admin(major): fix incorrect permissions being set

2019-11-07 17:25:36 +01:00
parent afdac5f3f8
commit 73d4d9dfe0
10 changed files with 11 additions and 47 deletions
--- a/passbook/admin/views/applications.py
+++ b/passbook/admin/views/applications.py
@ -34,11 +34,6 @@ class ApplicationCreateView(SuccessMessageMixin, LoginRequiredMixin,
    model = Application
    form_class = ApplicationForm
    permission_required = 'passbook_core.add_application'
-    permissions = [
-        'passbook_core.view_application',
-        'passbook_core.change_application',
-        'passbook_core.delete_application',
-    ]

    template_name = 'generic/create.html'
    success_url = reverse_lazy('passbook_admin:applications')
--- a/passbook/admin/views/factors.py
+++ b/passbook/admin/views/factors.py
@ -46,11 +46,6 @@ class FactorCreateView(SuccessMessageMixin, LoginRequiredMixin,
    model = Factor
    template_name = 'generic/create.html'
    permission_required = 'passbook_core.add_factor'
-    permissions = [
-        'passbook_core.view_factor',
-        'passbook_core.change_factor',
-        'passbook_core.delete_factor',
-    ]

    success_url = reverse_lazy('passbook_admin:factors')
    success_message = _('Successfully created Factor')
--- a/passbook/admin/views/groups.py
+++ b/passbook/admin/views/groups.py
@ -31,11 +31,7 @@ class GroupCreateView(SuccessMessageMixin, LoginRequiredMixin,
    model = Group
    form_class = GroupForm
    permission_required = 'passbook_core.add_group'
-    permissions = [
-        'passbook_core.view_group',
-        'passbook_core.change_group',
-        'passbook_core.delete_group',
-    ]
+
    template_name = 'generic/create.html'
    success_url = reverse_lazy('passbook_admin:groups')
    success_message = _('Successfully created Group')
--- a/passbook/admin/views/invitations.py
+++ b/passbook/admin/views/invitations.py
@ -31,11 +31,7 @@ class InvitationCreateView(SuccessMessageMixin, LoginRequiredMixin,
    model = Invitation
    form_class = InvitationForm
    permission_required = 'passbook_core.add_invitation'
-    permissions = [
-        'passbook_core.view_invitation',
-        'passbook_core.change_invitation',
-        'passbook_core.delete_invitation',
-    ]
+
    template_name = 'generic/create.html'
    success_url = reverse_lazy('passbook_admin:invitations')
    success_message = _('Successfully created Invitation')
--- a/passbook/admin/views/policy.py
+++ b/passbook/admin/views/policy.py
@ -41,11 +41,6 @@ class PolicyCreateView(SuccessMessageMixin, LoginRequiredMixin,

    model = Policy
    permission_required = 'passbook_core.add_policy'
-    permissions = [
-        'passbook_core.view_policy',
-        'passbook_core.change_policy',
-        'passbook_core.delete_policy',
-    ]

    template_name = 'generic/create.html'
    success_url = reverse_lazy('passbook_admin:policies')
--- a/passbook/admin/views/property_mapping.py
+++ b/passbook/admin/views/property_mapping.py
@ -45,11 +45,6 @@ class PropertyMappingCreateView(SuccessMessageMixin, LoginRequiredMixin,

    model = PropertyMapping
    permission_required = 'passbook_core.add_propertymapping'
-    permissions = [
-        'passbook_core.view_propertymapping',
-        'passbook_core.change_propertymapping',
-        'passbook_core.delete_propertymapping',
-    ]

    template_name = 'generic/create.html'
    success_url = reverse_lazy('passbook_admin:property-mappings')
--- a/passbook/admin/views/providers.py
+++ b/passbook/admin/views/providers.py
@ -37,11 +37,6 @@ class ProviderCreateView(SuccessMessageMixin, LoginRequiredMixin,

    model = Provider
    permission_required = 'passbook_core.add_provider'
-    permissions = [
-        'passbook_core.view_provider',
-        'passbook_core.change_provider',
-        'passbook_core.delete_provider',
-    ]

    template_name = 'generic/create.html'
    success_url = reverse_lazy('passbook_admin:providers')
--- a/passbook/admin/views/sources.py
+++ b/passbook/admin/views/sources.py
@ -44,11 +44,6 @@ class SourceCreateView(SuccessMessageMixin, LoginRequiredMixin,

    model = Source
    permission_required = 'passbook_core.add_source'
-    permissions = [
-        'passbook_core.view_source',
-        'passbook_core.change_source',
-        'passbook_core.delete_source',
-    ]

    template_name = 'generic/create.html'
    success_url = reverse_lazy('passbook_admin:sources')
--- a/passbook/admin/views/users.py
+++ b/passbook/admin/views/users.py
@ -32,11 +32,6 @@ class UserCreateView(SuccessMessageMixin, LoginRequiredMixin,
    model = User
    form_class = UserForm
    permission_required = 'passbook_core.add_user'
-    permissions = [
-        'passbook_core.view_user',
-        'passbook_core.change_user',
-        'passbook_core.delete_user',
-    ]

    template_name = 'generic/create.html'
    success_url = reverse_lazy('passbook_admin:users')
--- a/passbook/lib/views.py
+++ b/passbook/lib/views.py
@ -7,10 +7,17 @@ from guardian.shortcuts import assign_perm
 class CreateAssignPermView(CreateView):
    """Assign permissions to object after creation"""

-    permissions = []
+    permissions = [
+        '%s.view_%s',
+        '%s.change_%s',
+        '%s.delete_%s',
+    ]

    def form_valid(self, form):
        response = super().form_valid(form)
        for permission in self.permissions:
-            assign_perm(permission, self.request.user, self.object)
+            full_permission = permission % (
+                self.object._meta.app_label, self.object._meta.model_name)
+            print(full_permission)
+            assign_perm(full_permission, self.request.user, self.object)
        return response