smaa/octopus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
Files
14cc73722f4f3c6a2d72bf58fa3ab02bed08db7b
octopus/myproject/user_roles/mixins.py
Andrey Smakotin 14cc73722f feat: add user roles management UI with owner access control 
- Added role management views (list, create, edit, delete)
- Created user_roles URL routing
- Added role management templates with Bootstrap styling
- Updated navbar with Roles link for owners and superusers
- Enhanced decorators and mixins with superuser bypass
- Added assign_owner_role.py utility script

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-12-01 21:24:27 +03:00

95 lines
3.1 KiB
Python
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
from django.contrib import admin
from django.core.exceptions import PermissionDenied
from user_roles.services import RoleService
class RoleBasedAdminMixin:
"""
Миксин для ModelAdmin с проверкой ролей.
Использование:
class MyAdmin(RoleBasedAdminMixin, admin.ModelAdmin):
required_roles = ['owner', 'manager']
"""
required_roles = [] # Роли, которые имеют доступ
def has_module_permission(self, request):
"""Проверка доступа к модулю"""
if not super().has_module_permission(request):
return False
# Superuser имеет полный доступ
if request.user.is_superuser:
return True
if not self.required_roles:
return True # Нет ограничений
return RoleService.user_has_role(request.user, *self.required_roles)
def has_view_permission(self, request, obj=None):
"""Проверка доступа на просмотр"""
if not super().has_view_permission(request, obj):
return False
# Superuser имеет полный доступ
if request.user.is_superuser:
return True
if not self.required_roles:
return True
return RoleService.user_has_role(request.user, *self.required_roles)
def has_add_permission(self, request):
"""Проверка доступа на добавление"""
if not super().has_add_permission(request):
return False
# Superuser имеет полный доступ
if request.user.is_superuser:
return True
if not self.required_roles:
return True
return RoleService.user_has_role(request.user, *self.required_roles)
def has_change_permission(self, request, obj=None):
"""Проверка доступа на изменение"""
if not super().has_change_permission(request, obj):
return False
# Superuser имеет полный доступ
if request.user.is_superuser:
return True
if not self.required_roles:
return True
return RoleService.user_has_role(request.user, *self.required_roles)
def has_delete_permission(self, request, obj=None):
"""Проверка доступа на удаление"""
if not super().has_delete_permission(request, obj):
return False
# Superuser имеет полный доступ
if request.user.is_superuser:
return True
if not self.required_roles:
return True
return RoleService.user_has_role(request.user, *self.required_roles)
class OwnerOnlyAdminMixin(RoleBasedAdminMixin):
"""Миксин для админки, доступной только владельцу"""
required_roles = ['owner']
class ManagerOwnerAdminMixin(RoleBasedAdminMixin):
"""Миксин для админки, доступной менеджеру и владельцу"""
required_roles = ['owner', 'manager']
Reference in New Issue View Git Blame Copy Permalink