From fa94ac7689a8a22de9a89f38cbcb3312b93e2891 Mon Sep 17 00:00:00 2001 From: Alexandre Iooss Date: Fri, 16 Aug 2019 15:05:10 +0200 Subject: [PATCH] Sporz permissions --- README.md | 83 ++++++++++++++++++++++++++++---------------------- TODO | 2 -- sporz/admin.py | 25 +++++++++++++++ 3 files changed, 71 insertions(+), 39 deletions(-) delete mode 100644 TODO diff --git a/README.md b/README.md index 159335a..22fb147 100644 --- a/README.md +++ b/README.md @@ -39,44 +39,53 @@ FLUSH PRIVILEGES; ``` bureau - Can view borrowed item - Can add borrowed item - Can change borrowed item - Can delete borrowed item - Can view adhesion - Can add adhesion - Can change adhesion - Can delete adhesion - Can view clef - Can add clef - Can change clef - Can delete clef - Can view user - Can add user - Can change user + media | Can view borrowed item + media | Can add borrowed item + media | Can change borrowed item + media | Can delete borrowed item + users | Can view adhesion + users | Can add adhesion + users | Can change adhesion + users | Can delete adhesion + users | Can view clef + users | Can add clef + users | Can change clef + users | Can delete clef + users | Can view user + users | Can add user + users | Can change user + sporz | Can view gamesave + + permissions keyholder keyholder - Can view auteur - Can add auteur - Can change auteur - Can delete auteur - Can view media - Can add media - Can change media - Can delete media - Can view jeu - Can add jeu - Can change jeu - Can delete jeu - Can view emprunt - Can add emprunt - Can change emprunt - Can delete emprunt - Can view user - Can view clef + media | Can view auteur + media | Can add auteur + media | Can change auteur + media | Can delete auteur + media | Can view media + media | Can add media + media | Can change media + media | Can delete media + media | Can view jeu + media | Can add jeu + media | Can change jeu + media | Can delete jeu + media | Can view emprunt + media | Can add emprunt + media | Can change emprunt + media | Can delete emprunt + users | Can view user + users | Can view clef -users - Can view auteur - Can view media - Can view jeu +users (default group for everyone) + media | Can view auteur + media | Can view media + media | Can view jeu + sporz | Can add gamesave + sporz | Can change gamesave + sporz | Can delete gamesave + sporz | Can view player + sporz | Can add player + sporz | Can change player + sporz | Can delete player ``` diff --git a/TODO b/TODO deleted file mode 100644 index 5b3e923..0000000 --- a/TODO +++ /dev/null @@ -1,2 +0,0 @@ -régler pq de permission sur app sporz : permettre d'afficher seulement nos gamesave à tout le monde - diff --git a/sporz/admin.py b/sporz/admin.py index 1450cd0..23b9e3a 100644 --- a/sporz/admin.py +++ b/sporz/admin.py @@ -3,6 +3,8 @@ # SPDX-License-Identifier: GPL-3.0-or-later from django.contrib import admin +from django.contrib.auth import get_user_model +from django.db.models import Q from med.admin import admin_site from .models import GameSave, Player @@ -16,6 +18,7 @@ class GameSaveAdmin(admin.ModelAdmin): inlines = [PlayerInline, ] list_display = ('__str__', 'game_master', 'game_has_ended') date_hierarchy = 'created_at' + autocomplete_fields = ('game_master',) def has_change_permission(self, request, obj=None): """ @@ -43,5 +46,27 @@ class GameSaveAdmin(admin.ModelAdmin): request.GET = data return super().add_view(request, form_url, extra_context) + def formfield_for_foreignkey(self, db_field, request, **kwargs): + """ + Authorize game master change only if user can see all users + """ + if db_field.name == 'game_master': + if not request.user.has_perm('users.view_user'): + kwargs['queryset'] = get_user_model().objects.filter( + username=request.user.username) + return super().formfield_for_foreignkey(db_field, request, **kwargs) + + def get_queryset(self, request): + """ + List all game save only if user has view permission + else, list only own games and ended games + """ + queryset = super().get_queryset(request) + if request.user.has_perm('sporz.view_gamesave'): + return queryset + return queryset.filter( + Q(game_master=request.user) | Q(game_has_ended=True) + ) + admin_site.register(GameSave, GameSaveAdmin)