[permission] Add PermissionVar model

Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>

.gitignore

@@ -47,6 +47,7 @@ backups/
 env/
 venv/
 db.sqlite3
+shell.nix
 
 # ansibles customs host
 ansible/host_vars/*.yaml

apps/permission/admin.py

@@ -4,7 +4,7 @@
 from django.contrib import admin
 from note_kfet.admin import admin_site
 
-from .models import Permission, PermissionMask, Role
+from .models import Permission, PermissionVar, PermissionMask, Role
 
 
 @admin.register(PermissionMask, site=admin_site)
@@ -15,6 +15,14 @@ class PermissionMaskAdmin(admin.ModelAdmin):
     list_display = ('description', 'rank', )
 
 
+@admin.register(PermissionVar, site=admin_site)
+class PermissionVarAdmin(admin.ModelAdmin):
+    """
+    Admin customisation for PermissionVar
+    """
+    list_display = ('name', 'description',)
+
+
 @admin.register(Permission, site=admin_site)
 class PermissionAdmin(admin.ModelAdmin):
     """

apps/permission/fixtures/initial.json

@@ -2928,7 +2928,7 @@
 				"application"
 			],
 			"query": "{\"user\": [\"user\"]}",
-			"type": "create",
+			"type": "add",
 			"mask": 1,
 			"field": "",
 			"permanent": true,
@@ -3114,10 +3114,10 @@
 				187,
 				188,
 				189,
-                190,
+				190,
-                191,
+				191,
-                195,
+				195,
-                196
+				196
 			]
 		}
 	},
@@ -3159,8 +3159,8 @@
 				159,
 				160,
 				179,
-                189,
+				189,
-                190
+				190
 			]
 		}
 	},
@@ -3310,10 +3310,10 @@
 				176,
 				177,
 				178,
-                188,
+				188,
 				183,
-                186,
+				186,
-                187
+				187
 			]
 		}
 	},
@@ -3508,13 +3508,13 @@
 				187,
 				188,
 				189,
-                190,
+				190,
-                191,
+				191,
-                192,
+				192,
-                193,
+				193,
-                194,
+				194,
-                195,
+				195,
-                196
+				196
 			]
 		}
 	},

apps/permission/migrations/0002_permissionvar.py

@@ -0,0 +1,22 @@
+# Generated by Django 2.2.28 on 2022-10-10 17:37
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('permission', '0001_initial'),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='PermissionVar',
+            fields=[
+                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('name', models.SlugField(unique=True, verbose_name='name')),
+                ('query', models.TextField(verbose_name='query')),
+                ('description', models.CharField(blank=True, max_length=255, verbose_name='description')),
+            ],
+        ),
+    ]

apps/permission/models.py

@@ -118,6 +118,25 @@ class PermissionMask(models.Model):
         verbose_name_plural = _("permission masks")
 
 
+class PermissionVar(models.Model):
+
+    name = models.SlugField(
+        unique=True,
+        blank=False,
+        verbose_name=_("name"),
+    )
+
+    query = models.TextField(
+        verbose_name=_("query"),
+    )
+
+    description = models.CharField(
+        max_length=255,
+        blank=True,
+        verbose_name=_("description"),
+    )
+
+
 class Permission(models.Model):
 
     PERMISSION_TYPES = [
@@ -139,6 +158,7 @@ class Permission(models.Model):
     #  query -> ["AND", query, …]            AND multiple queries
     #         | ["OR", query, …]             OR multiple queries
     #         | ["NOT", query]               Opposite of query
+    #         | ["VAR", query]               A var name as defined in PermissionVar
     #  query -> {key: value, …}              A list of fields and values of a Q object
     #  key   -> string                       A field name
     #  value -> int | string | bool | null   Literal values
@@ -150,6 +170,7 @@ class Permission(models.Model):
     #         | ["MUL", oper, …]             Multiply F objects or literals
     #         | int | string | bool | null   Literal values
     #         | ["F", string]                A field
+    #         | ["VAR", string]              A var name as defined in PermissionVar
     #
     # Examples:
     #  Q(is_superuser=True)  := {"is_superuser": true}
@@ -215,6 +236,8 @@ class Permission(models.Model):
                 return functools.reduce(operator.mul, [Permission.compute_f(oper, **kwargs) for oper in oper[1:]])
             elif oper[0] == 'F':
                 return F(oper[1])
+            elif oper[0] == 'VAR':
+                return compute_f(json.loads(PermissionVar.objects.get(name=oper[1]).query), **kwargs)
             else:
                 field = kwargs[oper[0]]
                 for i in range(1, len(oper)):
@@ -289,6 +312,8 @@ class Permission(models.Model):
                 return functools.reduce(operator.or_, [Permission._about(query, **kwargs) for query in query[1:]])
             elif query[0] == 'NOT':
                 return ~Permission._about(query[1], **kwargs)
+            elif query[0] == 'VAR':
+                return Permission._about(json.loads(PermissionVar.objects.get(name=query[1]).query), **kwargs)
             else:
                 return Q(pk=F("pk")) if Permission.compute_param(query, **kwargs) else ~Q(pk=F("pk"))
         elif isinstance(query, dict):

shell-static.nix

@@ -1,34 +0,0 @@
-# This is a workaround meant for use with the nix package manager. If you don't know what it is or don't use it, please ignore this file.
-# 
-# The nk20 javascript static location are hardcoded for imperative system.
-# This make ./manage.py collectstatic hard to use with nixos.
-# 
-# A workaround is to enter a FHSUserEnv with the static placed under /share/javascript/<static>.
-# This emulate a debian like system and enable collecting static normally with ./manage.py collectstatics.
-# The regular shell.nix should be enough for other configurations.
-#
-# Warning, you are still supposed to use pip package with a venv !
-{ pkgs ? import <nixpkgs> {} }:
-(pkgs.buildFHSUserEnv {
-  name = "pipzone";
-  targetPkgs = pkgs: (with pkgs;
-  let
-    fhs-static = stdenv.mkDerivation {
-      name = "fhs-static";
-      buildCommand = ''
-      mkdir -p $out/share/javascript/bootstrap4
-      mkdir -p $out/share/javascript/jquery
-      ln -s ${python39Packages.xstatic-bootstrap}/lib/python3.9/site-packages/xstatic/pkg/bootstrap/data/* $out/share/javascript/bootstrap4
-      ln -s ${python39Packages.xstatic-jquery}/lib/python3.9/site-packages/xstatic/pkg/jquery/data/* $out/share/javascript/jquery
-    '';
-    };
-  in [
-    fhs-static
-    python39
-    gettext
-    python39Packages.pip
-    python39Packages.virtualenv
-    python39Packages.setuptools
-  ]);
-  runScript = "bash";
-}).env

shell.nix

@@ -1,23 +0,0 @@
-# This is meant for use with the nix package manager. If you don't know what it is or don't use it, please ignore this file.
-#
-# This shell.nix contains all dependencies require to create a venv and pip install -r requirements.txt.
-#
-# Please check shell-static.nix for running ./manage.py collectstatics.
-{ pkgs ? import <nixpkgs> {} }:
-pkgs.mkShell {
-  buildInputs = with pkgs; [
-    python39
-    python39Packages.pip
-    python39Packages.setuptools
-    gettext
-
-  ];
-  shellHook = ''
-    # Tells pip to put packages into $PIP_PREFIX instead of the usual locations.
-    # See https://pip.pypa.io/en/stable/user_guide/#environment-variables.
-    export PIP_PREFIX=$(pwd)/_build/pip_packages
-    export PYTHONPATH="$PIP_PREFIX/${pkgs.python39.sitePackages}:$PYTHONPATH"
-    export PATH="$PIP_PREFIX/bin:$PATH"
-    unset SOURCE_DATE_EPOCH
-  '';
-}