def test_user_permission_cache_bump(rf): user = factories.get_default_staff_user() group_a = Group.objects.create(name="Group A") group_b = Group.objects.create(name="Group B") group_a_permissions = ["purchase", "sell"] group_b_permissions = ["delete", "create"] set_permissions_for_group(group_a, set(group_a_permissions)) set_permissions_for_group(group_b, set(group_b_permissions)) all_permissions = set(group_a_permissions + group_b_permissions) # as user is not in any group, it misses all the groups assert get_missing_permissions(user, all_permissions) == all_permissions # add the user to Group A user.groups.add(group_a) # the user misses the group_b permissions assert get_missing_permissions(user, all_permissions) == set(group_b_permissions) # make the user be part only of group b group_b.user_set.add(user) group_a.user_set.remove(user) # the user misses the group_a permissions assert get_missing_permissions(user, all_permissions) == set(group_a_permissions) # user is part of all groups user.groups.set([group_a, group_b]) assert get_missing_permissions(user, all_permissions) == set()
def get_menu_entry_categories(request): menu_categories = OrderedDict() menu_category_icons = {} for identifier, category_name, icon in MENU_CATEGORIES: menu_categories[identifier] = _MenuCategory(category_name, icon) menu_category_icons[identifier] = icon modules = list(get_modules()) for module in modules: menu_category_icons.update( (force_text(key), force_text(value)) for (key, value) in module.get_menu_category_icons().items() if key not in menu_category_icons ) for module in modules: if get_missing_permissions(request.user, module.get_required_permissions()): continue for entry in (module.get_menu_entries(request=request) or ()): category_identifier = entry.category category = menu_categories.get(category_identifier) if category_identifier else None if not category: category_identifier = force_text(category_identifier or module.name) category = menu_categories.get(category_identifier) if not category: menu_categories[category_identifier] = category = _MenuCategory( name=category_identifier, icon=menu_category_icons.get(category_identifier, "fa fa-circle") ) category.entries.append(entry) return [c for identifier, c in six.iteritems(menu_categories) if len(c.entries) > 0]
def get_menu_entry_categories(request): menu_categories = {} menu_category_icons = {} modules = list(get_modules()) for module in modules: menu_category_icons.update( (force_text(key), force_text(value)) for (key, value) in module.get_menu_category_icons().items()) for module in modules: if not get_missing_permissions(request.user, module.get_required_permissions()): for entry in (module.get_menu_entries(request=request) or ()): category_name = force_text(entry.category or module.name) category = menu_categories.get(category_name) if not category: menu_categories[category_name] = category = _MenuCategory( name=category_name, icon=menu_category_icons.get(category_name, "fa fa-circle")) category.entries.append(entry) return SortedDict( sorted( (c.name, c) for c in sorted(menu_categories.values(), key=lambda c: c.name)))
def get_search_results(request, query): fuzzer = FuzzyMatcher(query) normal_results = [] menu_entry_results = [] for module in get_modules(): if get_missing_permissions(request.user, module.get_required_permissions()): continue normal_results.extend(module.get_search_results(request, query) or ()) for menu_entry in module.get_menu_entries(request) or (): texts = (menu_entry.get_search_query_texts() or ()) if any(fuzzer.test(text) for text in texts): menu_entry_results.append(SearchResult( text=menu_entry.text, url=menu_entry.url, icon=menu_entry.icon, category=menu_entry.category, relevance=90, is_action=True )) results = sorted( chain(normal_results, menu_entry_results), key=lambda r: r.relevance, reverse=True ) return results
def get_context_data(order, request=None): suppliers = Supplier.objects.filter( order_lines__order=order).distinct() create_permission = "order.create-shipment" delete_permission = "order.delete-shipment" missing_permissions = get_missing_permissions( request.user, [create_permission, delete_permission]) create_urls = {} if create_permission not in missing_permissions: for supplier in suppliers: create_urls[supplier.pk] = reverse( "shuup_admin:order.create-shipment", kwargs={ "pk": order.pk, "supplier_pk": supplier.pk }) delete_urls = {} if delete_permission not in missing_permissions: for shipment_id in order.shipments.all_except_deleted( ).values_list("id", flat=True): delete_urls[shipment_id] = reverse( "shuup_admin:order.delete-shipment", kwargs={"pk": shipment_id}) return { "suppliers": suppliers, "create_urls": create_urls, "delete_urls": delete_urls }
def get_stock_adjustment_div(request, supplier, product): """ Get html string to adjust stock values Contains inputs for purchase_price_value and delta :param request: HTTP request :type request: django.http.HttpRequest :param supplier: shuup Supplier :type supplier: shuup.core.models.Supplier :param product: shuup Product :type product: shuup.core.models.Product :return: html div as a string :rtype: str """ latest_adjustment = StockAdjustment.objects.filter( product=product, supplier=supplier, type=StockAdjustmentType.INVENTORY ).last() purchase_price = latest_adjustment.purchase_price_value if latest_adjustment else Decimal("0.00") context = { "product": product, "supplier": supplier, "delta_step": pow(0.1, product.sales_unit.decimals), "adjustment_form": StockAdjustmentForm(initial={"purchase_price": purchase_price, "delta": None}), } if "shuup.notify" in settings.INSTALLED_APPS: from shuup.notify.models import Notification context["alert_limit_form"] = AlertLimitForm(initial={"alert_limit": 0}) if not get_missing_permissions(request.user, get_default_model_permissions(Notification)): context["notify_url"] = reverse("shuup_admin:notify.script.list") else: context["notify_url"] = "" return render_to_string("shuup/simple_supplier/admin/add_stock_form.jinja", context=context, request=request)
def render(self, request): if not get_missing_permissions(request.user, self.required_permissions): yield "<a %s>" % flatatt_filter( {"href": self.url, "class": self.get_computed_class(), "title": self.tooltip} ) yield self.render_label() yield "</a>"
def get_stock_adjustment_div(request, supplier, product): """ Get html string to adjust stock values Contains inputs for purchase_price_value and delta :param request: HTTP request :type request: django.http.HttpRequest :param supplier: shuup Supplier :type supplier: shuup.core.models.Supplier :param product: shuup Product :type product: shuup.core.models.Product :return: html div as a string :rtype: str """ stock = StockCount.objects.get_or_create(product=product, supplier=supplier)[0] latest_adjustment = StockAdjustment.objects.filter( product=product, supplier=supplier, type=StockAdjustmentType.INVENTORY).last() purchase_price = (latest_adjustment.purchase_price.as_rounded().value if latest_adjustment else Decimal()) context = { "product": product, "supplier": supplier, "delta_step": pow(0.1, product.sales_unit.decimals) if product.sales_unit.decimals else 0, "adjustment_form": StockAdjustmentForm(initial={"purchase_price": purchase_price, "delta": None}), "stock": stock, "stock_managed_form": StockManagedForm(initial={"stock_managed": not stock.stock_managed}) } if "shuup.notify" in settings.INSTALLED_APPS: context["alert_limit_form"] = AlertLimitForm(initial={"alert_limit": stock.alert_limit or Decimal()}) if not get_missing_permissions(request.user, ("notify.script.list",)): context["notify_url"] = reverse("shuup_admin:notify.script.list") else: context["notify_url"] = "" return render_to_string("shuup/simple_supplier/admin/add_stock_form.jinja", context=context, request=request)
def get_stock_adjustment_div(request, supplier, product): """ Get html string to adjust stock values Contains inputs for purchase_price_value and delta :param request: HTTP request :type request: django.http.HttpRequest :param supplier: shuup Supplier :type supplier: shuup.core.models.Supplier :param product: shuup Product :type product: shuup.core.models.Product :return: html div as a string :rtype: str """ latest_adjustment = StockAdjustment.objects.filter( product=product, supplier=supplier, type=StockAdjustmentType.INVENTORY).last() purchase_price = (latest_adjustment.purchase_price_value if latest_adjustment else Decimal("0.00")) context = { "product": product, "supplier": supplier, "delta_step": pow(0.1, product.sales_unit.decimals), "adjustment_form": StockAdjustmentForm(initial={"purchase_price": purchase_price, "delta": None}), } if "shuup.notify" in settings.INSTALLED_APPS: from shuup.notify.models import Notification context["alert_limit_form"] = AlertLimitForm(initial={"alert_limit": 0}) if not get_missing_permissions(request.user, get_default_model_permissions(Notification)): context["notify_url"] = reverse("shuup_admin:notify.script.list") else: context["notify_url"] = "" return render_to_string("shuup/simple_supplier/admin/add_stock_form.jinja", context=context, request=request)
def _get_unauth_reason(self, request): """ Figure out if there's any reason not to allow the user access to this view via the given request. :type request: Request. :param request: HttpRequest :rtype: str|None """ if self.require_authentication: if not is_authenticated(request.user): return _("Sign in to continue.") elif not getattr(request.user, "is_staff", False): return _( "Your account must have `Access to Admin Panel` permissions to access this page." ) elif not get_shop(request): return _( "There is no active shop available. Contact support for more details." ) missing_permissions = get_missing_permissions(request.user, self.permissions) if missing_permissions: return _("You do not have the required permissions: %s" ) % ", ".join(missing_permissions)
def render(self, request): if not get_missing_permissions(request.user, self.required_permissions): yield '<li>' button = super(PostActionDropdownItem, self).render(request) for bit in button: yield bit yield '</li>'
def render(self, request): if not get_missing_permissions(request.user, self.required_permissions): if not self.items: return yield '<div class="btn-group" role="group">' if self.split_button: for bit in self.split_button.render(request): yield bit yield '<button %s>' % flatatt_filter( { "type": "button", "class": self.get_computed_class(), "data-toggle": "dropdown", "title": self.tooltip }) if not self.split_button: yield self.render_label() yield " " yield '<i class="fa fa-chevron-down"></i>' yield '</button>' for bit in self.render_dropdown(request): yield bit yield '</div>'
def render(self, request): if not get_missing_permissions(request.user, self.required_permissions): if not self.items: return yield '<div class="btn-group" role="group">' if self.split_button: for bit in self.split_button.render(request): yield bit yield '<button %s>' % flatatt_filter({ "type": "button", "class": self.get_computed_class(), "data-toggle": "dropdown", "title": self.tooltip }) if not self.split_button: yield self.render_label() yield " " yield '</button>' for bit in self.render_dropdown(request): yield bit yield '</div>'
def get_menu_entry_categories(request): menu_categories = OrderedDict() menu_children = OrderedDict() menu_category_icons = {} for menu_item in MAIN_MENU: identifier = menu_item["identifier"] icon = menu_item["icon"] menu_categories[identifier] = _MenuCategory( identifier=identifier, name=menu_item["title"], icon=icon, ) for child in menu_item["children"]: child_identifier = "%s:%s" % (identifier, child["identifier"]) child_category = _MenuCategory(child["identifier"], child["title"], None) menu_children[child_identifier] = child_category menu_categories[identifier].children.append(child_category) menu_category_icons[identifier] = icon modules = list(get_modules()) for module in modules: menu_category_icons.update( (force_text(key), force_text(value)) for (key, value) in module.get_menu_category_icons().items() if key not in menu_category_icons ) all_categories = set() for module in modules: if get_missing_permissions(request.user, module.get_required_permissions()): continue for entry in (module.get_menu_entries(request=request) or ()): category_identifier = entry.category subcategory = entry.subcategory entry_identifier = "%s:%s" % (category_identifier, subcategory) if subcategory else category_identifier menu_items = menu_children if subcategory else menu_categories category = menu_items.get(entry_identifier) if not category: category_identifier = force_text(category_identifier or module.name) category = menu_items.get(category_identifier) if not category: menu_items[category_identifier] = category = _MenuCategory( identifier=category_identifier, name=category_identifier, icon=menu_category_icons.get(category_identifier, "fa fa-circle") ) category.entries.append(entry) if subcategory: parent = menu_categories.get(category_identifier) all_categories.add(parent) else: all_categories.add(category) return [c for menu_identifier, c in six.iteritems(menu_categories) if c in all_categories]
def get_formparts_for_provide_key(user, provide_key): provide_objects = list(get_provide_objects(provide_key)) missing_permissions = get_missing_permissions( user, [form.__name__ for form in provide_objects]) return [ provide_object for provide_object in provide_objects if provide_object.__name__ not in missing_permissions ]
def get_quicklinks(request): quicklinks = [] for module in get_modules(): if get_missing_permissions(request.user, module.get_required_permissions()): continue quicklinks.extend(module.get_help_blocks(request, kind="quicklink")) return quicklinks
def get_context_data(self, **kwargs): context = super(HomeView, self).get_context_data(**kwargs) context["blocks"] = blocks = [] context["tour_key"] = "home" context["tour_complete"] = is_tour_complete(get_shop(self.request), "home") wizard_complete = setup_wizard_complete(self.request) wizard_url = reverse("shuup_admin:wizard") wizard_actions = [] if not wizard_complete: wizard_actions.append({ "text": _("Complete wizard"), "url": wizard_url }) else: wizard_steps = load_setup_wizard_panes( shop=self.request.shop, request=self.request, visible_only=False) for step in wizard_steps: wizard_actions.append({ "text": step.title, "url": "%s?pane_id=%s" % (wizard_url, step.identifier), "no_redirect": True }) blocks.append( SimpleHelpBlock( _("Complete the setup wizard"), actions=wizard_actions, icon_url="shuup_admin/img/configure.png", priority=-1, done=wizard_complete ) ) for module in get_modules(): if not get_missing_permissions(self.request.user, module.get_required_permissions()): blocks.extend(module.get_help_blocks(request=self.request, kind="setup")) blocks.sort(key=lambda b: b.priority) blocks.append( SimpleHelpBlock( priority=1000, text=_("Publish your store"), description=_("Let customers browse your store and make purchases"), css_class="green ", actions=[{ "method": "POST", "text": _("Publish shop"), "url": reverse("shuup_admin:shop.enable", kwargs={"pk": self.request.shop.pk}), "data": { "enable": True, "redirect": reverse("shuup_admin:dashboard") } }], icon_url="shuup_admin/img/publish.png", done=not self.request.shop.maintenance_mode ) ) return context
def get_menu_entry_categories(request): # noqa (C901) menu_categories = OrderedDict() # Update main menu from provides main_menu = extend_main_menu(MAIN_MENU) menu_category_icons = {} for menu_item in main_menu: identifier = menu_item["identifier"] icon = menu_item["icon"] menu_categories[identifier] = _MenuCategory( identifier=identifier, name=menu_item["title"], icon=icon, ) menu_category_icons[identifier] = icon modules = list(get_modules()) for module in modules: menu_category_icons.update( (force_text(key), force_text(value)) for (key, value) in module.get_menu_category_icons().items() if key not in menu_category_icons) all_categories = set() for module in modules: if get_missing_permissions(request.user, module.get_required_permissions()): continue for entry in module.get_menu_entries(request=request) or (): category = menu_categories.get(entry.category) if not category: category_identifier = force_text(entry.category or module.name) category = menu_categories.get(category_identifier) if not category: menu_categories[ category_identifier] = category = _MenuCategory( identifier=category_identifier, name=category_identifier, icon=menu_category_icons.get( category_identifier, "fa fa-circle"), ) category.entries.append(entry) all_categories.add(category) # clean categories that eventually have no children or entries categories = [] for cat in all_categories: if not cat.entries: continue categories.append(cat) clean_categories = [ c for menu_identifier, c in six.iteritems(menu_categories) if c in categories ] return customize_menu(clean_categories, request)
def render(self, request): if not get_missing_permissions(request.user, self.required_permissions): yield '<a %s>' % flatatt_filter({ "href": self.url, "class": self.get_computed_class(), "title": self.tooltip }) yield self.render_label() yield '</a>'
def get_context_data(self, **kwargs): context = super(HomeView, self).get_context_data(**kwargs) context["blocks"] = blocks = [] context["tour_key"] = "home" context["tour_complete"] = is_tour_complete("home") wizard_complete = setup_wizard_complete() wizard_url = reverse("shuup_admin:wizard") wizard_actions = [] if not wizard_complete: wizard_actions.append({ "text": _("Complete wizard"), "url": wizard_url }) else: wizard_steps = load_setup_wizard_panes( shop=Shop.objects.first(), request=self.request, visible_only=False) for step in wizard_steps: wizard_actions.append({ "text": step.title, "url": "%s?pane_id=%s" % (wizard_url, step.identifier), "no_redirect": True }) blocks.append( SimpleHelpBlock( _("Complete the setup wizard"), actions=wizard_actions, icon_url="shuup_admin/img/configure.png", priority=-1, done=wizard_complete ) ) for module in get_modules(): if not get_missing_permissions(self.request.user, module.get_required_permissions()): blocks.extend(module.get_help_blocks(request=self.request, kind="setup")) blocks.sort(key=lambda b: b.priority) blocks.append( SimpleHelpBlock( priority=1000, text=_("Publish your store"), description=_("Let customers browse your store and make purchases"), css_class="green", actions=[{ "method": "POST", "text": _("Publish shop"), "url": reverse("shuup_admin:shop.enable", kwargs={"pk": self.request.shop.pk}), "data": { "enable": True, "redirect": reverse("shuup_admin:dashboard") } }], icon_url="shuup_admin/img/publish.png" ) ) return context
def render(self, request): if not get_missing_permissions(request.user, self.required_permissions): yield '<a %s>' % flatatt_filter({ "href": "#", "class": self.get_computed_class(), "title": self.tooltip, "onclick": mark_safe(self.onclick) if self.onclick else None }) yield self.render_label() yield '</a>'
def get_context_data(self, **kwargs): context = super(HomeView, self).get_context_data(**kwargs) shop = get_shop(self.request) context["blocks"] = blocks = [] context["tour_key"] = "home" context["tour_complete"] = is_tour_complete(shop, "home", user=self.request.user) wizard_complete = setup_wizard_complete(self.request) wizard_url = reverse("shuup_admin:wizard") wizard_actions = [] if not wizard_complete: wizard_actions.append({ "text": _("Complete wizard"), "url": wizard_url }) else: wizard_steps = load_setup_wizard_panes(shop=shop, request=self.request, visible_only=False) for step in wizard_steps: wizard_actions.append({ "text": step.title, "url": "%s?pane_id=%s" % (wizard_url, step.identifier), "no_redirect": True }) if wizard_actions: blocks.append( SimpleHelpBlock(_("Complete the setup wizard"), actions=wizard_actions, icon_url="shuup_admin/img/configure.png", priority=-1, done=wizard_complete)) for module in get_modules(): if not get_missing_permissions(self.request.user, module.get_required_permissions()): blocks.extend( module.get_help_blocks(request=self.request, kind="setup")) blocks.sort(key=lambda b: b.priority) if not blocks: blocks.append( SimpleHelpBlock(_("All set. Nothing to be configured"), actions=[], icon_url="shuup_admin/img/configure.png", priority=-1, done=True)) return context
def get(self, request): # noqa (C901) model_name = request.GET.get("model") object_id = request.GET.get("pk", request.GET.get("id")) if not model_name or not object_id: return HttpResponseBadRequest(_("Invalid object.")) url = None try: model = apps.get_model(model_name) except LookupError: return HttpResponseBadRequest(_("Invalid model.")) instance = model.objects.filter(pk=object_id).first() if instance: required_permission = "%s.change_%s" % (instance._meta.app_label, instance._meta.model_name) missing_permissions = get_missing_permissions( request.user, [required_permission]) if missing_permissions: reason = _("You do not have the required permission(s): %s" ) % ", ".join(missing_permissions) raise Problem( _("Can't view this page. %(reason)s") % {"reason": reason}, _("Unauthorized")) # try edit first try: url = get_model_url(instance, kind="edit", user=request.user, shop=get_shop(request), required_permissions=[required_permission]) except NoModelUrl: # try detail try: url = get_model_url( instance, kind="detail", user=request.user, shop=get_shop(request), required_permissions=[required_permission]) except NoModelUrl: pass if url: # forward the mode param if request.GET.get("mode"): url = "{}?mode={}".format(url, request.GET["mode"]) return HttpResponseRedirect(url) raise Http404(_("Object not found"))
def render(self, request): if not get_missing_permissions(request.user, self.required_permissions): attrs = { "class": "dropdown-item", "title": self.tooltip, "href": self.url, "onclick": (mark_safe(self.onclick) if self.onclick else None) } yield '<a %s>' % flatatt_filter(attrs) yield self.render_label() yield '</a>'
def get_context_data(self, **kwargs): context = super(DashboardView, self).get_context_data(**kwargs) context["version"] = shuup.__version__ context["notifications"] = notifications = [] context["blocks"] = blocks = [] for module in get_modules(): if not get_missing_permissions(self.request.user, module.get_required_permissions()): notifications.extend(module.get_notifications(request=self.request)) blocks.extend(module.get_dashboard_blocks(request=self.request)) context["activity"] = get_activity(request=self.request) return context
def get_context_data(self, **kwargs): context = super(HomeView, self).get_context_data(**kwargs) shop = get_shop(self.request) context["blocks"] = blocks = [] context["tour_key"] = "home" context["tour_complete"] = is_tour_complete(shop, "home", user=self.request.user) wizard_complete = setup_wizard_complete(self.request) wizard_url = reverse("shuup_admin:wizard") wizard_actions = [] if not wizard_complete: wizard_actions.append({ "text": _("Complete wizard"), "url": wizard_url }) else: wizard_steps = load_setup_wizard_panes(shop=shop, request=self.request, visible_only=False) for step in wizard_steps: wizard_actions.append({ "text": step.title, "url": "%s?pane_id=%s" % (wizard_url, step.identifier), "no_redirect": True }) if wizard_actions: blocks.append( SimpleHelpBlock( _("Complete the setup wizard"), actions=wizard_actions, icon_url="shuup_admin/img/configure.png", priority=-1, done=wizard_complete ) ) for module in get_modules(): if not get_missing_permissions(self.request.user, module.get_required_permissions()): blocks.extend(module.get_help_blocks(request=self.request, kind="setup")) blocks.sort(key=lambda b: b.priority) if not blocks: blocks.append( SimpleHelpBlock( _("All set. Nothing to be configured"), actions=[], icon_url="shuup_admin/img/configure.png", priority=-1, done=True ) ) return context
def render(self, request): if not get_missing_permissions(request.user, self.required_permissions): yield '<button %s>' % flatatt_filter({ "form": self.form_id, # This can be used to post another form "formaction": self.post_url, "name": self.name, "value": self.value, "type": "submit", "title": self.tooltip, "class": self.get_computed_class(), "onclick": ("return confirm(%s)" % json.dumps(force_text(self.confirm)) if self.confirm else None) }) yield self.render_label() yield '</button>'
def get_context_data(self, **kwargs): context = super(DashboardView, self).get_context_data(**kwargs) context["version"] = shuup.__version__ context["notifications"] = notifications = [] context["blocks"] = blocks = [] for module in get_modules(): if not get_missing_permissions(self.request.user, module.get_required_permissions()): notifications.extend(module.get_notifications(request=self.request)) blocks.extend(module.get_dashboard_blocks(request=self.request)) # sort blocks by sort order and size, trying to make them fit better blocks.sort(key=lambda block: (block.sort_order, DashboardBlock.SIZES.index(block.size))) context["activity"] = get_activity(request=self.request) context["tour_key"] = "dashboard" context["tour_complete"] = is_tour_complete(get_shop(self.request), "dashboard", user=self.request.user) return context
def get_quicklinks(request): quicklinks = OrderedDict() for block in QUICKLINK_ORDER: quicklinks[block] = [] for module in get_modules(): if get_missing_permissions(request.user, module.get_required_permissions()): continue for help_block in module.get_help_blocks(request, kind="quicklink"): quicklinks[help_block.category].append(help_block) links = quicklinks.copy() for block, data in six.iteritems(links): if not quicklinks[block]: quicklinks.pop(block) return quicklinks
def get_menu_entries(self, request): from shuup.admin.utils.permissions import get_missing_permissions missing_permissions = get_missing_permissions( request.user, MENU_ENTRIES_URL_NAME_TO_TITLE.keys()) menu_entries = [] for url_name, title in six.iteritems(MENU_ENTRIES_URL_NAME_TO_TITLE): if url_name in settings.SHUUP_LOGGING_SKIP_MENU_ENTRY_URL_NAMES: continue if url_name not in missing_permissions: menu_entries.append( MenuEntry(text=title, icon="fa fa-archive", url="shuup_admin:%s" % url_name, category=LOG_MENU_CATEGORY, ordering=1)) return menu_entries
def _get_unauth_reason(self, request): """ Figure out if there's any reason not to allow the user access to this view via the given request. :type request: Request :param request: HttpRequest :rtype: str|None """ if self.require_authentication: if not request.user.is_authenticated(): return _("You must be logged in.") elif not getattr(request.user, 'is_staff', False): return _("You must be a staff member.") missing_permissions = get_missing_permissions(request.user, self.permissions) if missing_permissions: return _("You do not have the required permissions: %s") % ", ".join(missing_permissions)
def valid(self): """ This pane will be only valid when at least SimpleCMS or xTheme or Notify are in INSTALLED APPS """ permissions = [] if djangoenv.has_installed("shuup.simple_cms"): permissions.append("simple_cms.page.edit") if djangoenv.has_installed("shuup.notify"): permissions.append("notify.script.edit-content") from shuup.admin.utils.permissions import get_missing_permissions if get_missing_permissions(self.request.user, permissions): return False return (djangoenv.has_installed("shuup.simple_cms") or djangoenv.has_installed("shuup.xtheme") or djangoenv.has_installed("shuup.notify"))
def get_model_url(object, kind="detail", user=None, required_permissions=None, shop=None, **kwargs): """ Get a an admin object URL for the given object or object class by interrogating each admin module. If a user is provided, checks whether user has correct permissions before returning URL. Raises `NoModelUrl` if lookup fails :param object: Model or object class. :type object: class :param kind: URL kind. Currently "new", "list", "edit", "detail". :type kind: str :param user: Optional instance to check for permissions :type user: django.contrib.auth.models.User|None :param required_permissions: Optional iterable of permission strings :type required_permissions: Iterable[str]|None :param shop: The shop that owns the resource :type request: shuup.core.models.Shop|None :return: Resolved URL. :rtype: str """ for module in get_modules(): url = module.get_model_url(object, kind, shop) if not url: continue if user is None: return url else: permissions = () if required_permissions is not None: permissions = required_permissions else: # TODO: Check permission type based on kind permissions = get_default_model_permissions(object) if not get_missing_permissions(user, permissions): return url raise NoModelUrl("Can't get object URL of kind %s: %r" % (kind, force_text(object)))
def get_context_data(self, **kwargs): context = super(HomeView, self).get_context_data(**kwargs) context["blocks"] = blocks = [] context["tour_key"] = "home" context["tour_complete"] = is_tour_complete("home") wizard_complete = setup_wizard_complete() blocks.append( SimpleHelpBlock(_("Complete the setup wizard"), actions=[{ "text": _("Complete wizard"), "url": reverse("shuup_admin:wizard") }] if not wizard_complete else [], icon_url="shuup_admin/img/configure.png", priority=-1, done=wizard_complete)) for module in get_modules(): if not get_missing_permissions(self.request.user, module.get_required_permissions()): blocks.extend( module.get_help_blocks(request=self.request, kind="setup")) blocks.sort(key=lambda b: b.priority) blocks.append( SimpleHelpBlock( priority=1000, text=_("Publish your store"), description=_( "Let customers browse your store and make purchases"), css_class="green", actions=[{ "method": "POST", "text": _("Publish shop"), "url": reverse("shuup_admin:shop.enable", kwargs={"pk": self.request.shop.pk}), "data": { "enable": True, "redirect": reverse("shuup_admin:dashboard") } }], icon_url="shuup_admin/img/publish.png")) return context
def _get_unauth_reason(self, request): """ Figure out if there's any reason not to allow the user access to this view via the given request. :type request: Request :param request: HttpRequest :rtype: str|None """ if self.require_authentication: if not request.user.is_authenticated(): return _("Sign in to continue") elif not getattr(request.user, 'is_staff', False): return _("You must be a staff member.") elif not get_shop(request): return _("There is no active shop available. Contact support for more details.") missing_permissions = get_missing_permissions(request.user, self.permissions) if missing_permissions: return _("You do not have the required permissions: %s") % ", ".join(missing_permissions)
def get_context_data(order, request=None): suppliers = Supplier.objects.filter(order_lines__order=order).distinct() create_permission = "order.create-shipment" delete_permission = "order.delete-shipment" missing_permissions = get_missing_permissions(request.user, [create_permission, delete_permission]) create_urls = {} if create_permission not in missing_permissions: for supplier in suppliers: create_urls[supplier.pk] = reverse( "shuup_admin:order.create-shipment", kwargs={"pk": order.pk, "supplier_pk": supplier.pk}) delete_urls = {} if delete_permission not in missing_permissions: for shipment_id in order.shipments.all_except_deleted().values_list("id", flat=True): delete_urls[shipment_id] = reverse( "shuup_admin:order.delete-shipment", kwargs={"pk": shipment_id}) return { "suppliers": suppliers, "create_urls": create_urls, "delete_urls": delete_urls }
def get_menu_entry_categories(request): menu_categories = OrderedDict() menu_category_icons = {} for identifier, category_name, icon in MENU_CATEGORIES: menu_categories[identifier] = _MenuCategory(identifier, category_name, icon) menu_category_icons[identifier] = icon modules = list(get_modules()) for module in modules: menu_category_icons.update( (force_text(key), force_text(value)) for (key, value) in module.get_menu_category_icons().items() if key not in menu_category_icons) for module in modules: if get_missing_permissions(request.user, module.get_required_permissions()): continue for entry in (module.get_menu_entries(request=request) or ()): category_identifier = entry.category category = menu_categories.get( category_identifier) if category_identifier else None if not category: category_identifier = force_text(category_identifier or module.name) category = menu_categories.get(category_identifier) if not category: menu_categories[ category_identifier] = category = _MenuCategory( identifier=category_identifier, name=category_identifier, icon=menu_category_icons.get( category_identifier, "fa fa-circle")) category.entries.append(entry) return [ c for identifier, c in six.iteritems(menu_categories) if len(c.entries) > 0 ]
def get_model_url(object, kind="detail", user=None, required_permissions=None): """ Get a an admin object URL for the given object or object class by interrogating each admin module. If a user is provided, checks whether user has correct permissions before returning URL. Raises `NoModelUrl` if lookup fails :param object: Model or object class. :type object: class :param kind: URL kind. Currently "new", "list", "edit", "detail". :type kind: str :param user: Optional instance to check for permissions :type user: django.contrib.auth.models.User|None :param required_permissions: Optional iterable of permission strings :type required_permissions: Iterable[str]|None :return: Resolved URL. :rtype: str """ for module in get_modules(): url = module.get_model_url(object, kind) if not url: continue if user is None: return url else: permissions = () if required_permissions is not None: permissions = required_permissions else: # TODO: Check permission type based on kind permissions = get_default_model_permissions(object) if not get_missing_permissions(user, permissions): return url raise NoModelUrl("Can't get object URL of kind %s: %r" % (kind, force_text(object)))
def get_menu_entry_categories(request): menu_categories = {} menu_category_icons = {} modules = list(get_modules()) for module in modules: menu_category_icons.update( (force_text(key), force_text(value)) for (key, value) in module.get_menu_category_icons().items() ) for module in modules: if not get_missing_permissions(request.user, module.get_required_permissions()): for entry in (module.get_menu_entries(request=request) or ()): category_name = force_text(entry.category or module.name) category = menu_categories.get(category_name) if not category: menu_categories[category_name] = category = _MenuCategory( name=category_name, icon=menu_category_icons.get(category_name, "fa fa-circle") ) category.entries.append(entry) return SortedDict(sorted((c.name, c) for c in sorted(menu_categories.values(), key=lambda c: c.name)))
def get_formparts_for_provide_key(user, provide_key): provide_objects = list(get_provide_objects(provide_key)) missing_permissions = get_missing_permissions(user, [form.__name__ for form in provide_objects]) return [ provide_object for provide_object in provide_objects if provide_object.__name__ not in missing_permissions ]
def render(self, request): if not get_missing_permissions(request.user, self.required_permissions): yield '<li class="dropdown-header">%s</li>' % self.text
def get_model_url(object, kind="detail", user=None, required_permissions=None, shop=None, raise_permission_denied=False, **kwargs): """ Get a an admin object URL for the given object or object class by interrogating each admin module. If a user is provided, checks whether user has correct permissions before returning URL. Raises `NoModelUrl` if lookup fails :param object: Model or object class. :type object: class :param kind: URL kind. Currently "new", "list", "edit", "detail". :type kind: str :param user: Optional instance to check for permissions :type user: django.contrib.auth.models.User|None :param required_permissions: Optional iterable of permission strings :type required_permissions: Iterable[str]|None :param shop: The shop that owns the resource :type request: shuup.core.models.Shop|None :param raise_permission_denied: raise PermissionDenied exception if the url is found but user has not permission. If false, None will be returned instead. Default is False :type raise_permission_denied: bool :return: Resolved URL. :rtype: str """ for module in get_modules(): url = module.get_model_url(object, kind, shop) if not url: continue if user is None: return url from django.core.urlresolvers import resolve, Resolver404 try: if required_permissions is not None: warnings.warn( "required_permissions parameter will be deprecated in Shuup 2.0 as unused for this util.", DeprecationWarning ) permissions = required_permissions else: resolved = resolve(url) from shuup.admin.utils.permissions import get_permissions_for_module_url permissions = get_permissions_for_module_url(module, resolved.url_name) missing_permissions = get_missing_permissions(user, permissions) if not missing_permissions: return url if raise_permission_denied: from django.core.exceptions import PermissionDenied reason = _("Can't view this page. You do not have the required permission(s): {permissions}").format( permissions=", ".join(missing_permissions) ) raise PermissionDenied(reason) except Resolver404: # what are you doing developer? return url raise NoModelUrl("Can't get object URL of kind %s: %r" % (kind, force_text(object)))
def get_model_url(object, kind="detail", user=None, required_permissions=None, shop=None, raise_permission_denied=False, **kwargs): """ Get a an admin object URL for the given object or object class by interrogating each admin module. If a user is provided, checks whether user has correct permissions before returning URL. Raises `NoModelUrl` if lookup fails :param object: Model or object class. :type object: class :param kind: URL kind. Currently "new", "list", "edit", "detail". :type kind: str :param user: Optional instance to check for permissions. :type user: django.contrib.auth.models.User|None :param required_permissions: Optional iterable of permission strings. :type required_permissions: Iterable[str]|None :param shop: The shop that owns the resource. :type request: shuup.core.models.Shop|None :param raise_permission_denied: raise PermissionDenied exception if the url is found but user has not permission. If false, None will be returned instead. Default is False. :type raise_permission_denied: bool :return: Resolved URL. :rtype: str """ for module in get_modules(): url = module.get_model_url(object, kind, shop) if not url: continue if user is None: return url from shuup.utils.django_compat import Resolver404, resolve try: if required_permissions is not None: warnings.warn( "Warning! `required_permissions` parameter will be deprecated " "in Shuup 2.0 as unused for this util.", DeprecationWarning, ) permissions = required_permissions else: resolved = resolve(url) from shuup.admin.utils.permissions import get_permissions_for_module_url permissions = get_permissions_for_module_url( module, resolved.url_name) missing_permissions = get_missing_permissions(user, permissions) if not missing_permissions: return url if raise_permission_denied: from django.core.exceptions import PermissionDenied reason = _( "Can't view this page. You do not have the required permission(s): `{permissions}`." ).format(permissions=", ".join(missing_permissions)) raise PermissionDenied(reason) except Resolver404: # what are you doing developer? return url raise NoModelUrl("Error! Can't get object URL of kind %s: %r." % (kind, force_text(object)))
def render(self, request): if not get_missing_permissions(request.user, self.required_permissions): yield '<h6 class="dropdown-header">%s</h6>' % self.text