Mirrored_Repos/InvenTree
1
0
Fork 0
mirror of https://github.com/inventree/InvenTree synced 2024-08-30 18:33:04 +00:00
Code Issues Packages Projects Releases Wiki Activity

Added user permissions on company views

Browse Source
This commit is contained in:
eeintech 2020-10-20 14:11:40 -05:00
parent bc6f58cf26
commit 39eddc7203
2 changed files with 21 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
InvenTree/InvenTree/views.py
View File

@ -128,9 +128,13 @@ class InvenTreeRoleMixin(PermissionRequiredMixin):
def has_permission(self): def has_permission(self):
""" """
Determine if the current user Determine if the current user has specified permissions
""" """
if self.permission_required:
# Ignore role-based permissions
return super().has_permission()
roles_required = [] roles_required = []
if type(self.role_required) is str: if type(self.role_required) is str:

18
InvenTree/company/views.py
View File

@ -14,6 +14,7 @@ from django.forms import HiddenInput
from InvenTree.views import AjaxCreateView, AjaxUpdateView, AjaxDeleteView from InvenTree.views import AjaxCreateView, AjaxUpdateView, AjaxDeleteView
from InvenTree.helpers import str2bool from InvenTree.helpers import str2bool
from InvenTree.views import InvenTreeRoleMixin
from common.models import Currency from common.models import Currency
@ -29,7 +30,7 @@ from .forms import EditSupplierPartForm
from .forms import EditPriceBreakForm from .forms import EditPriceBreakForm
class CompanyIndex(ListView): class CompanyIndex(InvenTreeRoleMixin, ListView):
""" View for displaying list of companies """ View for displaying list of companies
""" """
@ -37,6 +38,7 @@ class CompanyIndex(ListView):
template_name = 'company/index.html' template_name = 'company/index.html'
context_object_name = 'companies' context_object_name = 'companies'
paginate_by = 50 paginate_by = 50
permission_required = 'company.view_company'
def get_context_data(self, **kwargs): def get_context_data(self, **kwargs):
@ -116,8 +118,8 @@ class CompanyNotes(UpdateView):
context_object_name = 'company' context_object_name = 'company'
template_name = 'company/notes.html' template_name = 'company/notes.html'
model = Company model = Company
fields = ['notes'] fields = ['notes']
permission_required = 'company.view_company'
def get_success_url(self): def get_success_url(self):
return reverse('company-notes', kwargs={'pk': self.get_object().id}) return reverse('company-notes', kwargs={'pk': self.get_object().id})
@ -137,6 +139,7 @@ class CompanyDetail(DetailView):
template_name = 'company/detail.html' template_name = 'company/detail.html'
queryset = Company.objects.all() queryset = Company.objects.all()
model = Company model = Company
permission_required = 'company.view_company'
def get_context_data(self, **kwargs): def get_context_data(self, **kwargs):
ctx = super().get_context_data(**kwargs) ctx = super().get_context_data(**kwargs)
@ -150,6 +153,7 @@ class CompanyImage(AjaxUpdateView):
ajax_template_name = 'modal_form.html' ajax_template_name = 'modal_form.html'
ajax_form_title = _('Update Company Image') ajax_form_title = _('Update Company Image')
form_class = CompanyImageForm form_class = CompanyImageForm
permission_required = 'company.change_company'
def get_data(self): def get_data(self):
return { return {
@ -164,6 +168,7 @@ class CompanyEdit(AjaxUpdateView):
context_object_name = 'company' context_object_name = 'company'
ajax_template_name = 'modal_form.html' ajax_template_name = 'modal_form.html'
ajax_form_title = _('Edit Company') ajax_form_title = _('Edit Company')
permission_required = 'company.change_company'
def get_data(self): def get_data(self):
return { return {
@ -177,6 +182,7 @@ class CompanyCreate(AjaxCreateView):
context_object_name = 'company' context_object_name = 'company'
form_class = EditCompanyForm form_class = EditCompanyForm
ajax_template_name = 'modal_form.html' ajax_template_name = 'modal_form.html'
permission_required = 'company.add_company'
def get_form_title(self): def get_form_title(self):
@ -230,6 +236,7 @@ class CompanyDelete(AjaxDeleteView):
ajax_template_name = 'company/delete.html' ajax_template_name = 'company/delete.html'
ajax_form_title = _('Delete Company') ajax_form_title = _('Delete Company')
context_object_name = 'company' context_object_name = 'company'
permission_required = 'company.delete_company'
def get_data(self): def get_data(self):
return { return {
@ -243,6 +250,7 @@ class SupplierPartDetail(DetailView):
template_name = 'company/supplier_part_detail.html' template_name = 'company/supplier_part_detail.html'
context_object_name = 'part' context_object_name = 'part'
queryset = SupplierPart.objects.all() queryset = SupplierPart.objects.all()
permission_required = 'purchase_order.view'
def get_context_data(self, **kwargs): def get_context_data(self, **kwargs):
ctx = super().get_context_data(**kwargs) ctx = super().get_context_data(**kwargs)
@ -258,6 +266,7 @@ class SupplierPartEdit(AjaxUpdateView):
form_class = EditSupplierPartForm form_class = EditSupplierPartForm
ajax_template_name = 'modal_form.html' ajax_template_name = 'modal_form.html'
ajax_form_title = _('Edit Supplier Part') ajax_form_title = _('Edit Supplier Part')
role_required = 'purchase_order.change'
class SupplierPartCreate(AjaxCreateView): class SupplierPartCreate(AjaxCreateView):
@ -268,6 +277,7 @@ class SupplierPartCreate(AjaxCreateView):
ajax_template_name = 'modal_form.html' ajax_template_name = 'modal_form.html'
ajax_form_title = _('Create new Supplier Part') ajax_form_title = _('Create new Supplier Part')
context_object_name = 'part' context_object_name = 'part'
role_required = 'purchase_order.add'
def get_form(self): def get_form(self):
""" Create Form instance to create a new SupplierPart object. """ Create Form instance to create a new SupplierPart object.
@ -327,6 +337,7 @@ class SupplierPartDelete(AjaxDeleteView):
success_url = '/supplier/' success_url = '/supplier/'
ajax_template_name = 'company/partdelete.html' ajax_template_name = 'company/partdelete.html'
ajax_form_title = _('Delete Supplier Part') ajax_form_title = _('Delete Supplier Part')
role_required = 'purchase_order.delete'
parts = [] parts = []
@ -398,6 +409,7 @@ class PriceBreakCreate(AjaxCreateView):
form_class = EditPriceBreakForm form_class = EditPriceBreakForm
ajax_form_title = _('Add Price Break') ajax_form_title = _('Add Price Break')
ajax_template_name = 'modal_form.html' ajax_template_name = 'modal_form.html'
role_required = 'purchase_order.add'
def get_data(self): def get_data(self):
return { return {
@ -440,6 +452,7 @@ class PriceBreakEdit(AjaxUpdateView):
form_class = EditPriceBreakForm form_class = EditPriceBreakForm
ajax_form_title = _('Edit Price Break') ajax_form_title = _('Edit Price Break')
ajax_template_name = 'modal_form.html' ajax_template_name = 'modal_form.html'
role_required = 'purchase_order.change'
def get_form(self): def get_form(self):
@ -455,3 +468,4 @@ class PriceBreakDelete(AjaxDeleteView):
model = SupplierPriceBreak model = SupplierPriceBreak
ajax_form_title = _("Delete Price Break") ajax_form_title = _("Delete Price Break")
ajax_template_name = 'modal_delete_form.html' ajax_template_name = 'modal_delete_form.html'
role_required = 'purchase_order.delete'