Initial work on asset DB perms

Partial #352.

RIGS/management/commands/generateSampleData.py

@@ -121,8 +121,8 @@ class Command(BaseCommand):
         self.keyholder_group = Group.objects.create(name='Keyholders')
         self.finance_group = Group.objects.create(name='Finance')
 
-        keyholderPerms = ["add_event", "change_event", "view_event", "add_eventitem", "change_eventitem", "delete_eventitem", "add_organisation", "change_organisation", "view_organisation", "add_person", "change_person", "view_person", "view_profile", "add_venue", "change_venue", "view_venue"]
-        financePerms = ["change_event", "view_event", "add_eventitem", "change_eventitem", "add_invoice", "change_invoice", "view_invoice", "add_organisation", "change_organisation", "view_organisation", "add_payment", "change_payment", "delete_payment", "add_person", "change_person", "view_person"]
+        keyholderPerms = ["add_event", "change_event", "view_event", "add_eventitem", "change_eventitem", "delete_eventitem", "add_organisation", "change_organisation", "view_organisation", "add_person", "change_person", "view_person", "view_profile", "add_venue", "change_venue", "view_venue", "add_asset", "change_asset", "delete_asset", "asset_finance"]
+        financePerms = ["change_event", "view_event", "add_eventitem", "change_eventitem", "add_invoice", "change_invoice", "view_invoice", "add_organisation", "change_organisation", "view_organisation", "add_payment", "change_payment", "delete_payment", "add_person", "change_person", "view_person", "asset_finance", "change_asset"]
 
         for permId in keyholderPerms:
             self.keyholder_group.permissions.add(Permission.objects.get(codename=permId))

assets/migrations/0010_auto_20191011_1322.py

@@ -0,0 +1,17 @@
+# Generated by Django 2.0.13 on 2019-10-11 12:22
+
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('assets', '0009_auto_20191008_2148'),
+    ]
+
+    operations = [
+        migrations.AlterModelOptions(
+            name='asset',
+            options={'permissions': (('asset_finance', 'Can see financial data for assets'),)},
+        ),
+    ]

assets/models.py

@@ -62,6 +62,11 @@ class Asset(PolymorphicModel):
     def __str__(self):
         return str(self.asset_id) + ' - ' + self.description
 
+    class Meta:
+        permissions = (
+            ('asset_finance', 'Can see financial data for assets'),
+        )
+
 class Connector(models.Model):
     description = models.CharField(max_length=80)
     current_rating = models.DecimalField(decimal_places=2, max_digits=10, help_text='Amps')

assets/templates/asset_update.html

@@ -32,9 +32,11 @@
     </div>
   </div>
   <div class="row">
+    {% if perms.asset.asset_financial %}
     <div class="col-md-6">
       {% include 'partials/purchasedetails_form.html' %}
     </div>
+    {% endif %}
     <div class="col-md-6" hidden="true" id="cable-table">
       {% include 'partials/cable_form.html' %}
     </div>

assets/templates/partials/asset_list_table_body.html

@@ -16,10 +16,13 @@
         <td style="vertical-align: middle;">{{ item.category }}</td>
         <td style="vertical-align: middle;">{{ item.status }}</td>
         <td>
+
             <div class="btn-group" role="group">
                 <a type="button" class="btn btn-default btn-sm" href="{% url 'asset_detail' item.pk %}"><i class="glyphicon glyphicon-eye-open"></i> View</a>
+                {% if perms.assets.change_asset %}
                 <a type="button" class="btn btn-default btn-sm" href="{% url 'asset_update' item.pk %}"><i class="glyphicon glyphicon-edit"></i> Edit</a>
                 <a type="button" class="btn btn-default btn-sm" href="{% url 'asset_update' item.pk %}?duplicate=true"><i class="glyphicon glyphicon-duplicate"></i> Duplicate</a>
+                {% endif %}
             </div>
         </td>
     </tr>

assets/urls.py

@@ -2,25 +2,26 @@ from django.urls import path, include
 from rest_framework import routers
 from assets import views, api
 
+from PyRIGS.decorators import permission_required_with_403
+
 router = routers.DefaultRouter()
 router.register(r'api/assets', api.AssetViewSet)
 
 urlpatterns = [
-    # path('', views.Index.as_view(), name='index'),
     path('', views.AssetList.as_view(), name='index'),
     path('asset/list/', views.AssetList.as_view(), name='asset_list'),
     path('asset/<int:pk>/', views.AssetDetail.as_view(), name='asset_detail'),
-    path('asset/create/', views.AssetCreate.as_view(), name='asset_create'),
-    path('asset/<int:pk>/edit/', views.AssetEdit.as_view(), name='asset_update'),
-    path('asset/<int:pk>/duplicate/', views.AssetDuplicate.as_view(), name='asset_duplicate'),
-    path('asset/delete/', views.asset_delete, name='ajax_asset_delete'),
+    path('asset/create/', permission_required_with_403('assets.create_asset')(views.AssetCreate.as_view()), name='asset_create'),
+    path('asset/<int:pk>/edit/', permission_required_with_403('assets.change_asset')(views.AssetEdit.as_view()), name='asset_update'),
+    path('asset/<int:pk>/duplicate/', permission_required_with_403('assets.create_asset')(views.AssetDuplicate.as_view()), name='asset_duplicate'),
+    path('asset/delete/', permission_required_with_403('assets.delete_asset')(views.asset_delete), name='ajax_asset_delete'),
 
     path('asset/search/', views.AssetSearch.as_view(), name='asset_search_json'),
 
     path('supplier/list', views.SupplierList.as_view(), name='supplier_list'),
     path('supplier/<int:pk>', views.SupplierDetail.as_view(), name='supplier_detail'),
-    path('supplier/create', views.SupplierCreate.as_view(), name='supplier_create'),
-    path('supplier/<int:pk>/edit', views.SupplierUpdate.as_view(), name='supplier_update'),
+    path('supplier/create', permission_required_with_403('assets.create_supplier')(views.SupplierCreate.as_view()), name='supplier_create'),
+    path('supplier/<int:pk>/edit', permission_required_with_403('assets.edit_supplier')(views.SupplierUpdate.as_view()), name='supplier_update'),
 
     path('', include(router.urls)),
 ]