diff --git a/InvenTree/users/models.py b/InvenTree/users/models.py index 2f73e67955..f2b72e5efa 100644 --- a/InvenTree/users/models.py +++ b/InvenTree/users/models.py @@ -176,6 +176,11 @@ class RuleSet(models.Model): 'django_q_success', ] + RULESET_CHANGE_INHERIT = [ + ('part', 'partparameter'), + ('part', 'bomitem'), + ] + RULE_OPTIONS = [ 'can_view', 'can_add', @@ -228,6 +233,16 @@ class RuleSet(models.Model): if check_user_role(user, role, permission): return True + # Check for children models which inherits from parent role + for (parent, child) in cls.RULESET_CHANGE_INHERIT: + # Get child model name + parent_child_string = f'{parent}_{child}' + + if parent_child_string == table: + # Check if parent role has change permission + if check_user_role(user, parent, 'change'): + return True + # Print message instead of throwing an error name = getattr(user, 'name', user.pk) @@ -453,6 +468,28 @@ def update_group_roles(group, debug=False): if debug: print(f"Removing permission {perm} from group {group.name}") + # Enable all action permissions for certain children models + # if parent model has 'change' permission + for (parent, child) in RuleSet.RULESET_CHANGE_INHERIT: + parent_change_perm = f'{parent}.change_{parent}' + parent_child_string = f'{parent}_{child}' + + # Check if parent change permission exists + if parent_change_perm in group_permissions: + # Add child model permissions + for action in ['add', 'change', 'delete']: + child_perm = f'{parent}.{action}_{child}' + + # Check if child permission not already in group + if child_perm not in group_permissions: + # Create permission object + add_model(parent_child_string, action, ruleset.can_delete) + # Add to group + permission = get_permission_object(child_perm) + if permission: + group.permissions.add(permission) + print(f"Adding permission {child_perm} to group {group.name}") + @receiver(post_save, sender=Group, dispatch_uid='create_missing_rule_sets') def create_missing_rule_sets(sender, instance, **kwargs):