mirror of
https://github.com/bookwyrm-social/bookwyrm.git
synced 2024-11-30 13:31:08 +00:00
Adds permissions checking for admin models
This commit is contained in:
parent
e51980bc12
commit
330be16516
5 changed files with 35 additions and 8 deletions
|
@ -2,13 +2,14 @@
|
||||||
import datetime
|
import datetime
|
||||||
|
|
||||||
from django import forms
|
from django import forms
|
||||||
|
from django.core.exceptions import PermissionDenied
|
||||||
from django.forms import widgets
|
from django.forms import widgets
|
||||||
from django.utils import timezone
|
from django.utils import timezone
|
||||||
from django.utils.translation import gettext_lazy as _
|
from django.utils.translation import gettext_lazy as _
|
||||||
from django_celery_beat.models import IntervalSchedule
|
from django_celery_beat.models import IntervalSchedule
|
||||||
|
|
||||||
from bookwyrm import models
|
from bookwyrm import models
|
||||||
from .custom_form import CustomForm
|
from .custom_form import CustomForm, StyledForm
|
||||||
|
|
||||||
|
|
||||||
# pylint: disable=missing-class-docstring
|
# pylint: disable=missing-class-docstring
|
||||||
|
@ -130,7 +131,7 @@ class AutoModRuleForm(CustomForm):
|
||||||
fields = ["string_match", "flag_users", "flag_statuses", "created_by"]
|
fields = ["string_match", "flag_users", "flag_statuses", "created_by"]
|
||||||
|
|
||||||
|
|
||||||
class IntervalScheduleForm(CustomForm):
|
class IntervalScheduleForm(StyledForm):
|
||||||
class Meta:
|
class Meta:
|
||||||
model = IntervalSchedule
|
model = IntervalSchedule
|
||||||
fields = ["every", "period"]
|
fields = ["every", "period"]
|
||||||
|
@ -139,3 +140,9 @@ class IntervalScheduleForm(CustomForm):
|
||||||
"every": forms.NumberInput(attrs={"aria-describedby": "desc_every"}),
|
"every": forms.NumberInput(attrs={"aria-describedby": "desc_every"}),
|
||||||
"period": forms.Select(attrs={"aria-describedby": "desc_period"}),
|
"period": forms.Select(attrs={"aria-describedby": "desc_period"}),
|
||||||
}
|
}
|
||||||
|
|
||||||
|
def save(self, request, *args, **kwargs):
|
||||||
|
"""This is an outside model so the perms check works differently"""
|
||||||
|
if not request.user.has_perm("bookwyrm.moderate_user"):
|
||||||
|
raise PermissionDenied()
|
||||||
|
return super().save(*args, **kwargs)
|
||||||
|
|
|
@ -4,7 +4,7 @@ from django.forms import ModelForm
|
||||||
from django.forms.widgets import Textarea
|
from django.forms.widgets import Textarea
|
||||||
|
|
||||||
|
|
||||||
class CustomForm(ModelForm):
|
class StyledForm(ModelForm):
|
||||||
"""add css classes to the forms"""
|
"""add css classes to the forms"""
|
||||||
|
|
||||||
def __init__(self, *args, **kwargs):
|
def __init__(self, *args, **kwargs):
|
||||||
|
@ -16,7 +16,7 @@ class CustomForm(ModelForm):
|
||||||
css_classes["checkbox"] = "checkbox"
|
css_classes["checkbox"] = "checkbox"
|
||||||
css_classes["textarea"] = "textarea"
|
css_classes["textarea"] = "textarea"
|
||||||
# pylint: disable=super-with-arguments
|
# pylint: disable=super-with-arguments
|
||||||
super(CustomForm, self).__init__(*args, **kwargs)
|
super().__init__(*args, **kwargs)
|
||||||
for visible in self.visible_fields():
|
for visible in self.visible_fields():
|
||||||
if hasattr(visible.field.widget, "input_type"):
|
if hasattr(visible.field.widget, "input_type"):
|
||||||
input_type = visible.field.widget.input_type
|
input_type = visible.field.widget.input_type
|
||||||
|
@ -25,6 +25,10 @@ class CustomForm(ModelForm):
|
||||||
visible.field.widget.attrs["rows"] = 5
|
visible.field.widget.attrs["rows"] = 5
|
||||||
visible.field.widget.attrs["class"] = css_classes[input_type]
|
visible.field.widget.attrs["class"] = css_classes[input_type]
|
||||||
|
|
||||||
|
|
||||||
|
class CustomForm(StyledForm):
|
||||||
|
"""Check permissions on save"""
|
||||||
|
|
||||||
def save(self, request, *args, **kwargs):
|
def save(self, request, *args, **kwargs):
|
||||||
"""Save and check perms"""
|
"""Save and check perms"""
|
||||||
self.instance.raise_not_editable(request.user)
|
self.instance.raise_not_editable(request.user)
|
||||||
|
|
|
@ -3,6 +3,7 @@ from functools import reduce
|
||||||
import operator
|
import operator
|
||||||
|
|
||||||
from django.apps import apps
|
from django.apps import apps
|
||||||
|
from django.core.exceptions import PermissionDenied
|
||||||
from django.db import models, transaction
|
from django.db import models, transaction
|
||||||
from django.db.models import Q
|
from django.db.models import Q
|
||||||
from django.utils.translation import gettext_lazy as _
|
from django.utils.translation import gettext_lazy as _
|
||||||
|
@ -12,7 +13,21 @@ from .base_model import BookWyrmModel
|
||||||
from .user import User
|
from .user import User
|
||||||
|
|
||||||
|
|
||||||
class EmailBlocklist(BookWyrmModel):
|
class AdminModel(BookWyrmModel):
|
||||||
|
"""Overrides the permissions methods"""
|
||||||
|
|
||||||
|
class Meta:
|
||||||
|
"""this is just here to provide default fields for other models"""
|
||||||
|
|
||||||
|
abstract = True
|
||||||
|
|
||||||
|
def raise_not_editable(self, viewer):
|
||||||
|
if viewer.has_perm("bookwyrm.moderate_user"):
|
||||||
|
return
|
||||||
|
raise PermissionDenied()
|
||||||
|
|
||||||
|
|
||||||
|
class EmailBlocklist(AdminModel):
|
||||||
"""blocked email addresses"""
|
"""blocked email addresses"""
|
||||||
|
|
||||||
domain = models.CharField(max_length=255, unique=True)
|
domain = models.CharField(max_length=255, unique=True)
|
||||||
|
@ -29,7 +44,7 @@ class EmailBlocklist(BookWyrmModel):
|
||||||
return User.objects.filter(email__endswith=f"@{self.domain}")
|
return User.objects.filter(email__endswith=f"@{self.domain}")
|
||||||
|
|
||||||
|
|
||||||
class IPBlocklist(BookWyrmModel):
|
class IPBlocklist(AdminModel):
|
||||||
"""blocked ip addresses"""
|
"""blocked ip addresses"""
|
||||||
|
|
||||||
address = models.CharField(max_length=255, unique=True)
|
address = models.CharField(max_length=255, unique=True)
|
||||||
|
@ -41,7 +56,7 @@ class IPBlocklist(BookWyrmModel):
|
||||||
ordering = ("-created_date",)
|
ordering = ("-created_date",)
|
||||||
|
|
||||||
|
|
||||||
class AutoMod(BookWyrmModel):
|
class AutoMod(AdminModel):
|
||||||
"""rules to automatically flag suspicious activity"""
|
"""rules to automatically flag suspicious activity"""
|
||||||
|
|
||||||
string_match = models.CharField(max_length=200, unique=True)
|
string_match = models.CharField(max_length=200, unique=True)
|
||||||
|
|
|
@ -25,7 +25,7 @@ class Report(BookWyrmModel):
|
||||||
|
|
||||||
def raise_not_editable(self, viewer):
|
def raise_not_editable(self, viewer):
|
||||||
"""instead of user being the owner field, it's reporter"""
|
"""instead of user being the owner field, it's reporter"""
|
||||||
if self.reporter == viewer:
|
if self.reporter == viewer or viewer.has_perm("bookwyrm.moderate_user"):
|
||||||
return
|
return
|
||||||
raise PermissionDenied()
|
raise PermissionDenied()
|
||||||
|
|
||||||
|
|
|
@ -15,6 +15,7 @@ from bookwyrm.tests.validate_html import validate_html
|
||||||
class AutomodViews(TestCase):
|
class AutomodViews(TestCase):
|
||||||
"""every response to a get request, html or json"""
|
"""every response to a get request, html or json"""
|
||||||
|
|
||||||
|
# pylint: disable=invalid-name
|
||||||
def setUp(self):
|
def setUp(self):
|
||||||
"""we need basic test data and mocks"""
|
"""we need basic test data and mocks"""
|
||||||
self.factory = RequestFactory()
|
self.factory = RequestFactory()
|
||||||
|
|
Loading…
Reference in a new issue