Sporz permissions

README.md

@@ -39,44 +39,53 @@ FLUSH PRIVILEGES;
 
 ```
 bureau
-    Can view borrowed item
+    media | Can view borrowed item
-    Can add borrowed item
+    media | Can add borrowed item
-    Can change borrowed item
+    media | Can change borrowed item
-    Can delete borrowed item
+    media | Can delete borrowed item
-    Can view adhesion
+    users | Can view adhesion
-    Can add adhesion
+    users | Can add adhesion
-    Can change adhesion
+    users | Can change adhesion
-    Can delete adhesion
+    users | Can delete adhesion
-    Can view clef
+    users | Can view clef
-    Can add clef
+    users | Can add clef
-    Can change clef
+    users | Can change clef
-    Can delete clef
+    users | Can delete clef
-    Can view user
+    users | Can view user
-    Can add user
+    users | Can add user
-    Can change user
+    users | Can change user
+    sporz | Can view gamesave
+    + permissions keyholder
 
 keyholder
-    Can view auteur
+    media | Can view auteur
-    Can add auteur
+    media | Can add auteur
-    Can change auteur
+    media | Can change auteur
-    Can delete auteur
+    media | Can delete auteur
-    Can view media
+    media | Can view media
-    Can add media
+    media | Can add media
-    Can change media
+    media | Can change media
-    Can delete media
+    media | Can delete media
-    Can view jeu
+    media | Can view jeu
-    Can add jeu
+    media | Can add jeu
-    Can change jeu
+    media | Can change jeu
-    Can delete jeu
+    media | Can delete jeu
-    Can view emprunt
+    media | Can view emprunt
-    Can add emprunt
+    media | Can add emprunt
-    Can change emprunt
+    media | Can change emprunt
-    Can delete emprunt
+    media | Can delete emprunt
-    Can view user
+    users | Can view user
-    Can view clef
+    users | Can view clef
 
-users
+users (default group for everyone)
-    Can view auteur
+    media | Can view auteur
-    Can view media
+    media | Can view media
-    Can view jeu
+    media | Can view jeu
+    sporz | Can add gamesave
+    sporz | Can change gamesave
+    sporz | Can delete gamesave
+    sporz | Can view player
+    sporz | Can add player
+    sporz | Can change player
+    sporz | Can delete player
 ```

TODO

@@ -1,2 +0,0 @@
-régler pq de permission sur app sporz : permettre d'afficher seulement nos gamesave à tout le monde
-

sporz/admin.py

@@ -3,6 +3,8 @@
 # SPDX-License-Identifier: GPL-3.0-or-later
 
 from django.contrib import admin
+from django.contrib.auth import get_user_model
+from django.db.models import Q
 
 from med.admin import admin_site
 from .models import GameSave, Player
@@ -16,6 +18,7 @@ class GameSaveAdmin(admin.ModelAdmin):
     inlines = [PlayerInline, ]
     list_display = ('__str__', 'game_master', 'game_has_ended')
     date_hierarchy = 'created_at'
+    autocomplete_fields = ('game_master',)
 
     def has_change_permission(self, request, obj=None):
         """
@@ -43,5 +46,27 @@ class GameSaveAdmin(admin.ModelAdmin):
         request.GET = data
         return super().add_view(request, form_url, extra_context)
 
+    def formfield_for_foreignkey(self, db_field, request, **kwargs):
+        """
+        Authorize game master change only if user can see all users
+        """
+        if db_field.name == 'game_master':
+            if not request.user.has_perm('users.view_user'):
+                kwargs['queryset'] = get_user_model().objects.filter(
+                    username=request.user.username)
+        return super().formfield_for_foreignkey(db_field, request, **kwargs)
+
+    def get_queryset(self, request):
+        """
+        List all game save only if user has view permission
+        else, list only own games and ended games
+        """
+        queryset = super().get_queryset(request)
+        if request.user.has_perm('sporz.view_gamesave'):
+            return queryset
+        return queryset.filter(
+            Q(game_master=request.user) | Q(game_has_ended=True)
+        )
+
 
 admin_site.register(GameSave, GameSaveAdmin)