diff --git a/aleksis/core/menus.py b/aleksis/core/menus.py
index bc68f034dfe665ea7e0447925075aec5bcc887cb..d518b15e3f8693446dd7a9367e5f86b4083f0af9 100644
--- a/aleksis/core/menus.py
+++ b/aleksis/core/menus.py
@@ -98,7 +98,7 @@ MENUS = {
"validators": [
(
"aleksis.core.util.predicates.permission_validator",
- "core.view_announcements",
+ "core.view_announcements_rule",
),
],
},
@@ -109,7 +109,7 @@ MENUS = {
"validators": [
(
"aleksis.core.util.predicates.permission_validator",
- "core.view_schoolterm",
+ "core.view_schoolterm_rule",
),
],
},
@@ -120,7 +120,7 @@ MENUS = {
"validators": [
(
"aleksis.core.util.predicates.permission_validator",
- "core.view_dashboardwidget",
+ "core.view_dashboardwidget_rule",
),
],
},
@@ -129,7 +129,10 @@ MENUS = {
"url": "data_management",
"icon": "view_list",
"validators": [
- ("aleksis.core.util.predicates.permission_validator", "core.manage_data"),
+ (
+ "aleksis.core.util.predicates.permission_validator",
+ "core.manage_data_rule",
+ ),
],
},
{
@@ -139,7 +142,7 @@ MENUS = {
"validators": [
(
"aleksis.core.util.predicates.permission_validator",
- "core.view_system_status",
+ "core.view_system_status_rule",
),
],
},
@@ -148,7 +151,10 @@ MENUS = {
"url": "impersonate-list",
"icon": "people",
"validators": [
- ("aleksis.core.util.predicates.permission_validator", "core.impersonate"),
+ (
+ "aleksis.core.util.predicates.permission_validator",
+ "core.impersonate_rule",
+ ),
],
},
{
@@ -158,7 +164,7 @@ MENUS = {
"validators": [
(
"aleksis.core.util.predicates.permission_validator",
- "core.change_site_preferences",
+ "core.change_site_preferences_rule",
),
],
},
@@ -181,7 +187,7 @@ MENUS = {
"validators": [
(
"aleksis.core.util.predicates.permission_validator",
- "core.list_oauth_applications",
+ "core.list_oauth_applications_rule",
),
],
},
@@ -193,7 +199,7 @@ MENUS = {
"icon": "people",
"root": True,
"validators": [
- ("aleksis.core.util.predicates.permission_validator", "core.view_people_menu")
+ ("aleksis.core.util.predicates.permission_validator", "core.view_people_menu_rule")
],
"submenu": [
{
@@ -201,7 +207,10 @@ MENUS = {
"url": "persons",
"icon": "person",
"validators": [
- ("aleksis.core.util.predicates.permission_validator", "core.view_persons")
+ (
+ "aleksis.core.util.predicates.permission_validator",
+ "core.view_persons_rule",
+ )
],
},
{
@@ -209,7 +218,10 @@ MENUS = {
"url": "groups",
"icon": "group",
"validators": [
- ("aleksis.core.util.predicates.permission_validator", "core.view_groups")
+ (
+ "aleksis.core.util.predicates.permission_validator",
+ "core.view_groups_rule",
+ )
],
},
{
@@ -219,7 +231,7 @@ MENUS = {
"validators": [
(
"aleksis.core.util.predicates.permission_validator",
- "core.view_grouptypes",
+ "core.view_grouptypes_rule",
)
],
},
@@ -230,7 +242,7 @@ MENUS = {
"validators": [
(
"aleksis.core.util.predicates.permission_validator",
- "core.link_persons_accounts",
+ "core.link_persons_accounts_rule",
)
],
},
@@ -241,7 +253,7 @@ MENUS = {
"validators": [
(
"aleksis.core.util.predicates.permission_validator",
- "core.assign_child_groups_to_groups",
+ "core.assign_child_groups_to_groups_rule",
)
],
},
@@ -252,7 +264,7 @@ MENUS = {
"validators": [
(
"aleksis.core.util.predicates.permission_validator",
- "core.view_additionalfields",
+ "core.view_additionalfields_rule",
)
],
},
@@ -266,7 +278,7 @@ MENUS = {
"validators": [
(
"aleksis.core.util.predicates.permission_validator",
- "core.assign_child_groups_to_groups",
+ "core.assign_child_groups_to_groups_rule",
)
],
},
diff --git a/aleksis/core/rules.py b/aleksis/core/rules.py
index 9c05d1cabdb2b627826516742922c76e0ec13fce..d6b823064b72a0262c85a001f71a1941e42ec705 100644
--- a/aleksis/core/rules.py
+++ b/aleksis/core/rules.py
@@ -17,32 +17,32 @@ rules.add_perm("core", rules.always_allow)
# View dashboard
view_dashboard_predicate = is_site_preference_set("general", "anonymous_dashboard") | has_person
-rules.add_perm("core.view_dashboard", view_dashboard_predicate)
+rules.add_perm("core.view_dashboard_rule", view_dashboard_predicate)
# View notifications
-rules.add_perm("core.view_notifications", has_person)
+rules.add_perm("core.view_notifications_rule", has_person)
# Use search
search_predicate = has_person & has_global_perm("core.search")
-rules.add_perm("core.search", search_predicate)
+rules.add_perm("core.search_rule", search_predicate)
# View persons
view_persons_predicate = has_person & (
- has_global_perm("core.view_person") | has_any_object("core.view_person", Person)
+ has_global_perm("core.view_person") | has_any_object("core.view_person_rule", Person)
)
-rules.add_perm("core.view_persons", view_persons_predicate)
+rules.add_perm("core.view_persons_rule", view_persons_predicate)
# View person
view_person_predicate = has_person & (
has_global_perm("core.view_person") | has_object_perm("core.view_person") | is_current_person
)
-rules.add_perm("core.view_person", view_person_predicate)
+rules.add_perm("core.view_person_rule", view_person_predicate)
# View person address
view_address_predicate = has_person & (
has_global_perm("core.view_address") | has_object_perm("core.view_address") | is_current_person
)
-rules.add_perm("core.view_address", view_address_predicate)
+rules.add_perm("core.view_address_rule", view_address_predicate)
# View person contact details
view_contact_details_predicate = has_person & (
@@ -50,13 +50,13 @@ view_contact_details_predicate = has_person & (
| has_object_perm("core.view_contact_details")
| is_current_person
)
-rules.add_perm("core.view_contact_details", view_contact_details_predicate)
+rules.add_perm("core.view_contact_details_rule", view_contact_details_predicate)
# View person photo
view_photo_predicate = has_person & (
has_global_perm("core.view_photo") | has_object_perm("core.view_photo") | is_current_person
)
-rules.add_perm("core.view_photo", view_photo_predicate)
+rules.add_perm("core.view_photo_rule", view_photo_predicate)
# View persons groups
view_groups_predicate = has_person & (
@@ -64,7 +64,7 @@ view_groups_predicate = has_person & (
| has_object_perm("core.view_person_groups")
| is_current_person
)
-rules.add_perm("core.view_person_groups", view_groups_predicate)
+rules.add_perm("core.view_person_groups_rule", view_groups_predicate)
# Edit person
edit_person_predicate = has_person & (
@@ -72,91 +72,91 @@ edit_person_predicate = has_person & (
| has_object_perm("core.change_person")
| is_current_person & is_site_preference_set("account", "editable_fields_person")
)
-rules.add_perm("core.edit_person", edit_person_predicate)
+rules.add_perm("core.edit_person_rule", edit_person_predicate)
# Delete person
delete_person_predicate = has_person & (
has_global_perm("core.delete_person") | has_object_perm("core.delete_person")
)
-rules.add_perm("core.delete_person", delete_person_predicate)
+rules.add_perm("core.delete_person_rule", delete_person_predicate)
# Link persons with accounts
link_persons_accounts_predicate = has_person & has_global_perm("core.link_persons_accounts")
-rules.add_perm("core.link_persons_accounts", link_persons_accounts_predicate)
+rules.add_perm("core.link_persons_accounts_rule", link_persons_accounts_predicate)
# View groups
view_groups_predicate = has_person & (
has_global_perm("core.view_group") | has_any_object("core.view_group", Group)
)
-rules.add_perm("core.view_groups", view_groups_predicate)
+rules.add_perm("core.view_groups_rule", view_groups_predicate)
# View group
view_group_predicate = has_person & (
has_global_perm("core.view_group") | has_object_perm("core.view_group")
)
-rules.add_perm("core.view_group", view_group_predicate)
+rules.add_perm("core.view_group_rule", view_group_predicate)
# Edit group
edit_group_predicate = has_person & (
has_global_perm("core.change_group") | has_object_perm("core.change_group")
)
-rules.add_perm("core.edit_group", edit_group_predicate)
+rules.add_perm("core.edit_group_rule", edit_group_predicate)
# Delete group
delete_group_predicate = has_person & (
has_global_perm("core.delete_group") | has_object_perm("core.delete_group")
)
-rules.add_perm("core.delete_group", delete_group_predicate)
+rules.add_perm("core.delete_group_rule", delete_group_predicate)
# Assign child groups to groups
assign_child_groups_to_groups_predicate = has_person & has_global_perm(
"core.assign_child_groups_to_groups"
)
-rules.add_perm("core.assign_child_groups_to_groups", assign_child_groups_to_groups_predicate)
+rules.add_perm("core.assign_child_groups_to_groups_rule", assign_child_groups_to_groups_predicate)
# Edit school information
edit_school_information_predicate = has_person & has_global_perm("core.change_school")
-rules.add_perm("core.edit_school_information", edit_school_information_predicate)
+rules.add_perm("core.edit_school_information_rule", edit_school_information_predicate)
# Manage data
manage_data_predicate = has_person & has_global_perm("core.manage_data")
-rules.add_perm("core.manage_data", manage_data_predicate)
+rules.add_perm("core.manage_data_rule", manage_data_predicate)
# Mark notification as read
mark_notification_as_read_predicate = has_person & is_notification_recipient
-rules.add_perm("core.mark_notification_as_read", mark_notification_as_read_predicate)
+rules.add_perm("core.mark_notification_as_read_rule", mark_notification_as_read_predicate)
# View announcements
view_announcements_predicate = has_person & (
has_global_perm("core.view_announcement")
| has_any_object("core.view_announcement", Announcement)
)
-rules.add_perm("core.view_announcements", view_announcements_predicate)
+rules.add_perm("core.view_announcements_rule", view_announcements_predicate)
# Create or edit announcement
create_or_edit_announcement_predicate = has_person & (
has_global_perm("core.add_announcement")
& (has_global_perm("core.change_announcement") | has_object_perm("core.change_announcement"))
)
-rules.add_perm("core.create_or_edit_announcement", create_or_edit_announcement_predicate)
+rules.add_perm("core.create_or_edit_announcement_rule", create_or_edit_announcement_predicate)
# Delete announcement
delete_announcement_predicate = has_person & (
has_global_perm("core.delete_announcement") | has_object_perm("core.delete_announcement")
)
-rules.add_perm("core.delete_announcement", delete_announcement_predicate)
+rules.add_perm("core.delete_announcement_rule", delete_announcement_predicate)
# Use impersonate
impersonate_predicate = has_person & has_global_perm("core.impersonate")
-rules.add_perm("core.impersonate", impersonate_predicate)
+rules.add_perm("core.impersonate_rule", impersonate_predicate)
# View system status
view_system_status_predicate = has_person & has_global_perm("core.view_system_status")
-rules.add_perm("core.view_system_status", view_system_status_predicate)
+rules.add_perm("core.view_system_status_rule", view_system_status_predicate)
# View people menu (persons + objects)
rules.add_perm(
- "core.view_people_menu",
+ "core.view_people_menu_rule",
has_person
& (
view_persons_predicate
@@ -172,14 +172,14 @@ view_personal_details_predicate = has_person & (
| has_object_perm("core.view_personal_details")
| is_current_person
)
-rules.add_perm("core.view_personal_details", view_personal_details_predicate)
+rules.add_perm("core.view_personal_details_rule", view_personal_details_predicate)
# Change site preferences
change_site_preferences = has_person & (
has_global_perm("core.change_site_preferences")
| has_object_perm("core.change_site_preferences")
)
-rules.add_perm("core.change_site_preferences", change_site_preferences)
+rules.add_perm("core.change_site_preferences_rule", change_site_preferences)
# Change person preferences
change_person_preferences = has_person & (
@@ -187,7 +187,7 @@ change_person_preferences = has_person & (
| has_object_perm("core.change_person_preferences")
| is_current_person
)
-rules.add_perm("core.change_person_preferences", change_person_preferences)
+rules.add_perm("core.change_person_preferences_rule", change_person_preferences)
# Change group preferences
change_group_preferences = has_person & (
@@ -195,81 +195,81 @@ change_group_preferences = has_person & (
| has_object_perm("core.change_group_preferences")
| is_group_owner
)
-rules.add_perm("core.change_group_preferences", change_group_preferences)
+rules.add_perm("core.change_group_preferences_rule", change_group_preferences)
# Edit additional field
change_additional_field_predicate = has_person & (
has_global_perm("core.change_additionalfield") | has_object_perm("core.change_additionalfield")
)
-rules.add_perm("core.change_additionalfield", change_additional_field_predicate)
+rules.add_perm("core.change_additionalfield_rule", change_additional_field_predicate)
# Edit additional field
create_additional_field_predicate = has_person & (
has_global_perm("core.create_additionalfield") | has_object_perm("core.create_additionalfield")
)
-rules.add_perm("core.create_additionalfield", create_additional_field_predicate)
+rules.add_perm("core.create_additionalfield_rule", create_additional_field_predicate)
# Delete additional field
delete_additional_field_predicate = has_person & (
has_global_perm("core.delete_additionalfield") | has_object_perm("core.delete_additionalfield")
)
-rules.add_perm("core.delete_additionalfield", delete_additional_field_predicate)
+rules.add_perm("core.delete_additionalfield_rule", delete_additional_field_predicate)
# View additional fields
view_additional_fields_predicate = has_person & (
has_global_perm("core.view_additionalfield")
| has_any_object("core.view_additionalfield", AdditionalField)
)
-rules.add_perm("core.view_additionalfields", view_additional_fields_predicate)
+rules.add_perm("core.view_additionalfields_rule", view_additional_fields_predicate)
# Edit group type
change_group_type_predicate = has_person & (
has_global_perm("core.change_grouptype") | has_object_perm("core.change_grouptype")
)
-rules.add_perm("core.edit_grouptype", change_group_type_predicate)
+rules.add_perm("core.edit_grouptype_rule", change_group_type_predicate)
# Create group type
create_group_type_predicate = has_person & (
has_global_perm("core.create_grouptype") | has_object_perm("core.change_grouptype")
)
-rules.add_perm("core.create_grouptype", create_group_type_predicate)
+rules.add_perm("core.create_grouptype_rule", create_group_type_predicate)
# Delete group type
delete_group_type_predicate = has_person & (
has_global_perm("core.delete_grouptype") | has_object_perm("core.delete_grouptype")
)
-rules.add_perm("core.delete_grouptype", delete_group_type_predicate)
+rules.add_perm("core.delete_grouptype_rule", delete_group_type_predicate)
# View group types
view_group_types_predicate = has_person & (
has_global_perm("core.view_grouptype") | has_any_object("core.view_grouptype", GroupType)
)
-rules.add_perm("core.view_grouptypes", view_group_types_predicate)
+rules.add_perm("core.view_grouptypes_rule", view_group_types_predicate)
# Create person
create_person_predicate = has_person & (
has_global_perm("core.create_person") | has_object_perm("core.create_person")
)
-rules.add_perm("core.create_person", create_person_predicate)
+rules.add_perm("core.create_person_rule", create_person_predicate)
# Create group
create_group_predicate = has_person & (
has_global_perm("core.create_group") | has_object_perm("core.create_group")
)
-rules.add_perm("core.create_group", create_group_predicate)
+rules.add_perm("core.create_group_rule", create_group_predicate)
# School years
view_school_term_predicate = has_person & has_global_perm("core.view_schoolterm")
-rules.add_perm("core.view_schoolterm", view_school_term_predicate)
+rules.add_perm("core.view_schoolterm_rule", view_school_term_predicate)
create_school_term_predicate = has_person & has_global_perm("core.add_schoolterm")
-rules.add_perm("core.create_schoolterm", create_school_term_predicate)
+rules.add_perm("core.create_schoolterm_rule", create_school_term_predicate)
edit_school_term_predicate = has_person & has_global_perm("core.change_schoolterm")
-rules.add_perm("core.edit_schoolterm", edit_school_term_predicate)
+rules.add_perm("core.edit_schoolterm_rule", edit_school_term_predicate)
# View admin menu
view_admin_menu_predicate = has_person & (
@@ -279,70 +279,70 @@ view_admin_menu_predicate = has_person & (
| view_system_status_predicate
| view_announcements_predicate
)
-rules.add_perm("core.view_admin_menu", view_admin_menu_predicate)
+rules.add_perm("core.view_admin_menu_rule", view_admin_menu_predicate)
# View group stats
view_group_stats_predicate = has_person & (
has_global_perm("core.view_group_stats") | has_object_perm("core.view_group_stats")
)
-rules.add_perm("core.view_group_stats", view_group_stats_predicate)
+rules.add_perm("core.view_group_stats_rule", view_group_stats_predicate)
# View data check results
view_data_check_results_predicate = has_person & has_global_perm("core.view_datacheckresult")
-rules.add_perm("core.view_datacheckresults", view_data_check_results_predicate)
+rules.add_perm("core.view_datacheckresults_rule", view_data_check_results_predicate)
# Run data checks
run_data_checks_predicate = (
has_person & view_data_check_results_predicate & has_global_perm("core.run_data_checks")
)
-rules.add_perm("core.run_data_checks", run_data_checks_predicate)
+rules.add_perm("core.run_data_checks_rule", run_data_checks_predicate)
# Solve data problems
solve_data_problem_predicate = (
has_person & view_data_check_results_predicate & has_global_perm("core.solve_data_problem")
)
-rules.add_perm("core.solve_data_problem", solve_data_problem_predicate)
+rules.add_perm("core.solve_data_problem_rule", solve_data_problem_predicate)
view_dashboard_widget_predicate = has_person & has_global_perm("core.view_dashboardwidget")
-rules.add_perm("core.view_dashboardwidget", view_dashboard_widget_predicate)
+rules.add_perm("core.view_dashboardwidget_rule", view_dashboard_widget_predicate)
create_dashboard_widget_predicate = has_person & has_global_perm("core.add_dashboardwidget")
-rules.add_perm("core.create_dashboardwidget", create_dashboard_widget_predicate)
+rules.add_perm("core.create_dashboardwidget_rule", create_dashboard_widget_predicate)
edit_dashboard_widget_predicate = has_person & has_global_perm("core.change_dashboardwidget")
-rules.add_perm("core.edit_dashboardwidget", edit_dashboard_widget_predicate)
+rules.add_perm("core.edit_dashboardwidget_rule", edit_dashboard_widget_predicate)
delete_dashboard_widget_predicate = has_person & has_global_perm("core.delete_dashboardwidget")
-rules.add_perm("core.delete_dashboardwidget", delete_dashboard_widget_predicate)
+rules.add_perm("core.delete_dashboardwidget_rule", delete_dashboard_widget_predicate)
edit_dashboard_predicate = is_site_preference_set("general", "dashboard_editing") & has_person
-rules.add_perm("core.edit_dashboard", edit_dashboard_predicate)
+rules.add_perm("core.edit_dashboard_rule", edit_dashboard_predicate)
edit_default_dashboard_predicate = has_person & has_global_perm("core.edit_default_dashboard")
-rules.add_perm("core.edit_default_dashboard", edit_default_dashboard_predicate)
+rules.add_perm("core.edit_default_dashboard_rule", edit_default_dashboard_predicate)
# OAuth2 permissions
add_oauth_applications_predicate = has_person & has_global_perm("core.add_oauth_applications")
-rules.add_perm("core.add_oauth_applications", add_oauth_applications_predicate)
+rules.add_perm("core.add_oauth_applications_rule", add_oauth_applications_predicate)
list_oauth_applications_predicate = has_person & has_global_perm("core.list_oauth_applications")
-rules.add_perm("core.list_oauth_applications", list_oauth_applications_predicate)
+rules.add_perm("core.list_oauth_applications_rule", list_oauth_applications_predicate)
view_oauth_applications_predicate = has_person & has_global_perm("core.view_oauth_applications")
-rules.add_perm("core.view_oauth_applications", view_oauth_applications_predicate)
+rules.add_perm("core.view_oauth_applications_rule", view_oauth_applications_predicate)
update_oauth_applications_predicate = has_person & has_global_perm("core.update_oauth_applications")
-rules.add_perm("core.update_oauth_applications", update_oauth_applications_predicate)
+rules.add_perm("core.update_oauth_applications_rule", update_oauth_applications_predicate)
delete_oauth_applications_predicate = has_person & has_global_perm("core.delete_oauth_applications")
-rules.add_perm("core.delete_oauth_applications", delete_oauth_applications_predicate)
+rules.add_perm("core.delete_oauth_applications_rule", delete_oauth_applications_predicate)
# Upload and browse files via CKEditor
upload_files_ckeditor_predicate = has_person & has_global_perm("core.upload_files_ckeditor")
-rules.add_perm("core.upload_files_ckeditor", upload_files_ckeditor_predicate)
+rules.add_perm("core.upload_files_ckeditor_rule", upload_files_ckeditor_predicate)
test_pdf_generation_predicate = has_person & has_global_perm("core.test_pdf")
-rules.add_perm("core.test_pdf", test_pdf_generation_predicate)
+rules.add_perm("core.test_pdf_rule", test_pdf_generation_predicate)
# Generate rules for syncable fields
for field in Person._meta.fields:
@@ -354,4 +354,4 @@ for field in Person._meta.fields:
& contains_site_preference_value("account", "editable_fields_person", field.name)
)
)
- rules.add_perm(f"core.change_person_field_{field.name}", perm)
+ rules.add_perm(f"core.change_person_field_{field.name}_rule", perm)
diff --git a/aleksis/core/views.py b/aleksis/core/views.py
index eb8ae3eba6cd60f4f71e6bce629cf49ce58d196b..38f336843d590f8875a52d03416dec89a9152583 100644
--- a/aleksis/core/views.py
+++ b/aleksis/core/views.py
@@ -100,7 +100,7 @@ class RenderPDFView(TemplateView):
return render_pdf(request, self.template_name, context)
-@permission_required("core.view_dashboard")
+@permission_required("core.view_dashboard_rule")
def index(request: HttpRequest) -> HttpResponse:
"""View for dashboard."""
context = {}
@@ -137,7 +137,7 @@ def index(request: HttpRequest) -> HttpResponse:
class NotificationsListView(PermissionRequiredMixin, ListView):
- permission_required = "core.view_notifications"
+ permission_required = "core.view_notifications_rule"
template_name = "core/notifications.html"
def get_queryset(self) -> QuerySet:
@@ -164,7 +164,7 @@ class SchoolTermListView(PermissionRequiredMixin, SingleTableView):
model = SchoolTerm
table_class = SchoolTermTable
- permission_required = "core.view_schoolterm"
+ permission_required = "core.view_schoolterm_rule"
template_name = "core/school_term/list.html"
@@ -174,7 +174,7 @@ class SchoolTermCreateView(PermissionRequiredMixin, AdvancedCreateView):
model = SchoolTerm
form_class = SchoolTermForm
- permission_required = "core.add_schoolterm"
+ permission_required = "core.add_schoolterm_rule"
template_name = "core/school_term/create.html"
success_url = reverse_lazy("school_terms")
success_message = _("The school term has been created.")
@@ -192,7 +192,7 @@ class SchoolTermEditView(PermissionRequiredMixin, AdvancedEditView):
success_message = _("The school term has been saved.")
-@permission_required("core.view_persons")
+@permission_required("core.view_persons_rule")
def persons(request: HttpRequest) -> HttpResponse:
"""List view listing all persons."""
context = {}
@@ -215,7 +215,7 @@ def persons(request: HttpRequest) -> HttpResponse:
@permission_required(
- "core.view_person", fn=objectgetter_optional(Person, "request.user.person", True)
+ "core.view_person_rule", fn=objectgetter_optional(Person, "request.user.person", True)
)
def person(request: HttpRequest, id_: Optional[int] = None) -> HttpResponse:
"""Detail view for one person; defaulting to logged-in person."""
@@ -235,7 +235,7 @@ def person(request: HttpRequest, id_: Optional[int] = None) -> HttpResponse:
return render(request, "core/person/full.html", context)
-@permission_required("core.view_group", fn=objectgetter_optional(Group, None, False))
+@permission_required("core.view_group_rule", fn=objectgetter_optional(Group, None, False))
def group(request: HttpRequest, id_: int) -> HttpResponse:
"""Detail view for one group."""
context = {}
@@ -268,7 +268,7 @@ def group(request: HttpRequest, id_: int) -> HttpResponse:
return render(request, "core/group/full.html", context)
-@permission_required("core.view_groups")
+@permission_required("core.view_groups_rule")
def groups(request: HttpRequest) -> HttpResponse:
"""List view for listing all groups."""
context = {}
@@ -289,7 +289,7 @@ def groups(request: HttpRequest) -> HttpResponse:
@never_cache
-@permission_required("core.link_persons_accounts")
+@permission_required("core.link_persons_accounts_rule")
def persons_accounts(request: HttpRequest) -> HttpResponse:
"""View allowing to batch-process linking of users to persons."""
context = {}
@@ -310,7 +310,7 @@ def persons_accounts(request: HttpRequest) -> HttpResponse:
@never_cache
-@permission_required("core.assign_child_groups_to_groups")
+@permission_required("core.assign_child_groups_to_groups_rule")
def groups_child_groups(request: HttpRequest) -> HttpResponse:
"""View for batch-processing assignment from child groups to groups."""
context = {}
@@ -348,7 +348,7 @@ def groups_child_groups(request: HttpRequest) -> HttpResponse:
@never_cache
-@permission_required("core.edit_person", fn=objectgetter_optional(Person))
+@permission_required("core.edit_person_rule", fn=objectgetter_optional(Person))
def edit_person(request: HttpRequest, id_: Optional[int] = None) -> HttpResponse:
"""Edit view for a single person, defaulting to logged-in person."""
context = {}
@@ -363,7 +363,7 @@ def edit_person(request: HttpRequest, id_: Optional[int] = None) -> HttpResponse
)
else:
# Empty form to create a new group
- if request.user.has_perm("core.create_person"):
+ if request.user.has_perm("core.create_person_rule"):
edit_person_form = EditPersonForm(request, request.POST or None, request.FILES or None)
else:
raise PermissionDenied()
@@ -410,7 +410,7 @@ def get_group_by_id(request: HttpRequest, id_: Optional[int] = None):
@never_cache
-@permission_required("core.edit_group", fn=objectgetter_optional(Group, None, False))
+@permission_required("core.edit_group_rule", fn=objectgetter_optional(Group, None, False))
def edit_group(request: HttpRequest, id_: Optional[int] = None) -> HttpResponse:
"""View to edit or create a group."""
context = {}
@@ -423,7 +423,7 @@ def edit_group(request: HttpRequest, id_: Optional[int] = None) -> HttpResponse:
edit_group_form = EditGroupForm(request.POST or None, instance=group)
else:
# Empty form to create a new group
- if request.user.has_perm("core.create_group"):
+ if request.user.has_perm("core.create_group_rule"):
edit_group_form = EditGroupForm(request.POST or None)
else:
raise PermissionDenied()
@@ -443,7 +443,7 @@ def edit_group(request: HttpRequest, id_: Optional[int] = None) -> HttpResponse:
return render(request, "core/group/edit.html", context)
-@permission_required("core.manage_data")
+@permission_required("core.manage_data_rule")
def data_management(request: HttpRequest) -> HttpResponse:
"""View with special menu for data management."""
context = {}
@@ -454,7 +454,7 @@ class SystemStatus(PermissionRequiredMixin, MainView):
"""View giving information about the system status."""
template_name = "core/pages/system_status.html"
- permission_required = "core.view_system_status"
+ permission_required = "core.view_system_status_rule"
context = {}
def get(self, request, *args, **kwargs):
@@ -479,11 +479,11 @@ class SystemStatus(PermissionRequiredMixin, MainView):
class TestPDFGenerationView(PermissionRequiredMixin, RenderPDFView):
template_name = "core/pages/test_pdf.html"
- permission_required = "core.test_pdf"
+ permission_required = "core.test_pdf_rule"
@permission_required(
- "core.mark_notification_as_read", fn=objectgetter_optional(Notification, None, False)
+ "core.mark_notification_as_read_rule", fn=objectgetter_optional(Notification, None, False)
)
def notification_mark_read(request: HttpRequest, id_: int) -> HttpResponse:
"""Mark a notification read."""
@@ -496,7 +496,7 @@ def notification_mark_read(request: HttpRequest, id_: int) -> HttpResponse:
return redirect("index")
-@permission_required("core.view_announcements")
+@permission_required("core.view_announcements_rule")
def announcements(request: HttpRequest) -> HttpResponse:
"""List view of announcements."""
context = {}
@@ -510,7 +510,7 @@ def announcements(request: HttpRequest) -> HttpResponse:
@never_cache
@permission_required(
- "core.create_or_edit_announcement", fn=objectgetter_optional(Announcement, None, False)
+ "core.create_or_edit_announcement_rule", fn=objectgetter_optional(Announcement, None, False)
)
def announcement_form(request: HttpRequest, id_: Optional[int] = None) -> HttpResponse:
"""View to create or edit an announcement."""
@@ -540,7 +540,7 @@ def announcement_form(request: HttpRequest, id_: Optional[int] = None) -> HttpRe
@permission_required(
- "core.delete_announcement", fn=objectgetter_optional(Announcement, None, False)
+ "core.delete_announcement_rule", fn=objectgetter_optional(Announcement, None, False)
)
def delete_announcement(request: HttpRequest, id_: int) -> HttpResponse:
"""View to delete an announcement."""
@@ -552,7 +552,7 @@ def delete_announcement(request: HttpRequest, id_: int) -> HttpResponse:
return redirect("announcements")
-@permission_required("core.search")
+@permission_required("core.search_rule")
def searchbar_snippets(request: HttpRequest) -> HttpResponse:
"""View to return HTML snippet with searchbar autocompletion results."""
query = request.GET.get("q", "")
@@ -567,7 +567,7 @@ def searchbar_snippets(request: HttpRequest) -> HttpResponse:
class PermissionSearchView(PermissionRequiredMixin, SearchView):
"""Wrapper to apply permission to haystack's search view."""
- permission_required = "core.search"
+ permission_required = "core.search_rule"
def create_response(self):
context = self.get_context()
@@ -592,21 +592,21 @@ def preferences(
instance = request.site
form_class = SitePreferenceForm
- if not request.user.has_perm("core.change_site_preferences", instance):
+ if not request.user.has_perm("core.change_site_preferences_rule", instance):
raise PermissionDenied()
elif registry_name == "person":
registry = person_preferences_registry
instance = objectgetter_optional(Person, "request.user.person", True)(request, pk)
form_class = PersonPreferenceForm
- if not request.user.has_perm("core.change_person_preferences", instance):
+ if not request.user.has_perm("core.change_person_preferences_rule", instance):
raise PermissionDenied()
elif registry_name == "group":
registry = group_preferences_registry
instance = objectgetter_optional(Group, None, False)(request, pk)
form_class = GroupPreferenceForm
- if not request.user.has_perm("core.change_group_preferences", instance):
+ if not request.user.has_perm("core.change_group_preferences_rule", instance):
raise PermissionDenied()
else:
# Invalid registry name passed from URL
@@ -640,7 +640,7 @@ def preferences(
return render(request, "dynamic_preferences/form.html", context)
-@permission_required("core.delete_person", fn=objectgetter_optional(Person))
+@permission_required("core.delete_person_rule", fn=objectgetter_optional(Person))
def delete_person(request: HttpRequest, id_: int) -> HttpResponse:
"""View to delete an person."""
person = objectgetter_optional(Person)(request, id_)
@@ -655,7 +655,7 @@ def delete_person(request: HttpRequest, id_: int) -> HttpResponse:
return redirect("persons")
-@permission_required("core.delete_group", fn=objectgetter_optional(Group))
+@permission_required("core.delete_group_rule", fn=objectgetter_optional(Group))
def delete_group(request: HttpRequest, id_: int) -> HttpResponse:
"""View to delete an group."""
group = objectgetter_optional(Group)(request, id_)
@@ -671,7 +671,7 @@ def delete_group(request: HttpRequest, id_: int) -> HttpResponse:
@never_cache
@permission_required(
- "core.change_additionalfield", fn=objectgetter_optional(AdditionalField, None, False)
+ "core.change_additionalfield_rule", fn=objectgetter_optional(AdditionalField, None, False)
)
def edit_additional_field(request: HttpRequest, id_: Optional[int] = None) -> HttpResponse:
"""View to edit or create a additional_field."""
@@ -686,7 +686,7 @@ def edit_additional_field(request: HttpRequest, id_: Optional[int] = None) -> Ht
request.POST or None, instance=additional_field
)
else:
- if request.user.has_perm("core.create_additionalfield"):
+ if request.user.has_perm("core.create_additionalfield_rule"):
# Empty form to create a new additional_field
edit_additional_field_form = EditAdditionalFieldForm(request.POST or None)
else:
@@ -705,7 +705,7 @@ def edit_additional_field(request: HttpRequest, id_: Optional[int] = None) -> Ht
return render(request, "core/additional_field/edit.html", context)
-@permission_required("core.view_additionalfields")
+@permission_required("core.view_additionalfields_rule")
def additional_fields(request: HttpRequest) -> HttpResponse:
"""List view for listing all additional fields."""
context = {}
@@ -724,7 +724,7 @@ def additional_fields(request: HttpRequest) -> HttpResponse:
@permission_required(
- "core.delete_additionalfield", fn=objectgetter_optional(AdditionalField, None, False)
+ "core.delete_additionalfield_rule", fn=objectgetter_optional(AdditionalField, None, False)
)
def delete_additional_field(request: HttpRequest, id_: int) -> HttpResponse:
"""View to delete an additional field."""
@@ -736,7 +736,7 @@ def delete_additional_field(request: HttpRequest, id_: int) -> HttpResponse:
@never_cache
-@permission_required("core.change_grouptype", fn=objectgetter_optional(GroupType, None, False))
+@permission_required("core.change_grouptype_rule", fn=objectgetter_optional(GroupType, None, False))
def edit_group_type(request: HttpRequest, id_: Optional[int] = None) -> HttpResponse:
"""View to edit or create a group_type."""
context = {}
@@ -764,7 +764,7 @@ def edit_group_type(request: HttpRequest, id_: Optional[int] = None) -> HttpResp
return render(request, "core/group_type/edit.html", context)
-@permission_required("core.view_grouptypes")
+@permission_required("core.view_grouptypes_rule")
def group_types(request: HttpRequest) -> HttpResponse:
"""List view for listing all group types."""
context = {}
@@ -780,7 +780,7 @@ def group_types(request: HttpRequest) -> HttpResponse:
return render(request, "core/group_type/list.html", context)
-@permission_required("core.delete_grouptype", fn=objectgetter_optional(GroupType, None, False))
+@permission_required("core.delete_grouptype_rule", fn=objectgetter_optional(GroupType, None, False))
def delete_group_type(request: HttpRequest, id_: int) -> HttpResponse:
"""View to delete an group_type."""
group_type = objectgetter_optional(GroupType, None, False)(request, id_)
@@ -791,7 +791,7 @@ def delete_group_type(request: HttpRequest, id_: int) -> HttpResponse:
class DataCheckView(PermissionRequiredMixin, ListView):
- permission_required = "core.view_datacheckresults"
+ permission_required = "core.view_datacheckresults_rule"
model = DataCheckResult
template_name = "core/data_check/list.html"
context_object_name = "results"
@@ -810,7 +810,7 @@ class DataCheckView(PermissionRequiredMixin, ListView):
class RunDataChecks(PermissionRequiredMixin, View):
- permission_required = "core.run_data_checks"
+ permission_required = "core.run_data_checks_rule"
def get(self, request: HttpRequest, *args, **kwargs) -> HttpResponse:
result = check_data.delay()
@@ -828,7 +828,7 @@ class RunDataChecks(PermissionRequiredMixin, View):
class SolveDataCheckView(PermissionRequiredMixin, RevisionMixin, DetailView):
queryset = DataCheckResult.objects.all()
- permission_required = "core.solve_data_problem"
+ permission_required = "core.solve_data_problem_rule"
def get(self, request: HttpRequest, *args, **kwargs) -> HttpResponse:
solve_option = self.kwargs["solve_option"]
@@ -855,7 +855,7 @@ class DashboardWidgetListView(PermissionRequiredMixin, SingleTableView):
model = DashboardWidget
table_class = DashboardWidgetTable
- permission_required = "core.view_dashboardwidget"
+ permission_required = "core.view_dashboardwidget_rule"
template_name = "core/dashboard_widget/list.html"
def get_context_data(self, **kwargs: Any) -> dict[str, Any]:
@@ -876,7 +876,7 @@ class DashboardWidgetEditView(PermissionRequiredMixin, AdvancedEditView):
model = DashboardWidget
fields = "__all__"
- permission_required = "core.edit_dashboardwidget"
+ permission_required = "core.edit_dashboardwidget_rule"
template_name = "core/dashboard_widget/edit.html"
success_url = reverse_lazy("dashboard_widgets")
success_message = _("The dashboard widget has been saved.")
@@ -906,7 +906,7 @@ class DashboardWidgetCreateView(PermissionRequiredMixin, AdvancedCreateView):
return super().post(request, *args, **kwargs)
fields = "__all__"
- permission_required = "core.add_dashboardwidget"
+ permission_required = "core.add_dashboardwidget_rule"
template_name = "core/dashboard_widget/create.html"
success_url = reverse_lazy("dashboard_widgets")
success_message = _("The dashboard widget has been created.")
@@ -916,7 +916,7 @@ class DashboardWidgetDeleteView(PermissionRequiredMixin, AdvancedDeleteView):
"""Delete view for dashboard widgets."""
model = DashboardWidget
- permission_required = "core.delete_dashboardwidget"
+ permission_required = "core.delete_dashboardwidget_rule"
template_name = "core/pages/delete.html"
success_url = reverse_lazy("dashboard_widgets")
success_message = _("The dashboard widget has been deleted.")
@@ -925,13 +925,13 @@ class DashboardWidgetDeleteView(PermissionRequiredMixin, AdvancedDeleteView):
class EditDashboardView(PermissionRequiredMixin, View):
"""View for editing dashboard widget order."""
- permission_required = "core.edit_dashboard"
+ permission_required = "core.edit_dashboard_rule"
def get_context_data(self, request, **kwargs):
context = {}
self.default_dashboard = kwargs.get("default", False)
- if self.default_dashboard and not request.user.has_perm("core.edit_default_dashboard"):
+ if self.default_dashboard and not request.user.has_perm("core.edit_default_dashboard_rule"):
raise PermissionDenied()
context["default_dashboard"] = self.default_dashboard
@@ -1001,7 +1001,7 @@ class EditDashboardView(PermissionRequiredMixin, View):
class OAuth2List(PermissionRequiredMixin, ListView):
"""List view for all the applications."""
- permission_required = "core.list_oauth_applications"
+ permission_required = "core.list_oauth_applications_rule"
context_object_name = "applications"
template_name = "oauth2_provider/application_list.html"
@@ -1013,7 +1013,7 @@ class OAuth2Detail(PermissionRequiredMixin, DetailView):
"""Detail view for an application instance."""
context_object_name = "application"
- permission_required = "core.view_oauth_applications"
+ permission_required = "core.view_oauth_applications_rule"
template_name = "oauth2_provider/application_detail.html"
def get_queryset(self):
@@ -1023,7 +1023,7 @@ class OAuth2Detail(PermissionRequiredMixin, DetailView):
class OAuth2Delete(PermissionRequiredMixin, DeleteView):
"""View used to delete an application."""
- permission_required = "core.delete_oauth_applications"
+ permission_required = "core.delete_oauth_applications_rule"
context_object_name = "application"
success_url = reverse_lazy("oauth_list")
template_name = "oauth2_provider/application_confirm_delete.html"
@@ -1035,7 +1035,7 @@ class OAuth2Delete(PermissionRequiredMixin, DeleteView):
class OAuth2Update(PermissionRequiredMixin, UpdateView):
"""View used to update an application."""
- permission_required = "core.update_oauth_applications"
+ permission_required = "core.update_oauth_applications_rule"
context_object_name = "application"
template_name = "oauth2_provider/application_form.html"