Feature/du584 replace perms codenames resolver

akvo/api/resources/project.py

@@ -3,10 +3,12 @@
 # Akvo RSR is covered by the GNU Affero General Public License.
 # See more details in the license.txt file located at the root folder of the Akvo RSR module.
 # For additional details on the GNU license please see < http://www.gnu.org/licenses/agpl.html >.
+
+
 from decimal import Decimal
 
+from django.contrib.auth import get_permission_codename
 from django.core.exceptions import ObjectDoesNotExist
-
 from django.forms.models import ModelForm
 
 from tastypie import fields
@@ -26,7 +28,7 @@
 from akvo.rsr.models import (
     Project, Benchmarkname, Category, Goal, Partnership, BudgetItem, ProjectLocation, Benchmark
 )
-from akvo.utils import get_rsr_limited_change_permission
+from akvo.utils import RSR_LIMITED_CHANGE
 
 from .resources import ConditionalFullResource, get_extra_thumbnails
 from .partnership import FIELD_NAME, FIELD_LONG_NAME
@@ -286,9 +288,9 @@ def get_object_list(self, request):
         object_list = super(ProjectResource, self).get_object_list(request)
         if self._meta.authentication.is_authenticated(request):
             opts = Project._meta
-            if request.user.has_perm(opts.app_label + '.' + opts.get_change_permission()):
+            if request.user.has_perm(opts.app_label + '.' + get_permission_codename('change', opts)):
                 return object_list
-            elif request.user.has_perm(opts.app_label + '.' + get_rsr_limited_change_permission(opts)):
+            elif request.user.has_perm(opts.app_label + '.' + get_permission_codename(RSR_LIMITED_CHANGE, opts)):
                 object_list = object_list.published() | object_list.of_partner(
                     request.user.userprofile.organisation
                 )

akvo/rsr/admin.py

@@ -5,6 +5,7 @@
 from django.contrib import admin
 from django.contrib.admin import helpers, widgets
 from django.contrib.admin.util import flatten_fieldsets
+from django.contrib.auth import get_permission_codename
 from django.contrib.auth.admin import GroupAdmin
 from django.contrib.auth.models import Group
 from django.core.exceptions import PermissionDenied
@@ -22,7 +23,7 @@
 
 from akvo.rsr.forms import PartnerSiteAdminForm
 from akvo.rsr.mixins import TimestampsAdminDisplayMixin
-from akvo.utils import get_rsr_limited_change_permission, permissions, custom_get_or_create_country
+from akvo.utils import permissions, custom_get_or_create_country, RSR_LIMITED_CHANGE
 
 NON_FIELD_ERRORS = '__all__'
 csrf_protect_m = method_decorator(csrf_protect)
@@ -53,7 +54,7 @@ def get_actions(self, request):
         """ Remove delete admin action for "non certified" users"""
         actions = super(CountryAdmin, self).get_actions(request)
         opts = self.opts
-        if not request.user.has_perm(opts.app_label + '.' + opts.get_delete_permission()):
+        if not request.user.has_perm(opts.app_label + '.' + get_permission_codename('delete', opts)):
             del actions['delete_selected']
         return actions
 
@@ -130,7 +131,7 @@ def get_actions(self, request):
         """ Remove delete admin action for "non certified" users"""
         actions = super(OrganisationAdmin, self).get_actions(request)
         opts = self.opts
-        if not request.user.has_perm(opts.app_label + '.' + opts.get_delete_permission()):
+        if not request.user.has_perm(opts.app_label + '.' + get_permission_codename('delete', opts)):
             del actions['delete_selected']
         return actions
 
@@ -148,13 +149,13 @@ def allowed_partner_types(self, obj):
 
     def get_list_display(self, request):
         # see the notes fields in the change list if you have the right permissions
-        if request.user.has_perm(self.opts.app_label + '.' + self.opts.get_change_permission()):
+        if request.user.has_perm(self.opts.app_label + '.' + get_permission_codename('change', self.opts)):
             return list(self.list_display) + ['allowed_partner_types']
         return super(OrganisationAdmin, self).get_list_display(request)
 
     def get_readonly_fields(self, request, obj=None):
         # parter_types is read only unless you have change permission for organisations
-        if not request.user.has_perm(self.opts.app_label + '.' + self.opts.get_change_permission()):
+        if not request.user.has_perm(self.opts.app_label + '.' + get_permission_codename('change', self.opts)):
             self.readonly_fields = ('partner_types', 'created_at', 'last_modified_at',)
         else:
             self.readonly_fields = ('created_at', 'last_modified_at',)
@@ -163,9 +164,9 @@ def get_readonly_fields(self, request, obj=None):
     def queryset(self, request):
         qs = super(OrganisationAdmin, self).queryset(request)
         opts = self.opts
-        if request.user.has_perm(opts.app_label + '.' + opts.get_change_permission()):
+        if request.user.has_perm(opts.app_label + '.' + get_permission_codename('change', opts)):
             return qs
-        elif request.user.has_perm(opts.app_label + '.' + get_rsr_limited_change_permission(opts)):
+        elif request.user.has_perm(opts.app_label + '.' + get_permission_codename(RSR_LIMITED_CHANGE, opts)):
             organisation = request.user.userprofile.organisation
             return qs.filter(pk=organisation.id)
         else:
@@ -178,14 +179,12 @@ def has_change_permission(self, request, obj=None):
 
         If `obj` is None, this should return True if the given request has
         permission to change *any* object of the given type.
-
-        get_rsr_limited_change_permission is used for  partner orgs to limit their listing and editing to
-        "own" projects, organisation and user profiles
         """
         opts = self.opts
-        if request.user.has_perm(opts.app_label + '.' + opts.get_change_permission()):
+        if request.user.has_perm(opts.app_label + '.' + get_permission_codename('change', opts)):
             return True
-        if request.user.has_perm(opts.app_label + '.' + get_rsr_limited_change_permission(opts)):
+        # RSR Partner admins/editors: limit their listing and editing to "own" projects, organisation and user profiles
+        if request.user.has_perm(opts.app_label + '.' + get_permission_codename(RSR_LIMITED_CHANGE, opts)):
             if obj:
                 return obj == request.user.userprofile.organisation
             else:
@@ -499,7 +498,7 @@ def get_actions(self, request):
         """ Remove delete admin action for "non certified" users"""
         actions = super(ProjectAdmin, self).get_actions(request)
         opts = self.opts
-        if not request.user.has_perm(opts.app_label + '.' + opts.get_delete_permission()):
+        if not request.user.has_perm(opts.app_label + '.' + get_permission_codename('delete', opts)):
             del actions['delete_selected']
         return actions
 
@@ -518,10 +517,10 @@ def queryset(self, request):
         """
         qs = super(ProjectAdmin, self).queryset(request)
         opts = self.opts
-        user_profile = request.user.userprofile
-        if request.user.has_perm(opts.app_label + '.' + opts.get_change_permission()):
+        if request.user.has_perm(opts.app_label + '.' + get_permission_codename('change', opts)):
             return qs
-        elif request.user.has_perm(opts.app_label + '.' + get_rsr_limited_change_permission(opts)):
+        elif request.user.has_perm(opts.app_label + '.' + get_permission_codename(RSR_LIMITED_CHANGE, opts)):
+            user_profile = request.user.userprofile
             projects = user_profile.organisation.all_projects()
             # Access to Partner users may be limited by Support partner "ownership"
             allowed_projects = [project.pk for project in projects if user_profile.allow_edit(project)]
@@ -536,20 +535,17 @@ def has_change_permission(self, request, obj=None):
 
         If `obj` is None, this should return True if the given request has
         permission to change *any* object of the given type.
-
-        get_rsr_limited_change_permission is used for  partner orgs to limit their listing and editing to
-        "own" projects, organisation and user profiles
         """
         opts = self.opts
         user = request.user
         user_profile = user.userprofile
 
         # RSR editors/managers
-        if user.has_perm(opts.app_label + '.' + opts.get_change_permission()):
+        if user.has_perm(opts.app_label + '.' + get_permission_codename('change', opts)):
             return True
 
-        # RSR Partner admins/editors
-        if user.has_perm(opts.app_label + '.' + get_rsr_limited_change_permission(opts)):
+        # RSR Partner admins/editors: limit their listing and editing to "own" projects, organisation and user profiles
+        if user.has_perm(opts.app_label + '.' + get_permission_codename(RSR_LIMITED_CHANGE, opts)):
             # On the Project form
             if obj:
                 return user_profile.allow_edit(obj)
@@ -694,7 +690,7 @@ def get_actions(self, request):
         """ Remove delete admin action for "non certified" users"""
         actions = super(UserProfileAdmin, self).get_actions(request)
         opts = self.opts
-        if not request.user.has_perm(opts.app_label + '.' + opts.get_delete_permission()):
+        if not request.user.has_perm(opts.app_label + '.' + get_permission_codename('delete', opts)):
             del actions['delete_selected']
         return actions
 
@@ -712,9 +708,9 @@ def queryset(self, request):
         """
         qs = super(UserProfileAdmin, self).queryset(request)
         opts = self.opts
-        if request.user.has_perm(opts.app_label + '.' + opts.get_change_permission()):
+        if request.user.has_perm(opts.app_label + '.' + get_permission_codename('change', opts)):
             return qs
-        elif request.user.has_perm(opts.app_label + '.' + get_rsr_limited_change_permission(opts)):
+        elif request.user.has_perm(opts.app_label + '.' + get_permission_codename(RSR_LIMITED_CHANGE, opts)):
             organisation = request.user.userprofile.organisation
             return qs.filter(organisation=organisation)
         else:
@@ -727,14 +723,12 @@ def has_change_permission(self, request, obj=None):
 
         If `obj` is None, this should return True if the given request has
         permission to change *any* object of the given type.
-
-        get_rsr_limited_change_permission is used for partner orgs to limit their listing and editing to
-        "own" projects, organisation and user profiles
         """
         opts = self.opts
-        if request.user.has_perm(opts.app_label + '.' + opts.get_change_permission()):
+        if request.user.has_perm(opts.app_label + '.' + get_permission_codename('change', opts)):
             return True
-        if request.user.has_perm(opts.app_label + '.' + get_rsr_limited_change_permission(opts)):
+        # RSR Partner admins/editors: limit their listing and editing to "own" projects, organisation and user profiles
+        if request.user.has_perm(opts.app_label + '.' + get_permission_codename(RSR_LIMITED_CHANGE, opts)):
             my_org = request.user.userprofile.organisation
             if obj:
                 return obj.organisation == my_org
@@ -876,7 +870,7 @@ def get_fieldsets(self, request, obj=None):
         # don't show the notes field unless you have "add" permission on the PartnerSite model
         # (currently means an Akvo staff user (or superuser))
         # note that this is somewhat fragile as it relies on adding/removing from the _first_ fieldset
-        if request.user.has_perm(self.opts.app_label + '.' + self.opts.get_add_permission()):
+        if request.user.has_perm(self.opts.app_label + '.' + get_permission_codename('add', self.opts)):
             self.fieldsets[0][1]['fields'] = ('organisation', 'enabled', 'notes',)
         else:
             self.fieldsets[0][1]['fields'] = ('organisation', 'enabled',)
@@ -891,24 +885,24 @@ def get_form(self, request, obj=None, **kwargs):
 
     def get_list_display(self, request):
         # see the notes fields in the change list if you have the right permissions
-        if request.user.has_perm(self.opts.app_label + '.' + self.opts.get_add_permission()):
+        if request.user.has_perm(self.opts.app_label + '.' + get_permission_codename('add', self.opts)):
             return list(self.list_display) + ['notes']
         return super(PartnerSiteAdmin, self).get_list_display(request)
 
     def get_actions(self, request):
         """ Remove delete admin action for "non certified" users"""
         actions = super(PartnerSiteAdmin, self).get_actions(request)
         opts = self.opts
-        if not request.user.has_perm(opts.app_label + '.' + opts.get_delete_permission()):
+        if not request.user.has_perm(opts.app_label + '.' + get_permission_codename('delete', opts)):
             del actions['delete_selected']
         return actions
 
     def queryset(self, request):
         qs = super(PartnerSiteAdmin, self).queryset(request)
         opts = self.opts
-        if request.user.has_perm(opts.app_label + '.' + opts.get_change_permission()):
+        if request.user.has_perm(opts.app_label + '.' + get_permission_codename('change', opts)):
             return qs
-        elif request.user.has_perm(opts.app_label + '.' + get_rsr_limited_change_permission(opts)):
+        elif request.user.has_perm(opts.app_label + '.' + get_permission_codename(RSR_LIMITED_CHANGE, opts)):
             organisation = request.user.userprofile.organisation
             return qs.filter(organisation=organisation)
         else:
@@ -921,14 +915,12 @@ def has_change_permission(self, request, obj=None):
 
         If `obj` is None, this should return True if the given request has
         permission to change *any* object of the given type.
-
-        get_rsr_limited_change_permission is used for partner orgs to limit their listing and editing to
-        "own" projects, organisation, patner_site and user profiles
         """
         opts = self.opts
-        if request.user.has_perm(opts.app_label + '.' + opts.get_change_permission()):
+        if request.user.has_perm(opts.app_label + '.' + get_permission_codename('change', opts)):
             return True
-        if request.user.has_perm(opts.app_label + '.' + get_rsr_limited_change_permission(opts)):
+        # RSR Partner admins/editors: limit their listing and editing to "own" projects, organisation and user profiles
+        if request.user.has_perm(opts.app_label + '.' + get_permission_codename(RSR_LIMITED_CHANGE, opts)):
             if obj:
                 return obj.organisation == request.user.userprofile.organisation
             else:

akvo/rsr/views.py

@@ -18,9 +18,6 @@
 from akvo.rsr.decorators import fetch_project, project_viewing_permissions
 from akvo.rsr.iso3166 import COUNTRY_CONTINENTS
 
-from akvo.utils import (wordpress_get_lastest_posts, get_rsr_limited_change_permission,
-                            get_random_from_qs, state_equals, right_now_in_akvo)
-
 from django import forms
 from django import http
 from django.conf import settings
@@ -828,18 +825,9 @@ def projectmain(request, project, draft=False, can_add_update=False):
             if project.benchmarks.filter(category=category).aggregate(Sum('value'))['value__sum']
         ])
 
-    # a little model meta data magic
-    opts = project._meta
-    if request.user.has_perm(opts.app_label + '.' + get_rsr_limited_change_permission(opts)):
-        admin_change_url = reverse('admin:rsr_project_change', args=(project.id,)),
-        admin_change_url = admin_change_url[0]  # don't friggin ask why!!!
-    else:
-        admin_change_url = None
-
     can_add_update = project.connected_to_user(request.user)
 
     return {
-        'admin_change_url': admin_change_url,
         'benchmarks': benchmarks,
         'can_add_update': can_add_update,
         'draft': draft,

akvo/utils.py

@@ -136,11 +136,6 @@ def groups_from_user(user):
     return [group.name for group in user.groups.all()]
 
 
-#Modeled on Options method get_change_permission in django/db/models/options.py
-def get_rsr_limited_change_permission(obj):
-    return '%s_%s' % (RSR_LIMITED_CHANGE, obj.object_name.lower())
-
-
 def rsr_image_path(instance, file_name, path_template='db/project/%s/%s'):
     """
     Use to set ImageField upload_to attribute.