def test_user_permission_cache_bump(rf):
user = factories.get_default_staff_user()
group_a = Group.objects.create(name="Group A")
group_b = Group.objects.create(name="Group B")
group_a_permissions = ["purchase", "sell"]
group_b_permissions = ["delete", "create"]
set_permissions_for_group(group_a, set(group_a_permissions))
set_permissions_for_group(group_b, set(group_b_permissions))
all_permissions = set(group_a_permissions + group_b_permissions)
# as user is not in any group, it misses all the groups
assert get_missing_permissions(user, all_permissions) == all_permissions
# add the user to Group A
user.groups.add(group_a)
# the user misses the group_b permissions
assert get_missing_permissions(user,
all_permissions) == set(group_b_permissions)
# make the user be part only of group b
group_b.user_set.add(user)
group_a.user_set.remove(user)
# the user misses the group_a permissions
assert get_missing_permissions(user,
all_permissions) == set(group_a_permissions)
# user is part of all groups
user.groups.set([group_a, group_b])
assert get_missing_permissions(user, all_permissions) == set()
def get_menu_entry_categories(request):
menu_categories = OrderedDict()
menu_category_icons = {}
for identifier, category_name, icon in MENU_CATEGORIES:
menu_categories[identifier] = _MenuCategory(category_name, icon)
menu_category_icons[identifier] = icon
modules = list(get_modules())
for module in modules:
menu_category_icons.update(
(force_text(key), force_text(value))
for (key, value) in module.get_menu_category_icons().items()
if key not in menu_category_icons
)
for module in modules:
if get_missing_permissions(request.user, module.get_required_permissions()):
continue
for entry in (module.get_menu_entries(request=request) or ()):
category_identifier = entry.category
category = menu_categories.get(category_identifier) if category_identifier else None
if not category:
category_identifier = force_text(category_identifier or module.name)
category = menu_categories.get(category_identifier)
if not category:
menu_categories[category_identifier] = category = _MenuCategory(
name=category_identifier,
icon=menu_category_icons.get(category_identifier, "fa fa-circle")
)
category.entries.append(entry)
return [c for identifier, c in six.iteritems(menu_categories) if len(c.entries) > 0]
def get_menu_entry_categories(request):
menu_categories = {}
menu_category_icons = {}
modules = list(get_modules())
for module in modules:
menu_category_icons.update(
(force_text(key), force_text(value))
for (key, value) in module.get_menu_category_icons().items())
for module in modules:
if not get_missing_permissions(request.user,
module.get_required_permissions()):
for entry in (module.get_menu_entries(request=request) or ()):
category_name = force_text(entry.category or module.name)
category = menu_categories.get(category_name)
if not category:
menu_categories[category_name] = category = _MenuCategory(
name=category_name,
icon=menu_category_icons.get(category_name,
"fa fa-circle"))
category.entries.append(entry)
return SortedDict(
sorted(
(c.name, c)
for c in sorted(menu_categories.values(), key=lambda c: c.name)))
def get_search_results(request, query):
fuzzer = FuzzyMatcher(query)
normal_results = []
menu_entry_results = []
for module in get_modules():
if get_missing_permissions(request.user, module.get_required_permissions()):
continue
normal_results.extend(module.get_search_results(request, query) or ())
for menu_entry in module.get_menu_entries(request) or ():
texts = (menu_entry.get_search_query_texts() or ())
if any(fuzzer.test(text) for text in texts):
menu_entry_results.append(SearchResult(
text=menu_entry.text,
url=menu_entry.url,
icon=menu_entry.icon,
category=menu_entry.category,
relevance=90,
is_action=True
))
results = sorted(
chain(normal_results, menu_entry_results),
key=lambda r: r.relevance,
reverse=True
)
return results
def get_context_data(order, request=None):
suppliers = Supplier.objects.filter(
order_lines__order=order).distinct()
create_permission = "order.create-shipment"
delete_permission = "order.delete-shipment"
missing_permissions = get_missing_permissions(
request.user, [create_permission, delete_permission])
create_urls = {}
if create_permission not in missing_permissions:
for supplier in suppliers:
create_urls[supplier.pk] = reverse(
"shuup_admin:order.create-shipment",
kwargs={
"pk": order.pk,
"supplier_pk": supplier.pk
})
delete_urls = {}
if delete_permission not in missing_permissions:
for shipment_id in order.shipments.all_except_deleted(
).values_list("id", flat=True):
delete_urls[shipment_id] = reverse(
"shuup_admin:order.delete-shipment",
kwargs={"pk": shipment_id})
return {
"suppliers": suppliers,
"create_urls": create_urls,
"delete_urls": delete_urls
}
def get_stock_adjustment_div(request, supplier, product):
"""
Get html string to adjust stock values
Contains inputs for purchase_price_value and delta
:param request: HTTP request
:type request: django.http.HttpRequest
:param supplier: shuup Supplier
:type supplier: shuup.core.models.Supplier
:param product: shuup Product
:type product: shuup.core.models.Product
:return: html div as a string
:rtype: str
"""
latest_adjustment = StockAdjustment.objects.filter(
product=product, supplier=supplier, type=StockAdjustmentType.INVENTORY
).last()
purchase_price = latest_adjustment.purchase_price_value if latest_adjustment else Decimal("0.00")
context = {
"product": product,
"supplier": supplier,
"delta_step": pow(0.1, product.sales_unit.decimals),
"adjustment_form": StockAdjustmentForm(initial={"purchase_price": purchase_price, "delta": None}),
}
if "shuup.notify" in settings.INSTALLED_APPS:
from shuup.notify.models import Notification
context["alert_limit_form"] = AlertLimitForm(initial={"alert_limit": 0})
if not get_missing_permissions(request.user, get_default_model_permissions(Notification)):
context["notify_url"] = reverse("shuup_admin:notify.script.list")
else:
context["notify_url"] = ""
return render_to_string("shuup/simple_supplier/admin/add_stock_form.jinja", context=context, request=request)
def render(self, request):
if not get_missing_permissions(request.user, self.required_permissions):
yield "<a %s>" % flatatt_filter(
{"href": self.url, "class": self.get_computed_class(), "title": self.tooltip}
)
yield self.render_label()
yield "</a>"
def get_stock_adjustment_div(request, supplier, product):
"""
Get html string to adjust stock values
Contains inputs for purchase_price_value and delta
:param request: HTTP request
:type request: django.http.HttpRequest
:param supplier: shuup Supplier
:type supplier: shuup.core.models.Supplier
:param product: shuup Product
:type product: shuup.core.models.Product
:return: html div as a string
:rtype: str
"""
stock = StockCount.objects.get_or_create(product=product, supplier=supplier)[0]
latest_adjustment = StockAdjustment.objects.filter(
product=product, supplier=supplier, type=StockAdjustmentType.INVENTORY).last()
purchase_price = (latest_adjustment.purchase_price.as_rounded().value if latest_adjustment else Decimal())
context = {
"product": product,
"supplier": supplier,
"delta_step": pow(0.1, product.sales_unit.decimals) if product.sales_unit.decimals else 0,
"adjustment_form": StockAdjustmentForm(initial={"purchase_price": purchase_price, "delta": None}),
"stock": stock,
"stock_managed_form": StockManagedForm(initial={"stock_managed": not stock.stock_managed})
}
if "shuup.notify" in settings.INSTALLED_APPS:
context["alert_limit_form"] = AlertLimitForm(initial={"alert_limit": stock.alert_limit or Decimal()})
if not get_missing_permissions(request.user, ("notify.script.list",)):
context["notify_url"] = reverse("shuup_admin:notify.script.list")
else:
context["notify_url"] = ""
return render_to_string("shuup/simple_supplier/admin/add_stock_form.jinja", context=context, request=request)
def get_stock_adjustment_div(request, supplier, product):
"""
Get html string to adjust stock values
Contains inputs for purchase_price_value and delta
:param request: HTTP request
:type request: django.http.HttpRequest
:param supplier: shuup Supplier
:type supplier: shuup.core.models.Supplier
:param product: shuup Product
:type product: shuup.core.models.Product
:return: html div as a string
:rtype: str
"""
latest_adjustment = StockAdjustment.objects.filter(
product=product, supplier=supplier, type=StockAdjustmentType.INVENTORY).last()
purchase_price = (latest_adjustment.purchase_price_value if latest_adjustment else Decimal("0.00"))
context = {
"product": product,
"supplier": supplier,
"delta_step": pow(0.1, product.sales_unit.decimals),
"adjustment_form": StockAdjustmentForm(initial={"purchase_price": purchase_price, "delta": None}),
}
if "shuup.notify" in settings.INSTALLED_APPS:
from shuup.notify.models import Notification
context["alert_limit_form"] = AlertLimitForm(initial={"alert_limit": 0})
if not get_missing_permissions(request.user, get_default_model_permissions(Notification)):
context["notify_url"] = reverse("shuup_admin:notify.script.list")
else:
context["notify_url"] = ""
return render_to_string("shuup/simple_supplier/admin/add_stock_form.jinja", context=context, request=request)
def _get_unauth_reason(self, request):
"""
Figure out if there's any reason not to allow the user access to this view via the given request.
:type request: Request.
:param request: HttpRequest
:rtype: str|None
"""
if self.require_authentication:
if not is_authenticated(request.user):
return _("Sign in to continue.")
elif not getattr(request.user, "is_staff", False):
return _(
"Your account must have `Access to Admin Panel` permissions to access this page."
)
elif not get_shop(request):
return _(
"There is no active shop available. Contact support for more details."
)
missing_permissions = get_missing_permissions(request.user,
self.permissions)
if missing_permissions:
return _("You do not have the required permissions: %s"
) % ", ".join(missing_permissions)
def render(self, request):
if not get_missing_permissions(request.user, self.required_permissions):
yield '<li>'
button = super(PostActionDropdownItem, self).render(request)
for bit in button:
yield bit
yield '</li>'
def render(self, request):
if not get_missing_permissions(request.user,
self.required_permissions):
if not self.items:
return
yield '<div class="btn-group" role="group">'
if self.split_button:
for bit in self.split_button.render(request):
yield bit
yield '<button %s>' % flatatt_filter(
{
"type": "button",
"class": self.get_computed_class(),
"data-toggle": "dropdown",
"title": self.tooltip
})
if not self.split_button:
yield self.render_label()
yield " "
yield '<i class="fa fa-chevron-down"></i>'
yield '</button>'
for bit in self.render_dropdown(request):
yield bit
yield '</div>'
def get_search_results(request, query):
fuzzer = FuzzyMatcher(query)
normal_results = []
menu_entry_results = []
for module in get_modules():
if get_missing_permissions(request.user, module.get_required_permissions()):
continue
normal_results.extend(module.get_search_results(request, query) or ())
for menu_entry in module.get_menu_entries(request) or ():
texts = (menu_entry.get_search_query_texts() or ())
if any(fuzzer.test(text) for text in texts):
menu_entry_results.append(SearchResult(
text=menu_entry.text,
url=menu_entry.url,
icon=menu_entry.icon,
category=menu_entry.category,
relevance=90,
is_action=True
))
results = sorted(
chain(normal_results, menu_entry_results),
key=lambda r: r.relevance,
reverse=True
)
return results
def render(self, request):
if not get_missing_permissions(request.user, self.required_permissions):
if not self.items:
return
yield '<div class="btn-group" role="group">'
if self.split_button:
for bit in self.split_button.render(request):
yield bit
yield '<button %s>' % flatatt_filter({
"type": "button",
"class": self.get_computed_class(),
"data-toggle": "dropdown",
"title": self.tooltip
})
if not self.split_button:
yield self.render_label()
yield " "
yield '</button>'
for bit in self.render_dropdown(request):
yield bit
yield '</div>'
def get_menu_entry_categories(request):
menu_categories = OrderedDict()
menu_children = OrderedDict()
menu_category_icons = {}
for menu_item in MAIN_MENU:
identifier = menu_item["identifier"]
icon = menu_item["icon"]
menu_categories[identifier] = _MenuCategory(
identifier=identifier,
name=menu_item["title"],
icon=icon,
)
for child in menu_item["children"]:
child_identifier = "%s:%s" % (identifier, child["identifier"])
child_category = _MenuCategory(child["identifier"], child["title"], None)
menu_children[child_identifier] = child_category
menu_categories[identifier].children.append(child_category)
menu_category_icons[identifier] = icon
modules = list(get_modules())
for module in modules:
menu_category_icons.update(
(force_text(key), force_text(value))
for (key, value) in module.get_menu_category_icons().items()
if key not in menu_category_icons
)
all_categories = set()
for module in modules:
if get_missing_permissions(request.user, module.get_required_permissions()):
continue
for entry in (module.get_menu_entries(request=request) or ()):
category_identifier = entry.category
subcategory = entry.subcategory
entry_identifier = "%s:%s" % (category_identifier, subcategory) if subcategory else category_identifier
menu_items = menu_children if subcategory else menu_categories
category = menu_items.get(entry_identifier)
if not category:
category_identifier = force_text(category_identifier or module.name)
category = menu_items.get(category_identifier)
if not category:
menu_items[category_identifier] = category = _MenuCategory(
identifier=category_identifier,
name=category_identifier,
icon=menu_category_icons.get(category_identifier, "fa fa-circle")
)
category.entries.append(entry)
if subcategory:
parent = menu_categories.get(category_identifier)
all_categories.add(parent)
else:
all_categories.add(category)
return [c for menu_identifier, c in six.iteritems(menu_categories) if c in all_categories]
def get_formparts_for_provide_key(user, provide_key):
provide_objects = list(get_provide_objects(provide_key))
missing_permissions = get_missing_permissions(
user, [form.__name__ for form in provide_objects])
return [
provide_object for provide_object in provide_objects
if provide_object.__name__ not in missing_permissions
]
def render(self, request):
if not get_missing_permissions(request.user,
self.required_permissions):
yield '<li>'
button = super(PostActionDropdownItem, self).render(request)
for bit in button:
yield bit
yield '</li>'
def get_quicklinks(request):
quicklinks = []
for module in get_modules():
if get_missing_permissions(request.user,
module.get_required_permissions()):
continue
quicklinks.extend(module.get_help_blocks(request, kind="quicklink"))
return quicklinks
def get_context_data(self, **kwargs):
context = super(HomeView, self).get_context_data(**kwargs)
context["blocks"] = blocks = []
context["tour_key"] = "home"
context["tour_complete"] = is_tour_complete(get_shop(self.request), "home")
wizard_complete = setup_wizard_complete(self.request)
wizard_url = reverse("shuup_admin:wizard")
wizard_actions = []
if not wizard_complete:
wizard_actions.append({
"text": _("Complete wizard"),
"url": wizard_url
})
else:
wizard_steps = load_setup_wizard_panes(
shop=self.request.shop, request=self.request, visible_only=False)
for step in wizard_steps:
wizard_actions.append({
"text": step.title,
"url": "%s?pane_id=%s" % (wizard_url, step.identifier),
"no_redirect": True
})
blocks.append(
SimpleHelpBlock(
_("Complete the setup wizard"),
actions=wizard_actions,
icon_url="shuup_admin/img/configure.png",
priority=-1,
done=wizard_complete
)
)
for module in get_modules():
if not get_missing_permissions(self.request.user, module.get_required_permissions()):
blocks.extend(module.get_help_blocks(request=self.request, kind="setup"))
blocks.sort(key=lambda b: b.priority)
blocks.append(
SimpleHelpBlock(
priority=1000,
text=_("Publish your store"),
description=_("Let customers browse your store and make purchases"),
css_class="green ",
actions=[{
"method": "POST",
"text": _("Publish shop"),
"url": reverse("shuup_admin:shop.enable", kwargs={"pk": self.request.shop.pk}),
"data": {
"enable": True,
"redirect": reverse("shuup_admin:dashboard")
}
}],
icon_url="shuup_admin/img/publish.png",
done=not self.request.shop.maintenance_mode
)
)
return context
def get_menu_entry_categories(request): # noqa (C901)
menu_categories = OrderedDict()
# Update main menu from provides
main_menu = extend_main_menu(MAIN_MENU)
menu_category_icons = {}
for menu_item in main_menu:
identifier = menu_item["identifier"]
icon = menu_item["icon"]
menu_categories[identifier] = _MenuCategory(
identifier=identifier,
name=menu_item["title"],
icon=icon,
)
menu_category_icons[identifier] = icon
modules = list(get_modules())
for module in modules:
menu_category_icons.update(
(force_text(key), force_text(value))
for (key, value) in module.get_menu_category_icons().items()
if key not in menu_category_icons)
all_categories = set()
for module in modules:
if get_missing_permissions(request.user,
module.get_required_permissions()):
continue
for entry in module.get_menu_entries(request=request) or ():
category = menu_categories.get(entry.category)
if not category:
category_identifier = force_text(entry.category or module.name)
category = menu_categories.get(category_identifier)
if not category:
menu_categories[
category_identifier] = category = _MenuCategory(
identifier=category_identifier,
name=category_identifier,
icon=menu_category_icons.get(
category_identifier, "fa fa-circle"),
)
category.entries.append(entry)
all_categories.add(category)
# clean categories that eventually have no children or entries
categories = []
for cat in all_categories:
if not cat.entries:
continue
categories.append(cat)
clean_categories = [
c for menu_identifier, c in six.iteritems(menu_categories)
if c in categories
]
return customize_menu(clean_categories, request)
def render(self, request):
if not get_missing_permissions(request.user, self.required_permissions):
yield '<a %s>' % flatatt_filter({
"href": self.url,
"class": self.get_computed_class(),
"title": self.tooltip
})
yield self.render_label()
yield '</a>'
def get_context_data(self, **kwargs):
context = super(HomeView, self).get_context_data(**kwargs)
context["blocks"] = blocks = []
context["tour_key"] = "home"
context["tour_complete"] = is_tour_complete("home")
wizard_complete = setup_wizard_complete()
wizard_url = reverse("shuup_admin:wizard")
wizard_actions = []
if not wizard_complete:
wizard_actions.append({
"text": _("Complete wizard"),
"url": wizard_url
})
else:
wizard_steps = load_setup_wizard_panes(
shop=Shop.objects.first(), request=self.request, visible_only=False)
for step in wizard_steps:
wizard_actions.append({
"text": step.title,
"url": "%s?pane_id=%s" % (wizard_url, step.identifier),
"no_redirect": True
})
blocks.append(
SimpleHelpBlock(
_("Complete the setup wizard"),
actions=wizard_actions,
icon_url="shuup_admin/img/configure.png",
priority=-1,
done=wizard_complete
)
)
for module in get_modules():
if not get_missing_permissions(self.request.user, module.get_required_permissions()):
blocks.extend(module.get_help_blocks(request=self.request, kind="setup"))
blocks.sort(key=lambda b: b.priority)
blocks.append(
SimpleHelpBlock(
priority=1000,
text=_("Publish your store"),
description=_("Let customers browse your store and make purchases"),
css_class="green",
actions=[{
"method": "POST",
"text": _("Publish shop"),
"url": reverse("shuup_admin:shop.enable", kwargs={"pk": self.request.shop.pk}),
"data": {
"enable": True,
"redirect": reverse("shuup_admin:dashboard")
}
}],
icon_url="shuup_admin/img/publish.png"
)
)
return context
def render(self, request):
if not get_missing_permissions(request.user, self.required_permissions):
yield '<a %s>' % flatatt_filter({
"href": "#",
"class": self.get_computed_class(),
"title": self.tooltip,
"onclick": mark_safe(self.onclick) if self.onclick else None
})
yield self.render_label()
yield '</a>'
def render(self, request):
if not get_missing_permissions(request.user, self.required_permissions):
yield '<a %s>' % flatatt_filter({
"href": "#",
"class": self.get_computed_class(),
"title": self.tooltip,
"onclick": mark_safe(self.onclick) if self.onclick else None
})
yield self.render_label()
yield '</a>'
def get_context_data(self, **kwargs):
context = super(HomeView, self).get_context_data(**kwargs)
shop = get_shop(self.request)
context["blocks"] = blocks = []
context["tour_key"] = "home"
context["tour_complete"] = is_tour_complete(shop,
"home",
user=self.request.user)
wizard_complete = setup_wizard_complete(self.request)
wizard_url = reverse("shuup_admin:wizard")
wizard_actions = []
if not wizard_complete:
wizard_actions.append({
"text": _("Complete wizard"),
"url": wizard_url
})
else:
wizard_steps = load_setup_wizard_panes(shop=shop,
request=self.request,
visible_only=False)
for step in wizard_steps:
wizard_actions.append({
"text":
step.title,
"url":
"%s?pane_id=%s" % (wizard_url, step.identifier),
"no_redirect":
True
})
if wizard_actions:
blocks.append(
SimpleHelpBlock(_("Complete the setup wizard"),
actions=wizard_actions,
icon_url="shuup_admin/img/configure.png",
priority=-1,
done=wizard_complete))
for module in get_modules():
if not get_missing_permissions(self.request.user,
module.get_required_permissions()):
blocks.extend(
module.get_help_blocks(request=self.request, kind="setup"))
blocks.sort(key=lambda b: b.priority)
if not blocks:
blocks.append(
SimpleHelpBlock(_("All set. Nothing to be configured"),
actions=[],
icon_url="shuup_admin/img/configure.png",
priority=-1,
done=True))
return context
def get(self, request): # noqa (C901)
model_name = request.GET.get("model")
object_id = request.GET.get("pk", request.GET.get("id"))
if not model_name or not object_id:
return HttpResponseBadRequest(_("Invalid object."))
url = None
try:
model = apps.get_model(model_name)
except LookupError:
return HttpResponseBadRequest(_("Invalid model."))
instance = model.objects.filter(pk=object_id).first()
if instance:
required_permission = "%s.change_%s" % (instance._meta.app_label,
instance._meta.model_name)
missing_permissions = get_missing_permissions(
request.user, [required_permission])
if missing_permissions:
reason = _("You do not have the required permission(s): %s"
) % ", ".join(missing_permissions)
raise Problem(
_("Can't view this page. %(reason)s") % {"reason": reason},
_("Unauthorized"))
# try edit first
try:
url = get_model_url(instance,
kind="edit",
user=request.user,
shop=get_shop(request),
required_permissions=[required_permission])
except NoModelUrl:
# try detail
try:
url = get_model_url(
instance,
kind="detail",
user=request.user,
shop=get_shop(request),
required_permissions=[required_permission])
except NoModelUrl:
pass
if url:
# forward the mode param
if request.GET.get("mode"):
url = "{}?mode={}".format(url, request.GET["mode"])
return HttpResponseRedirect(url)
raise Http404(_("Object not found"))
def render(self, request):
if not get_missing_permissions(request.user, self.required_permissions):
attrs = {
"class": "dropdown-item",
"title": self.tooltip,
"href": self.url,
"onclick": (mark_safe(self.onclick) if self.onclick else None)
}
yield '<a %s>' % flatatt_filter(attrs)
yield self.render_label()
yield '</a>'
def get_context_data(self, **kwargs):
context = super(DashboardView, self).get_context_data(**kwargs)
context["version"] = shuup.__version__
context["notifications"] = notifications = []
context["blocks"] = blocks = []
for module in get_modules():
if not get_missing_permissions(self.request.user, module.get_required_permissions()):
notifications.extend(module.get_notifications(request=self.request))
blocks.extend(module.get_dashboard_blocks(request=self.request))
context["activity"] = get_activity(request=self.request)
return context
def render(self, request):
if not get_missing_permissions(request.user, self.required_permissions):
attrs = {
"class": "dropdown-item",
"title": self.tooltip,
"href": self.url,
"onclick": (mark_safe(self.onclick) if self.onclick else None)
}
yield '<a %s>' % flatatt_filter(attrs)
yield self.render_label()
yield '</a>'
def get_context_data(self, **kwargs):
context = super(HomeView, self).get_context_data(**kwargs)
shop = get_shop(self.request)
context["blocks"] = blocks = []
context["tour_key"] = "home"
context["tour_complete"] = is_tour_complete(shop, "home", user=self.request.user)
wizard_complete = setup_wizard_complete(self.request)
wizard_url = reverse("shuup_admin:wizard")
wizard_actions = []
if not wizard_complete:
wizard_actions.append({
"text": _("Complete wizard"),
"url": wizard_url
})
else:
wizard_steps = load_setup_wizard_panes(shop=shop, request=self.request, visible_only=False)
for step in wizard_steps:
wizard_actions.append({
"text": step.title,
"url": "%s?pane_id=%s" % (wizard_url, step.identifier),
"no_redirect": True
})
if wizard_actions:
blocks.append(
SimpleHelpBlock(
_("Complete the setup wizard"),
actions=wizard_actions,
icon_url="shuup_admin/img/configure.png",
priority=-1,
done=wizard_complete
)
)
for module in get_modules():
if not get_missing_permissions(self.request.user, module.get_required_permissions()):
blocks.extend(module.get_help_blocks(request=self.request, kind="setup"))
blocks.sort(key=lambda b: b.priority)
if not blocks:
blocks.append(
SimpleHelpBlock(
_("All set. Nothing to be configured"),
actions=[],
icon_url="shuup_admin/img/configure.png",
priority=-1,
done=True
)
)
return context
def render(self, request):
if not get_missing_permissions(request.user, self.required_permissions):
yield '<button %s>' % flatatt_filter({
"form": self.form_id, # This can be used to post another form
"formaction": self.post_url,
"name": self.name,
"value": self.value,
"type": "submit",
"title": self.tooltip,
"class": self.get_computed_class(),
"onclick": ("return confirm(%s)" % json.dumps(force_text(self.confirm)) if self.confirm else None)
})
yield self.render_label()
yield '</button>'
def render(self, request):
if not get_missing_permissions(request.user, self.required_permissions):
yield '<button %s>' % flatatt_filter({
"form": self.form_id, # This can be used to post another form
"formaction": self.post_url,
"name": self.name,
"value": self.value,
"type": "submit",
"title": self.tooltip,
"class": self.get_computed_class(),
"onclick": ("return confirm(%s)" % json.dumps(force_text(self.confirm)) if self.confirm else None)
})
yield self.render_label()
yield '</button>'
def get_context_data(self, **kwargs):
context = super(DashboardView, self).get_context_data(**kwargs)
context["version"] = shuup.__version__
context["notifications"] = notifications = []
context["blocks"] = blocks = []
for module in get_modules():
if not get_missing_permissions(self.request.user, module.get_required_permissions()):
notifications.extend(module.get_notifications(request=self.request))
blocks.extend(module.get_dashboard_blocks(request=self.request))
# sort blocks by sort order and size, trying to make them fit better
blocks.sort(key=lambda block: (block.sort_order, DashboardBlock.SIZES.index(block.size)))
context["activity"] = get_activity(request=self.request)
context["tour_key"] = "dashboard"
context["tour_complete"] = is_tour_complete(get_shop(self.request), "dashboard", user=self.request.user)
return context
def get_context_data(self, **kwargs):
context = super(DashboardView, self).get_context_data(**kwargs)
context["version"] = shuup.__version__
context["notifications"] = notifications = []
context["blocks"] = blocks = []
for module in get_modules():
if not get_missing_permissions(self.request.user, module.get_required_permissions()):
notifications.extend(module.get_notifications(request=self.request))
blocks.extend(module.get_dashboard_blocks(request=self.request))
# sort blocks by sort order and size, trying to make them fit better
blocks.sort(key=lambda block: (block.sort_order, DashboardBlock.SIZES.index(block.size)))
context["activity"] = get_activity(request=self.request)
context["tour_key"] = "dashboard"
context["tour_complete"] = is_tour_complete(get_shop(self.request), "dashboard", user=self.request.user)
return context
def get_quicklinks(request):
quicklinks = OrderedDict()
for block in QUICKLINK_ORDER:
quicklinks[block] = []
for module in get_modules():
if get_missing_permissions(request.user, module.get_required_permissions()):
continue
for help_block in module.get_help_blocks(request, kind="quicklink"):
quicklinks[help_block.category].append(help_block)
links = quicklinks.copy()
for block, data in six.iteritems(links):
if not quicklinks[block]:
quicklinks.pop(block)
return quicklinks
def get_quicklinks(request):
quicklinks = OrderedDict()
for block in QUICKLINK_ORDER:
quicklinks[block] = []
for module in get_modules():
if get_missing_permissions(request.user, module.get_required_permissions()):
continue
for help_block in module.get_help_blocks(request, kind="quicklink"):
quicklinks[help_block.category].append(help_block)
links = quicklinks.copy()
for block, data in six.iteritems(links):
if not quicklinks[block]:
quicklinks.pop(block)
return quicklinks
def get_menu_entries(self, request):
from shuup.admin.utils.permissions import get_missing_permissions
missing_permissions = get_missing_permissions(
request.user, MENU_ENTRIES_URL_NAME_TO_TITLE.keys())
menu_entries = []
for url_name, title in six.iteritems(MENU_ENTRIES_URL_NAME_TO_TITLE):
if url_name in settings.SHUUP_LOGGING_SKIP_MENU_ENTRY_URL_NAMES:
continue
if url_name not in missing_permissions:
menu_entries.append(
MenuEntry(text=title,
icon="fa fa-archive",
url="shuup_admin:%s" % url_name,
category=LOG_MENU_CATEGORY,
ordering=1))
return menu_entries
def _get_unauth_reason(self, request):
"""
Figure out if there's any reason not to allow the user access to this view via the given request.
:type request: Request
:param request: HttpRequest
:rtype: str|None
"""
if self.require_authentication:
if not request.user.is_authenticated():
return _("You must be logged in.")
elif not getattr(request.user, 'is_staff', False):
return _("You must be a staff member.")
missing_permissions = get_missing_permissions(request.user, self.permissions)
if missing_permissions:
return _("You do not have the required permissions: %s") % ", ".join(missing_permissions)
def valid(self):
"""
This pane will be only valid when at least
SimpleCMS or xTheme or Notify are in INSTALLED APPS
"""
permissions = []
if djangoenv.has_installed("shuup.simple_cms"):
permissions.append("simple_cms.page.edit")
if djangoenv.has_installed("shuup.notify"):
permissions.append("notify.script.edit-content")
from shuup.admin.utils.permissions import get_missing_permissions
if get_missing_permissions(self.request.user, permissions):
return False
return (djangoenv.has_installed("shuup.simple_cms") or djangoenv.has_installed("shuup.xtheme") or
djangoenv.has_installed("shuup.notify"))
def get_model_url(object,
kind="detail",
user=None,
required_permissions=None,
shop=None,
**kwargs):
"""
Get a an admin object URL for the given object or object class by
interrogating each admin module.
If a user is provided, checks whether user has correct permissions
before returning URL.
Raises `NoModelUrl` if lookup fails
:param object: Model or object class.
:type object: class
:param kind: URL kind. Currently "new", "list", "edit", "detail".
:type kind: str
:param user: Optional instance to check for permissions
:type user: django.contrib.auth.models.User|None
:param required_permissions: Optional iterable of permission strings
:type required_permissions: Iterable[str]|None
:param shop: The shop that owns the resource
:type request: shuup.core.models.Shop|None
:return: Resolved URL.
:rtype: str
"""
for module in get_modules():
url = module.get_model_url(object, kind, shop)
if not url:
continue
if user is None:
return url
else:
permissions = ()
if required_permissions is not None:
permissions = required_permissions
else:
# TODO: Check permission type based on kind
permissions = get_default_model_permissions(object)
if not get_missing_permissions(user, permissions):
return url
raise NoModelUrl("Can't get object URL of kind %s: %r" %
(kind, force_text(object)))
def _get_unauth_reason(self, request):
"""
Figure out if there's any reason not to allow the user access to this view via the given request.
:type request: Request
:param request: HttpRequest
:rtype: str|None
"""
if self.require_authentication:
if not request.user.is_authenticated():
return _("You must be logged in.")
elif not getattr(request.user, 'is_staff', False):
return _("You must be a staff member.")
missing_permissions = get_missing_permissions(request.user, self.permissions)
if missing_permissions:
return _("You do not have the required permissions: %s") % ", ".join(missing_permissions)
def get_context_data(self, **kwargs):
context = super(HomeView, self).get_context_data(**kwargs)
context["blocks"] = blocks = []
context["tour_key"] = "home"
context["tour_complete"] = is_tour_complete("home")
wizard_complete = setup_wizard_complete()
blocks.append(
SimpleHelpBlock(_("Complete the setup wizard"),
actions=[{
"text": _("Complete wizard"),
"url": reverse("shuup_admin:wizard")
}] if not wizard_complete else [],
icon_url="shuup_admin/img/configure.png",
priority=-1,
done=wizard_complete))
for module in get_modules():
if not get_missing_permissions(self.request.user,
module.get_required_permissions()):
blocks.extend(
module.get_help_blocks(request=self.request, kind="setup"))
blocks.sort(key=lambda b: b.priority)
blocks.append(
SimpleHelpBlock(
priority=1000,
text=_("Publish your store"),
description=_(
"Let customers browse your store and make purchases"),
css_class="green",
actions=[{
"method":
"POST",
"text":
_("Publish shop"),
"url":
reverse("shuup_admin:shop.enable",
kwargs={"pk": self.request.shop.pk}),
"data": {
"enable": True,
"redirect": reverse("shuup_admin:dashboard")
}
}],
icon_url="shuup_admin/img/publish.png"))
return context
def _get_unauth_reason(self, request):
"""
Figure out if there's any reason not to allow the user access to this view via the given request.
:type request: Request
:param request: HttpRequest
:rtype: str|None
"""
if self.require_authentication:
if not request.user.is_authenticated():
return _("Sign in to continue")
elif not getattr(request.user, 'is_staff', False):
return _("You must be a staff member.")
elif not get_shop(request):
return _("There is no active shop available. Contact support for more details.")
missing_permissions = get_missing_permissions(request.user, self.permissions)
if missing_permissions:
return _("You do not have the required permissions: %s") % ", ".join(missing_permissions)
def get_context_data(order, request=None):
suppliers = Supplier.objects.filter(order_lines__order=order).distinct()
create_permission = "order.create-shipment"
delete_permission = "order.delete-shipment"
missing_permissions = get_missing_permissions(request.user, [create_permission, delete_permission])
create_urls = {}
if create_permission not in missing_permissions:
for supplier in suppliers:
create_urls[supplier.pk] = reverse(
"shuup_admin:order.create-shipment", kwargs={"pk": order.pk, "supplier_pk": supplier.pk})
delete_urls = {}
if delete_permission not in missing_permissions:
for shipment_id in order.shipments.all_except_deleted().values_list("id", flat=True):
delete_urls[shipment_id] = reverse(
"shuup_admin:order.delete-shipment", kwargs={"pk": shipment_id})
return {
"suppliers": suppliers,
"create_urls": create_urls,
"delete_urls": delete_urls
}
def get_menu_entry_categories(request):
menu_categories = OrderedDict()
menu_category_icons = {}
for identifier, category_name, icon in MENU_CATEGORIES:
menu_categories[identifier] = _MenuCategory(identifier, category_name,
icon)
menu_category_icons[identifier] = icon
modules = list(get_modules())
for module in modules:
menu_category_icons.update(
(force_text(key), force_text(value))
for (key, value) in module.get_menu_category_icons().items()
if key not in menu_category_icons)
for module in modules:
if get_missing_permissions(request.user,
module.get_required_permissions()):
continue
for entry in (module.get_menu_entries(request=request) or ()):
category_identifier = entry.category
category = menu_categories.get(
category_identifier) if category_identifier else None
if not category:
category_identifier = force_text(category_identifier
or module.name)
category = menu_categories.get(category_identifier)
if not category:
menu_categories[
category_identifier] = category = _MenuCategory(
identifier=category_identifier,
name=category_identifier,
icon=menu_category_icons.get(
category_identifier, "fa fa-circle"))
category.entries.append(entry)
return [
c for identifier, c in six.iteritems(menu_categories)
if len(c.entries) > 0
]
def get_model_url(object, kind="detail", user=None, required_permissions=None):
"""
Get a an admin object URL for the given object or object class by
interrogating each admin module.
If a user is provided, checks whether user has correct permissions
before returning URL.
Raises `NoModelUrl` if lookup fails
:param object: Model or object class.
:type object: class
:param kind: URL kind. Currently "new", "list", "edit", "detail".
:type kind: str
:param user: Optional instance to check for permissions
:type user: django.contrib.auth.models.User|None
:param required_permissions: Optional iterable of permission strings
:type required_permissions: Iterable[str]|None
:return: Resolved URL.
:rtype: str
"""
for module in get_modules():
url = module.get_model_url(object, kind)
if not url:
continue
if user is None:
return url
else:
permissions = ()
if required_permissions is not None:
permissions = required_permissions
else:
# TODO: Check permission type based on kind
permissions = get_default_model_permissions(object)
if not get_missing_permissions(user, permissions):
return url
raise NoModelUrl("Can't get object URL of kind %s: %r" % (kind, force_text(object)))
def get_menu_entry_categories(request):
menu_categories = {}
menu_category_icons = {}
modules = list(get_modules())
for module in modules:
menu_category_icons.update(
(force_text(key), force_text(value))
for (key, value) in module.get_menu_category_icons().items()
)
for module in modules:
if not get_missing_permissions(request.user, module.get_required_permissions()):
for entry in (module.get_menu_entries(request=request) or ()):
category_name = force_text(entry.category or module.name)
category = menu_categories.get(category_name)
if not category:
menu_categories[category_name] = category = _MenuCategory(
name=category_name,
icon=menu_category_icons.get(category_name, "fa fa-circle")
)
category.entries.append(entry)
return SortedDict(sorted((c.name, c) for c in sorted(menu_categories.values(), key=lambda c: c.name)))
def get_formparts_for_provide_key(user, provide_key):
provide_objects = list(get_provide_objects(provide_key))
missing_permissions = get_missing_permissions(user, [form.__name__ for form in provide_objects])
return [
provide_object for provide_object in provide_objects if provide_object.__name__ not in missing_permissions
]
def render(self, request):
if not get_missing_permissions(request.user,
self.required_permissions):
yield '<li class="dropdown-header">%s</li>' % self.text
def get_model_url(object, kind="detail", user=None,
required_permissions=None, shop=None,
raise_permission_denied=False, **kwargs):
"""
Get a an admin object URL for the given object or object class by
interrogating each admin module.
If a user is provided, checks whether user has correct permissions
before returning URL.
Raises `NoModelUrl` if lookup fails
:param object: Model or object class.
:type object: class
:param kind: URL kind. Currently "new", "list", "edit", "detail".
:type kind: str
:param user: Optional instance to check for permissions
:type user: django.contrib.auth.models.User|None
:param required_permissions: Optional iterable of permission strings
:type required_permissions: Iterable[str]|None
:param shop: The shop that owns the resource
:type request: shuup.core.models.Shop|None
:param raise_permission_denied: raise PermissionDenied exception if the url
is found but user has not permission. If false, None will be returned instead.
Default is False
:type raise_permission_denied: bool
:return: Resolved URL.
:rtype: str
"""
for module in get_modules():
url = module.get_model_url(object, kind, shop)
if not url:
continue
if user is None:
return url
from django.core.urlresolvers import resolve, Resolver404
try:
if required_permissions is not None:
warnings.warn(
"required_permissions parameter will be deprecated in Shuup 2.0 as unused for this util.",
DeprecationWarning
)
permissions = required_permissions
else:
resolved = resolve(url)
from shuup.admin.utils.permissions import get_permissions_for_module_url
permissions = get_permissions_for_module_url(module, resolved.url_name)
missing_permissions = get_missing_permissions(user, permissions)
if not missing_permissions:
return url
if raise_permission_denied:
from django.core.exceptions import PermissionDenied
reason = _("Can't view this page. You do not have the required permission(s): {permissions}").format(
permissions=", ".join(missing_permissions)
)
raise PermissionDenied(reason)
except Resolver404:
# what are you doing developer?
return url
raise NoModelUrl("Can't get object URL of kind %s: %r" % (kind, force_text(object)))
def get_model_url(object,
kind="detail",
user=None,
required_permissions=None,
shop=None,
raise_permission_denied=False,
**kwargs):
"""
Get a an admin object URL for the given object or object class by
interrogating each admin module.
If a user is provided, checks whether user has correct permissions
before returning URL.
Raises `NoModelUrl` if lookup fails
:param object: Model or object class.
:type object: class
:param kind: URL kind. Currently "new", "list", "edit", "detail".
:type kind: str
:param user: Optional instance to check for permissions.
:type user: django.contrib.auth.models.User|None
:param required_permissions: Optional iterable of permission strings.
:type required_permissions: Iterable[str]|None
:param shop: The shop that owns the resource.
:type request: shuup.core.models.Shop|None
:param raise_permission_denied: raise PermissionDenied exception if the url
is found but user has not permission. If false, None will be returned instead.
Default is False.
:type raise_permission_denied: bool
:return: Resolved URL.
:rtype: str
"""
for module in get_modules():
url = module.get_model_url(object, kind, shop)
if not url:
continue
if user is None:
return url
from shuup.utils.django_compat import Resolver404, resolve
try:
if required_permissions is not None:
warnings.warn(
"Warning! `required_permissions` parameter will be deprecated "
"in Shuup 2.0 as unused for this util.",
DeprecationWarning,
)
permissions = required_permissions
else:
resolved = resolve(url)
from shuup.admin.utils.permissions import get_permissions_for_module_url
permissions = get_permissions_for_module_url(
module, resolved.url_name)
missing_permissions = get_missing_permissions(user, permissions)
if not missing_permissions:
return url
if raise_permission_denied:
from django.core.exceptions import PermissionDenied
reason = _(
"Can't view this page. You do not have the required permission(s): `{permissions}`."
).format(permissions=", ".join(missing_permissions))
raise PermissionDenied(reason)
except Resolver404:
# what are you doing developer?
return url
raise NoModelUrl("Error! Can't get object URL of kind %s: %r." %
(kind, force_text(object)))
def render(self, request):
if not get_missing_permissions(request.user, self.required_permissions):
yield '<h6 class="dropdown-header">%s</h6>' % self.text
