Added permissions system to control page

2021-03-04 18:22:49 +03:00 · 2021-03-04 18:22:49 +03:00 · d46b90010d
commit d46b90010d
parent 8df2b66b7a
8 changed files with 122 additions and 18 deletions
--- a/main/migrations/0005_auto_20210302_2255.py
+++ b/main/migrations/0005_auto_20210302_2255.py
@ -0,0 +1,17 @@
+# Generated by Django 3.1.6 on 2021-03-02 19:55
+
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('main', '0004_rolechangelogs'),
+    ]
+
+    operations = [
+        migrations.AlterModelOptions(
+            name='userprofile',
+            options={'permissions': [('admin', 'Have access to control page')]},
+        ),
+    ]
--- a/main/migrations/0006_delete_userprofile.py
+++ b/main/migrations/0006_delete_userprofile.py
@ -0,0 +1,16 @@
+# Generated by Django 3.1.6 on 2021-03-03 19:32
+
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('main', '0005_auto_20210302_2255'),
+    ]
+
+    operations = [
+        migrations.DeleteModel(
+            name='UserProfile',
+        ),
+    ]
--- a/main/migrations/0007_userprofile.py
+++ b/main/migrations/0007_userprofile.py
@ -0,0 +1,29 @@
+# Generated by Django 3.1.6 on 2021-03-03 19:35
+
+from django.conf import settings
+from django.db import migrations, models
+import django.db.models.deletion
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        migrations.swappable_dependency(settings.AUTH_USER_MODEL),
+        ('main', '0006_delete_userprofile'),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='UserProfile',
+            fields=[
+                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('role', models.CharField(default='None', max_length=100)),
+                ('image', models.URLField(blank=True, null=True)),
+                ('name', models.CharField(default='None', max_length=100)),
+                ('user', models.OneToOneField(on_delete=django.db.models.deletion.CASCADE, to=settings.AUTH_USER_MODEL)),
+            ],
+            options={
+                'permissions': [('control_access', 'User has access to control page')],
+            },
+        ),
+    ]
--- a/main/migrations/0008_auto_20210303_2305.py
+++ b/main/migrations/0008_auto_20210303_2305.py
@ -0,0 +1,17 @@
+# Generated by Django 3.1.6 on 2021-03-03 20:05
+
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('main', '0007_userprofile'),
+    ]
+
+    operations = [
+        migrations.AlterModelOptions(
+            name='userprofile',
+            options={},
+        ),
+    ]
--- a/main/templates/base/menu.html
+++ b/main/templates/base/menu.html
@ -11,6 +11,9 @@
    {% if request.user.is_authenticated %}
      <div class="btn-group" role="group" aria-label="Basic example">
        <a class="btn btn-secondary" href="{% url 'profile' %}">Профиль</a>
+        {% if perms.main.has_control_access %}
+        <a class="btn btn-secondary" href="{% url 'control' %}">Управление</a>
+        {% endif %}
        <a class="btn btn-secondary" href="{% url 'logout' %}">Выйти</a>
      </div>
    {% else %}
--- a/main/templates/pages/adm_ruleset.html
+++ b/main/templates/pages/adm_ruleset.html
@ -2,7 +2,7 @@

 {% load static %}

-{% block title %}Управление{%endblock %}
+{% block title %}Управление{% endblock %}

 {% block heading %}Управление{% endblock %}

@ -16,19 +16,24 @@
    <p class="row page-description">Основная информация о странице</p>
  </div>

+  {% block form %}
  <form method="post">
    {% csrf_token %}

    <div class="row justify-content-center new-section">

+      {% block hidden_form %}
      <div style="display: none">
        {% for field in form.users %}
        {{ field.tag }}
        {% endfor %}
      </div>
+      {% endblock %}

      <div class="col-10">
        <h6 class="table-title">Список сотрудников</h6>
+
+        {% block table %}
        <table class="light-table">

            <thead>
@ -52,10 +57,12 @@
            </tbody>

        </table>
+        {% endblock%}

      </div>
    </div>

+    {% block count %}
    <div class="row justify-content-center new-section">
      <div class="col-5">
        <div class="info">
@ -91,19 +98,11 @@

      </div>
    </div>
+    {% endblock %}
  </form>
+  {% endblock %}
 </div>

-<script>
-  "use strict";
-  let checkboxes = document.getElementsByName("users");
-  let fields = document.querySelectorAll(".checkbox_field");
-  if (checkboxes.length == fields.length) {
-    for (let i = 0; i < fields.length; ++i) {
-      let el = checkboxes[i].cloneNode(true);
-      fields[i].appendChild(el);
-    }
-  }
-</script>
+<script src="{% static 'main/js/control.js'%}"></script>

 {% endblock %}
--- a/main/views.py
+++ b/main/views.py
@ -1,22 +1,20 @@
-from django.contrib.auth.decorators import login_required
 from django.contrib.auth.forms import PasswordResetForm
-from django.contrib.auth.models import User
 from django.contrib.auth.tokens import default_token_generator
+from django.contrib.contenttypes.models import ContentType
 from django.shortcuts import render, get_list_or_404
 from django.urls import reverse_lazy
 from django.views.generic import FormView
-from django_registration.backends.one_step.views import RegistrationView

 from access_controller.settings import EMAIL_HOST_USER
 from main.extra_func import check_user_exist, update_profile, get_user_organization, \
    make_engineer, make_light_agent, get_users_list

-from django.contrib.auth.models import User
+from django.contrib.auth.models import User, Permission
 from main.models import UserProfile
 from main.forms import CustomRegistrationForm, AdminPageUsers
 from django_registration.views import RegistrationView
 from django.contrib.auth.decorators import login_required
-from django.contrib.auth.mixins import LoginRequiredMixin
+from django.contrib.auth.mixins import LoginRequiredMixin, PermissionRequiredMixin
 from django.core.exceptions import PermissionDenied

 import logging
@ -55,12 +53,27 @@ class CustomRegistrationView(RegistrationView):
                )
                forms.save(**opts)
                update_profile(user.userprofile)
+                self.set_permission(user)
                return user
            else:
                raise ValueError('Непредвиденная ошибка')
        else:
            self.is_allowed = False

+    @staticmethod
+    def set_permission(user) -> None:
+        """
+        Дает разрешение на просмотр страница администратора, если пользователь имеет роль admin
+        """
+
+        content_type = ContentType.objects.get_for_model(UserProfile)
+        permission, created = Permission.objects.get_or_create(
+            codename='has_control_access',
+            content_type=content_type,
+        )
+        if user.userprofile.role == 'admin':
+            user.user_permissions.add(permission)
+
    def get_success_url(self, user=None):
        """
        Возвращает url-адрес страницы, куда нужно перейти после успешной/неуспешной регистрации
@ -100,7 +113,8 @@ def main_page(request):
    return render(request, 'pages/index.html')


-class AdminPageView(FormView, LoginRequiredMixin):
+class AdminPageView(FormView, LoginRequiredMixin, PermissionRequiredMixin):
+    permission_required = 'main.has_control_access'
    template_name = 'pages/adm_ruleset.html'
    form_class = AdminPageUsers
    success_url = '/control/'
--- a/static/main/js/control.js
+++ b/static/main/js/control.js
@ -0,0 +1,9 @@
+"use strict";
+let checkboxes = document.getElementsByName("users");
+let fields = document.querySelectorAll(".checkbox_field");
+if (checkboxes.length == fields.length) {
+  for (let i = 0; i < fields.length; ++i) {
+    let el = checkboxes[i].cloneNode(true);
+    fields[i].appendChild(el);
+  }
+}