Merge pull request #2609 from eeintech/child_model_permissions

Child model permissions
2024-08-30 18:33:04 +00:00 · 2022-02-10 18:08:38 +11:00 · 2022-02-10 18:08:38 +11:00 · 8b34ea3066
commit 8b34ea3066
parent 7b4b07bac3 3b45c1406a
1 changed files with 37 additions and 0 deletions
--- a/InvenTree/users/models.py
+++ b/InvenTree/users/models.py
@ -176,6 +176,11 @@ class RuleSet(models.Model):
        'django_q_success',
    ]
    RULESET_CHANGE_INHERIT = [
        ('part', 'partparameter'),
        ('part', 'bomitem'),
    ]
    RULE_OPTIONS = [
        'can_view',
        'can_add',
@ -228,6 +233,16 @@ class RuleSet(models.Model):
                if check_user_role(user, role, permission):
                    return True
        # Check for children models which inherits from parent role
        for (parent, child) in cls.RULESET_CHANGE_INHERIT:
            # Get child model name
            parent_child_string = f'{parent}_{child}'
            if parent_child_string == table:
                # Check if parent role has change permission
                if check_user_role(user, parent, 'change'):
                    return True
        # Print message instead of throwing an error
        name = getattr(user, 'name', user.pk)
@ -453,6 +468,28 @@ def update_group_roles(group, debug=False):
        if debug:
            print(f"Removing permission {perm} from group {group.name}")
    # Enable all action permissions for certain children models
    # if parent model has 'change' permission
    for (parent, child) in RuleSet.RULESET_CHANGE_INHERIT:
        parent_change_perm = f'{parent}.change_{parent}'
        parent_child_string = f'{parent}_{child}'
        # Check if parent change permission exists
        if parent_change_perm in group_permissions:
            # Add child model permissions
            for action in ['add', 'change', 'delete']:
                child_perm = f'{parent}.{action}_{child}'
                # Check if child permission not already in group
                if child_perm not in group_permissions:
                    # Create permission object
                    add_model(parent_child_string, action, ruleset.can_delete)
                    # Add to group
                    permission = get_permission_object(child_perm)
                    if permission:
                        group.permissions.add(permission)
                        print(f"Adding permission {child_perm} to group {group.name}")
@receiver(post_save, sender=Group, dispatch_uid='create_missing_rule_sets')
 def create_missing_rule_sets(sender, instance, **kwargs):