Commit 9310da3d authored by Jean-Baptiste Pasquier's avatar Jean-Baptiste Pasquier

Merge branch 'customer-permissions' into 'master'

Customer permissions

See merge request !31
parents f1579684 90b6264c
Pipeline #7046 passed with stage
in 27 seconds
# -*- coding: utf-8 -*-
# Generated by Django 1.11 on 2020-01-14 15:47
from __future__ import unicode_literals
from django.db import migrations
class Migration(migrations.Migration):
dependencies = [
('djangoldp_project', '0005_auto_20191217_1301'),
]
operations = [
migrations.AlterModelOptions(
name='customer',
options={},
),
]
# -*- coding: utf-8 -*-
# Generated by Django 1.11 on 2020-01-14 16:15
from __future__ import unicode_literals
from django.conf import settings
from django.db import migrations, models
import django.db.models.deletion
class Migration(migrations.Migration):
dependencies = [
migrations.swappable_dependency(settings.AUTH_USER_MODEL),
('djangoldp_project', '0006_auto_20200114_1547'),
]
operations = [
migrations.AddField(
model_name='customer',
name='owner',
field=models.ForeignKey(null=True, on_delete=django.db.models.deletion.DO_NOTHING, related_name='owned_customers', to=settings.AUTH_USER_MODEL),
),
]
......@@ -6,7 +6,7 @@ from django.dispatch import receiver
from django.db.models.signals import pre_save, post_save
from djangoldp.models import Model
from .permissions import ProjectPermissions, ProjectMemberPermissions
from .permissions import CustomerPermissions, ProjectPermissions, ProjectMemberPermissions
class Customer(Model):
......@@ -16,10 +16,16 @@ class Customer(Model):
companyRegister = models.CharField(max_length=255, null=True, blank=True)
first_name = models.CharField(max_length=255, null=True, blank=True)
last_name = models.CharField(max_length=255, null=True, blank=True)
owner = models.ForeignKey(settings.AUTH_USER_MODEL, related_name="owned_customers", on_delete=models.DO_NOTHING,
null=True)
role = models.CharField(max_length=255, null=True, blank=True)
email = models.EmailField(null=True, blank=True)
phone = models.CharField(max_length=255, null=True, blank=True)
class Meta:
auto_author = 'owner'
permission_classes=[CustomerPermissions]
def __str__(self):
return self.name
......
......@@ -11,6 +11,31 @@ def get_client_ip(request):
return ip
class CustomerPermissions(LDPPermissions):
def user_permissions(self, user, obj_or_model, obj=None):
from .models import Member
if not user.is_anonymous:
# model base permissions - permissions for /customers/
# object permissions - permissions for a customer instance
if not isinstance(obj_or_model, ModelBase):
obj = obj_or_model
if obj:
# owners have full permissions
if obj.owner == user:
return ['view', 'add', 'change', 'delete']
# members of one of their projects can view the customer
if Member.objects.filter(project__customer=obj, user=user).exists():
return ['view']
else:
return []
# authenticated users can view a list of their customers and add new ones
else:
return ['view', 'add']
return []
class ProjectPermissions(LDPPermissions):
def user_permissions(self, user, obj_or_model, obj=None):
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment