Merge branch 'nix-shell' into 'main'

Nix shell See merge request bde/nk20!201
Merge branch 'beta' into 'main'
2025-02-26 09:56:29 +00:00 · 2023-09-30 17:10:45 +02:00 · 2023-09-29 12:08:00 +02:00 · 2023-09-28 18:48:57 +02:00 · 2022-08-21 19:50:53 +02:00 · 2022-08-21 19:46:11 +02:00
6 changed files with 96 additions and 17 deletions
--- a/.gitignore
+++ b/.gitignore
@ -48,7 +48,6 @@ backups/
 env/
 venv/
 db.sqlite3
 shell.nix
 # ansibles customs host
 ansible/host_vars/*.yaml
--- a/apps/permission/backends.py
+++ b/apps/permission/backends.py
@ -198,6 +198,41 @@ class PermissionBackend(ModelBackend):
    def has_module_perms(self, user_obj, app_label):
        return False
    @staticmethod
    @memoize
    def has_model_perm(request, model, type):
        """
        Check is the given user has the permission over a given model for a given action.
        The result is then memoized.
        :param request: The current request
        :param model: The model that the permissions shoud apply
        :param type: The type of the permissions: view, change, add or delete
        For view action, it is consider possible if user can view or change the model
        """
        # Requested by a shell
        if request is None:
            return False
        user_obj = request.user
        sess = request.session
        if hasattr(request, 'auth') and request.auth is not None and hasattr(request.auth, 'scope'):
            # OAuth2 Authentication
            user_obj = request.auth.user
        if user_obj is None or user_obj.is_anonymous:
            return False
        if user_obj.is_superuser and sess.get("permission_mask", -1) >= 42:
            return True
        ct = ContentType.objects.get_for_model(model)
        if any(PermissionBackend.permissions(request, ct, type)):
            return True
        if type == "view" and any(PermissionBackend.permissions(request, ct, "change")):
            return True
        return False
    def get_all_permissions(self, user_obj, obj=None):
        ct = ContentType.objects.get_for_model(obj)
        return list(self.permissions(get_current_request(), ct, "view"))
--- a/apps/treasury/tests/test_treasury.py
+++ b/apps/treasury/tests/test_treasury.py
@ -385,8 +385,7 @@ class TestSogeCredits(TestCase):
        response = self.client.post(reverse("treasury:manage_soge_credit", args=(soge_credit.pk,)),
                                    data=dict(delete=True))
-        # 403 because no SogeCredit exists anymore, then a PermissionDenied is raised
+        self.assertRedirects(response, reverse("treasury:soge_credits"), 302, 200)
        self.assertRedirects(response, reverse("treasury:soge_credits"), 302, 403)
        self.assertFalse(SogeCredit.objects.filter(pk=soge_credit.pk))
        self.user.note.refresh_from_db()
        self.assertEqual(self.user.note.balance, 0)
--- a/apps/treasury/views.py
+++ b/apps/treasury/views.py
@ -101,14 +101,7 @@ class InvoiceListView(LoginRequiredMixin, SingleTableView):
        if not request.user.is_authenticated:
            return self.handle_no_permission()
-        sample_invoice = Invoice(
+        if not PermissionBackend.has_model_perm(self.request, Invoice(), "view"):
            id=0,
            object="",
            description="",
            name="",
            address="",
        )
        if not PermissionBackend.check_perm(self.request, "treasury.view_invoice", sample_invoice):
            raise PermissionDenied(_("You are not able to see the treasury interface."))
        return super().dispatch(request, *args, **kwargs)
@ -278,11 +271,7 @@ class RemittanceListView(LoginRequiredMixin, TemplateView):
        if not request.user.is_authenticated:
            return self.handle_no_permission()
-        sample_remittance = Remittance(
+        if not PermissionBackend.has_model_perm(self.request, Remittance(), "view"):
            remittance_type_id=1,
            comment="",
        )
        if not PermissionBackend.check_perm(self.request, "treasury.add_remittance", sample_remittance):
            raise PermissionDenied(_("You are not able to see the treasury interface."))
        return super().dispatch(request, *args, **kwargs)
@ -408,7 +397,7 @@ class SogeCreditListView(LoginRequiredMixin, ProtectQuerysetMixin, SingleTableVi
        if not request.user.is_authenticated:
            return self.handle_no_permission()
-        if not super().get_queryset().exists():
+        if not PermissionBackend.has_model_perm(self.request, SogeCredit(), "view"):
            raise PermissionDenied(_("You are not able to see the treasury interface."))
        return super().dispatch(request, *args, **kwargs)
--- a/shell-static.nix
+++ b/shell-static.nix
@ -0,0 +1,34 @@
 # This is a workaround meant for use with the nix package manager. If you don't know what it is or don't use it, please ignore this file.
 # 
 # The nk20 javascript static location are hardcoded for imperative system.
 # This make ./manage.py collectstatic hard to use with nixos.
 # 
 # A workaround is to enter a FHSUserEnv with the static placed under /share/javascript/<static>.
 # This emulate a debian like system and enable collecting static normally with ./manage.py collectstatics.
 # The regular shell.nix should be enough for other configurations.
 #
 # Warning, you are still supposed to use pip package with a venv !
 { pkgs ? import <nixpkgs> {} }:
 (pkgs.buildFHSUserEnv {
  name = "pipzone";
  targetPkgs = pkgs: (with pkgs;
  let
    fhs-static = stdenv.mkDerivation {
      name = "fhs-static";
      buildCommand = ''
      mkdir -p $out/share/javascript/bootstrap4
      mkdir -p $out/share/javascript/jquery
      ln -s ${python39Packages.xstatic-bootstrap}/lib/python3.9/site-packages/xstatic/pkg/bootstrap/data/* $out/share/javascript/bootstrap4
      ln -s ${python39Packages.xstatic-jquery}/lib/python3.9/site-packages/xstatic/pkg/jquery/data/* $out/share/javascript/jquery
    '';
    };
  in [
    fhs-static
    python39
    gettext
    python39Packages.pip
    python39Packages.virtualenv
    python39Packages.setuptools
  ]);
  runScript = "bash";
 }).env
--- a/shell.nix
+++ b/shell.nix
@ -0,0 +1,23 @@
 # This is meant for use with the nix package manager. If you don't know what it is or don't use it, please ignore this file.
 #
 # This shell.nix contains all dependencies require to create a venv and pip install -r requirements.txt.
 #
 # Please check shell-static.nix for running ./manage.py collectstatics.
 { pkgs ? import <nixpkgs> {} }:
 pkgs.mkShell {
  buildInputs = with pkgs; [
    python39
    python39Packages.pip
    python39Packages.setuptools
    gettext
  ];
  shellHook = ''
    # Tells pip to put packages into $PIP_PREFIX instead of the usual locations.
    # See https://pip.pypa.io/en/stable/user_guide/#environment-variables.
    export PIP_PREFIX=$(pwd)/_build/pip_packages
    export PYTHONPATH="$PIP_PREFIX/${pkgs.python39.sitePackages}:$PYTHONPATH"
    export PATH="$PIP_PREFIX/bin:$PATH"
    unset SOURCE_DATE_EPOCH
  '';
 }
Author	SHA1	Message	Date
aeltheos	9e90049d3c	Merge branch 'nix-shell' into 'main' Nix shell See merge request bde/nk20!201	2023-09-30 17:10:45 +02:00
charliep	ff6e207512	Merge branch 'beta' into 'main' check for a model in permission and use that in treasury See merge request bde/nk20!222	2023-09-29 12:08:00 +02:00
bleizi	0f1e4d2e60	check for a model in permission and use that in treasury	2023-09-28 18:48:57 +02:00
Yoann Beaugnon	dde1baa25c	typo	2022-08-21 19:50:53 +02:00
Yoann Beaugnon	7a7ee47e0b	Add two shell.nix to enable easier development on nixos.	2022-08-21 19:46:11 +02:00