ynerant/nk20
1
0
Fork 0
mirror of https://gitlab.crans.org/bde/nk20 synced 2025-11-03 17:08:47 +01:00
Code Issues Releases Wiki Activity

Compare commits

merge into: ynerant:app_download_links
Branches Tags
ynerant:main ynerant:app_download_links ynerant:small_features ynerant:note_sheet ynerant:oauth2 ynerant:translations ynerant:update_invoice_template ynerant:round_transaction ynerant:wei ynerant:family ynerant:phone_input ynerant:food_traceability ynerant:beta ynerant:django-5.2 ynerant:oidc ynerant:darbonne ynerant:potvieux ynerant:food_bugs ynerant:delete_activity ynerant:time-display ynerant:guests_schools ynerant:export_members_ml ynerant:notekfet_wrapped ynerant:Add_some_permissions ynerant:permissions_fo_parent_clubs ynerant:respo_comm_permissionsV2 ynerant:fix_activity_view ynerant:Automation_mailing_lists ynerant:New_permission ynerant:finito_sda ynerant:non-BDE-members-permission-fix ynerant:survey_wei_2024 ynerant:migration-django-4-2 ynerant:summary_notes ynerant:traduction_inclusive_fr ynerant:migration-django-5-0 ynerant:qrcode ynerant:VSS ynerant:update_permission ynerant:fix_pipeline ynerant:permission_var ynerant:inclusive ynerant:nix-shell ynerant:sheets ynerant:svg_icons ynerant:faster_ci
ynerant:v1.0.3 ynerant:v1.0.2 ynerant:v1.0.1 ynerant:v1.0.0
...
pull from: ynerant:permission_var
Branches Tags
ynerant:app_download_links ynerant:small_features ynerant:main ynerant:note_sheet ynerant:oauth2 ynerant:translations ynerant:update_invoice_template ynerant:round_transaction ynerant:wei ynerant:family ynerant:phone_input ynerant:food_traceability ynerant:beta ynerant:django-5.2 ynerant:oidc ynerant:darbonne ynerant:potvieux ynerant:food_bugs ynerant:delete_activity ynerant:time-display ynerant:guests_schools ynerant:export_members_ml ynerant:notekfet_wrapped ynerant:Add_some_permissions ynerant:permissions_fo_parent_clubs ynerant:respo_comm_permissionsV2 ynerant:fix_activity_view ynerant:Automation_mailing_lists ynerant:New_permission ynerant:finito_sda ynerant:non-BDE-members-permission-fix ynerant:survey_wei_2024 ynerant:migration-django-4-2 ynerant:summary_notes ynerant:traduction_inclusive_fr ynerant:migration-django-5-0 ynerant:qrcode ynerant:VSS ynerant:update_permission ynerant:fix_pipeline ynerant:permission_var ynerant:inclusive ynerant:nix-shell ynerant:sheets ynerant:svg_icons ynerant:faster_ci
ynerant:v1.0.3 ynerant:v1.0.2 ynerant:v1.0.1 ynerant:v1.0.0

2 Commits
app_downlo ... permission

Author SHA1 Message Date
Benjamin Graillot
17be896a99 [permission] Add PermissionVar model 2022-10-10 19:37:51 +02:00
Yohann D'ANELLO
a69573ccdb Fix permission that allows users to create OAuth2 apps 
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
 2022-08-29 11:21:45 +02:00
4 changed files with 73 additions and 18 deletions
Expand all files Collapse all files

10
apps/permission/admin.py
View File

@@ -4,7 +4,7 @@
from django.contrib import admin from django.contrib import admin
from note_kfet.admin import admin_site from note_kfet.admin import admin_site
from .models import Permission, PermissionMask, Role from .models import Permission, PermissionVar, PermissionMask, Role
@admin.register(PermissionMask, site=admin_site) @admin.register(PermissionMask, site=admin_site)
@@ -15,6 +15,14 @@ class PermissionMaskAdmin(admin.ModelAdmin):
list_display = ('description', 'rank', ) list_display = ('description', 'rank', )
@admin.register(PermissionVar, site=admin_site)
class PermissionVarAdmin(admin.ModelAdmin):
"""
Admin customisation for PermissionVar
"""
list_display = ('name', 'description',)
@admin.register(Permission, site=admin_site) @admin.register(Permission, site=admin_site)
class PermissionAdmin(admin.ModelAdmin): class PermissionAdmin(admin.ModelAdmin):
""" """

2
apps/permission/fixtures/initial.json
View File

@@ -2928,7 +2928,7 @@
"application" "application"
], ],
"query": "{\"user\": [\"user\"]}", "query": "{\"user\": [\"user\"]}",
"type": "create", "type": "add",
"mask": 1, "mask": 1,
"field": "", "field": "",
"permanent": true, "permanent": true,

22
apps/permission/migrations/0002_permissionvar.py Normal file
View File

@@ -0,0 +1,22 @@
# Generated by Django 2.2.28 on 2022-10-10 17:37
from django.db import migrations, models
class Migration(migrations.Migration):
dependencies = [
('permission', '0001_initial'),
]
operations = [
migrations.CreateModel(
name='PermissionVar',
fields=[
('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
('name', models.SlugField(unique=True, verbose_name='name')),
('query', models.TextField(verbose_name='query')),
('description', models.CharField(blank=True, max_length=255, verbose_name='description')),
],
),
]

25
apps/permission/models.py
View File

@@ -118,6 +118,25 @@ class PermissionMask(models.Model):
verbose_name_plural = _("permission masks") verbose_name_plural = _("permission masks")
class PermissionVar(models.Model):
name = models.SlugField(
unique=True,
blank=False,
verbose_name=_("name"),
)
query = models.TextField(
verbose_name=_("query"),
)
description = models.CharField(
max_length=255,
blank=True,
verbose_name=_("description"),
)
class Permission(models.Model): class Permission(models.Model):
PERMISSION_TYPES = [ PERMISSION_TYPES = [
@@ -139,6 +158,7 @@ class Permission(models.Model):
# query -> ["AND", query, …] AND multiple queries # query -> ["AND", query, …] AND multiple queries
# | ["OR", query, …] OR multiple queries # | ["OR", query, …] OR multiple queries
# | ["NOT", query] Opposite of query # | ["NOT", query] Opposite of query
# | ["VAR", query] A var name as defined in PermissionVar
# query -> {key: value, …} A list of fields and values of a Q object # query -> {key: value, …} A list of fields and values of a Q object
# key -> string A field name # key -> string A field name
# value -> int | string | bool | null Literal values # value -> int | string | bool | null Literal values
@@ -150,6 +170,7 @@ class Permission(models.Model):
# | ["MUL", oper, …] Multiply F objects or literals # | ["MUL", oper, …] Multiply F objects or literals
# | int | string | bool | null Literal values # | int | string | bool | null Literal values
# | ["F", string] A field # | ["F", string] A field
# | ["VAR", string] A var name as defined in PermissionVar
# #
# Examples: # Examples:
# Q(is_superuser=True) := {"is_superuser": true} # Q(is_superuser=True) := {"is_superuser": true}
@@ -215,6 +236,8 @@ class Permission(models.Model):
return functools.reduce(operator.mul, [Permission.compute_f(oper, **kwargs) for oper in oper[1:]]) return functools.reduce(operator.mul, [Permission.compute_f(oper, **kwargs) for oper in oper[1:]])
elif oper[0] == 'F': elif oper[0] == 'F':
return F(oper[1]) return F(oper[1])
elif oper[0] == 'VAR':
return compute_f(json.loads(PermissionVar.objects.get(name=oper[1]).query), **kwargs)
else: else:
field = kwargs[oper[0]] field = kwargs[oper[0]]
for i in range(1, len(oper)): for i in range(1, len(oper)):
@@ -289,6 +312,8 @@ class Permission(models.Model):
return functools.reduce(operator.or_, [Permission._about(query, **kwargs) for query in query[1:]]) return functools.reduce(operator.or_, [Permission._about(query, **kwargs) for query in query[1:]])
elif query[0] == 'NOT': elif query[0] == 'NOT':
return ~Permission._about(query[1], **kwargs) return ~Permission._about(query[1], **kwargs)
elif query[0] == 'VAR':
return Permission._about(json.loads(PermissionVar.objects.get(name=query[1]).query), **kwargs)
else: else:
return Q(pk=F("pk")) if Permission.compute_param(query, **kwargs) else ~Q(pk=F("pk")) return Q(pk=F("pk")) if Permission.compute_param(query, **kwargs) else ~Q(pk=F("pk"))
elif isinstance(query, dict): elif isinstance(query, dict):