mirror of
https://github.com/inventree/InvenTree
synced 2024-08-30 18:33:04 +00:00
Merge pull request #1010 from SchrodingersGat/admin-permission-fixes
Update admin links to require specific permissions
This commit is contained in:
commit
4f648f8787
@ -807,7 +807,19 @@ function launchModalForm(url, options = {}) {
|
||||
}
|
||||
},
|
||||
error: function (xhr, ajaxOptions, thrownError) {
|
||||
|
||||
$(modal).modal('hide');
|
||||
|
||||
// Permission denied!
|
||||
if (xhr.status == 403) {
|
||||
showAlertDialog(
|
||||
"Permission Denied",
|
||||
"You do not have the required permissions to access this function"
|
||||
);
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
showAlertDialog('Error requesting form data', renderErrorMessage(xhr));
|
||||
}
|
||||
};
|
||||
|
@ -13,6 +13,8 @@ from django.template.loader import render_to_string
|
||||
from django.http import JsonResponse, HttpResponseRedirect
|
||||
from django.urls import reverse_lazy
|
||||
|
||||
from django.contrib.auth.mixins import PermissionRequiredMixin
|
||||
|
||||
from django.views import View
|
||||
from django.views.generic import UpdateView, CreateView, FormView
|
||||
from django.views.generic.base import TemplateView
|
||||
@ -105,12 +107,32 @@ class TreeSerializer(views.APIView):
|
||||
return JsonResponse(response, safe=False)
|
||||
|
||||
|
||||
class AjaxMixin(object):
|
||||
class AjaxMixin(PermissionRequiredMixin):
|
||||
""" AjaxMixin provides basic functionality for rendering a Django form to JSON.
|
||||
Handles jsonResponse rendering, and adds extra data for the modal forms to process
|
||||
on the client side.
|
||||
|
||||
Any view which inherits the AjaxMixin will need
|
||||
correct permissions set using the 'permission_required' attribute
|
||||
|
||||
"""
|
||||
|
||||
# By default, allow *any* permissions
|
||||
permission_required = '*'
|
||||
|
||||
def has_permission(self):
|
||||
"""
|
||||
Override the default behaviour of has_permission from PermissionRequiredMixin.
|
||||
|
||||
Basically, if permission_required attribute = '*',
|
||||
no permissions are actually required!
|
||||
"""
|
||||
|
||||
if self.permission_required == '*':
|
||||
return True
|
||||
else:
|
||||
return super().has_permission()
|
||||
|
||||
# By default, point to the modal_form template
|
||||
# (this can be overridden by a child class)
|
||||
ajax_template_name = 'modal_form.html'
|
||||
|
@ -35,7 +35,7 @@ src="{% static 'img/blank_image.png' %}"
|
||||
<hr>
|
||||
<h4>
|
||||
{{ build.quantity }} x {{ build.part.full_name }}
|
||||
{% if user.is_staff %}
|
||||
{% if user.is_staff and perms.build.change_build %}
|
||||
<a href="{% url 'admin:build_build_change' build.pk %}"><span title="{% trans 'Admin view' %}" class='fas fa-user-shield'></span></a>
|
||||
{% endif %}
|
||||
</h4>
|
||||
|
@ -23,7 +23,7 @@ InvenTree | {% trans "Company" %} - {{ company.name }}
|
||||
<hr>
|
||||
<h4>
|
||||
{{ company.name }}
|
||||
{% if user.is_staff %}
|
||||
{% if user.is_staff and perms.company.change_company %}
|
||||
<a href="{% url 'admin:company_company_change' company.pk %}"><span title="{% trans 'Admin view' %}" class='fas fa-user-shield'></span></a>
|
||||
{% endif %}
|
||||
</h4>
|
||||
|
@ -22,7 +22,12 @@ src="{% static 'img/blank_image.png' %}"
|
||||
{% block page_data %}
|
||||
<h3>{% trans "Purchase Order" %} {% purchase_order_status_label order.status large=True %}</h3>
|
||||
<hr>
|
||||
<h4>{{ order }}</h4>
|
||||
<h4>
|
||||
{{ order }}
|
||||
{% if user.is_staff and perms.order.change_purchaseorder %}
|
||||
<a href="{% url 'admin:order_purchaseorder_change' order.pk %}"><span title='{% trans "Admin view" %}' class='fas fa-user-shield'></span></a>
|
||||
{% endif %}
|
||||
</h4>
|
||||
<p>{{ order.description }}</p>
|
||||
<p>
|
||||
<div class='btn-row'>
|
||||
|
@ -32,7 +32,12 @@ src="{% static 'img/blank_image.png' %}"
|
||||
|
||||
<h3>{% trans "Sales Order" %} {% sales_order_status_label order.status large=True %}</h3>
|
||||
<hr>
|
||||
<h4>{{ order }}</h4>
|
||||
<h4>
|
||||
{{ order }}
|
||||
{% if user.is_staff and perms.order.change_salesorder %}
|
||||
<a href="{% url 'admin:order_salesorder_change' order.pk %}"><span title='{% trans "Admin view" %}' class='fas fa-user-shield'></span></a>
|
||||
{% endif %}
|
||||
</h4>
|
||||
<p>{{ order.description }}</p>
|
||||
<div class='btn-row'>
|
||||
<div class='btn-group action-buttons'>
|
||||
|
@ -9,7 +9,7 @@
|
||||
{% if category %}
|
||||
<h3>
|
||||
{{ category.name }}
|
||||
{% if user.is_staff %}
|
||||
{% if user.is_staff and perms.part.change_partcategory %}
|
||||
<a href="{% url 'admin:part_partcategory_change' category.pk %}"><span title="{% trans 'Admin view' %}" class='fas fa-user-shield'></span></a>
|
||||
{% endif %}
|
||||
</h3>
|
||||
@ -114,10 +114,10 @@
|
||||
</ul>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
<div class='filter-list' id='filter-list-parts'>
|
||||
<!-- Empty div -->
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<table class='table table-striped table-condensed' data-toolbar='#button-toolbar' id='part-table'>
|
||||
|
@ -28,7 +28,7 @@
|
||||
<div class="media-body">
|
||||
<h3>
|
||||
{{ part.full_name }}
|
||||
{% if user.is_staff %}
|
||||
{% if user.is_staff and perms.part.change_part %}
|
||||
<a href="{% url 'admin:part_part_change' part.pk %}"><span title="{% trans 'Admin view' %}" class='fas fa-user-shield'></span></a>
|
||||
{% endif %}
|
||||
{% if not part.active %}
|
||||
|
@ -65,7 +65,7 @@ InvenTree | {% trans "Stock Item" %} - {{ item }}
|
||||
{% else %}
|
||||
<a href='{% url "part-detail" item.part.pk %}'>{{ item.part.full_name }}</a> × {% decimal item.quantity %}
|
||||
{% endif %}
|
||||
{% if user.is_staff %}
|
||||
{% if user.is_staff and perms.stock.change_stockitem %}
|
||||
<a href="{% url 'admin:stock_stockitem_change' item.pk %}"><span title="{% trans 'Admin view' %}" class='fas fa-user-shield'></span></a>
|
||||
{% endif %}
|
||||
</h4>
|
||||
|
@ -8,7 +8,7 @@
|
||||
{% if location %}
|
||||
<h3>
|
||||
{{ location.name }}
|
||||
{% if user.is_staff %}
|
||||
{% if user.is_staff and perms.stock.change_stocklocation %}
|
||||
<a href="{% url 'admin:stock_stocklocation_change' location.pk %}"><span title="{% trans 'Admin view' %}" class='fas fa-user-shield'></span></a>
|
||||
{% endif %}
|
||||
</h3>
|
||||
|
@ -2,6 +2,7 @@
|
||||
|
||||
<div id='button-toolbar'>
|
||||
<div class='button-toolbar container-fluid' style='float: right;'>
|
||||
<div class='btn-group'>
|
||||
<button class='btn btn-default' id='stock-export' title='{% trans "Export Stock Information" %}'>{% trans "Export" %}</button>
|
||||
{% if read_only %}
|
||||
{% else %}
|
||||
@ -18,6 +19,7 @@
|
||||
</ul>
|
||||
</div>
|
||||
{% endif %}
|
||||
</div>
|
||||
<div class='filter-list' id='filter-list-stock'>
|
||||
<!-- An empty div in which the filter list will be constructed -->
|
||||
</div>
|
||||
|
Loading…
Reference in New Issue
Block a user