Enzo Yair / turismo-api

Go to a project
Toggle navigation Toggle navigation pinning
Enzo Yair
81cc3b0f 1 parent f9f0a2c7

se filtra objetos por permisos

Inline Side-by-side
Showing 3 changed files with 48 additions and 71 deletions
from django.db.models import QuerySet
from django.db.models import Q
from django.contrib.auth.models import Permission
class PublicadoQuerySet(QuerySet):
def get_queryset(self):
return self.filter(publicado__isnull=False)
def filter_queryset_by_permissions(queryset, user):
if not user.is_superuser:
grupos_usuario = user.groups.all()
organismo_codenames = Permission.objects.filter(
group__in=grupos_usuario,
codename__startswith='view_'
).values_list('codename', flat=True)
organismos_permitidos = [
codename[len('view_'):].replace('_', ' ')
for codename in organismo_codenames
]
query = Q()
for name in organismos_permitidos:
query |= Q(short_name__icontains=name)
return queryset.filter(query)
return queryset
... ...
from django.contrib import admin
from django.db.models import Q
from .models import Organismo, Dependencia
from core.querysets import filter_queryset_by_permissions
# Register your models here.
... ... @@ -8,40 +10,24 @@ from .models import Organismo, Dependencia
@admin.register(Organismo)
class OrganismoAdmin(admin.ModelAdmin):
model = Organismo
list_display = ('id', 'short_name')
list_display = ('short_name', )
list_filter = ('short_name',)
search_fields = ('short_name', )
def has_view_permission(self, request, obj=None):
if obj is not None:
return request.user.has_perm(f'organismo.view_{obj.short_name.lower().replace(" ", "_")}')
return request.user.has_perm('organismo.view_organismo')
def has_add_permission(self, request):
return request.user.has_perm('organismo.create_organismo')
def has_change_permission(self, request, obj=None):
if obj is not None:
return request.user.has_perm(f'organismo.edit_{obj.short_name.lower().replace(" ", "_")}')
return request.user.has_perm('organismo.edit_organismo')
def has_delete_permission(self, request, obj=None):
if obj is not None:
return request.user.has_perm(f'organismo.delete_{obj.short_name.lower().replace(" ", "_")}')
return request.user.has_perm('organismo.delete_organismo')
def get_queryset(self, request):
qs = super().get_queryset(request)
qs = filter_queryset_by_permissions(qs, request.user)
return qs
@admin.register(Dependencia)
class DependenciaAdmin(admin.ModelAdmin):
model = Dependencia
list_display = ('id', 'organismo', 'short_name',)
list_display = ('short_name', 'organismo',)
list_filter = ('organismo', 'short_name',)
search_fields = ('short_name',)
def get_queryset(self, request):
queryset = super().get_queryset(request)
if not request.user.is_superuser:
user_groups = request.user.groups.all()
return queryset
qs = super().get_queryset(request)
qs = filter_queryset_by_permissions(qs, request.user)
return qs
... ...
... ... @@ -19,38 +19,6 @@ class Organismo(models.Model):
return f'{self.short_name}'
def custom_permission_organismo_create(organismo):
content_type = ContentType.objects.get_for_model(Organismo)
action = 'view'
codename = f'{action}_{organismo.short_name.lower().replace(" ", "_")}'
if not Permission.objects.filter(codename=codename, content_type=content_type).exists():
Permission.objects.create(
codename=codename,
name=f'Can {action} {organismo.short_name}',
content_type=content_type,
)
def custom_permission_organismo_delete(organismo):
content_type = ContentType.objects.get_for_model(Organismo)
action = 'view'
codename = f'{action}_{organismo.short_name.lower().replace(" ", "_")}'
Permission.objects.filter(codename=codename, content_type=content_type).delete()
@receiver(post_save, sender=Organismo)
def manage_organismo_permissions(sender, instance, created, **kwargs):
if created:
custom_permission_organismo_create(instance)
else:
old_instance = Organismo.objects.get(pk=instance.pk)
if old_instance.short_name != instance.short_name:
custom_permission_organismo_create(old_instance)
custom_permission_organismo_delete(instance)
class Dependencia(models.Model):
objects = None
... ... @@ -65,33 +33,36 @@ class Dependencia(models.Model):
return f'{self.organismo} - {self.short_name}'
def custom_permission_dependencia_create(dependencia):
content_type = ContentType.objects.get_for_model(dependencia)
def custom_permission_create(instance, model_class):
content_type = ContentType.objects.get_for_model(model_class)
action = 'view'
codename = f'{action}_{dependencia.short_name.lower().replace(" ", "_")}'
codename = f'{action}_{instance.short_name.lower().replace(" ", "_")}'
if not Permission.objects.filter(codename=codename, content_type=content_type).exists():
Permission.objects.create(
codename=codename,
name=f'Can {action} {dependencia.short_name}',
name=f'Can {action} {instance.short_name}',
content_type=content_type,
)
def custom_permissions_dependencia_delete(dependencia):
content_type = ContentType.objects.get_for_model(dependencia)
def custom_permission_delete(instance, model_class):
content_type = ContentType.objects.get_for_model(model_class)
action = 'view'
codename = f'{action}_{dependencia.short_name.lower().replace(" ", "_")}'
codename = f'{action}_{instance.short_name.lower().replace(" ", "_")}'
Permission.objects.filter(codename=codename, content_type=content_type).delete()
@receiver(post_save, sender=Dependencia)
def manage_dependencia_permissions(sender, instance, created, **kwargs):
@receiver(post_save, sender=Organismo)
def manage_permissions(sender, instance, created, **kwargs):
model_class = type(instance)
if created:
custom_permission_dependencia_create(instance)
custom_permission_create(instance, model_class)
else:
old_instance = Organismo.objects.get(pk=instance.pk)
old_instance = model_class.objects.get(pk=instance.pk)
if old_instance.short_name != instance.short_name:
custom_permissions_dependencia_delete(old_instance)
custom_permission_dependencia_create(instance)
\ No newline at end of file
custom_permission_delete(old_instance, model_class)
custom_permission_create(instance, model_class)
... ...