Added user permissions on company views

2024-08-30 18:33:04 +00:00 · 2020-10-20 14:11:40 -05:00 · 2020-10-20 14:11:40 -05:00 · 39eddc7203
commit 39eddc7203
parent bc6f58cf26
2 changed files with 21 additions and 3 deletions
--- a/InvenTree/InvenTree/views.py
+++ b/InvenTree/InvenTree/views.py
@ -128,9 +128,13 @@ class InvenTreeRoleMixin(PermissionRequiredMixin):

    def has_permission(self):
        """
-        Determine if the current user
+        Determine if the current user has specified permissions
        """

+        if self.permission_required:
+            # Ignore role-based permissions
+            return super().has_permission()
+
        roles_required = []

        if type(self.role_required) is str:
--- a/InvenTree/company/views.py
+++ b/InvenTree/company/views.py
@ -14,6 +14,7 @@ from django.forms import HiddenInput

 from InvenTree.views import AjaxCreateView, AjaxUpdateView, AjaxDeleteView
 from InvenTree.helpers import str2bool
+from InvenTree.views import InvenTreeRoleMixin

 from common.models import Currency

@ -29,7 +30,7 @@ from .forms import EditSupplierPartForm
 from .forms import EditPriceBreakForm


-class CompanyIndex(ListView):
+class CompanyIndex(InvenTreeRoleMixin, ListView):
    """ View for displaying list of companies
    """

@ -37,6 +38,7 @@ class CompanyIndex(ListView):
    template_name = 'company/index.html'
    context_object_name = 'companies'
    paginate_by = 50
+    permission_required = 'company.view_company'

    def get_context_data(self, **kwargs):

@ -116,8 +118,8 @@ class CompanyNotes(UpdateView):
    context_object_name = 'company'
    template_name = 'company/notes.html'
    model = Company
-
    fields = ['notes']
+    permission_required = 'company.view_company'

    def get_success_url(self):
        return reverse('company-notes', kwargs={'pk': self.get_object().id})
@ -137,6 +139,7 @@ class CompanyDetail(DetailView):
    template_name = 'company/detail.html'
    queryset = Company.objects.all()
    model = Company
+    permission_required = 'company.view_company'

    def get_context_data(self, **kwargs):
        ctx = super().get_context_data(**kwargs)
@ -150,6 +153,7 @@ class CompanyImage(AjaxUpdateView):
    ajax_template_name = 'modal_form.html'
    ajax_form_title = _('Update Company Image')
    form_class = CompanyImageForm
+    permission_required = 'company.change_company'

    def get_data(self):
        return {
@ -164,6 +168,7 @@ class CompanyEdit(AjaxUpdateView):
    context_object_name = 'company'
    ajax_template_name = 'modal_form.html'
    ajax_form_title = _('Edit Company')
+    permission_required = 'company.change_company'

    def get_data(self):
        return {
@ -177,6 +182,7 @@ class CompanyCreate(AjaxCreateView):
    context_object_name = 'company'
    form_class = EditCompanyForm
    ajax_template_name = 'modal_form.html'
+    permission_required = 'company.add_company'

    def get_form_title(self):

@ -230,6 +236,7 @@ class CompanyDelete(AjaxDeleteView):
    ajax_template_name = 'company/delete.html'
    ajax_form_title = _('Delete Company')
    context_object_name = 'company'
+    permission_required = 'company.delete_company'

    def get_data(self):
        return {
@ -243,6 +250,7 @@ class SupplierPartDetail(DetailView):
    template_name = 'company/supplier_part_detail.html'
    context_object_name = 'part'
    queryset = SupplierPart.objects.all()
+    permission_required = 'purchase_order.view'

    def get_context_data(self, **kwargs):
        ctx = super().get_context_data(**kwargs)
@ -258,6 +266,7 @@ class SupplierPartEdit(AjaxUpdateView):
    form_class = EditSupplierPartForm
    ajax_template_name = 'modal_form.html'
    ajax_form_title = _('Edit Supplier Part')
+    role_required = 'purchase_order.change'


 class SupplierPartCreate(AjaxCreateView):
@ -268,6 +277,7 @@ class SupplierPartCreate(AjaxCreateView):
    ajax_template_name = 'modal_form.html'
    ajax_form_title = _('Create new Supplier Part')
    context_object_name = 'part'
+    role_required = 'purchase_order.add'

    def get_form(self):
        """ Create Form instance to create a new SupplierPart object.
@ -327,6 +337,7 @@ class SupplierPartDelete(AjaxDeleteView):
    success_url = '/supplier/'
    ajax_template_name = 'company/partdelete.html'
    ajax_form_title = _('Delete Supplier Part')
+    role_required = 'purchase_order.delete'

    parts = []

@ -398,6 +409,7 @@ class PriceBreakCreate(AjaxCreateView):
    form_class = EditPriceBreakForm
    ajax_form_title = _('Add Price Break')
    ajax_template_name = 'modal_form.html'
+    role_required = 'purchase_order.add'

    def get_data(self):
        return {
@ -440,6 +452,7 @@ class PriceBreakEdit(AjaxUpdateView):
    form_class = EditPriceBreakForm
    ajax_form_title = _('Edit Price Break')
    ajax_template_name = 'modal_form.html'
+    role_required = 'purchase_order.change'

    def get_form(self):

@ -455,3 +468,4 @@ class PriceBreakDelete(AjaxDeleteView):
    model = SupplierPriceBreak
    ajax_form_title = _("Delete Price Break")
    ajax_template_name = 'modal_delete_form.html'
+    role_required = 'purchase_order.delete'