Merge branch 'nix-shell' into 'main'

Nix shell See merge request bde/nk20!201
Merge branch 'beta' into 'main'
2025-02-25 17:36:31 +00:00 · 2023-09-30 17:10:45 +02:00 · 2023-09-29 12:08:00 +02:00 · 2023-09-28 18:48:57 +02:00 · 2022-08-21 19:50:53 +02:00 · 2022-08-21 19:46:11 +02:00
6 changed files with 96 additions and 17 deletions
--- a/.gitignore
+++ b/.gitignore
@ -48,7 +48,6 @@ backups/
 env/
 venv/
 db.sqlite3
-shell.nix

 # ansibles customs host
 ansible/host_vars/*.yaml
--- a/apps/permission/backends.py
+++ b/apps/permission/backends.py
@ -198,6 +198,41 @@ class PermissionBackend(ModelBackend):
    def has_module_perms(self, user_obj, app_label):
        return False

+    @staticmethod
+    @memoize
+    def has_model_perm(request, model, type):
+        """
+        Check is the given user has the permission over a given model for a given action.
+        The result is then memoized.
+        :param request: The current request
+        :param model: The model that the permissions shoud apply
+        :param type: The type of the permissions: view, change, add or delete
+        For view action, it is consider possible if user can view or change the model
+        """
+        # Requested by a shell
+        if request is None:
+            return False
+
+        user_obj = request.user
+        sess = request.session
+
+        if hasattr(request, 'auth') and request.auth is not None and hasattr(request.auth, 'scope'):
+            # OAuth2 Authentication
+            user_obj = request.auth.user
+
+        if user_obj is None or user_obj.is_anonymous:
+            return False
+
+        if user_obj.is_superuser and sess.get("permission_mask", -1) >= 42:
+            return True
+
+        ct = ContentType.objects.get_for_model(model)
+        if any(PermissionBackend.permissions(request, ct, type)):
+            return True
+        if type == "view" and any(PermissionBackend.permissions(request, ct, "change")):
+            return True
+        return False
+
    def get_all_permissions(self, user_obj, obj=None):
        ct = ContentType.objects.get_for_model(obj)
        return list(self.permissions(get_current_request(), ct, "view"))
--- a/apps/treasury/tests/test_treasury.py
+++ b/apps/treasury/tests/test_treasury.py
@ -385,8 +385,7 @@ class TestSogeCredits(TestCase):

        response = self.client.post(reverse("treasury:manage_soge_credit", args=(soge_credit.pk,)),
                                    data=dict(delete=True))
-        # 403 because no SogeCredit exists anymore, then a PermissionDenied is raised
-        self.assertRedirects(response, reverse("treasury:soge_credits"), 302, 403)
+        self.assertRedirects(response, reverse("treasury:soge_credits"), 302, 200)
        self.assertFalse(SogeCredit.objects.filter(pk=soge_credit.pk))
        self.user.note.refresh_from_db()
        self.assertEqual(self.user.note.balance, 0)
--- a/apps/treasury/views.py
+++ b/apps/treasury/views.py
@ -101,14 +101,7 @@ class InvoiceListView(LoginRequiredMixin, SingleTableView):
        if not request.user.is_authenticated:
            return self.handle_no_permission()

-        sample_invoice = Invoice(
-            id=0,
-            object="",
-            description="",
-            name="",
-            address="",
-        )
-        if not PermissionBackend.check_perm(self.request, "treasury.view_invoice", sample_invoice):
+        if not PermissionBackend.has_model_perm(self.request, Invoice(), "view"):
            raise PermissionDenied(_("You are not able to see the treasury interface."))
        return super().dispatch(request, *args, **kwargs)

@ -278,11 +271,7 @@ class RemittanceListView(LoginRequiredMixin, TemplateView):
        if not request.user.is_authenticated:
            return self.handle_no_permission()

-        sample_remittance = Remittance(
-            remittance_type_id=1,
-            comment="",
-        )
-        if not PermissionBackend.check_perm(self.request, "treasury.add_remittance", sample_remittance):
+        if not PermissionBackend.has_model_perm(self.request, Remittance(), "view"):
            raise PermissionDenied(_("You are not able to see the treasury interface."))
        return super().dispatch(request, *args, **kwargs)

@ -408,7 +397,7 @@ class SogeCreditListView(LoginRequiredMixin, ProtectQuerysetMixin, SingleTableVi
        if not request.user.is_authenticated:
            return self.handle_no_permission()

-        if not super().get_queryset().exists():
+        if not PermissionBackend.has_model_perm(self.request, SogeCredit(), "view"):
            raise PermissionDenied(_("You are not able to see the treasury interface."))
        return super().dispatch(request, *args, **kwargs)

--- a/shell-static.nix
+++ b/shell-static.nix
@ -0,0 +1,34 @@
+# This is a workaround meant for use with the nix package manager. If you don't know what it is or don't use it, please ignore this file.
+# 
+# The nk20 javascript static location are hardcoded for imperative system.
+# This make ./manage.py collectstatic hard to use with nixos.
+# 
+# A workaround is to enter a FHSUserEnv with the static placed under /share/javascript/<static>.
+# This emulate a debian like system and enable collecting static normally with ./manage.py collectstatics.
+# The regular shell.nix should be enough for other configurations.
+#
+# Warning, you are still supposed to use pip package with a venv !
+{ pkgs ? import <nixpkgs> {} }:
+(pkgs.buildFHSUserEnv {
+  name = "pipzone";
+  targetPkgs = pkgs: (with pkgs;
+  let
+    fhs-static = stdenv.mkDerivation {
+      name = "fhs-static";
+      buildCommand = ''
+      mkdir -p $out/share/javascript/bootstrap4
+      mkdir -p $out/share/javascript/jquery
+      ln -s ${python39Packages.xstatic-bootstrap}/lib/python3.9/site-packages/xstatic/pkg/bootstrap/data/* $out/share/javascript/bootstrap4
+      ln -s ${python39Packages.xstatic-jquery}/lib/python3.9/site-packages/xstatic/pkg/jquery/data/* $out/share/javascript/jquery
+    '';
+    };
+  in [
+    fhs-static
+    python39
+    gettext
+    python39Packages.pip
+    python39Packages.virtualenv
+    python39Packages.setuptools
+  ]);
+  runScript = "bash";
+}).env
--- a/shell.nix
+++ b/shell.nix
@ -0,0 +1,23 @@
+# This is meant for use with the nix package manager. If you don't know what it is or don't use it, please ignore this file.
+#
+# This shell.nix contains all dependencies require to create a venv and pip install -r requirements.txt.
+#
+# Please check shell-static.nix for running ./manage.py collectstatics.
+{ pkgs ? import <nixpkgs> {} }:
+pkgs.mkShell {
+  buildInputs = with pkgs; [
+    python39
+    python39Packages.pip
+    python39Packages.setuptools
+    gettext
+
+  ];
+  shellHook = ''
+    # Tells pip to put packages into $PIP_PREFIX instead of the usual locations.
+    # See https://pip.pypa.io/en/stable/user_guide/#environment-variables.
+    export PIP_PREFIX=$(pwd)/_build/pip_packages
+    export PYTHONPATH="$PIP_PREFIX/${pkgs.python39.sitePackages}:$PYTHONPATH"
+    export PATH="$PIP_PREFIX/bin:$PATH"
+    unset SOURCE_DATE_EPOCH
+  '';
+}
Author	SHA1	Message	Date
aeltheos	9e90049d3c	Merge branch 'nix-shell' into 'main' Nix shell See merge request bde/nk20!201	2023-09-30 17:10:45 +02:00
charliep	ff6e207512	Merge branch 'beta' into 'main' check for a model in permission and use that in treasury See merge request bde/nk20!222	2023-09-29 12:08:00 +02:00
bleizi	0f1e4d2e60	check for a model in permission and use that in treasury	2023-09-28 18:48:57 +02:00
Yoann Beaugnon	dde1baa25c	typo	2022-08-21 19:50:53 +02:00
Yoann Beaugnon	7a7ee47e0b	Add two shell.nix to enable easier development on nixos.	2022-08-21 19:46:11 +02:00