From 626d0266c8c171c64fe59557ed28480607b62e7c Mon Sep 17 00:00:00 2001 From: Oliver Walters Date: Thu, 1 Oct 2020 00:16:04 +1000 Subject: [PATCH] Add framework for required permissions for any ajax modal forms - Default permissions of "*" will not immediately change any modal forms - Set the permission_required attribute of any modal form for this to be implemented --- InvenTree/InvenTree/views.py | 24 +++++++++++++++++++++++- 1 file changed, 23 insertions(+), 1 deletion(-) diff --git a/InvenTree/InvenTree/views.py b/InvenTree/InvenTree/views.py index 3f9bc5b0a9..d940229ebe 100644 --- a/InvenTree/InvenTree/views.py +++ b/InvenTree/InvenTree/views.py @@ -13,6 +13,8 @@ from django.template.loader import render_to_string from django.http import JsonResponse, HttpResponseRedirect from django.urls import reverse_lazy +from django.contrib.auth.mixins import PermissionRequiredMixin + from django.views import View from django.views.generic import UpdateView, CreateView, FormView from django.views.generic.base import TemplateView @@ -105,12 +107,32 @@ class TreeSerializer(views.APIView): return JsonResponse(response, safe=False) -class AjaxMixin(object): +class AjaxMixin(PermissionRequiredMixin): """ AjaxMixin provides basic functionality for rendering a Django form to JSON. Handles jsonResponse rendering, and adds extra data for the modal forms to process on the client side. + + Any view which inherits the AjaxMixin will need + correct permissions set using the 'permission_required' attribute + """ + # By default, allow *any* permissions + permission_required = '*' + + def has_permission(self): + """ + Override the default behaviour of has_permission from PermissionRequiredMixin. + + Basically, if permission_required attribute = '*', + no permissions are actually required! + """ + + if self.permission_required == '*': + return True + else: + return super().has_permission() + # By default, point to the modal_form template # (this can be overridden by a child class) ajax_template_name = 'modal_form.html'