diff --git a/apps/activity/views.py b/apps/activity/views.py index 923f32ec..370e6040 100644 --- a/apps/activity/views.py +++ b/apps/activity/views.py @@ -182,8 +182,11 @@ class ActivityEntryView(LoginRequiredMixin, TemplateView): context["noteuser_ctype"] = ContentType.objects.get_for_model(NoteUser).pk context["notespecial_ctype"] = ContentType.objects.get_for_model(NoteSpecial).pk - context["activities_open"] = Activity.objects.filter(open=True).filter( - PermissionBackend.filter_queryset(self.request.user, Activity, "view")).filter( - PermissionBackend.filter_queryset(self.request.user, Activity, "change")).all() + activities_open = Activity.objects.filter(open=True).filter( + PermissionBackend.filter_queryset(self.request.user, Activity, "view")).distinct().all() + context["activities_open"] = [a for a in activities_open + if PermissionBackend.check_perm(self.request.user, + "activity.add_entry", + Entry(activity=a, note=self.request.user.note,))] return context diff --git a/apps/api/viewsets.py b/apps/api/viewsets.py index 6e0cb6b8..f4dd56f6 100644 --- a/apps/api/viewsets.py +++ b/apps/api/viewsets.py @@ -18,7 +18,7 @@ class ReadProtectedModelViewSet(viewsets.ModelViewSet): def get_queryset(self): user = get_current_authenticated_user() - return self.model.objects.filter(PermissionBackend.filter_queryset(user, self.model, "view")) + return self.model.objects.filter(PermissionBackend.filter_queryset(user, self.model, "view")).distinct() class ReadOnlyProtectedModelViewSet(viewsets.ReadOnlyModelViewSet): @@ -32,4 +32,4 @@ class ReadOnlyProtectedModelViewSet(viewsets.ReadOnlyModelViewSet): def get_queryset(self): user = get_current_authenticated_user() - return self.model.objects.filter(PermissionBackend.filter_queryset(user, self.model, "view")) + return self.model.objects.filter(PermissionBackend.filter_queryset(user, self.model, "view")).distinct() diff --git a/apps/note/api/views.py b/apps/note/api/views.py index a365c343..f806bbf2 100644 --- a/apps/note/api/views.py +++ b/apps/note/api/views.py @@ -9,6 +9,8 @@ from rest_framework import viewsets from rest_framework.response import Response from rest_framework import status from api.viewsets import ReadProtectedModelViewSet, ReadOnlyProtectedModelViewSet +from note_kfet.middlewares import get_current_authenticated_user +from permission.backends import PermissionBackend from .serializers import NotePolymorphicSerializer, AliasSerializer, ConsumerSerializer,\ TemplateCategorySerializer, TransactionTemplateSerializer, TransactionPolymorphicSerializer @@ -150,3 +152,7 @@ class TransactionViewSet(ReadProtectedModelViewSet): serializer_class = TransactionPolymorphicSerializer filter_backends = [SearchFilter] search_fields = ['$reason', ] + + def get_queryset(self): + user = get_current_authenticated_user() + return self.model.objects.filter(PermissionBackend.filter_queryset(user, self.model, "view")) diff --git a/apps/note/views.py b/apps/note/views.py index ef9da668..ad2b2a99 100644 --- a/apps/note/views.py +++ b/apps/note/views.py @@ -10,6 +10,8 @@ from django.utils.translation import gettext_lazy as _ from django.views.generic import CreateView, UpdateView from django_tables2 import SingleTableView from django.urls import reverse_lazy + +from activity.models import Entry from note_kfet.inputs import AmountInput from permission.backends import PermissionBackend from permission.views import ProtectQuerysetMixin @@ -52,9 +54,13 @@ class TransactionCreateView(ProtectQuerysetMixin, LoginRequiredMixin, SingleTabl # Add a shortcut for entry page for open activities if "activity" in settings.INSTALLED_APPS: from activity.models import Activity - context["activities_open"] = Activity.objects.filter(open=True).filter( - PermissionBackend.filter_queryset(self.request.user, Activity, "view")).filter( - PermissionBackend.filter_queryset(self.request.user, Activity, "change")).all() + activities_open = Activity.objects.filter(open=True).filter( + PermissionBackend.filter_queryset(self.request.user, Activity, "view")).distinct().all() + context["activities_open"] = [a for a in activities_open + if PermissionBackend.check_perm(self.request.user, + "activity.add_entry", + Entry(activity=a, + note=self.request.user.note, ))] return context diff --git a/apps/permission/fixtures/initial.json b/apps/permission/fixtures/initial.json index bbe2e7e9..1ce50d80 100644 --- a/apps/permission/fixtures/initial.json +++ b/apps/permission/fixtures/initial.json @@ -2311,6 +2311,38 @@ "description": "Ajouter un membre à n'importe quel club" } }, + { + "model": "permission.permission", + "pk": 148, + "fields": { + "model": [ + "activity", + "activity" + ], + "query": "{\"valid\": false}", + "type": "change", + "mask": 2, + "field": "", + "permanent": false, + "description": "Modifier une activité non validée" + } + }, + { + "model": "permission.permission", + "pk": 149, + "fields": { + "model": [ + "activity", + "activity" + ], + "query": "{\"valid\": false}", + "type": "delete", + "mask": 2, + "field": "", + "permanent": false, + "description": "Supprimer une activité non validée" + } + }, { "model": "permission.role", "pk": 1, @@ -2643,7 +2675,9 @@ 144, 145, 146, - 147 + 147, + 148, + 149 ] } }, @@ -2690,7 +2724,9 @@ 43, 44, 45, - 46 + 46, + 148, + 149 ] } },