Skip to content

Commit

Permalink
feat(notifications): hide unallowed categories
Browse files Browse the repository at this point in the history
Fixes #3262
  • Loading branch information
bouttier committed Nov 21, 2024
1 parent 31107f3 commit 42070a8
Show file tree
Hide file tree
Showing 3 changed files with 113 additions and 15 deletions.
25 changes: 24 additions & 1 deletion backend/geonature/core/notifications/models.py
Original file line number Diff line number Diff line change
Expand Up @@ -3,10 +3,13 @@
"""

import datetime
from math import perm

from geonature.core.gn_commons.models.base import TModules
from geonature.core.gn_permissions.models import PermAction, PermObject
from geonature.core.gn_permissions.tools import get_user_permissions
import sqlalchemy as sa
from sqlalchemy import ForeignKey
from sqlalchemy.sql import select
from sqlalchemy.orm import relationship
from flask import g
from utils_flask_sqla.models import qfilter
Expand Down Expand Up @@ -44,6 +47,26 @@ class NotificationCategory(db.Model):
label = db.Column(db.Unicode)
description = db.Column(db.UnicodeText)

id_module = db.Column(db.Integer, ForeignKey("gn_commons.t_modules.id_module"))
module = relationship(TModules)
id_object = db.Column(db.Integer, ForeignKey("gn_permissions.t_objects.id_object"))
object = relationship(PermObject)
id_action = db.Column(db.Integer, ForeignKey("gn_permissions.bib_actions.id_action"))
action = relationship(PermAction)

def is_allowed(self, user=None) -> bool:
if user is None:
user = g.current_user
id_role = user.id_role
permissions = get_user_permissions(id_role)
if self.id_module:
permissions = [p for p in permissions if p.id_module == self.id_module]
if self.id_object:
permissions = [p for p in permissions if p.id_object == self.id_object]
if self.id_action:
permissions = [p for p in permissions if p.id_action == self.id_action]

Check warning on line 67 in backend/geonature/core/notifications/models.py

View check run for this annotation

Codecov / codecov/patch

backend/geonature/core/notifications/models.py#L67

Added line #L67 was not covered by tests
return bool(permissions)

@property
def display(self):
if self.label:
Expand Down
28 changes: 14 additions & 14 deletions backend/geonature/core/notifications/routes.py
Original file line number Diff line number Diff line change
@@ -1,5 +1,3 @@
import json

import logging

from flask import (
Expand Down Expand Up @@ -193,17 +191,19 @@ def list_notification_methods():
@routes.route("/categories", methods=["GET"])
@permissions.login_required
def list_notification_categories():
notificationCategories = db.session.scalars(
categories = db.session.scalars(
select(NotificationCategory).order_by(NotificationCategory.code.asc())
).all()
result = [
notificationsCategory.as_dict(
fields=[
"code",
"label",
"description",
]
)
for notificationsCategory in notificationCategories
]
return jsonify(result)
categories = [category for category in categories if category.is_allowed()]
return jsonify(
[
category.as_dict(
fields=[
"code",
"label",
"description",
]
)
for category in categories
]
)
Original file line number Diff line number Diff line change
@@ -0,0 +1,75 @@
"""hide unauthorized notifications categories
Revision ID: 0bea266db3ec
Revises: 7b6a578eccd7
Create Date: 2024-11-20 17:23:42.017660
"""

from alembic import op
import sqlalchemy as sa
from sqlalchemy.sql import column


# revision identifiers, used by Alembic.
revision = "0bea266db3ec"
down_revision = "7b6a578eccd7"
branch_labels = None
depends_on = None


def upgrade():
op.add_column(
schema="gn_notifications",
table_name="bib_notifications_categories",
column=sa.Column(
"id_module",
sa.Integer,
sa.ForeignKey("gn_commons.t_modules.id_module"),
),
)
op.add_column(
schema="gn_notifications",
table_name="bib_notifications_categories",
column=sa.Column(
"id_object",
sa.Integer,
sa.ForeignKey("gn_permissions.t_objects.id_object"),
),
)
op.add_column(
schema="gn_notifications",
table_name="bib_notifications_categories",
column=sa.Column(
"id_action",
sa.Integer,
sa.ForeignKey("gn_permissions.bib_actions.id_action"),
),
)
op.execute(
"""
UPDATE gn_notifications.bib_notifications_categories
SET
id_module = (SELECT id_module FROM gn_commons.t_modules WHERE module_code = 'IMPORT'),
id_object = (SELECT id_object FROM gn_permissions.t_objects WHERE code_object = 'IMPORT')
WHERE code = 'IMPORT-DONE'
"""
)


def downgrade():
op.drop_column(
table_name="bib_notifications_categories",
column_name="id_action",
schema="gn_notifications",
)
op.drop_column(
table_name="bib_notifications_categories",
column_name="id_object",
schema="gn_notifications",
)
op.drop_column(
table_name="bib_notifications_categories",
column_name="id_module",
schema="gn_notifications",
)

0 comments on commit 42070a8

Please sign in to comment.