mirror of
https://gitlab.crans.org/bde/nk20
synced 2024-12-23 07:52:23 +00:00
Improve add permissions
This commit is contained in:
parent
057f42fdb6
commit
e461d70b14
@ -129,14 +129,13 @@ class Transaction(PolymorphicModel):
|
|||||||
models.Index(fields=['destination']),
|
models.Index(fields=['destination']),
|
||||||
]
|
]
|
||||||
|
|
||||||
def save(self, *args, **kwargs):
|
def post_save(self, *args, **kwargs):
|
||||||
"""
|
"""
|
||||||
When saving, also transfer money between two notes
|
When saving, also transfer money between two notes
|
||||||
"""
|
"""
|
||||||
|
|
||||||
if self.source.pk == self.destination.pk:
|
if self.source.pk == self.destination.pk:
|
||||||
# When source == destination, no money is transfered
|
# When source == destination, no money is transfered
|
||||||
super().save(*args, **kwargs)
|
|
||||||
return
|
return
|
||||||
|
|
||||||
created = self.pk is None
|
created = self.pk is None
|
||||||
@ -152,10 +151,12 @@ class Transaction(PolymorphicModel):
|
|||||||
self.source.balance -= to_transfer
|
self.source.balance -= to_transfer
|
||||||
self.destination.balance += to_transfer
|
self.destination.balance += to_transfer
|
||||||
|
|
||||||
|
# We save first the transaction, in case of the user has no right to transfer money
|
||||||
|
super().save(*args, **kwargs)
|
||||||
|
|
||||||
# Save notes
|
# Save notes
|
||||||
self.source.save()
|
self.source.save()
|
||||||
self.destination.save()
|
self.destination.save()
|
||||||
super().save(*args, **kwargs)
|
|
||||||
|
|
||||||
@property
|
@property
|
||||||
def total(self):
|
def total(self):
|
||||||
|
@ -25,13 +25,14 @@ class InstancedPermission:
|
|||||||
Returns True if the permission applies to
|
Returns True if the permission applies to
|
||||||
the field `field_name` object `obj`
|
the field `field_name` object `obj`
|
||||||
"""
|
"""
|
||||||
|
if ContentType.objects.get_for_model(obj) != self.model:
|
||||||
|
# The permission does not apply to the model
|
||||||
|
return False
|
||||||
|
|
||||||
if self.type == 'add':
|
if self.type == 'add':
|
||||||
if permission_type == self.type:
|
if permission_type == self.type:
|
||||||
return self.query(obj)
|
return self.query(obj)
|
||||||
|
|
||||||
if ContentType.objects.get_for_model(obj) != self.model:
|
|
||||||
# The permission does not apply to the model
|
|
||||||
return False
|
|
||||||
if permission_type == self.type:
|
if permission_type == self.type:
|
||||||
if self.field and field_name != self.field:
|
if self.field and field_name != self.field:
|
||||||
return False
|
return False
|
||||||
@ -202,7 +203,18 @@ class Permission(models.Model):
|
|||||||
def func(obj):
|
def func(obj):
|
||||||
nonlocal q_kwargs
|
nonlocal q_kwargs
|
||||||
for arg in q_kwargs:
|
for arg in q_kwargs:
|
||||||
if getattr(obj, arg) != q_kwargs[arg]:
|
spl = arg.split('__')
|
||||||
|
value = obj
|
||||||
|
last = None
|
||||||
|
for s in spl:
|
||||||
|
if not hasattr(obj, s):
|
||||||
|
last = s
|
||||||
|
break
|
||||||
|
value = getattr(obj, s)
|
||||||
|
if last == "lte": # TODO Add more filters
|
||||||
|
if value > q_kwargs[arg]:
|
||||||
|
return False
|
||||||
|
elif value != q_kwargs[arg]:
|
||||||
return False
|
return False
|
||||||
return True
|
return True
|
||||||
return func
|
return func
|
||||||
|
@ -14,6 +14,10 @@ EXCLUDED = [
|
|||||||
'contenttypes.contenttype',
|
'contenttypes.contenttype',
|
||||||
'logs.changelog',
|
'logs.changelog',
|
||||||
'migrations.migration',
|
'migrations.migration',
|
||||||
|
'note.note',
|
||||||
|
'note.noteuser',
|
||||||
|
'note.noteclub',
|
||||||
|
'note.notespecial',
|
||||||
'sessions.session',
|
'sessions.session',
|
||||||
]
|
]
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user