diff --git a/oshipka/persistance/__init__.py b/oshipka/persistance/__init__.py index ce5a999..388c7d7 100644 --- a/oshipka/persistance/__init__.py +++ b/oshipka/persistance/__init__.py @@ -369,7 +369,7 @@ def generate_permissions(): f.write("{},,permission.change_owner,models.{},,0\n".format(subject, model)) for permission in DEFAULT_MODEL_PERMISSIONS: # TODO: TEST AND FIX THIS - VERY NAIVE RIGHT NOW!!! - this_perm = int(not model_acls.get(permission)['authn']) + this_perm = int(model_acls.get(permission)['authn']) f.write("{},,model.{},models.{},,{}\n".format(subject, permission, model, this_perm)) for column in model_view.definitions.get('columns'): column_name = column.get('name') diff --git a/oshipka/webapp/default_routes.py b/oshipka/webapp/default_routes.py index 694ad77..62f5d1c 100644 --- a/oshipka/webapp/default_routes.py +++ b/oshipka/webapp/default_routes.py @@ -24,7 +24,7 @@ def get_media(model_name, instance_id, column, filepath): if not instance: abort(404) verb = "{}.read".format(column) - if not has_permission(model_name, verb, instance): + if not has_permission(model_name, verb, action_prefix='column', object_prefix="columns"): # TODO: , instance): abort(401) return send_from_directory(MEDIA_DIR, filepath) diff --git a/oshipka/webapp/views.py b/oshipka/webapp/views.py index b16e3de..28b6693 100644 --- a/oshipka/webapp/views.py +++ b/oshipka/webapp/views.py @@ -24,7 +24,8 @@ MODEL_VIEWS = dict() def has_permission(obj, action, instance=None, object_prefix="models", action_prefix="model"): - if object_prefix in ['models']: + model_view = None + if object_prefix in ['models', 'columns']: model_view = MODEL_VIEWS.get(obj, {}) if not model_view: return False diff --git a/vm_gen/templates/html/_get.html b/vm_gen/templates/html/_get.html index abf41dd..f054c6e 100644 --- a/vm_gen/templates/html/_get.html +++ b/vm_gen/templates/html/_get.html @@ -1,5 +1,5 @@ [%- for column in columns %] -{% if has_permission("[[ name|camel_to_snake ]]", "[[ column.name ]].read", instance) %} +{% if has_permission("[[ name|camel_to_snake ]]", "[[ column.name ]].read", instance, object_prefix="columns", action_prefix="column") %} {% if "[[ column.name ]]" not in skip_list %}