Add a 'private' flag to mediafiles.
Only users with the 'mediafiles.can_see_private' permission can create and view these private mediafiles.
This commit is contained in:
parent
346dfd6b57
commit
b48a99f21b
@ -18,3 +18,14 @@ class MediafileAccessPermissions(BaseAccessPermissions):
|
||||
from .serializers import MediafileSerializer
|
||||
|
||||
return MediafileSerializer
|
||||
|
||||
def get_restricted_data(self, full_data, user):
|
||||
"""
|
||||
Returns the restricted serialized data for the instance prepared
|
||||
for the user.
|
||||
"""
|
||||
if (not full_data['private'] or user.has_perm('mediafiles.can_see_private')):
|
||||
data = full_data
|
||||
else:
|
||||
data = None
|
||||
return data
|
||||
|
20
openslides/mediafiles/migrations/0002_mediafile_private.py
Normal file
20
openslides/mediafiles/migrations/0002_mediafile_private.py
Normal file
@ -0,0 +1,20 @@
|
||||
# -*- coding: utf-8 -*-
|
||||
# Generated by Django 1.9.6 on 2016-05-14 12:47
|
||||
from __future__ import unicode_literals
|
||||
|
||||
from django.db import migrations, models
|
||||
|
||||
|
||||
class Migration(migrations.Migration):
|
||||
|
||||
dependencies = [
|
||||
('mediafiles', '0001_initial'),
|
||||
]
|
||||
|
||||
operations = [
|
||||
migrations.AddField(
|
||||
model_name='mediafile',
|
||||
name='private',
|
||||
field=models.BooleanField(default=False),
|
||||
),
|
||||
]
|
26
openslides/mediafiles/migrations/0003_auto_20160514_1347.py
Normal file
26
openslides/mediafiles/migrations/0003_auto_20160514_1347.py
Normal file
@ -0,0 +1,26 @@
|
||||
# -*- coding: utf-8 -*-
|
||||
# Generated by Django 1.9.6 on 2016-05-14 13:47
|
||||
from __future__ import unicode_literals
|
||||
|
||||
from django.db import migrations
|
||||
|
||||
|
||||
class Migration(migrations.Migration):
|
||||
|
||||
dependencies = [
|
||||
('mediafiles', '0002_mediafile_private'),
|
||||
]
|
||||
|
||||
operations = [
|
||||
migrations.AlterModelOptions(
|
||||
name='mediafile',
|
||||
options={
|
||||
'default_permissions': (),
|
||||
'ordering': ['title'],
|
||||
'permissions': (
|
||||
('can_see', 'Can see the list of files'),
|
||||
('can_see_private', 'Can see private files'),
|
||||
('can_upload', 'Can upload files'),
|
||||
('can_manage', 'Can manage files'))},
|
||||
),
|
||||
]
|
@ -30,6 +30,9 @@ class Mediafile(RESTModelMixin, models.Model):
|
||||
blank=True)
|
||||
"""A user – the uploader of a file."""
|
||||
|
||||
private = models.BooleanField(default=False)
|
||||
"""Whether or not this mediafile should be listed as private"""
|
||||
|
||||
timestamp = models.DateTimeField(auto_now_add=True)
|
||||
"""A DateTimeField to save the upload date and time."""
|
||||
|
||||
@ -41,6 +44,7 @@ class Mediafile(RESTModelMixin, models.Model):
|
||||
default_permissions = ()
|
||||
permissions = (
|
||||
('can_see', 'Can see the list of files'),
|
||||
('can_see_private', 'Can see private files'),
|
||||
('can_upload', 'Can upload files'),
|
||||
('can_manage', 'Can manage files'))
|
||||
|
||||
|
@ -58,6 +58,7 @@ class MediafileSerializer(ModelSerializer):
|
||||
'media_url_prefix',
|
||||
'uploader',
|
||||
'filesize',
|
||||
'private',
|
||||
'timestamp',)
|
||||
|
||||
def get_filesize(self, mediafile):
|
||||
|
@ -331,12 +331,27 @@ angular.module('OpenSlidesApp.mediafiles.site', ['ngFileUpload', 'OpenSlidesApp.
|
||||
return Upload.upload({
|
||||
url: '/rest/mediafiles/mediafile/',
|
||||
method: 'POST',
|
||||
data: {mediafile: mediafile.newFile, title: mediafile.title, uploader_id: mediafile.uploader_id}
|
||||
data: {mediafile: mediafile.newFile, title: mediafile.title, uploader_id: mediafile.uploader_id, private: mediafile.private}
|
||||
});
|
||||
|
||||
}
|
||||
};
|
||||
}
|
||||
])
|
||||
|
||||
.filter('privateFilter', [
|
||||
'$filter',
|
||||
'operator',
|
||||
function ($filter, operator) {
|
||||
return function (array) {
|
||||
if (operator.hasPerms('mediafiles.can_see_private')) {
|
||||
return array;
|
||||
}
|
||||
return Array.prototype.filter.call(array, function (item) {
|
||||
return !item.private;
|
||||
});
|
||||
};
|
||||
}
|
||||
]);
|
||||
|
||||
}());
|
||||
|
@ -21,6 +21,13 @@
|
||||
<input type="text" ng-model="mediafile.title" class="form-control" name="inputTitle">
|
||||
</div>
|
||||
|
||||
<!-- private -->
|
||||
<div class="checkbox" os-perms="mediafiles.can_see_private">
|
||||
<label for="inputPrivate" translate>
|
||||
<input type="checkbox" ng-model="mediafile.private" name="inputPrivate">Private
|
||||
</label>
|
||||
</div>
|
||||
|
||||
<!-- uploader -->
|
||||
<div os-perms="mediafiles.can_manage" class="form-group">
|
||||
<label for="inputTitle" translate>Uploaded by</label>
|
||||
|
@ -155,8 +155,8 @@
|
||||
</i>
|
||||
</tr>
|
||||
<tbody>
|
||||
<tr ng-repeat="mediafile in mediafilesFiltered = (mediafiles | osFilter: filter.search : getFilterString |
|
||||
filter: {filetype: filter.showPDFs} | orderBy: sortColumn:reverse)"
|
||||
<tr ng-repeat="mediafile in mediafilesFiltered = (mediafiles | privateFilter | osFilter: filter.search : getFilterString |
|
||||
filter: {filetype: filter.showPDFs} | orderBy: sortColumn:reverse )"
|
||||
class="animate-item"
|
||||
ng-class="{ 'activeline': mediafile.isProjected(), 'selected': mediafile.selected }">
|
||||
<!-- projector column -->
|
||||
@ -177,6 +177,7 @@
|
||||
<strong><a ng-href="{{ mediafile.mediafileUrl }}" target="_blank">{{ mediafile.title_or_filename }}</a></strong>
|
||||
<br><small><i class="fa fa-file"></i> {{ mediafile.filetype }}</small>
|
||||
<br><small><i class="fa fa-database"></i> {{ mediafile.filesize }}</small>
|
||||
<span ng-if="mediafile.private"><br><small><i class="fa fa-lock"></i> <translate>Private</translate></small></span>
|
||||
<div os-perms="mediafiles.can_manage" class="hoverActions" ng-class="{'hiddenDiv': !mediafile.hover}">
|
||||
<a href="" ng-click="openDialog(mediafile)" translate>Edit</a> |
|
||||
<a href="" class="text-danger"
|
||||
|
@ -15,6 +15,13 @@ class MediafileViewSet(ModelViewSet):
|
||||
access_permissions = MediafileAccessPermissions()
|
||||
queryset = Mediafile.objects.all()
|
||||
|
||||
def get_queryset(self):
|
||||
queryset = super().get_queryset()
|
||||
user = self.request.user
|
||||
if not user.has_perm('mediafiles.can_see_private'):
|
||||
queryset = queryset.filter(private=False)
|
||||
return queryset
|
||||
|
||||
def check_view_permissions(self):
|
||||
"""
|
||||
Returns True if the user has required permissions.
|
||||
|
@ -32,6 +32,7 @@ def create_builtin_groups_and_admin(**kwargs):
|
||||
'core.can_use_chat',
|
||||
'mediafiles.can_manage',
|
||||
'mediafiles.can_see',
|
||||
'mediafiles.can_see_private',
|
||||
'mediafiles.can_upload',
|
||||
'motions.can_create',
|
||||
'motions.can_manage',
|
||||
@ -110,7 +111,8 @@ def create_builtin_groups_and_admin(**kwargs):
|
||||
permission_dict['motions.can_see_and_manage_comments'],
|
||||
permission_dict['users.can_see_name'],
|
||||
permission_dict['users.can_manage'],
|
||||
permission_dict['users.can_see_extra_data'],)
|
||||
permission_dict['users.can_see_extra_data'],
|
||||
permission_dict['mediafiles.can_see_private'],)
|
||||
group_staff = Group.objects.create(name='Staff', pk=3)
|
||||
group_staff.permissions.add(*staff_permissions)
|
||||
|
||||
|
@ -1324,6 +1324,7 @@ angular.module('OpenSlidesApp.users.site', ['OpenSlidesApp.users'])
|
||||
gettext('Can see the list of files');
|
||||
gettext('Can upload files');
|
||||
gettext('Can manage files');
|
||||
gettext('Can see private files');
|
||||
// motions
|
||||
gettext('Can see motions');
|
||||
gettext('Can create motions');
|
||||
|
Loading…
Reference in New Issue
Block a user