From 73d4d9dfe01886e0d30c4fab6a9e0f20b4f0f005 Mon Sep 17 00:00:00 2001 From: "Langhammer, Jens" Date: Thu, 7 Nov 2019 17:25:36 +0100 Subject: [PATCH] admin(major): fix incorrect permissions being set --- passbook/admin/views/applications.py | 5 ----- passbook/admin/views/factors.py | 5 ----- passbook/admin/views/groups.py | 6 +----- passbook/admin/views/invitations.py | 6 +----- passbook/admin/views/policy.py | 5 ----- passbook/admin/views/property_mapping.py | 5 ----- passbook/admin/views/providers.py | 5 ----- passbook/admin/views/sources.py | 5 ----- passbook/admin/views/users.py | 5 ----- passbook/lib/views.py | 11 +++++++++-- 10 files changed, 11 insertions(+), 47 deletions(-) diff --git a/passbook/admin/views/applications.py b/passbook/admin/views/applications.py index e8253f21e..ba3fb40a3 100644 --- a/passbook/admin/views/applications.py +++ b/passbook/admin/views/applications.py @@ -34,11 +34,6 @@ class ApplicationCreateView(SuccessMessageMixin, LoginRequiredMixin, model = Application form_class = ApplicationForm permission_required = 'passbook_core.add_application' - permissions = [ - 'passbook_core.view_application', - 'passbook_core.change_application', - 'passbook_core.delete_application', - ] template_name = 'generic/create.html' success_url = reverse_lazy('passbook_admin:applications') diff --git a/passbook/admin/views/factors.py b/passbook/admin/views/factors.py index b91e4090a..ad26a4ab7 100644 --- a/passbook/admin/views/factors.py +++ b/passbook/admin/views/factors.py @@ -46,11 +46,6 @@ class FactorCreateView(SuccessMessageMixin, LoginRequiredMixin, model = Factor template_name = 'generic/create.html' permission_required = 'passbook_core.add_factor' - permissions = [ - 'passbook_core.view_factor', - 'passbook_core.change_factor', - 'passbook_core.delete_factor', - ] success_url = reverse_lazy('passbook_admin:factors') success_message = _('Successfully created Factor') diff --git a/passbook/admin/views/groups.py b/passbook/admin/views/groups.py index affe270bb..dbe9e2dff 100644 --- a/passbook/admin/views/groups.py +++ b/passbook/admin/views/groups.py @@ -31,11 +31,7 @@ class GroupCreateView(SuccessMessageMixin, LoginRequiredMixin, model = Group form_class = GroupForm permission_required = 'passbook_core.add_group' - permissions = [ - 'passbook_core.view_group', - 'passbook_core.change_group', - 'passbook_core.delete_group', - ] + template_name = 'generic/create.html' success_url = reverse_lazy('passbook_admin:groups') success_message = _('Successfully created Group') diff --git a/passbook/admin/views/invitations.py b/passbook/admin/views/invitations.py index 0d55ead34..dc3dd372f 100644 --- a/passbook/admin/views/invitations.py +++ b/passbook/admin/views/invitations.py @@ -31,11 +31,7 @@ class InvitationCreateView(SuccessMessageMixin, LoginRequiredMixin, model = Invitation form_class = InvitationForm permission_required = 'passbook_core.add_invitation' - permissions = [ - 'passbook_core.view_invitation', - 'passbook_core.change_invitation', - 'passbook_core.delete_invitation', - ] + template_name = 'generic/create.html' success_url = reverse_lazy('passbook_admin:invitations') success_message = _('Successfully created Invitation') diff --git a/passbook/admin/views/policy.py b/passbook/admin/views/policy.py index 264f9e073..8933e58a2 100644 --- a/passbook/admin/views/policy.py +++ b/passbook/admin/views/policy.py @@ -41,11 +41,6 @@ class PolicyCreateView(SuccessMessageMixin, LoginRequiredMixin, model = Policy permission_required = 'passbook_core.add_policy' - permissions = [ - 'passbook_core.view_policy', - 'passbook_core.change_policy', - 'passbook_core.delete_policy', - ] template_name = 'generic/create.html' success_url = reverse_lazy('passbook_admin:policies') diff --git a/passbook/admin/views/property_mapping.py b/passbook/admin/views/property_mapping.py index d874808a2..bbfdf2bc3 100644 --- a/passbook/admin/views/property_mapping.py +++ b/passbook/admin/views/property_mapping.py @@ -45,11 +45,6 @@ class PropertyMappingCreateView(SuccessMessageMixin, LoginRequiredMixin, model = PropertyMapping permission_required = 'passbook_core.add_propertymapping' - permissions = [ - 'passbook_core.view_propertymapping', - 'passbook_core.change_propertymapping', - 'passbook_core.delete_propertymapping', - ] template_name = 'generic/create.html' success_url = reverse_lazy('passbook_admin:property-mappings') diff --git a/passbook/admin/views/providers.py b/passbook/admin/views/providers.py index 8892ade5f..0f226a787 100644 --- a/passbook/admin/views/providers.py +++ b/passbook/admin/views/providers.py @@ -37,11 +37,6 @@ class ProviderCreateView(SuccessMessageMixin, LoginRequiredMixin, model = Provider permission_required = 'passbook_core.add_provider' - permissions = [ - 'passbook_core.view_provider', - 'passbook_core.change_provider', - 'passbook_core.delete_provider', - ] template_name = 'generic/create.html' success_url = reverse_lazy('passbook_admin:providers') diff --git a/passbook/admin/views/sources.py b/passbook/admin/views/sources.py index cb19be9c2..3e2c19b8a 100644 --- a/passbook/admin/views/sources.py +++ b/passbook/admin/views/sources.py @@ -44,11 +44,6 @@ class SourceCreateView(SuccessMessageMixin, LoginRequiredMixin, model = Source permission_required = 'passbook_core.add_source' - permissions = [ - 'passbook_core.view_source', - 'passbook_core.change_source', - 'passbook_core.delete_source', - ] template_name = 'generic/create.html' success_url = reverse_lazy('passbook_admin:sources') diff --git a/passbook/admin/views/users.py b/passbook/admin/views/users.py index 237c0bad5..1a778fe67 100644 --- a/passbook/admin/views/users.py +++ b/passbook/admin/views/users.py @@ -32,11 +32,6 @@ class UserCreateView(SuccessMessageMixin, LoginRequiredMixin, model = User form_class = UserForm permission_required = 'passbook_core.add_user' - permissions = [ - 'passbook_core.view_user', - 'passbook_core.change_user', - 'passbook_core.delete_user', - ] template_name = 'generic/create.html' success_url = reverse_lazy('passbook_admin:users') diff --git a/passbook/lib/views.py b/passbook/lib/views.py index 64d1c761b..b878b35d0 100644 --- a/passbook/lib/views.py +++ b/passbook/lib/views.py @@ -7,10 +7,17 @@ from guardian.shortcuts import assign_perm class CreateAssignPermView(CreateView): """Assign permissions to object after creation""" - permissions = [] + permissions = [ + '%s.view_%s', + '%s.change_%s', + '%s.delete_%s', + ] def form_valid(self, form): response = super().form_valid(form) for permission in self.permissions: - assign_perm(permission, self.request.user, self.object) + full_permission = permission % ( + self.object._meta.app_label, self.object._meta.model_name) + print(full_permission) + assign_perm(full_permission, self.request.user, self.object) return response