onny/verwaltungstracker
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fix visibility of non-public plans in section list

Browse source
This commit is contained in:
Stefan Wehrmeyer 2022-06-20 11:18:38 +02:00
parent 07d562f2d8
commit 5e43d627d7
4 changed files with 25 additions and 21 deletions
Download patch file Download diff file Expand all files Collapse all files

14
froide_govplan/admin.py
View file

@ -13,6 +13,7 @@ from froide.helper.widgets import TagAutocompleteWidget
from froide.organization.models import Organization from froide.organization.models import Organization
from .api_views import GovernmentPlanViewSet from .api_views import GovernmentPlanViewSet
from .auth import get_allowed_plans, has_limited_access
from .forms import ( from .forms import (
GovernmentPlanForm, GovernmentPlanForm,
GovernmentPlanUpdateAcceptProposalForm, GovernmentPlanUpdateAcceptProposalForm,
@ -53,19 +54,6 @@ class GovernmentAdmin(admin.ModelAdmin):
list_filter = ("public",) list_filter = ("public",)
def has_limited_access(user):
if not user.is_authenticated:
return True
return not user.has_perm("froide_govplan.add_governmentplan")
def get_allowed_plans(request):
if not has_limited_access(request.user):
return GovernmentPlan.objects.all()
groups = request.user.groups.all()
return GovernmentPlan.objects.filter(group__in=groups).distinct()
def execute_assign_organization(admin, request, queryset, action_obj): def execute_assign_organization(admin, request, queryset, action_obj):
queryset.update(organization=action_obj) queryset.update(organization=action_obj)

14
froide_govplan/auth.py Normal file
View file

@ -0,0 +1,14 @@
from .models import GovernmentPlan
def has_limited_access(user):
if not user.is_authenticated:
return True
return not user.has_perm("froide_govplan.add_governmentplan")
def get_allowed_plans(request):
if not has_limited_access(request.user):
return GovernmentPlan.objects.all()
groups = request.user.groups.all()
return GovernmentPlan.objects.filter(group__in=groups).distinct()

14
froide_govplan/models.py
View file

@ -427,14 +427,14 @@ class GovernmentPlanSection(models.Model):
def get_absolute_domain_url(self): def get_absolute_domain_url(self):
return settings.SITE_URL + self.get_absolute_url() return settings.SITE_URL + self.get_absolute_url()
def get_plans(self): def get_plans(self, queryset=None):
return ( if queryset is None:
GovernmentPlan.objects.filter( queryset = GovernmentPlan.objects.filter(public=True)
categories__in=self.categories.all(), government_id=self.government_id
) queryset = queryset.filter(
.distinct() categories__in=self.categories.all(), government_id=self.government_id
.order_by("title")
) )
return queryset.distinct().order_by("title")
if CMSPlugin: if CMSPlugin:

4
froide_govplan/views.py
View file

@ -4,6 +4,7 @@ from django.shortcuts import get_object_or_404, redirect, render
from django.utils.translation import gettext_lazy as _ from django.utils.translation import gettext_lazy as _
from django.views.generic import DetailView, UpdateView from django.views.generic import DetailView, UpdateView
from .auth import get_allowed_plans
from .forms import GovernmentPlanUpdateProposalForm from .forms import GovernmentPlanUpdateProposalForm
from .models import Government, GovernmentPlan, GovernmentPlanSection from .models import Government, GovernmentPlan, GovernmentPlanSection
@ -33,7 +34,8 @@ class GovPlanSectionDetailView(GovernmentMixin, DetailView):
def get_context_data(self, **kwargs): def get_context_data(self, **kwargs):
context = super().get_context_data(**kwargs) context = super().get_context_data(**kwargs)
context["plans"] = context["object"].get_plans() queryset = get_allowed_plans(self.request)
context["plans"] = context["object"].get_plans(queryset=queryset)
return context return context