ag-admin/OpenSlides
0
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Set permissions for OPTIONS requests. Fixed js-data dependency. Fixed blank in some motion model fields. Fixed error handling in agenda and core views.

Browse Source
This commit is contained in:
Norman Jäckel 2015-08-31 14:07:24 +02:00
parent aaadfbf78e
commit 965206e1fc
10 changed files with 80 additions and 46 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
bower.json
View File

@ -18,6 +18,7 @@
"angular-gettext": "~2.0.2", "angular-gettext": "~2.0.2",
"angular-sanitize": "~1.3.15", "angular-sanitize": "~1.3.15",
"angular-xeditable": "~0.1.9", "angular-xeditable": "~0.1.9",
"js-data": "~1.8.0",
"js-data-angular": "~2.1.0", "js-data-angular": "~2.1.0",
"ng-fab-form": "~1.2.7", "ng-fab-form": "~1.2.7",
"ngBootbox": "~0.0.5", "ngBootbox": "~0.0.5",

8
openslides/agenda/views.py
View File

@ -26,8 +26,8 @@ class ItemViewSet(ModelViewSet):
""" """
API endpoint for agenda items. API endpoint for agenda items.
There are the following views: list, retrieve, create, partial_update, There are the following views: metadata, list, retrieve, create,
update, destroy, manage_speaker, speak and tree. partial_update, update, destroy, manage_speaker, speak and tree.
""" """
queryset = Item.objects.all() queryset = Item.objects.all()
serializer_class = ItemSerializer serializer_class = ItemSerializer
@ -36,7 +36,7 @@ class ItemViewSet(ModelViewSet):
""" """
Returns True if the user has required permissions. Returns True if the user has required permissions.
""" """
if self.action in ('list', 'retrieve', 'manage_speaker', 'tree'): if self.action in ('metadata', 'list', 'retrieve', 'manage_speaker', 'tree'):
result = self.request.user.has_perm('agenda.can_see') result = self.request.user.has_perm('agenda.can_see')
# For manage_speaker and tree requests the rest of the check is # For manage_speaker and tree requests the rest of the check is
# done in the specific method. See below. # done in the specific method. See below.
@ -113,7 +113,7 @@ class ItemViewSet(ModelViewSet):
try: try:
Speaker.objects.add(user, item) Speaker.objects.add(user, item)
except OpenSlidesError as e: except OpenSlidesError as e:
raise ValidationError({'detail': e}) raise ValidationError({'detail': str(e)})
message = _('User %s was successfully added to the list of speakers.') % user message = _('User %s was successfully added to the list of speakers.') % user
else: else:

8
openslides/assignments/views.py
View File

@ -43,9 +43,9 @@ class AssignmentViewSet(ModelViewSet):
""" """
API endpoint for assignments. API endpoint for assignments.
There are the following views: list, retrieve, create, partial_update, There are the following views: metadata, list, retrieve, create,
update, destroy, candidature_self, candidature_other, mark_elected and partial_update, update, destroy, candidature_self, candidature_other,
create_poll. mark_elected and create_poll.
""" """
queryset = Assignment.objects.all() queryset = Assignment.objects.all()
@ -53,7 +53,7 @@ class AssignmentViewSet(ModelViewSet):
""" """
Returns True if the user has required permissions. Returns True if the user has required permissions.
""" """
if self.action in ('list', 'retrieve'): if self.action in ('metadata', 'list', 'retrieve'):
result = self.request.user.has_perm('assignments.can_see') result = self.request.user.has_perm('assignments.can_see')
elif self.action in ('create', 'partial_update', 'update', 'destroy', elif self.action in ('create', 'partial_update', 'update', 'destroy',
'mark_elected', 'create_poll'): 'mark_elected', 'create_poll'):

27
openslides/core/views.py
View File

@ -99,7 +99,7 @@ class AppsJsView(utils_views.View):
"angular.module('OpenSlidesApp.{app}', {angular_modules});" "angular.module('OpenSlidesApp.{app}', {angular_modules});"
"var deferres = [];" "var deferres = [];"
"{js_files}.forEach(function(js_file)deferres.push($.getScript(js_file)));" "{js_files}.forEach(function(js_file)deferres.push($.getScript(js_file)));"
"$.when.apply(this, deferres).done(function() angular.bootstrap(document,['OpenSlidesApp.{app}']));" "$.when.apply(this, deferres).done(function()angular.bootstrap(document,['OpenSlidesApp.{app}']));"
.format( .format(
app=kwargs.get('openslides_app'), app=kwargs.get('openslides_app'),
angular_modules=angular_modules, angular_modules=angular_modules,
@ -218,8 +218,8 @@ class CustomSlideViewSet(ModelViewSet):
""" """
API endpoint for custom slides. API endpoint for custom slides.
There are the following views: list, retrieve, create, partial_update, There are the following views: metadata, list, retrieve, create,
update and destroy. partial_update, update and destroy.
""" """
queryset = CustomSlide.objects.all() queryset = CustomSlide.objects.all()
serializer_class = CustomSlideSerializer serializer_class = CustomSlideSerializer
@ -235,8 +235,8 @@ class TagViewSet(ModelViewSet):
""" """
API endpoint for tags. API endpoint for tags.
There are the following views: list, retrieve, create, partial_update, There are the following views: metadata, list, retrieve, create,
update and destroy. partial_update, update and destroy.
""" """
queryset = Tag.objects.all() queryset = Tag.objects.all()
serializer_class = TagSerializer serializer_class = TagSerializer
@ -245,9 +245,9 @@ class TagViewSet(ModelViewSet):
""" """
Returns True if the user has required permissions. Returns True if the user has required permissions.
""" """
if self.action in ('list', 'retrieve'): if self.action in ('metadata', 'list', 'retrieve'):
# Every authenticated user can list or retrieve tags. # Every authenticated user can see the metadata and list or
# Anonymous users can do so if they are enabled. # retrieve tags. Anonymous users can do so if they are enabled.
result = self.request.user.is_authenticated() or config['general_system_enable_anonymous'] result = self.request.user.is_authenticated() or config['general_system_enable_anonymous']
elif self.action in ('create', 'update', 'destroy'): elif self.action in ('create', 'update', 'destroy'):
result = self.request.user.has_perm('core.can_manage_tags') result = self.request.user.has_perm('core.can_manage_tags')
@ -287,7 +287,7 @@ class ConfigViewSet(ViewSet):
""" """
API endpoint for the config. API endpoint for the config.
There are the following views: list, retrieve and update. There are the following views: metadata, list, retrieve and update.
""" """
metadata_class = ConfigMetadata metadata_class = ConfigMetadata
@ -295,9 +295,10 @@ class ConfigViewSet(ViewSet):
""" """
Returns True if the user has required permissions. Returns True if the user has required permissions.
""" """
if self.action in ('list', 'retrieve'): if self.action in ('metadata', 'list', 'retrieve'):
# Every authenticated user can list or retrieve the config. # Every authenticated user can see the metadata and list or
# Anonymous users can do so if they are enabled. # retrieve the config. Anonymous users can do so if they are
# enabled.
result = self.request.user.is_authenticated() or config['general_system_enable_anonymous'] result = self.request.user.is_authenticated() or config['general_system_enable_anonymous']
elif self.action == 'update': elif self.action == 'update':
result = self.request.user.has_perm('core.can_manage_config') result = self.request.user.has_perm('core.can_manage_config')
@ -337,7 +338,7 @@ class ConfigViewSet(ViewSet):
except ConfigNotFound: except ConfigNotFound:
raise Http404 raise Http404
except ConfigError as e: except ConfigError as e:
raise ValidationError({'detail': e}) raise ValidationError({'detail': str(e)})
# Return response. # Return response.
return Response({'key': key, 'value': value}) return Response({'key': key, 'value': value})

6
openslides/mediafiles/views.py
View File

@ -10,8 +10,8 @@ class MediafileViewSet(ModelViewSet):
""" """
API endpoint for mediafile objects. API endpoint for mediafile objects.
There are the following views: list, retrieve, create, partial_update, There are the following views: metadata, list, retrieve, create,
update and destroy. partial_update, update and destroy.
""" """
queryset = Mediafile.objects.all() queryset = Mediafile.objects.all()
serializer_class = MediafileSerializer serializer_class = MediafileSerializer
@ -22,7 +22,7 @@ class MediafileViewSet(ModelViewSet):
""" """
# TODO: Use mediafiles.can_upload permission to create and update some # TODO: Use mediafiles.can_upload permission to create and update some
# objects but restricted concerning the uploader. # objects but restricted concerning the uploader.
if self.action in ('list', 'retrieve'): if self.action in ('metadata', 'list', 'retrieve'):
result = self.request.user.has_perm('mediafiles.can_see') result = self.request.user.has_perm('mediafiles.can_see')
elif self.action in ('create', 'partial_update', 'update'): elif self.action in ('create', 'partial_update', 'update'):
result = (self.request.user.has_perm('mediafiles.can_see') and result = (self.request.user.has_perm('mediafiles.can_see') and

32
openslides/motions/migrations/0002_auto_20150904_1448.py Normal file
View File

@ -0,0 +1,32 @@
from django.conf import settings
from django.db import migrations, models
class Migration(migrations.Migration):
dependencies = [
('motions', '0001_initial'),
]
operations = [
migrations.AlterField(
model_name='motion',
name='attachments',
field=models.ManyToManyField(blank=True, to='mediafiles.Mediafile'),
),
migrations.AlterField(
model_name='motion',
name='submitters',
field=models.ManyToManyField(blank=True, related_name='motion_submitters', to=settings.AUTH_USER_MODEL),
),
migrations.AlterField(
model_name='motion',
name='supporters',
field=models.ManyToManyField(blank=True, related_name='motion_supporters', to=settings.AUTH_USER_MODEL),
),
migrations.AlterField(
model_name='motion',
name='tags',
field=models.ManyToManyField(blank=True, to='core.Tag'),
),
]

8
openslides/motions/models.py
View File

@ -69,7 +69,7 @@ class Motion(RESTModelMixin, models.Model):
ForeignKey to one category of motions. ForeignKey to one category of motions.
""" """
attachments = models.ManyToManyField(Mediafile) attachments = models.ManyToManyField(Mediafile, blank=True)
""" """
Many to many relation to mediafile objects. Many to many relation to mediafile objects.
""" """
@ -81,17 +81,17 @@ class Motion(RESTModelMixin, models.Model):
Null if the motion is not an amendment. Null if the motion is not an amendment.
""" """
tags = models.ManyToManyField(Tag) tags = models.ManyToManyField(Tag, blank=True)
""" """
Tags to categorise motions. Tags to categorise motions.
""" """
submitters = models.ManyToManyField(settings.AUTH_USER_MODEL, related_name='motion_submitters') submitters = models.ManyToManyField(settings.AUTH_USER_MODEL, related_name='motion_submitters', blank=True)
""" """
Users who submit this motion. Users who submit this motion.
""" """
supporters = models.ManyToManyField(settings.AUTH_USER_MODEL, related_name='motion_supporters') supporters = models.ManyToManyField(settings.AUTH_USER_MODEL, related_name='motion_supporters', blank=True)
""" """
Users who support this motion. Users who support this motion.
""" """

18
openslides/motions/views.py
View File

@ -30,8 +30,8 @@ class MotionViewSet(ModelViewSet):
""" """
API endpoint for motions. API endpoint for motions.
There are the following views: list, retrieve, create, partial_update, There are the following views: metadata, list, retrieve, create,
update, destroy, manage_version, support and set_state. partial_update, update, destroy, manage_version, support and set_state.
""" """
queryset = Motion.objects.all() queryset = Motion.objects.all()
serializer_class = MotionSerializer serializer_class = MotionSerializer
@ -40,7 +40,7 @@ class MotionViewSet(ModelViewSet):
""" """
Returns True if the user has required permissions. Returns True if the user has required permissions.
""" """
if self.action in ('list', 'retrieve', 'partial_update', 'update'): if self.action in ('metadata', 'list', 'retrieve', 'partial_update', 'update'):
result = self.request.user.has_perm('motions.can_see') result = self.request.user.has_perm('motions.can_see')
# For partial_update and update requests the rest of the check is # For partial_update and update requests the rest of the check is
# done in the update method. See below. # done in the update method. See below.
@ -236,8 +236,8 @@ class CategoryViewSet(ModelViewSet):
""" """
API endpoint for categories. API endpoint for categories.
There are the following views: list, retrieve, create, partial_update, There are the following views: metadata, list, retrieve, create,
update and destroy. partial_update, update and destroy.
""" """
queryset = Category.objects.all() queryset = Category.objects.all()
serializer_class = CategorySerializer serializer_class = CategorySerializer
@ -246,7 +246,7 @@ class CategoryViewSet(ModelViewSet):
""" """
Returns True if the user has required permissions. Returns True if the user has required permissions.
""" """
if self.action in ('list', 'retrieve'): if self.action in ('metadata', 'list', 'retrieve'):
result = self.request.user.has_perm('motions.can_see') result = self.request.user.has_perm('motions.can_see')
elif self.action in ('create', 'partial_update', 'update', 'destroy'): elif self.action in ('create', 'partial_update', 'update', 'destroy'):
result = (self.request.user.has_perm('motions.can_see') and result = (self.request.user.has_perm('motions.can_see') and
@ -260,8 +260,8 @@ class WorkflowViewSet(ModelViewSet):
""" """
API endpoint for workflows. API endpoint for workflows.
There are the following views: list, retrieve, create, partial_update, There are the following views: metadata, list, retrieve, create,
update and destroy. partial_update, update and destroy.
""" """
queryset = Workflow.objects.all() queryset = Workflow.objects.all()
serializer_class = WorkflowSerializer serializer_class = WorkflowSerializer
@ -270,7 +270,7 @@ class WorkflowViewSet(ModelViewSet):
""" """
Returns True if the user has required permissions. Returns True if the user has required permissions.
""" """
if self.action in ('list', 'retrieve'): if self.action in ('metadata', 'list', 'retrieve'):
result = self.request.user.has_perm('motions.can_see') result = self.request.user.has_perm('motions.can_see')
elif self.action in ('create', 'partial_update', 'update', 'destroy'): elif self.action in ('create', 'partial_update', 'update', 'destroy'):
result = (self.request.user.has_perm('motions.can_see') and result = (self.request.user.has_perm('motions.can_see') and

16
openslides/users/views.py
View File

@ -24,8 +24,8 @@ class UserViewSet(ModelViewSet):
""" """
API endpoint for users. API endpoint for users.
There are the following views: list, retrieve, create, partial_update, There are the following views: metadata, list, retrieve, create,
update, destroy and reset_password. partial_update, update, destroy and reset_password.
""" """
queryset = User.objects.all() queryset = User.objects.all()
@ -33,7 +33,7 @@ class UserViewSet(ModelViewSet):
""" """
Returns True if the user has required permissions. Returns True if the user has required permissions.
""" """
if self.action in ('list', 'retrieve'): if self.action in ('metadata', 'list', 'retrieve'):
result = self.request.user.has_perm('users.can_see_name') result = self.request.user.has_perm('users.can_see_name')
elif self.action in ('create', 'partial_update', 'update', 'destroy', 'reset_password'): elif self.action in ('create', 'partial_update', 'update', 'destroy', 'reset_password'):
result = (self.request.user.has_perm('users.can_see_name') and result = (self.request.user.has_perm('users.can_see_name') and
@ -72,8 +72,8 @@ class GroupViewSet(ModelViewSet):
""" """
API endpoint for groups. API endpoint for groups.
There are the following views: list, retrieve, create, partial_update, There are the following views: metadata, list, retrieve, create,
update and destroy. partial_update, update and destroy.
""" """
queryset = Group.objects.all() queryset = Group.objects.all()
serializer_class = GroupSerializer serializer_class = GroupSerializer
@ -82,9 +82,9 @@ class GroupViewSet(ModelViewSet):
""" """
Returns True if the user has required permissions. Returns True if the user has required permissions.
""" """
if self.action in ('list', 'retrieve'): if self.action in ('metadata', 'list', 'retrieve'):
# Every authenticated user can list or retrieve groups. # Every authenticated user can see the metadata and list or
# Anonymous users can do so if they are enabled. # retrieve groups. Anonymous users can do so if they are enabled.
result = self.request.user.is_authenticated() or config['general_system_enable_anonymous'] result = self.request.user.is_authenticated() or config['general_system_enable_anonymous']
elif self.action in ('create', 'partial_update', 'update', 'destroy'): elif self.action in ('create', 'partial_update', 'update', 'destroy'):
# Users with all app permissions can edit groups. # Users with all app permissions can edit groups.

2
requirements_production.txt
View File

@ -3,7 +3,7 @@ Django>=1.7.1,<1.9
beautifulsoup4>=4.1,<4.4 beautifulsoup4>=4.1,<4.4
bleach>=1.4,<1.5 bleach>=1.4,<1.5
django-haystack>=2.1,<2.5 django-haystack>=2.1,<2.5
djangorestframework>=3.0.5,<3.2.0 djangorestframework>=3.2.0,<3.3.0
jsonfield>=0.9.19,<1.1 jsonfield>=0.9.19,<1.1
natsort>=3.2,<4.1 natsort>=3.2,<4.1
reportlab>=3.0,<3.3 reportlab>=3.0,<3.3