From 8c8fbc9cedc806165ba447c5e3a7ea00f5d81789 Mon Sep 17 00:00:00 2001 From: Daniel Tsvetkov Date: Wed, 22 Dec 2021 09:44:45 +0100 Subject: [PATCH] some perms work --- oshipka/persistance/__init__.py | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/oshipka/persistance/__init__.py b/oshipka/persistance/__init__.py index a666b99..ce5a999 100644 --- a/oshipka/persistance/__init__.py +++ b/oshipka/persistance/__init__.py @@ -337,7 +337,7 @@ SENSITIVE_PREFIX = "__SENSITIVE__." DEFAULT_PERMISSION_PERMISSIONS = ['get', 'add_user', 'add_role', 'remove_user', 'remove_role'] -DEFAULT_MODEL_PERMISSIONS = ['get', 'list', 'search', 'create', 'update', 'delete'] +DEFAULT_MODEL_PERMISSIONS = ['get', 'list', 'table', 'search', 'create', 'update', 'delete'] DEFAULT_COLUMN_PERMISSIONS = ['read', 'write'] DEFAULT_SUBJECTS = [('0', 'public'), ('1', 'logged')] @@ -355,6 +355,7 @@ def generate_permissions(): subjects = DEFAULT_SUBJECTS + [('1', 'owner')] if is_ownable else DEFAULT_SUBJECTS f.write("role,1,permission.update,models.{},,1\n".format(model)) f.write("role,1,permission.remove_user_self,models.{},,1\n".format(model)) + model_acls = model_view.definitions['acls'] for perm, subject in subjects: for permission in DEFAULT_PERMISSION_PERMISSIONS: f.write("{},,permission.{},models.{},,0\n".format(subject, permission, model)) @@ -367,7 +368,9 @@ def generate_permissions(): else: f.write("{},,permission.change_owner,models.{},,0\n".format(subject, model)) for permission in DEFAULT_MODEL_PERMISSIONS: - f.write("{},,model.{},models.{},,{}\n".format(subject, permission, model, perm)) + # TODO: TEST AND FIX THIS - VERY NAIVE RIGHT NOW!!! + this_perm = int(not model_acls.get(permission)['authn']) + f.write("{},,model.{},models.{},,{}\n".format(subject, permission, model, this_perm)) for column in model_view.definitions.get('columns'): column_name = column.get('name') for permission in DEFAULT_COLUMN_PERMISSIONS: