From 84f614495031b685277f08709e6410df0985eba4 Mon Sep 17 00:00:00 2001 From: Dmitry Novikov Date: Fri, 31 Aug 2018 16:37:28 +0300 Subject: [PATCH] Make permission management better --- abonapp/locale/ru/LC_MESSAGES/django.po | 4 - abonapp/models.py | 19 ++- abonapp/templates/abonapp/editAbon.html | 16 +-- .../abonapp/modal_passport_view.html | 3 +- abonapp/views.py | 57 ++++---- accounts_app/forms.py | 18 +++ accounts_app/locale/ru/LC_MESSAGES/django.po | 133 ++++++++++-------- accounts_app/models.py | 4 + accounts_app/templates/accounts/ext.htm | 16 +-- .../accounts/perms/change_global_perms.html | 24 ++++ .../templates/accounts/perms/ext.html | 36 +++++ .../perms/{ => object}/objects_of_type.html | 4 +- .../perms/{ => object}/objects_types.html | 7 +- .../perms/{ => object}/perms_edit.html | 30 +--- accounts_app/urls.py | 7 +- accounts_app/views.py | 52 +++++-- devapp/locale/ru/LC_MESSAGES/django.po | 4 - devapp/migrations/0001_initial.py | 3 +- devapp/migrations/0002_auto_20180409_1318.py | 2 +- devapp/migrations/0003_auto_20180529_1311.py | 2 +- devapp/models.py | 3 - .../manage_ports/modal_add_edit_port.html | 6 +- .../devapp/modal_device_extra_edit.html | 6 +- devapp/views.py | 29 ++-- group_app/locale/ru/LC_MESSAGES/django.po | 4 - group_app/migrations/0001_initial.py | 3 +- .../migrations/0003_auto_20180808_1236.py | 2 +- group_app/models.py | 3 - group_app/views.py | 3 + ip_pool/views.py | 3 + mapapp/templates/maps/dot.html | 3 +- msg_app/locale/ru/LC_MESSAGES/django.po | 8 -- msg_app/models.py | 6 - msg_app/views.py | 7 + nas_app/views.py | 1 + .../tariff_app/periodic_pays/add_edit.html | 3 +- tariff_app/views.py | 4 +- taskapp/locale/ru/LC_MESSAGES/django.po | 4 - taskapp/models.py | 3 - taskapp/templates/taskapp/add_edit_task.html | 14 +- .../taskapp/comments/task_comments.html | 18 +-- taskapp/views.py | 19 ++- templates/base.html | 54 +++---- 43 files changed, 358 insertions(+), 289 deletions(-) create mode 100644 accounts_app/templates/accounts/perms/change_global_perms.html create mode 100644 accounts_app/templates/accounts/perms/ext.html rename accounts_app/templates/accounts/perms/{ => object}/objects_of_type.html (83%) rename accounts_app/templates/accounts/perms/{ => object}/objects_types.html (78%) rename accounts_app/templates/accounts/perms/{ => object}/perms_edit.html (56%) diff --git a/abonapp/locale/ru/LC_MESSAGES/django.po b/abonapp/locale/ru/LC_MESSAGES/django.po index f4e5d44..ca709e5 100644 --- a/abonapp/locale/ru/LC_MESSAGES/django.po +++ b/abonapp/locale/ru/LC_MESSAGES/django.po @@ -168,10 +168,6 @@ msgstr "Маркер" msgid "Buy service perm" msgstr "Покупка тарифа абоненту" -#: models.py:137 -msgid "Can view passport" -msgstr "Может просматривать паспортные данные" - #: models.py:138 msgid "fill account" msgstr "Пополнение счёта" diff --git a/abonapp/models.py b/abonapp/models.py index c724de0..f489354 100644 --- a/abonapp/models.py +++ b/abonapp/models.py @@ -134,7 +134,6 @@ class Abon(BaseAccount): db_table = 'abonent' permissions = ( ('can_buy_tariff', _('Buy service perm')), - ('can_view_passport', _('Can view passport')), ('can_add_ballance', _('fill account')), ('can_ping', _('Can ping')) ) @@ -191,15 +190,15 @@ class Abon(BaseAccount): ) # Destroy the service if the time has come - def bill_service(self, author): - abon_tariff = self.active_tariff() - if abon_tariff is None: - return - nw = timezone.now() - # if service is overdue - if nw > abon_tariff.deadline: - print("Service %s for user %s is overdued, end service" % (abon_tariff.tariff, self)) - abon_tariff.delete() + # def bill_service(self, author): + # abon_tariff = self.active_tariff() + # if abon_tariff is None: + # return + # nw = timezone.now() + # # if service is overdue + # if nw > abon_tariff.deadline: + # print("Service %s for user %s is overdued, end service" % (abon_tariff.tariff, self)) + # abon_tariff.delete() # is subscriber have access to service, view in tariff_app.custom_tariffs..manage_access() def is_access(self) -> bool: diff --git a/abonapp/templates/abonapp/editAbon.html b/abonapp/templates/abonapp/editAbon.html index 1022e20..2fd9f3b 100644 --- a/abonapp/templates/abonapp/editAbon.html +++ b/abonapp/templates/abonapp/editAbon.html @@ -22,16 +22,13 @@ {# telephone field #} - {% trans 'Call to' as tx %} - {% bootstrap_button '' button_type='link' icon='earphone' button_class='btn-default' title=tx href='sip:'|add:form.telephone.value size='sm' as btn_call %} + {% bootstrap_button '' button_type='link' icon='earphone' button_class='btn-default' title=_('Call to') href='sip:'|add:form.telephone.value size='sm' as btn_call %} - {% trans 'Additional telephones' as tx %} {% url 'abonapp:telephones' group.pk abon.username as url %} - {% bootstrap_button '' button_type='link' icon='list' button_class='btn-default btn-modal' title=tx href=url size='sm' as btn_teleph_list %} + {% bootstrap_button '' button_type='link' icon='list' button_class='btn-default btn-modal' title=_('Additional telephones') href=url size='sm' as btn_teleph_list %} - {% trans 'Add telephone' as tx %} {% url 'abonapp:telephone_new' group.pk abon.username as url %} - {% bootstrap_button '' button_type='link' icon='plus' button_class='btn-default btn-modal' title=tx href=url size='sm' as btn_teleph_add %} + {% bootstrap_button '' button_type='link' icon='plus' button_class='btn-default btn-modal' title=_('Add telephone') href=url size='sm' as btn_teleph_add %} {% with ''|add:btn_call|add:btn_teleph_list|add:btn_teleph_add as bt %} {% bootstrap_field form.telephone form_group_class='form-group-sm' addon_after_class='input-group-btn' addon_after=bt %} @@ -69,11 +66,10 @@
- {% trans 'Save' as tx %} {% if perms.abonapp.change_abon %} - {% bootstrap_button tx button_type='submit' icon='floppy-disk' button_class='btn-primary' %} + {% bootstrap_button _('Save') button_type='submit' icon='floppy-disk' button_class='btn-primary' %} {% else %} - {% bootstrap_button tx button_type='button' icon='floppy-disk' button_class='btn-primary disabled' %} + {% bootstrap_button _('Save') button_type='button' icon='floppy-disk' button_class='btn-primary disabled' %} {% endif %} {% if perms.taskapp.add_task %} @@ -98,7 +94,7 @@ {% endif %} - {% if perms.abonapp.can_view_passport %} + {% if perms.abonapp.view_passportinfo %} {% trans 'Passport information' %} diff --git a/abonapp/templates/abonapp/modal_passport_view.html b/abonapp/templates/abonapp/modal_passport_view.html index f007ae7..80bceed 100644 --- a/abonapp/templates/abonapp/modal_passport_view.html +++ b/abonapp/templates/abonapp/modal_passport_view.html @@ -9,7 +9,6 @@ {% bootstrap_form form %} - {% trans 'Save' as tx %} - {% bootstrap_button tx button_type='submit' button_class='btn-primary' icon='floppy-disk' %} + {% bootstrap_button _('Save') button_type='submit' button_class='btn-primary' icon='floppy-disk' %}
diff --git a/abonapp/views.py b/abonapp/views.py index e4fd651..942525b 100644 --- a/abonapp/views.py +++ b/abonapp/views.py @@ -67,7 +67,7 @@ class PeoplesListView(OrderedFilteredList): if gid < 1: return HttpResponseBadRequest('group id is broken') group = get_object_or_404(Group, pk=gid) - if not self.request.user.has_perm('group_app.can_view_group', group): + if not self.request.user.has_perm('group_app.view_group', group): raise PermissionDenied context = super(PeoplesListView, self).get_context_data(**kwargs) @@ -86,7 +86,7 @@ class GroupListView(OrderedFilteredList): def get_queryset(self): queryset = super(GroupListView, self).get_queryset() - queryset = get_objects_for_user(self.request.user, 'group_app.can_view_group', klass=queryset, + queryset = get_objects_for_user(self.request.user, 'group_app.view_group', klass=queryset, accept_global_perms=False) return queryset @@ -103,7 +103,7 @@ class AbonCreateView(CreateView): def dispatch(self, request, *args, **kwargs): group = get_object_or_404(Group, pk=self.kwargs.get('gid')) - if not request.user.has_perm('group_app.can_view_group', group): + if not request.user.has_perm('group_app.view_group', group): raise PermissionDenied self.group = group return super(AbonCreateView, self).dispatch(request, *args, **kwargs) @@ -127,7 +127,7 @@ class AbonCreateView(CreateView): assign_perm("abonapp.change_abon", me, abon) assign_perm("abonapp.delete_abon", me, abon) assign_perm("abonapp.can_buy_tariff", me, abon) - assign_perm("abonapp.can_view_passport", me, abon) + assign_perm("abonapp.view_passportinfo", me, abon) assign_perm('abonapp.can_add_ballance', me, abon) me.log(self.request.META, 'cusr', '%s, "%s", %s' % ( abon.username, abon.fio, @@ -159,7 +159,7 @@ class DelAbonDeleteView(DeleteView): def get_object(self, queryset=None): abon = super(DelAbonDeleteView, self).get_object(queryset) - if not self.request.user.has_perm('group_app.can_view_group', abon.group): + if not self.request.user.has_perm('group_app.view_group', abon.group): raise PermissionDenied return abon @@ -223,7 +223,7 @@ def abonamount(request, gid: int, uname): @method_decorator(login_decs, name='dispatch') -@method_decorator(permission_required('group_app.can_view_group', (Group, 'pk', 'gid')), name='dispatch') +@method_decorator(permission_required('group_app.view_group', (Group, 'pk', 'gid')), name='dispatch') class DebtsListView(OrderedFilteredList): context_object_name = 'invoices' template_name = 'abonapp/invoiceForPayment.html' @@ -241,7 +241,7 @@ class DebtsListView(OrderedFilteredList): @method_decorator(login_decs, name='dispatch') -@method_decorator(permission_required('group_app.can_view_group', (Group, 'pk', 'gid')), name='dispatch') +@method_decorator(permission_required('group_app.view_group', (Group, 'pk', 'gid')), name='dispatch') class PayHistoryListView(OrderedFilteredList): context_object_name = 'pay_history' template_name = 'abonapp/payHistory.html' @@ -263,7 +263,7 @@ class PayHistoryListView(OrderedFilteredList): @lib.decorators.only_admins def abon_services(request, gid: int, uname): grp = get_object_or_404(Group, pk=gid) - if not request.user.has_perm('group_app.can_view_group', grp): + if not request.user.has_perm('group_app.view_group', grp): raise PermissionDenied abon = get_object_or_404(models.Abon, username=uname) @@ -286,7 +286,7 @@ def abon_services(request, gid: int, uname): @method_decorator(login_decs, name='dispatch') -@method_decorator(permission_required('abonapp.change_abon'), name='post') +@method_decorator(permission_required('abonapp.view_abon'), name='post') class AbonHomeUpdateView(UpdateView): model = models.Abon form_class = forms.AbonForm @@ -311,7 +311,7 @@ class AbonHomeUpdateView(UpdateView): def get_object(self, queryset=None): gid = self.kwargs.get('gid') self.group = get_object_or_404(Group, pk=gid) - if not self.request.user.has_perm('group_app.can_view_group', self.group): + if not self.request.user.has_perm('group_app.view_group', self.group): raise PermissionDenied return super(AbonHomeUpdateView, self).get_object(queryset) @@ -493,7 +493,7 @@ class DebtorsListView(ListView): @method_decorator(login_decs, name='dispatch') -@method_decorator(permission_required('group_app.can_view_group', (Group, 'pk', 'gid')), name='dispatch') +@method_decorator(permission_required('group_app.view_group', (Group, 'pk', 'gid')), name='dispatch') class TaskLogListView(ListView): paginate_by = getattr(settings, 'PAGINATION_ITEMS_PER_PAGE', 10) http_method_names = ('get',) @@ -513,7 +513,7 @@ class TaskLogListView(ListView): @method_decorator(login_decs, name='dispatch') -@method_decorator(permission_required('abonapp.can_view_passport'), name='dispatch') +@method_decorator(permission_required('abonapp.view_passportinfo'), name='dispatch') class PassportUpdateView(UpdateView): form_class = forms.PassportForm model = models.PassportInfo @@ -602,7 +602,7 @@ def dev(request, gid: int, uname): @login_required @lib.decorators.only_admins @permission_required('abonapp.change_abon') -@permission_required('group_app.can_view_group', (Group, 'pk', 'gid')) +@permission_required('group_app.view_group', (Group, 'pk', 'gid')) def clear_dev(request, gid: int, uname): try: abon = models.Abon.objects.get(username=uname) @@ -619,7 +619,7 @@ def clear_dev(request, gid: int, uname): @login_required @lib.decorators.only_admins -@permission_required('group_app.can_view_group', (Group, 'pk', 'gid')) +@permission_required('group_app.view_group', (Group, 'pk', 'gid')) def charts(request, gid: int, uname): high = 100 @@ -771,7 +771,7 @@ class DialsListView(OrderedFilteredList): def get_queryset(self): abon = get_object_or_404(models.Abon, username=self.kwargs.get('uname')) - if not self.request.user.has_perm('group_app.can_view_group', abon.group): + if not self.request.user.has_perm('group_app.view_group', abon.group): raise PermissionDenied self.abon = abon if abon.telephone is not None and abon.telephone != '': @@ -856,7 +856,7 @@ def save_user_dev_port(request, gid: int, uname): @login_required @lib.decorators.only_admins @permission_required('abonapp.add_abonstreet') -@permission_required('group_app.can_view_group', (Group, 'pk', 'gid')) +@permission_required('group_app.view_group', (Group, 'pk', 'gid')) def street_add(request, gid): if request.method == 'POST': frm = forms.AbonStreetForm(request.POST) @@ -877,7 +877,7 @@ def street_add(request, gid): @login_required @lib.decorators.only_admins @permission_required('abonapp.change_abonstreet') -@permission_required('group_app.can_view_group', (Group, 'pk', 'gid')) +@permission_required('group_app.view_group', (Group, 'pk', 'gid')) def street_edit(request, gid): try: if request.method == 'POST': @@ -901,7 +901,7 @@ def street_edit(request, gid): @login_required @lib.decorators.only_admins @permission_required('abonapp.delete_abonstreet') -@permission_required('group_app.can_view_group', (Group, 'pk', 'gid')) +@permission_required('group_app.view_group', (Group, 'pk', 'gid')) def street_del(request, gid: int, sid: int): try: models.AbonStreet.objects.get(pk=sid, group=gid).delete() @@ -913,7 +913,7 @@ def street_del(request, gid: int, sid: int): @login_required @lib.decorators.only_admins -@permission_required('group_app.can_view_group', (Group, 'pk', 'gid')) +@permission_required('group_app.view_group', (Group, 'pk', 'gid')) def active_nets(request, gid): nets = NetworkModel.objects.filter(groups__id=gid) return render(request, 'abonapp/modal_current_networks.html', { @@ -924,7 +924,7 @@ def active_nets(request, gid): @login_required @lib.decorators.only_admins @permission_required('abonapp.can_view_additionaltelephones') -@permission_required('group_app.can_view_group', (Group, 'pk', 'gid')) +@permission_required('group_app.view_group', (Group, 'pk', 'gid')) def tels(request, gid: int, uname): abon = get_object_or_404(models.Abon, username=uname) telephones = abon.additional_telephones.all() @@ -937,7 +937,7 @@ def tels(request, gid: int, uname): @login_required @lib.decorators.only_admins -@permission_required('abnapp.add_additionaltelephone') +@permission_required('abonapp.add_additionaltelephone') def tel_add(request, gid: int, uname): if request.method == 'POST': frm = forms.AdditionalTelephoneForm(request.POST) @@ -961,7 +961,7 @@ def tel_add(request, gid: int, uname): @login_required @lib.decorators.only_admins -@permission_required('abnapp.delete_additionaltelephone') +@permission_required('abonapp.delete_additionaltelephone') def tel_del(request, gid: int, uname): try: tid = lib.safe_int(request.GET.get('tid')) @@ -975,7 +975,7 @@ def tel_del(request, gid: int, uname): @login_required @lib.decorators.only_admins -@permission_required('group_app.can_view_group', (Group, 'pk', 'gid')) +@permission_required('group_app.view_group', (Group, 'pk', 'gid')) def phonebook(request, gid): res_format = request.GET.get('f') t1 = models.Abon.objects.filter(group__id=int(gid)).only('telephone', 'fio').values_list('telephone', 'fio') @@ -998,7 +998,7 @@ def phonebook(request, gid): @login_required @lib.decorators.only_admins -@permission_required('group_app.can_view_group', (Group, 'pk', 'gid')) +@permission_required('group_app.view_group', (Group, 'pk', 'gid')) def abon_export(request, gid): res_format = request.GET.get('f') @@ -1052,7 +1052,7 @@ def fin_report(request): @login_required @lib.decorators.only_admins -@permission_required('group_app.can_view_group', (Group, 'pk', 'gid')) +@permission_required('group_app.view_group', (Group, 'pk', 'gid')) def add_edit_periodic_pay(request, gid: int, uname, periodic_pay_id=0): if periodic_pay_id == 0: if not request.user.has_perm('abonapp.add_periodicpayforid'): @@ -1084,7 +1084,7 @@ def add_edit_periodic_pay(request, gid: int, uname, periodic_pay_id=0): @login_required @lib.decorators.only_admins -@permission_required('group_app.can_view_group', (Group, 'pk', 'gid')) +@permission_required('group_app.view_group', (Group, 'pk', 'gid')) @permission_required('abonapp.delete_periodicpayforid') def del_periodic_pay(request, gid: int, uname, periodic_pay_id): periodic_pay_instance = get_object_or_404(models.PeriodicPayForId, pk=periodic_pay_id) @@ -1096,6 +1096,7 @@ def del_periodic_pay(request, gid: int, uname, periodic_pay_id): @method_decorator(login_decs, name='dispatch') +@method_decorator(permission_required('abonapp.change_abon'), name='dispatch') class EditSibscriberMarkers(UpdateView): http_method_names = ('get', 'post') template_name = 'abonapp/modal_user_markers.html' @@ -1129,6 +1130,7 @@ class EditSibscriberMarkers(UpdateView): @login_required @lib.decorators.only_admins +@permission_required('abonapp.change_abon') def user_session_toggle(request, gid: int, uname, lease_id: int, action=None): abon = get_object_or_404(models.Abon, username=uname) if abon.nas is None: @@ -1159,7 +1161,7 @@ def user_session_toggle(request, gid: int, uname, lease_id: int, action=None): @login_required @lib.decorators.only_admins -@permission_required('change_abon') +@permission_required('abonapp.change_abon') def lease_add(request, gid: int, uname): group = get_object_or_404(Group, pk=gid) if request.method == 'POST': @@ -1205,6 +1207,7 @@ def lease_add(request, gid: int, uname): @login_required @lib.decorators.only_admins +@permission_required('abonapp.change_abon') def attach_nas(request, gid): if request.method == 'POST': gateway_id = lib.safe_int(request.POST.get('gateway')) diff --git a/accounts_app/forms.py b/accounts_app/forms.py index 77f3b10..a29d771 100644 --- a/accounts_app/forms.py +++ b/accounts_app/forms.py @@ -6,6 +6,12 @@ from .models import UserProfile class MyUserObjectPermissionsForm(UserObjectPermissionsForm): + def __init__(self, *args, **kwargs): + super(MyUserObjectPermissionsForm, self).__init__(*args, **kwargs) + self.fields['permissions'].widget.attrs.update({ + 'size': 15 + }) + def save_obj_perms(self): """ Saves selected object permissions by creating new ones and removing @@ -29,3 +35,15 @@ class AvatarChangeForm(forms.ModelForm): class Meta: model = UserProfile fields = ('avatar',) + + +class UserPermissionsForm(forms.ModelForm): + def __init__(self, *args, **kwargs): + super(UserPermissionsForm, self).__init__(*args, **kwargs) + self.fields['user_permissions'].widget.attrs.update({ + 'size': 35 + }) + + class Meta: + model = UserProfile + fields = 'user_permissions', diff --git a/accounts_app/locale/ru/LC_MESSAGES/django.po b/accounts_app/locale/ru/LC_MESSAGES/django.po index 56ece20..7793a05 100644 --- a/accounts_app/locale/ru/LC_MESSAGES/django.po +++ b/accounts_app/locale/ru/LC_MESSAGES/django.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2018-08-26 19:09+0300\n" +"POT-Creation-Date: 2018-08-31 16:28+0300\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: Dmitry Novikov nerosketch@gmail.com\n" "Language: ru\n" @@ -18,112 +18,114 @@ msgstr "" "%10<=4 && (n%100<12 || n%100>14) ? 1 : n%10==0 || (n%10>=5 && n%10<=9) || (n" "%100>=11 && n%100<=14)? 2 : 3);\n" -#: models.py:21 +#: models.py:22 msgid "Users must have an telephone number" msgstr "У пользователей должен быть номер телефона" -#: models.py:49 templates/accounts/acc_list.html:21 +#: models.py:50 templates/accounts/acc_list.html:21 msgid "profile username" msgstr "Логин" -#: models.py:54 +#: models.py:55 msgid "fio" msgstr "ФИО" -#: models.py:55 +#: models.py:56 msgid "birth day" msgstr "дата рождения" -#: models.py:56 +#: models.py:57 msgid "Is active" msgstr "Активен" -#: models.py:60 templates/accounts/acc_list.html:23 +#: models.py:61 templates/accounts/acc_list.html:23 #: templates/accounts/create_acc.html:62 templates/accounts/index.html:9 #: templates/accounts/settings/ch_info.html:38 msgid "Telephone" msgstr "Телефон" -#: models.py:94 +#: models.py:95 msgid "Author" msgstr "Автор" -#: models.py:95 templates/accounts/action_log.html:12 +#: models.py:96 templates/accounts/action_log.html:12 msgid "Meta information" msgstr "Мета информация" -#: models.py:97 +#: models.py:98 msgid "Create user" msgstr "Создание абонента" -#: models.py:98 +#: models.py:99 msgid "Delete user" msgstr "Удаление абонента" -#: models.py:99 +#: models.py:100 msgid "Create device" msgstr "Создание устройства" -#: models.py:100 +#: models.py:101 msgid "Delete device" msgstr "Удаление устройства" -#: models.py:101 +#: models.py:102 msgid "Create NAS" msgstr "Создание NAS" -#: models.py:102 +#: models.py:103 msgid "Delete NAS" msgstr "Удаление NAS" -#: models.py:103 +#: models.py:104 msgid "Create service" msgstr "Создание тарифа" -#: models.py:104 +#: models.py:105 msgid "Delete service" msgstr "Удаление тарифа" -#: models.py:106 +#: models.py:107 msgid "Action type" msgstr "Тип действия" -#: models.py:107 +#: models.py:108 msgid "Additional info" msgstr "Дополнительная информация" -#: models.py:108 +#: models.py:109 msgid "Action date" msgstr "Дата действия" -#: models.py:115 +#: models.py:116 msgid "User profile log" msgstr "Лог действий учётной записи" -#: models.py:116 +#: models.py:117 msgid "User profile logs" msgstr "Логи действий учётной записи" -#: models.py:125 +#: models.py:126 msgid "Avatar" msgstr "Аватар" -#: models.py:127 +#: models.py:128 msgid "Responsibility groups" msgstr "Группы администратора" -#: models.py:141 +#: models.py:142 msgid "Staff account profile" msgstr "Учётная запись работника" -#: models.py:142 +#: models.py:143 msgid "Staff account profiles" msgstr "Учётные записи работников" #: templates/accounts/acc_list.html:7 templates/accounts/create_acc.html:8 -#: templates/accounts/perms/objects_of_type.html:7 -#: templates/accounts/perms/objects_types.html:8 -#: templates/accounts/perms/perms_edit.html:8 +#: templates/accounts/perms/change_global_perms.html:8 +#: templates/accounts/perms/ext.html:7 +#: templates/accounts/perms/object/objects_of_type.html:7 +#: templates/accounts/perms/object/objects_types.html:8 +#: templates/accounts/perms/object/perms_edit.html:8 msgid "Administrators" msgstr "Сотрудники" @@ -211,7 +213,8 @@ msgstr "Повторите пароль" #: templates/accounts/create_acc.html:89 #: templates/accounts/manage_responsibility_groups.html:20 -#: templates/accounts/perms/perms_edit.html:65 +#: templates/accounts/perms/change_global_perms.html:22 +#: templates/accounts/perms/object/perms_edit.html:43 #: templates/accounts/set_abon_groups_permission.html:20 #: templates/accounts/settings/ch_info.html:67 msgid "Save" @@ -219,7 +222,7 @@ msgstr "Сохранить" #: templates/accounts/create_acc.html:92 #: templates/accounts/manage_responsibility_groups.html:21 -#: templates/accounts/perms/perms_edit.html:68 +#: templates/accounts/perms/object/perms_edit.html:46 #: templates/accounts/set_abon_groups_permission.html:21 #: templates/accounts/settings/ch_info.html:70 msgid "Reset" @@ -262,38 +265,50 @@ msgstr "Войти по местоположению" msgid "The responsibility of the administrator of the group of subscribers" msgstr "Ответственность администратора за группы абонентов" -#: templates/accounts/perms/objects_of_type.html:9 -#: templates/accounts/perms/objects_types.html:10 -#: templates/accounts/perms/perms_edit.html:10 +#: templates/accounts/perms/change_global_perms.html:10 +#: templates/accounts/perms/ext.html:9 templates/accounts/perms/ext.html:14 msgid "Permission options" msgstr "Права" -#: templates/accounts/perms/objects_of_type.html:16 -#: templates/accounts/perms/perms_edit.html:19 +#: templates/accounts/perms/change_global_perms.html:11 +#: templates/accounts/perms/ext.html:22 +msgid "Global permission options" +msgstr "Глобальные права" + +#: templates/accounts/perms/change_global_perms.html:16 +msgid "Select permissions for picked account" +msgstr "Отметьте права для выбранной учётной записи" + +#: templates/accounts/perms/ext.html:27 +#: templates/accounts/perms/object/objects_of_type.html:9 +#: templates/accounts/perms/object/objects_types.html:10 +#: templates/accounts/perms/object/objects_types.html:11 +#: templates/accounts/perms/object/perms_edit.html:10 +msgid "Object permission options" +msgstr "Права для каждого объекта" + +#: templates/accounts/perms/object/objects_of_type.html:16 +#: templates/accounts/perms/object/perms_edit.html:18 msgid "Pick object for edit permissions" msgstr "Выберите объект для редактирования прав доступа" -#: templates/accounts/perms/objects_types.html:15 +#: templates/accounts/perms/object/objects_types.html:16 msgid "Pick the type of object" msgstr "Выберите тип объекта" -#: templates/accounts/perms/objects_types.html:23 +#: templates/accounts/perms/object/objects_types.html:24 msgid "Group" msgstr "Группа" -#: templates/accounts/perms/perms_edit.html:28 +#: templates/accounts/perms/object/perms_edit.html:27 msgid "Profile is superuser, permissions to change it makes no sense" msgstr "" -"Учётная запись является суперпользователем, разрешения менять нет смысла" +"Учётная запись является суперпользователем. Разрешения менять нет смысла.," -#: templates/accounts/perms/perms_edit.html:34 +#: templates/accounts/perms/object/perms_edit.html:33 msgid "Change permission for that object" msgstr "Изменение прав доступа для выбранного объекта" -#: templates/accounts/perms/perms_edit.html:56 -msgid "Not set" -msgstr "Не найдено" - #: templates/accounts/set_abon_groups_permission.html:5 msgid "The list of user groups to which the account has access" msgstr "Список групп абонентов, к которым учётка имеет доступ" @@ -306,53 +321,50 @@ msgstr "Старый пароль" msgid "New password" msgstr "Новый пароль" -#: views.py:32 +#: views.py:33 msgid "Wrong login or password, please try again" msgstr "Неправильный логин или пароль, попробуйте ещё раз" -#: views.py:120 +#: views.py:121 msgid "New password is empty, fill it" msgstr "Новый пароль пустой, придумайте себе пароль" -#: views.py:122 +#: views.py:123 msgid "Wrong password" msgstr "Неправильный пароль" -#: views.py:124 +#: views.py:125 msgid "Empty password, fill it" msgstr "Пустой пароль, впишите что-то в пароль" -#: views.py:148 +#: views.py:149 msgid "You forget specify a password for the new account" msgstr "Забыли указать пароль для нового аккаунта" -#: views.py:151 +#: views.py:152 msgid "You forget to repeat a password for the new account" msgstr "Забыли повторить пароль для нового аккаунта" -#: views.py:160 +#: views.py:161 msgid "Subscriber with this name already exist" msgstr "Пользователь с таким именем уже есть" -#: views.py:162 +#: views.py:163 msgid "Passwords does not match, try again" msgstr "Пароли не совпадают, попробуйте ещё раз" -#: views.py:177 +#: views.py:178 msgid "Profile has been deleted" msgstr "Учётная запись удалена" -#: views.py:255 +#: views.py:240 msgid "Permissions has successfully updated" msgstr "Права успешно обновлены" -#: views.py:322 +#: views.py:352 msgid "Responsibilities has been updated" msgstr "Ответственность за группы обновлена" -msgid "Password" -msgstr "Пароль" - msgid "Change self onfo" msgstr "Изменить инфу о себе" @@ -362,9 +374,6 @@ msgstr "Редактировать" msgid "Access to groups" msgstr "Доступ к группам" -msgid "Administrator" -msgstr "Сотрудник" - msgid "Manage responsibility groups" msgstr "Ответственность за группы" diff --git a/accounts_app/models.py b/accounts_app/models.py index 4bb8b6e..4d1d734 100644 --- a/accounts_app/models.py +++ b/accounts_app/models.py @@ -8,6 +8,7 @@ from django.contrib.auth.models import BaseUserManager, AbstractBaseUser, Permis from django.core.validators import RegexValidator from django.utils.translation import gettext_lazy as _ from django.conf import settings +from django.shortcuts import resolve_url from group_app.models import Group @@ -173,3 +174,6 @@ class UserProfile(BaseAccount): do_type=do_type, additional_text=additional_text ) + + def get_absolute_url(self): + return resolve_url('acc_app:other_profile', self.pk) diff --git a/accounts_app/templates/accounts/ext.htm b/accounts_app/templates/accounts/ext.htm index cb2817d..2c420bf 100644 --- a/accounts_app/templates/accounts/ext.htm +++ b/accounts_app/templates/accounts/ext.htm @@ -28,17 +28,11 @@ {% endif %} {% if request.user.is_superuser %} - {% if userprofile.is_superuser %} - - - - - {% else %} - - - - - {% endif %} + + + + {% endif %}
diff --git a/accounts_app/templates/accounts/perms/change_global_perms.html b/accounts_app/templates/accounts/perms/change_global_perms.html new file mode 100644 index 0000000..5df36a3 --- /dev/null +++ b/accounts_app/templates/accounts/perms/change_global_perms.html @@ -0,0 +1,24 @@ +{% extends request.is_ajax|yesno:'nullcont.htm,accounts/perms/ext.html' %} +{% load i18n %} +{% load bootstrap3 %} + +{% block breadcrumb %} +
    +
    2. +
  2. {% trans 'Administrators' %}
    3. +
  3. {{ userprofile.username }}
    4. +
  4. {% trans 'Permission options' %}
    5. +
  5. {% trans 'Global permission options' %}
    6. +
+{% endblock %} + +{% block page-header %} + {% trans 'Select permissions for picked account' %} +{% endblock %} + +{% block content %} +
{% csrf_token %} + {% bootstrap_form form %} + {% bootstrap_button _('Save') button_type='submit' button_class='btn-primary' %} +
+{% endblock %} \ No newline at end of file diff --git a/accounts_app/templates/accounts/perms/ext.html b/accounts_app/templates/accounts/perms/ext.html new file mode 100644 index 0000000..85575d8 --- /dev/null +++ b/accounts_app/templates/accounts/perms/ext.html @@ -0,0 +1,36 @@ +{% extends request.is_ajax|yesno:'bajax.html,base.html' %} +{% load i18n %} + +{% block breadcrumb %} +
    +
    2. +
  2. {% trans 'Administrators' %}
    3. +
  3. {{ userprofile.username }}
    4. +
  4. {% trans 'Permission options' %}
    5. +
+{% endblock %} + +{% block page-header %} + {% trans 'Permission options' %} +{% endblock %} + +{% block main %} + +
+
+ {% block content %}{% endblock %} +
+
+{% endblock %} diff --git a/accounts_app/templates/accounts/perms/objects_of_type.html b/accounts_app/templates/accounts/perms/object/objects_of_type.html similarity index 83% rename from accounts_app/templates/accounts/perms/objects_of_type.html rename to accounts_app/templates/accounts/perms/object/objects_of_type.html index d9d13c4..60a02dc 100644 --- a/accounts_app/templates/accounts/perms/objects_of_type.html +++ b/accounts_app/templates/accounts/perms/object/objects_of_type.html @@ -1,4 +1,4 @@ -{% extends 'base.html' %} +{% extends request.is_ajax|yesno:'nullcont.htm,accounts/perms/ext.html' %} {% load i18n %} {% block breadcrumb %} @@ -6,7 +6,7 @@
  • {% trans 'Administrators' %}
  • {{ userprofile.username }}
    • -
  • {% trans 'Permission options' %}
    • +
  • {% trans 'Object permission options' %}
  • <{{ klass }}> {{ klass_name }}
    • {% endblock %} diff --git a/accounts_app/templates/accounts/perms/objects_types.html b/accounts_app/templates/accounts/perms/object/objects_types.html similarity index 78% rename from accounts_app/templates/accounts/perms/objects_types.html rename to accounts_app/templates/accounts/perms/object/objects_types.html index a4f84cb..93203c9 100644 --- a/accounts_app/templates/accounts/perms/objects_types.html +++ b/accounts_app/templates/accounts/perms/object/objects_types.html @@ -1,4 +1,4 @@ -{% extends 'base.html' %} +{% extends request.is_ajax|yesno:'nullcont.htm,accounts/perms/ext.html' %} {% load i18n %} {% load acc_tags %} @@ -7,7 +7,8 @@
  • {% trans 'Administrators' %}
  • {{ userprofile.username }}
    • -
  • {% trans 'Permission options' %}
    • +
  • {% trans 'Object permission options' %}
    • +
  • {% trans 'Object permission options' %}
    • {% endblock %} @@ -15,7 +16,7 @@ {% trans 'Pick the type of object' %} {% endblock %} -{% block main %} +{% block content %}
    diff --git a/accounts_app/templates/accounts/perms/perms_edit.html b/accounts_app/templates/accounts/perms/object/perms_edit.html similarity index 56% rename from accounts_app/templates/accounts/perms/perms_edit.html rename to accounts_app/templates/accounts/perms/object/perms_edit.html index 39ad662..1d0f5aa 100644 --- a/accounts_app/templates/accounts/perms/perms_edit.html +++ b/accounts_app/templates/accounts/perms/object/perms_edit.html @@ -1,15 +1,14 @@ {% extends 'base.html' %} {% load i18n %} -{% load guardian_tags %} +{% load bootstrap3 %} {% block breadcrumb %}
    2. {% trans 'Administrators' %}
    3. {{ userprofile.username }}
      4. -
    4. {% trans 'Permission options' %}
      5. -
    5. <{{ klass }}> {{ klass_name }} -
      6. +
    6. {% trans 'Object permission options' %}
      7. +
    7. <{{ klass }}> {{ klass_name }}
    8. {{ obj }}
    {% endblock %} @@ -37,28 +36,7 @@ {% csrf_token %} - {% get_obj_perms userprofile for obj as 'obj_perms' %} - - {% for field in form %} -
    - - -
    - -
    -
    - {% endfor %} + {% bootstrap_form form %}
    - {% bootstrap_form form %} - - {% trans 'Save' as btntxt %} - {% bootstrap_button btntxt button_type="submit" button_class="btn-primary" icon="save" size='sm' %} - + {% bootstrap_button _('Save') button_type="submit" button_class="btn-primary" icon="save" size='sm' %}
    diff --git a/devapp/templates/devapp/modal_device_extra_edit.html b/devapp/templates/devapp/modal_device_extra_edit.html index 57cfb3e..87bc6ae 100644 --- a/devapp/templates/devapp/modal_device_extra_edit.html +++ b/devapp/templates/devapp/modal_device_extra_edit.html @@ -11,13 +11,11 @@ {% bootstrap_form form %}
    - {% trans 'Save' as btntxt %} - {% bootstrap_button btntxt button_type="submit" button_class="btn-primary" icon="save" %} + {% bootstrap_button _('Save') button_type="submit" button_class="btn-primary" icon="save" %} {% if not request.is_ajax %} - {% trans 'Back' as btntxt %} {% url 'devapp:edit' group_id object.pk as backurl %} - {% bootstrap_button btntxt button_type="link" href=backurl icon="fast-backward" %} + {% bootstrap_button _('Back') button_type="link" href=backurl icon="fast-backward" %} {% endif %}
    diff --git a/devapp/views.py b/devapp/views.py index 26ee8be..8c58fb9 100644 --- a/devapp/views.py +++ b/devapp/views.py @@ -33,7 +33,6 @@ from .forms import DeviceForm, PortForm, DeviceExtraDataForm login_decs = login_required, only_admins -@method_decorator(login_decs, name='dispatch') class DevicesListView(global_base_views.OrderedFilteredList): context_object_name = 'devices' template_name = 'devapp/devices.html' @@ -51,6 +50,8 @@ class DevicesListView(global_base_views.OrderedFilteredList): context['group'] = get_object_or_404(Group, pk=group_id) return context + @method_decorator(login_decs) + @method_decorator(permission_required('devapp.view_device')) def dispatch(self, request, *args, **kwargs): try: response = super(DevicesListView, self).dispatch(request, *args, **kwargs) @@ -61,6 +62,7 @@ class DevicesListView(global_base_views.OrderedFilteredList): @method_decorator(login_decs, name='dispatch') +@method_decorator(permission_required('devapp.view_device'), name='dispatch') class DevicesWithoutGroupsListView(global_base_views.OrderedFilteredList): context_object_name = 'devices' template_name = 'devapp/devices_null_group.html' @@ -92,7 +94,7 @@ class DeviceDeleteView(DeleteView): @method_decorator(login_decs, name='dispatch') -@method_decorator(permission_required('devapp.can_view_device'), name='dispatch') +@method_decorator(permission_required('devapp.view_device'), name='dispatch') class DeviceUpdate(UpdateView): template_name = 'devapp/dev.html' context_object_name = 'dev' @@ -140,7 +142,7 @@ class DeviceUpdate(UpdateView): def dispatch(self, request, *args, **kwargs): group_id = self.kwargs.get('group_id') device_group = get_object_or_404(Group, pk=group_id) - if not request.user.has_perm('group_app.can_view_group', device_group): + if not request.user.has_perm('group_app.view_group', device_group): raise PermissionDenied self.device_group = device_group return super().dispatch(request, *args, **kwargs) @@ -158,7 +160,7 @@ class DeviceUpdate(UpdateView): @method_decorator(login_decs, name='dispatch') -@method_decorator(permission_required('devapp.can_view_device'), name='dispatch') +@method_decorator(permission_required('devapp.add_device'), name='dispatch') class DeviceCreateView(CreateView): template_name = 'devapp/add_dev.html' context_object_name = 'dev' @@ -167,11 +169,6 @@ class DeviceCreateView(CreateView): device_group = None already_dev = None - def get(self, request, *args, **kwargs): - if not request.user.has_perm('devapp.add_device'): - raise PermissionDenied - return super().get(request, *args, **kwargs) - def form_valid(self, form): # check if that device is exist try: @@ -202,7 +199,7 @@ class DeviceCreateView(CreateView): def dispatch(self, request, *args, **kwargs): group_id = self.kwargs.get('group_id') device_group = get_object_or_404(Group, pk=group_id) - if not request.user.has_perm('group_app.can_view_group', device_group): + if not request.user.has_perm('group_app.view_group', device_group): raise PermissionDenied self.device_group = device_group return super().dispatch(request, *args, **kwargs) @@ -364,7 +361,7 @@ def delete_single_port(request, group_id, device_id, port_id): @login_required @only_admins -@permission_required('devapp.add_port') +@permission_required('devapp.change_port') def edit_single_port(request, group_id: int, device_id: int, port_id: int): try: port = Port.objects.get(pk=port_id) @@ -424,7 +421,7 @@ def add_single_port(request, group_id, device_id): @login_required @only_admins -@permission_required('devapp.can_view_device') +@permission_required('devapp.view_device') def devview(request, group_id: int, device_id: int): ports, manager = None, None device = get_object_or_404(Device, id=device_id) @@ -512,7 +509,7 @@ class GroupsListView(global_base_views.OrderedFilteredList): def get_queryset(self): groups = super(GroupsListView, self).get_queryset() - groups = get_objects_for_user(self.request.user, 'group_app.can_view_group', klass=groups, + groups = get_objects_for_user(self.request.user, 'group_app.view_group', klass=groups, accept_global_perms=False) return groups @@ -523,7 +520,7 @@ class GroupsListView(global_base_views.OrderedFilteredList): def search_dev(request): word = request.GET.get('s') if word is None or word == '': - results = [{'id': 0, 'text': ''}] + results = tuple({'id': 0, 'text': ''}) else: qs = Q(comment__icontains=word) try: @@ -532,10 +529,10 @@ def search_dev(request): except ValueError: pass results = Device.objects.filter(qs).only('pk', 'ip_address', 'comment')[:16] - results = [{ + results = tuple({ 'id': device.pk, 'text': "%s: %s" % (device.ip_address or '', device.comment) - } for device in results] + } for device in results) return results diff --git a/group_app/locale/ru/LC_MESSAGES/django.po b/group_app/locale/ru/LC_MESSAGES/django.po index c975e80..bffbf9b 100644 --- a/group_app/locale/ru/LC_MESSAGES/django.po +++ b/group_app/locale/ru/LC_MESSAGES/django.po @@ -27,10 +27,6 @@ msgstr "Название" msgid "Tech code" msgstr "Технический код" -#: models.py:17 -msgid "Can view group" -msgstr "Может видеть группы" - #: models.py:19 msgid "Group" msgstr "Группа" diff --git a/group_app/migrations/0001_initial.py b/group_app/migrations/0001_initial.py index e36d2d7..6344fcc 100644 --- a/group_app/migrations/0001_initial.py +++ b/group_app/migrations/0001_initial.py @@ -22,8 +22,7 @@ class Migration(migrations.Migration): 'verbose_name': 'Group', 'verbose_name_plural': 'Groups', 'db_table': 'groups', - 'ordering': ['title'], - 'permissions': (('can_view_group', 'Can view group'),), + 'ordering': ('title',), }, ), ] diff --git a/group_app/migrations/0003_auto_20180808_1236.py b/group_app/migrations/0003_auto_20180808_1236.py index 58d0066..3386c59 100644 --- a/group_app/migrations/0003_auto_20180808_1236.py +++ b/group_app/migrations/0003_auto_20180808_1236.py @@ -14,6 +14,6 @@ class Migration(migrations.Migration): operations = [ migrations.AlterModelOptions( name='group', - options={'ordering': ('title',), 'permissions': (('can_view_group', 'Can view group'),), 'verbose_name': 'Group', 'verbose_name_plural': 'Groups'}, + options={'ordering': ('title',), 'verbose_name': 'Group', 'verbose_name_plural': 'Groups'}, ), ] diff --git a/group_app/models.py b/group_app/models.py index 7328553..af8e2fc 100644 --- a/group_app/models.py +++ b/group_app/models.py @@ -12,9 +12,6 @@ class Group(models.Model): class Meta: db_table = 'groups' - permissions = ( - ('can_view_group', _('Can view group')), - ) verbose_name = _('Group') verbose_name_plural = _('Groups') ordering = ('title',) diff --git a/group_app/views.py b/group_app/views.py index fde757c..e8da0e4 100644 --- a/group_app/views.py +++ b/group_app/views.py @@ -19,6 +19,7 @@ login_decs = login_required, only_admins @method_decorator(login_decs, name='dispatch') +@method_decorator(permission_required('group_app.view_group'), name='dispatch') class GroupListView(OrderedFilteredList): http_method_names = ('get',) paginate_by = getattr(settings, 'PAGINATION_ITEMS_PER_PAGE', 10) @@ -28,6 +29,7 @@ class GroupListView(OrderedFilteredList): @method_decorator(login_decs, name='dispatch') +@method_decorator(permission_required('group_app.change_group'), name='dispatch') class EditGroupView(UpdateView): http_method_names = ('get', 'post') template_name = 'group_app/edit_group.html' @@ -46,6 +48,7 @@ class EditGroupView(UpdateView): @method_decorator(login_decs, name='dispatch') +@method_decorator(permission_required('group_app.add_group'), name='dispatch') class AddGroupView(CreateView): http_method_names = ('get', 'post') template_name = 'group_app/add_group.html' diff --git a/ip_pool/views.py b/ip_pool/views.py index 0eb45c9..3e4fb23 100644 --- a/ip_pool/views.py +++ b/ip_pool/views.py @@ -17,6 +17,7 @@ login_decs = login_required, only_admins @method_decorator(login_decs, name='dispatch') +@method_decorator(permission_required('ip_pool.view_networkmodel'), name='dispatch') class NetworksListView(OrderedFilteredList): device_kind_code = None template_name = 'ip_pool/network_list.html' @@ -57,6 +58,7 @@ class NetworkDeleteView(DeleteView): @method_decorator(login_decs, name='dispatch') +@method_decorator(permission_required('ip_pool.view_ipleasemodel'), name='dispatch') class IpLeasesListView(OrderedFilteredList): template_name = 'ip_pool/ip_leases_list.html' model = models.IpLeaseModel @@ -86,6 +88,7 @@ class NetworkCreateView(CreateView): @login_required +@method_decorator(permission_required('ip_pool.view_networkmodel'), name='dispatch') def network_in_groups(request, net_id): network = get_object_or_404(models.NetworkModel, pk=net_id) if request.method == 'POST': diff --git a/mapapp/templates/maps/dot.html b/mapapp/templates/maps/dot.html index 75ef90c..75d0cfd 100644 --- a/mapapp/templates/maps/dot.html +++ b/mapapp/templates/maps/dot.html @@ -99,9 +99,8 @@ {% endfor %}
    - {% trans 'Add' as trns %} {% url 'mapapp:add_dev' dot.pk as url %} - {% bootstrap_button trns button_type="link" icon='plus' size='sm' button_class='btn-success' href=url %} + {% bootstrap_button _('Add') button_type="link" icon='plus' size='sm' button_class='btn-success' href=url %}
    diff --git a/msg_app/locale/ru/LC_MESSAGES/django.po b/msg_app/locale/ru/LC_MESSAGES/django.po index ac457e0..661b095 100644 --- a/msg_app/locale/ru/LC_MESSAGES/django.po +++ b/msg_app/locale/ru/LC_MESSAGES/django.po @@ -63,10 +63,6 @@ msgstr "Сообщение" msgid "Messages" msgstr "Сообщения" -#: msg_app/models.py:71 -msgid "Can view messages" -msgstr "может просматривать сообщения" - #: msg_app/models.py:79 msgid "Admin" msgstr "Админ" @@ -103,10 +99,6 @@ msgstr "Без имени" msgid "Conversations" msgstr "Беседы" -#: msg_app/models.py:244 -msgid "Can view conversation" -msgstr "Может просматривать беседы" - #: msg_app/templates/msg_app/chat.html:7 #: msg_app/templates/msg_app/conversations.html:7 msgid "Private messages" diff --git a/msg_app/models.py b/msg_app/models.py index 889609b..7c06d46 100644 --- a/msg_app/models.py +++ b/msg_app/models.py @@ -67,9 +67,6 @@ class Message(models.Model): ordering = ('-sent_at',) verbose_name = _("Message") verbose_name_plural = _("Messages") - permissions = ( - ('can_view_messages', _('Can view messages')), - ) class ConversationMembership(models.Model): @@ -242,7 +239,4 @@ class Conversation(models.Model): db_table = 'conversations' verbose_name = _("Conversation") verbose_name_plural = _("Conversations") - permissions = ( - ('can_view_conversation', _('Can view conversation')), - ) ordering = ('title',) diff --git a/msg_app/views.py b/msg_app/views.py index 63c408a..2310ab3 100644 --- a/msg_app/views.py +++ b/msg_app/views.py @@ -11,6 +11,7 @@ from django.views.generic import ListView from chatbot.models import MessageQueue from djing.lib.decorators import only_admins +from guardian.decorators import permission_required_or_403 as permission_required from .models import Conversation, MessageError, Message from .forms import ConversationForm, MessageForm @@ -20,6 +21,7 @@ login_decs = login_required, only_admins @method_decorator(login_decs, name='dispatch') +@method_decorator(permission_required('msg_app.view_conversation'), name='dispatch') class ConversationsListView(ListView): context_object_name = 'conversations' template_name = 'msg_app/conversations.html' @@ -31,6 +33,7 @@ class ConversationsListView(ListView): @login_required @only_admins +@permission_required('msg_app.add_conversation') def new_conversation(request): try: frm = ConversationForm(request.POST or None) @@ -52,6 +55,7 @@ def new_conversation(request): @login_required @only_admins +@permission_required('msg_app.view_conversation') def to_conversation(request, conv_id): conv = get_object_or_404(Conversation, pk=conv_id) try: @@ -75,6 +79,7 @@ def to_conversation(request, conv_id): @login_required @only_admins +@permission_required('msg_app.delete_message') def remove_msg(request, conv_id, msg_id): msg = get_object_or_404(Message, pk=msg_id) if msg.author != request.user: @@ -84,6 +89,8 @@ def remove_msg(request, conv_id, msg_id): return redirect('msg_app:to_conversation', conversation_id) +@login_required +@only_admins def check_news(request): if request.user.is_authenticated: msg = MessageQueue.objects.pop(user=request.user, tag='msgapp') diff --git a/nas_app/views.py b/nas_app/views.py index 5bd0a21..38cf1d4 100644 --- a/nas_app/views.py +++ b/nas_app/views.py @@ -18,6 +18,7 @@ login_decs = login_required, only_admins @method_decorator(login_decs, name='dispatch') +@method_decorator(permission_required('nas_app.view_nasmodel'), name='dispatch') class NasListView(ListView): model = NASModel diff --git a/tariff_app/templates/tariff_app/periodic_pays/add_edit.html b/tariff_app/templates/tariff_app/periodic_pays/add_edit.html index bcfc6a6..1747958 100644 --- a/tariff_app/templates/tariff_app/periodic_pays/add_edit.html +++ b/tariff_app/templates/tariff_app/periodic_pays/add_edit.html @@ -44,8 +44,7 @@ {% bootstrap_icon 'rub' as ic %} {% bootstrap_field form.amount addon_before=ic %} - {% trans 'Save' as ic %} - {% bootstrap_button ic button_class="btn-primary" icon="save" %} + {% bootstrap_button _('Save') button_class="btn-primary" icon="save" %} diff --git a/tariff_app/views.py b/tariff_app/views.py index ba3e33b..4394849 100644 --- a/tariff_app/views.py +++ b/tariff_app/views.py @@ -20,6 +20,7 @@ login_decs = login_required, only_admins @method_decorator(login_decs, name='dispatch') +@method_decorator(permission_required('tariff_app.view_tariff'), name='dispatch') class TariffsListView(OrderedFilteredList): """ Show Services(Tariffs) list @@ -32,6 +33,7 @@ class TariffsListView(OrderedFilteredList): @login_required @only_admins +@permission_required('tariff_app.change_tariff') def edit_tarif(request, tarif_id=0): tarif_id = lib.safe_int(tarif_id) @@ -90,7 +92,7 @@ class TariffDeleteView(DeleteView): @method_decorator(login_decs, name='dispatch') -@method_decorator(permission_required('tariff_app.delete_tariff'), name='dispatch') +@method_decorator(permission_required('tariff_app.view_periodicpay'), name='dispatch') class PeriodicPaysListView(OrderedFilteredList): context_object_name = 'pays' model = PeriodicPay diff --git a/taskapp/locale/ru/LC_MESSAGES/django.po b/taskapp/locale/ru/LC_MESSAGES/django.po index f9dde29..c5ff18e 100644 --- a/taskapp/locale/ru/LC_MESSAGES/django.po +++ b/taskapp/locale/ru/LC_MESSAGES/django.po @@ -241,10 +241,6 @@ msgstr "Автор" msgid "Time of create" msgstr "Дата создания" -#: taskapp/models.py:131 -msgid "Can view comments" -msgstr "Может видеть комментарии" - #: taskapp/models.py:133 msgid "Extra comment" msgstr "Комментарий" diff --git a/taskapp/models.py b/taskapp/models.py index 0764bcf..ad6d81f 100644 --- a/taskapp/models.py +++ b/taskapp/models.py @@ -131,9 +131,6 @@ class ExtraComment(models.Model): class Meta: db_table = 'extra_comments' - permissions = ( - ('can_view_comments', _('Can view comments')), - ) verbose_name = _('Extra comment') verbose_name_plural = _('Extra comments') ordering = ('-date_create',) diff --git a/taskapp/templates/taskapp/add_edit_task.html b/taskapp/templates/taskapp/add_edit_task.html index c5f0abd..15db21d 100644 --- a/taskapp/templates/taskapp/add_edit_task.html +++ b/taskapp/templates/taskapp/add_edit_task.html @@ -101,12 +101,14 @@ {% if task %} -
    - {% include 'taskapp/details.html' with task=task time_diff=time_diff %} -
    -
    - {% include "taskapp/comments/task_comments.html" with comments=comments task_uid=task.pk comment_form=comment_form %} -
    +
    + {% include 'taskapp/details.html' with task=task time_diff=time_diff %} +
    + {% if perms.taskapp.view_extracomment %} +
    + {% include "taskapp/comments/task_comments.html" with comments=comments task_uid=task.pk comment_form=comment_form %} +
    + {% endif %} {% endif %} diff --git a/taskapp/templates/taskapp/comments/task_comments.html b/taskapp/templates/taskapp/comments/task_comments.html index e8e331b..504ee96 100644 --- a/taskapp/templates/taskapp/comments/task_comments.html +++ b/taskapp/templates/taskapp/comments/task_comments.html @@ -26,13 +26,15 @@ {% endfor %} -
    {% csrf_token %} - {% bootstrap_form comment_form %} - {% buttons %} - - {% endbuttons %} -
    + {% if perms.taskapp.add_extracomment %} +
    {% csrf_token %} + {% bootstrap_form comment_form %} + {% buttons %} + + {% endbuttons %} +
    + {% endif %} diff --git a/taskapp/views.py b/taskapp/views.py index d67039d..32e86b8 100644 --- a/taskapp/views.py +++ b/taskapp/views.py @@ -27,16 +27,14 @@ from .forms import TaskFrm, ExtraCommentForm login_decs = login_required, only_admins -class BaseTaskListView(ListView): - http_method_names = ('get',) - paginate_by = getattr(settings, 'PAGINATION_ITEMS_PER_PAGE', 10) - - @method_decorator(login_decs, name='dispatch') -class NewTasksView(BaseTaskListView): +@method_decorator(permission_required('taskapp.view_task'), name='dispatch') +class NewTasksView(ListView): """ Show new tasks """ + http_method_names = ('get',) + paginate_by = getattr(settings, 'PAGINATION_ITEMS_PER_PAGE', 10) template_name = 'taskapp/tasklist.html' context_object_name = 'tasks' @@ -47,6 +45,7 @@ class NewTasksView(BaseTaskListView): @method_decorator(login_decs, name='dispatch') +@method_decorator(permission_required('taskapp.view_task'), name='dispatch') class FailedTasksView(NewTasksView): """ Show crashed tasks @@ -60,6 +59,7 @@ class FailedTasksView(NewTasksView): @method_decorator(login_decs, name='dispatch') +@method_decorator(permission_required('taskapp.view_task'), name='dispatch') class FinishedTaskListView(NewTasksView): template_name = 'taskapp/tasklist_finish.html' @@ -69,6 +69,7 @@ class FinishedTaskListView(NewTasksView): @method_decorator(login_decs, name='dispatch') +@method_decorator(permission_required('taskapp.view_task'), name='dispatch') class OwnTaskListView(NewTasksView): template_name = 'taskapp/tasklist_own.html' @@ -80,6 +81,7 @@ class OwnTaskListView(NewTasksView): @method_decorator(login_decs, name='dispatch') +@method_decorator(permission_required('taskapp.view_task'), name='dispatch') class MyTaskListView(NewTasksView): template_name = 'taskapp/tasklist.html' @@ -91,7 +93,9 @@ class MyTaskListView(NewTasksView): @method_decorator(login_decs, name='dispatch') @method_decorator(permission_required('taskapp.can_viewall'), name='dispatch') -class AllTasksListView(BaseTaskListView): +class AllTasksListView(ListView): + http_method_names = ('get',) + paginate_by = getattr(settings, 'PAGINATION_ITEMS_PER_PAGE', 10) template_name = 'taskapp/tasklist_all.html' context_object_name = 'tasks' @@ -101,6 +105,7 @@ class AllTasksListView(BaseTaskListView): @method_decorator(login_decs, name='dispatch') +@method_decorator(permission_required('taskapp.view_task'), name='dispatch') class EmptyTasksListView(NewTasksView): template_name = 'taskapp/tasklist_empty.html' diff --git a/templates/base.html b/templates/base.html index 0c1d0b1..bf2e9b2 100644 --- a/templates/base.html +++ b/templates/base.html @@ -36,20 +36,24 @@ - {% url 'taskapp:home' as task_home %} - - - {% trans 'Tasks' %} - {% if tasks_count > 0 %}{{ tasks_count }}{% endif %} - - + {% if perms.taskapp.view_task %} + {% url 'taskapp:home' as task_home %} + + + {% trans 'Tasks' %} + {% if tasks_count > 0 %}{{ tasks_count }}{% endif %} + + + {% endif %} - {% url 'group_app:group_list' as group_list_link %} - - - {% trans 'Groups' %} - - + {% if perms.group_app.view_group %} + {% url 'group_app:group_list' as group_list_link %} + + + {% trans 'Groups' %} + + + {% endif %} {% url 'tarifs:home' as tarifs_home %} @@ -85,12 +89,12 @@ {% if perms.dialing_app.change_asteriskcdr %} - {% url 'dialapp:home' as dialhome %} - - - {% trans 'Dialing' %} - - + {% url 'dialapp:home' as dialhome %} + + + {% trans 'Dialing' %} + + {% endif %} {% url 'devapp:group_list' as devapp_groups %} @@ -101,12 +105,12 @@ {% if perms.nas_app.view_nasmodel %} - {% url 'nas_app:home' as nashome %} - - - {% trans 'NAS' %} - - + {% url 'nas_app:home' as nashome %} + + + {% trans 'NAS' %} + + {% endif %}