check for a model in permission and use that in treasury

2025-06-21 01:48:21 +02:00 · 2023-09-28 18:48:57 +02:00
parent d82a1001c4
commit 0f1e4d2e60
3 changed files with 39 additions and 16 deletions
--- a/apps/treasury/tests/test_treasury.py
+++ b/apps/treasury/tests/test_treasury.py
@ -385,8 +385,7 @@ class TestSogeCredits(TestCase):

        response = self.client.post(reverse("treasury:manage_soge_credit", args=(soge_credit.pk,)),
                                    data=dict(delete=True))
-        # 403 because no SogeCredit exists anymore, then a PermissionDenied is raised
-        self.assertRedirects(response, reverse("treasury:soge_credits"), 302, 403)
+        self.assertRedirects(response, reverse("treasury:soge_credits"), 302, 200)
        self.assertFalse(SogeCredit.objects.filter(pk=soge_credit.pk))
        self.user.note.refresh_from_db()
        self.assertEqual(self.user.note.balance, 0)
--- a/apps/treasury/views.py
+++ b/apps/treasury/views.py
@ -101,14 +101,7 @@ class InvoiceListView(LoginRequiredMixin, SingleTableView):
        if not request.user.is_authenticated:
            return self.handle_no_permission()

-        sample_invoice = Invoice(
-            id=0,
-            object="",
-            description="",
-            name="",
-            address="",
-        )
-        if not PermissionBackend.check_perm(self.request, "treasury.view_invoice", sample_invoice):
+        if not PermissionBackend.has_model_perm(self.request, Invoice(), "view"):
            raise PermissionDenied(_("You are not able to see the treasury interface."))
        return super().dispatch(request, *args, **kwargs)

@ -278,11 +271,7 @@ class RemittanceListView(LoginRequiredMixin, TemplateView):
        if not request.user.is_authenticated:
            return self.handle_no_permission()

-        sample_remittance = Remittance(
-            remittance_type_id=1,
-            comment="",
-        )
-        if not PermissionBackend.check_perm(self.request, "treasury.add_remittance", sample_remittance):
+        if not PermissionBackend.has_model_perm(self.request, Remittance(), "view"):
            raise PermissionDenied(_("You are not able to see the treasury interface."))
        return super().dispatch(request, *args, **kwargs)

@ -408,7 +397,7 @@ class SogeCreditListView(LoginRequiredMixin, ProtectQuerysetMixin, SingleTableVi
        if not request.user.is_authenticated:
            return self.handle_no_permission()

-        if not super().get_queryset().exists():
+        if not PermissionBackend.has_model_perm(self.request, SogeCredit(), "view"):
            raise PermissionDenied(_("You are not able to see the treasury interface."))
        return super().dispatch(request, *args, **kwargs)