From 9b3bc1d053611bbcef3a8aeaf61d200725274784 Mon Sep 17 00:00:00 2001 From: Hugo Levy-Falk Date: Fri, 6 Sep 2019 14:52:41 +0200 Subject: [PATCH] ACL for applications. --- api/acl.py | 7 ++++--- cotisations/acl.py | 8 ++++++-- machines/acl.py | 9 +++++++-- preferences/acl.py | 8 ++++++-- topologie/acl.py | 8 ++++++-- users/acl.py | 8 ++++++-- 6 files changed, 35 insertions(+), 13 deletions(-) diff --git a/api/acl.py b/api/acl.py index 0c336281..ec46ee0c 100644 --- a/api/acl.py +++ b/api/acl.py @@ -33,7 +33,7 @@ from django.utils.translation import ugettext as _ def _create_api_permission(): """Creates the 'use_api' permission if not created. - + The 'use_api' is a fake permission in the sense it is not associated with an existing model and this ensure the permission is created every time this file is imported. @@ -70,6 +70,7 @@ def can_view(user): 'app_label': settings.API_CONTENT_TYPE_APP_LABEL, 'codename': settings.API_PERMISSION_CODENAME } - can = user.has_perm('%(app_label)s.%(codename)s' % kwargs) + permission = '%(app_label)s.%(codename)s' % kwargs + can = user.has_perm(permission) return can, None if can else _("You don't have the right to see this" - " application.") + " application."), (permission,) diff --git a/cotisations/acl.py b/cotisations/acl.py index 06c62fb8..1b1611ab 100644 --- a/cotisations/acl.py +++ b/cotisations/acl.py @@ -40,7 +40,11 @@ def can_view(user): """ can = user.has_module_perms('cotisations') if can: - return can, None + return can, None, ('cotisations',) else: - return can, _("You don't have the right to view this application.") + return ( + can, + _("You don't have the right to view this application."), + ('cotisations',) + ) diff --git a/machines/acl.py b/machines/acl.py index 53f70c27..477df6f9 100644 --- a/machines/acl.py +++ b/machines/acl.py @@ -39,5 +39,10 @@ def can_view(user): viewing is granted and msg is a message (can be None). """ can = user.has_module_perms('machines') - return can, None if can else _("You don't have the right to view this" - " application.") + return ( + can, + None if can else _("You don't have the right to view this" + " application."), + ('machines',) + ) + diff --git a/preferences/acl.py b/preferences/acl.py index d4b22cfe..08bfd8e7 100644 --- a/preferences/acl.py +++ b/preferences/acl.py @@ -39,6 +39,10 @@ def can_view(user): viewing is granted and msg is a message (can be None). """ can = user.has_module_perms('preferences') - return can, None if can else _("You don't have the right to view this" - " application.") + return ( + can, + None if can else _("You don't have the right to view this" + " application."), + ('preferences',) + ) diff --git a/topologie/acl.py b/topologie/acl.py index 62e51d8a..2a7227fd 100644 --- a/topologie/acl.py +++ b/topologie/acl.py @@ -39,6 +39,10 @@ def can_view(user): viewing is granted and msg is a message (can be None). """ can = user.has_module_perms('topologie') - return can, None if can else _("You don't have the right to view this" - " application.") + return ( + can, + None if can else _("You don't have the right to view this" + " application."), + ('topologie',) + ) diff --git a/users/acl.py b/users/acl.py index cb3a16db..33ad864e 100644 --- a/users/acl.py +++ b/users/acl.py @@ -38,6 +38,10 @@ def can_view(user): viewing is granted and msg is a message (can be None). """ can = user.has_module_perms('users') - return can, None if can else _("You don't have the right to view this" - " application.") + return ( + can, + None if can else _("You don't have the right to view this" + " application."), + ('users',) + )