Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Permissons #763

Draft
wants to merge 33 commits into
base: dev
Choose a base branch
from
Draft

Permissons #763

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
33 commits
Select commit Hold shift + click to select a range
fc2480d
Trigger PR
MadsNyl Feb 3, 2024
1b0a8c6
added permissions for qr codes
MadsNyl Feb 4, 2024
eee2392
added permissions for jobpost, created tests and test for a members p…
MadsNyl Feb 4, 2024
d02df66
format
MadsNyl Feb 4, 2024
64da6ed
added permissions for notifications
MadsNyl Feb 4, 2024
5c6a566
Merge branch 'dev' into refactor(permission)/models
MadsNyl Feb 8, 2024
c6d7882
added create permission for all TIHLDE members for order
MadsNyl Feb 8, 2024
967ff93
added permission classes for user
MadsNyl Feb 8, 2024
79d09a3
opened create permission for everyone because of vipps callback
MadsNyl Feb 8, 2024
086edf3
format
MadsNyl Feb 8, 2024
b6eabc3
added permissions for cheatsheet model
MadsNyl Feb 8, 2024
2a9284e
added permissions on model for category
MadsNyl Feb 8, 2024
1f8e059
added tests for category
MadsNyl Feb 9, 2024
5777db7
format
MadsNyl Feb 9, 2024
415cbab
Trigger Build
MadsNyl Feb 9, 2024
787ce61
added permissions for strike model
MadsNyl Feb 9, 2024
1d0bb5b
format
MadsNyl Feb 9, 2024
499d2ef
added permissions for models
MadsNyl Feb 9, 2024
dbfe9e4
added permissions for fines
MadsNyl Feb 9, 2024
d845d35
format
MadsNyl Feb 9, 2024
aca8e9c
added permissions on userNotifciationSettings model
MadsNyl Feb 9, 2024
772ff73
added model permissions for Law
MadsNyl Feb 20, 2024
f4d2f1a
added model permissions for Picture
MadsNyl Feb 20, 2024
43ed3ad
added model permissions for Album
MadsNyl Feb 20, 2024
de3b09b
added model permissions for Toddel, and modified check_has_access to …
MadsNyl Feb 20, 2024
75a3e8f
Merge branch 'dev' into refactor(permission)/models
MadsNyl Feb 21, 2024
bfc8935
fixed check_has_access and set_user_id to not check db if user on req…
MadsNyl Feb 21, 2024
2c48ffd
Merge branch 'refactor(permission)/models' of https://github.com/TIHL…
MadsNyl Feb 21, 2024
13a229b
Merge branch 'dev' into refactor(permission)/models
MadsNyl Feb 26, 2024
f5d6069
Merge branch 'dev' into refactor(permission)/models
MadsNyl Mar 8, 2024
ac2e622
Merge branch 'dev' into refactor(permission)/models
MadsNyl Apr 2, 2024
9f86e0e
started on news
MadsNyl Apr 3, 2024
63d7593
Merge branch 'dev' into refactor(permission)/models
MadsNyl Apr 9, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions app/career/factories/__init__.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1 +1,2 @@
from app.career.factories.weekly_business_factory import WeeklyBusinessFactory
from app.career.factories.job_post_factory import JobPostFactory
17 changes: 17 additions & 0 deletions app/career/factories/job_post_factory.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
import factory
from factory.django import DjangoModelFactory

from app.career.models import JobPost


class JobPostFactory(DjangoModelFactory):
class Meta:
model = JobPost

title = factory.Faker("sentence", nb_words=4)
ingress = factory.Faker("sentence", nb_words=10)
body = factory.Faker("text")
location = factory.Faker("city")
deadline = factory.Faker("date_time")
company = factory.Faker("company")
email = factory.Faker("email")
1 change: 1 addition & 0 deletions app/career/models/__init__.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1 +1,2 @@
from app.career.models.weekly_business import WeeklyBusiness
from app.career.models.job_post import JobPost
28 changes: 24 additions & 4 deletions app/career/models/job_post.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@

from app.career.enums import JobPostType
from app.common.enums import AdminGroup
from app.common.permissions import BasePermissionModel
from app.common.permissions import BasePermissionModel, check_has_access
from app.content.enums import UserClass
from app.util.models import BaseModel, OptionalImage
from app.util.utils import yesterday
Expand Down Expand Up @@ -31,13 +31,33 @@ class JobPost(BaseModel, OptionalImage, BasePermissionModel):

write_access = [AdminGroup.HS, AdminGroup.INDEX, AdminGroup.NOK]

def __str__(self):
return f"JobPost: {self.company} - {self.title}"

@property
def expired(self):
return self.deadline <= yesterday()

def __str__(self):
return f"JobPost: {self.company} - {self.title}"

@property
def website_url(self):
return f"/karriere/{self.id}/"

@classmethod
def has_read_permission(cls, request):
return True

@classmethod
def has_retrieve_permission(cls, request):
return True

@classmethod
def has_update_permission(cls, request):
return check_has_access(cls.write_access, request)

@classmethod
def has_destroy_permission(cls, request):
return check_has_access(cls.write_access, request)

@classmethod
def has_create_permission(cls, request):
return check_has_access(cls.write_access, request)
12 changes: 11 additions & 1 deletion app/common/permissions.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,9 @@ def has_object_permission(self, request, view, obj):


def check_has_access(groups_with_access, request):
set_user_id(request)
if not len(groups_with_access):
return True

user = request.user

try:
Expand All @@ -61,6 +63,14 @@ def check_has_access(groups_with_access, request):


def set_user_id(request):
if (
hasattr(request, "user")
and request.user is None
and hasattr(request, "id")
and request.id is None
):
return

token = request.META.get("HTTP_X_CSRF_TOKEN")
request.id = None
request.user = None
Expand Down
44 changes: 29 additions & 15 deletions app/communication/models/notification.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,10 +1,12 @@
from django.db import models

from app.common.enums import Groups
from app.common.permissions import BasePermissionModel, check_has_access
from app.content.models.user import User
from app.util.models import BaseModel


class Notification(BaseModel):
class Notification(BaseModel, BasePermissionModel):
user = models.ForeignKey(
User, on_delete=models.CASCADE, related_name="notifications"
)
Expand All @@ -13,27 +15,39 @@ class Notification(BaseModel):
link = models.CharField(max_length=150, blank=True, null=True)
read = models.BooleanField(default=False)

read_access = (Groups.TIHLDE,)
write_access = (Groups.TIHLDE,)

def __str__(self):
return f"Notification for {self.user}, title: {self.title}, description: {self.description}"

@classmethod
def has_write_permission(cls, request):
if request.method == "POST":
return False
return check_has_access(cls.write_access, request)

@classmethod
def has_read_permission(cls, request):
return request.user is not None
return check_has_access(cls.read_access, request)

def has_object_read_permission(self, request):
if request.user is None:
return False
return self.user == request.user
@classmethod
def has_retrieve_permission(cls, request):
return check_has_access(cls.read_access, request)

@classmethod
def has_write_permission(cls, request):
if request.user is None:
return False
return request.method == "PUT"
def has_update_permission(cls, request):
return check_has_access(cls.write_access, request)

def has_object_write_permission(self, request):
if request.user is None:
return False
if request.method == "PUT":
return self.user == request.user
@classmethod
def has_destroy_permission(cls, request):
return False

def has_object_read_permission(self, request):
return self.user == request.user

def has_object_retrieve_permission(self, request):
return self.user == request.user

def has_object_update_permission(self, request):
return self.user == request.user
12 changes: 12 additions & 0 deletions app/communication/models/user_notification_setting.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -54,3 +54,15 @@ def has_object_write_permission(self, request):
if request.user is None:
return False
return self.user == request.user

@classmethod
def has_retrieve_permission(cls, request):
return request.user is not None

@classmethod
def has_update_permission(cls, request):
return request.user is not None

@classmethod
def has_destroy_permission(cls, request):
return request.user is not None
22 changes: 21 additions & 1 deletion app/communication/models/warning.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
from django.db import models

from app.common.enums import AdminGroup
from app.common.permissions import BasePermissionModel
from app.common.permissions import BasePermissionModel, check_has_access
from app.util.models import BaseModel


Expand All @@ -18,3 +18,23 @@ class Warning(BaseModel, BasePermissionModel):

def __str__(self):
return f"Warning: {self.type} - Text: {self.text}"

@classmethod
def has_write_permission(cls, request):
return check_has_access(cls.write_access, request)

@classmethod
def has_read_permission(cls, request):
return check_has_access(cls.read_access, request)

@classmethod
def has_update_permission(cls, request):
return check_has_access(cls.write_access, request)

@classmethod
def has_destroy_permission(cls, request):
return check_has_access(cls.write_access, request)

@classmethod
def has_retrieve_permission(cls, request):
return check_has_access(cls.read_access, request)
1 change: 1 addition & 0 deletions app/communication/serializers/__init__.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@
from app.communication.serializers.notification import (
NotificationSerializer,
UpdateNotificationSerializer,
CreateNotificationSerializer,
)
from app.communication.serializers.user_notification_setting import (
UserNotificationSettingSerializer,
Expand Down
6 changes: 6 additions & 0 deletions app/communication/serializers/notification.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,3 +17,9 @@ def update(self, instance, validated_data):
is_read = validated_data.get("read", instance.read)

return super().update(instance, dict(read=is_read))


class CreateNotificationSerializer(BaseModelSerializer):
class Meta:
model = Notification
fields = ["title", "description", "link"]
19 changes: 18 additions & 1 deletion app/communication/views/notification.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@
from app.common.viewsets import BaseViewSet
from app.communication.models import Notification
from app.communication.serializers import (
CreateNotificationSerializer,
NotificationSerializer,
UpdateNotificationSerializer,
)
Expand All @@ -22,9 +23,25 @@ class NotificationViewSet(BaseViewSet):
def get_queryset(self):
return self.request.user.notifications.all().order_by("-created_at")

def create(self, request):
user = request.user
serializer = CreateNotificationSerializer(
data=request.data, context={"request": request}
)
if serializer.is_valid():
notification = super().perform_create(serializer, user=user)
serializer = NotificationSerializer(notification)
return Response(
serializer.data,
status=status.HTTP_201_CREATED,
)
return Response(
serializer.errors,
status=status.HTTP_400_BAD_REQUEST,
)

def update(self, request, pk):
notification = get_object_or_404(Notification, id=pk)
self.check_object_permissions(self.request, notification)
serializer = UpdateNotificationSerializer(
notification, data=request.data, context={"request": request}
)
Expand Down
1 change: 1 addition & 0 deletions app/content/factories/__init__.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,5 +10,6 @@
from app.content.factories.toddel_factory import ToddelFactory
from app.content.factories.priority_pool_factory import PriorityPoolFactory
from app.content.factories.qr_code_factory import QRCodeFactory
from app.content.factories.category_factory import CategoryFactory
from app.content.factories.logentry_factory import LogEntryFactory
from app.content.factories.minute_factory import MinuteFactory
13 changes: 13 additions & 0 deletions app/content/factories/category_factory.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
import factory
from factory.django import DjangoModelFactory

from app.content.models import Category


class CategoryFactory(DjangoModelFactory):
"""Factory that creates a generic category"""

class Meta:
model = Category

text = factory.Faker("word")
2 changes: 1 addition & 1 deletion app/content/factories/qr_code_factory.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,4 +11,4 @@ class Meta:

name = factory.Sequence(lambda n: f"QRCode {n}")
user = factory.SubFactory(UserFactory)
image = "https://tihldestorage.blob.core.windows.net/imagepng/0331423a-11b3-4e6b-a505-f84e0991b696TestCode"
content = "https://tihlde.org"
29 changes: 27 additions & 2 deletions app/content/models/category.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,16 +1,41 @@
from django.db import models

from app.common.enums import AdminGroup
from app.common.permissions import BasePermissionModel
from app.common.enums import AdminGroup, Groups
from app.common.permissions import BasePermissionModel, check_has_access
from app.util.models import BaseModel


class Category(BaseModel, BasePermissionModel):
write_access = AdminGroup.all()
read_access = (Groups.TIHLDE,)
text = models.CharField(max_length=200, null=True)

class Meta:
verbose_name_plural = "Categories"

def __str__(self):
return f"{self.text}"

@classmethod
def has_read_permission(cls, request):
return check_has_access(cls.read_access, request)

@classmethod
def has_retrieve_permission(cls, request):
return check_has_access(cls.read_access, request)

@classmethod
def has_write_permission(cls, request):
return check_has_access(cls.write_access, request)

@classmethod
def has_create_permission(cls, request):
return check_has_access(cls.write_access, request)

@classmethod
def has_update_permission(cls, request):
return check_has_access(cls.write_access, request)

@classmethod
def has_destroy_permission(cls, request):
return check_has_access(cls.write_access, request)
22 changes: 21 additions & 1 deletion app/content/models/cheatsheet.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@
UserClass,
UserStudy,
)
from app.common.permissions import BasePermissionModel
from app.common.permissions import BasePermissionModel, check_has_access
from app.util.models import BaseModel


Expand All @@ -34,3 +34,23 @@ class Meta:

def __str__(self):
return f"{self.title} {self.course}"

@classmethod
def has_read_permission(cls, request):
return check_has_access(cls.read_access, request)

@classmethod
def has_retrieve_permission(cls, request):
return check_has_access(cls.read_access, request)

@classmethod
def has_create_permission(cls, request):
return check_has_access(cls.write_access, request)

@classmethod
def has_update_permission(cls, request):
return check_has_access(cls.write_access, request)

@classmethod
def has_destroy_permission(cls, request):
return check_has_access(cls.write_access, request)
Loading
Loading