Fixes for role permissions

- Fixed a strange interaction if multiple rulesets referred to the same models - Order of operations was incorrect. - Now is good? Yes!
2024-08-30 18:33:04 +00:00 · 2020-10-05 22:57:05 +11:00 · 2020-10-05 22:57:05 +11:00 · 806a7f961d
commit 806a7f961d
parent 731c796254
1 changed files with 19 additions and 5 deletions
--- a/InvenTree/users/models.py
+++ b/InvenTree/users/models.py
@ -160,6 +160,15 @@ class RuleSet(models.Model):

    def save(self, *args, **kwargs):

+        # It does not make sense to be able to change / create something,
+        # but not be able to view it!
+
+        if self.can_add or self.can_change or self.can_delete:
+            self.can_view = True
+
+        if self.can_add or self.can_delete:
+            self.can_change = True
+
        super().save(*args, **kwargs)

    def get_models(self):
@ -227,15 +236,12 @@ def update_group_roles(group, debug=False):
            if permission_string in permissions_to_delete:
                permissions_to_delete.remove(permission_string)

-            if permission_string not in group_permissions:
            permissions_to_add.add(permission_string)

        else:

            # A forbidden action will be ignored if we have already allowed it
            if permission_string not in permissions_to_add:
-
-                if permission_string in group_permissions:
                permissions_to_delete.add(permission_string)

    # Get all the rulesets associated with this group
@ -287,6 +293,10 @@ def update_group_roles(group, debug=False):
    # Add any required permissions to the group
    for perm in permissions_to_add:
        
+        # Ignore if permission is already in the group
+        if perm in group_permissions:
+            continue
+
        permission = get_permission_object(perm)

        group.permissions.add(permission)
@ -297,6 +307,10 @@ def update_group_roles(group, debug=False):
    # Remove any extra permissions from the group
    for perm in permissions_to_delete:

+        # Ignore if the permission is not already assigned
+        if perm not in group_permissions:
+            continue
+
        permission = get_permission_object(perm)

        group.permissions.remove(permission)