_url = reverse_lazy("ical_feed_list")
     success_message = _("ICal feed deleted successfully")
+    permission_required = "core.use_ical_rule"
 
     def get_queryset(self):
         return PersonalICalUrl.objects.filter(person=self.request.user.person)
 
 
-class ICalFeedCreateView(AdvancedCreateView):
+class ICalFeedCreateView(PermissionRequiredMixin, AdvancedCreateView):
     model = PersonalICalUrl
     template_name = "core/ical/ical_create.html"
     success_url = reverse_lazy("ical_feed_list")
     success_message = _("ICal feed created successfully")
+    permission_required = "core.use_ical_rule"
 
     fields = ["name", "ical_feed"]
 
-- 
GitLab