triv: fixes default action permissions

oko-x · oko-x · commit af9c25b20720 · 2024-05-14T15:14:13.000+02:00
diff --git a/pyproject.toml b/pyproject.toml
@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "django-smartbase-admin"
-version = "0.2.19"
+version = "0.2.20"
 description = ""
 authors = ["SmartBase <info@smartbase.sk>"]
 readme = "README.md"
diff --git a/src/django_smartbase_admin/engine/actions.py b/src/django_smartbase_admin/engine/actions.py
@@ -1,12 +1,12 @@
 from django.core.exceptions import ImproperlyConfigured
-from django.utils.text import slugify
 
 
 class SBAdminCustomAction(object):
     title = None
     url = None
     view = None
     action_id = None
+    action_modifier = None
     css_class = None
     no_params = False
     open_in_modal = False
diff --git a/src/django_smartbase_admin/engine/admin_base_view.py b/src/django_smartbase_admin/engine/admin_base_view.py
@@ -50,7 +50,7 @@ def get_menu_label(self):
 
     def has_permission(self, request, obj=None, permission=None):
         return SBAdminViewService.has_permission(
-            request, self, self.model, obj, permission
+            request=request, view=self, model=self.model, obj=obj, permission=permission
         )
 
     def has_add_permission(self, request, obj=None):
@@ -65,11 +65,11 @@ def has_change_permission(self, request, obj=None):
     def has_delete_permission(self, request, obj=None):
         return self.has_permission(request, obj, "delete")
 
-    def has_permission_for_action(self, request, action_id):
+    def has_permission_for_action(self, request, action):
         return self.has_permission(
-            request,
+            request=request,
             obj=None,
-            permission=action_id,
+            permission=action,
         )
 
     def has_view_or_change_permission(self, request, obj=None):
@@ -80,7 +80,7 @@ def has_view_or_change_permission(self, request, obj=None):
     def process_actions_permissions(self, request, actions):
         result = []
         for action in actions:
-            if self.has_permission_for_action(request, action.action_id):
+            if self.has_permission_for_action(request, action):
                 result.append(action)
         return result
 
@@ -110,6 +110,9 @@ def action_view(self, request, action=None, modifier=None):
         action_function = getattr(self, action, None)
         if not action_function:
             raise Http404
+        action = SBAdminCustomAction(
+            title=action, view=self, action_id=action, action_modifier=modifier
+        )
         permitted_action = self.has_permission_for_action(request, action)
         if not permitted_action:
             raise PermissionDenied
diff --git a/src/django_smartbase_admin/engine/configuration.py b/src/django_smartbase_admin/engine/configuration.py
@@ -4,6 +4,7 @@
 from django.db.models import Q
 
 from django_smartbase_admin.admin.site import sb_admin_site
+from django_smartbase_admin.engine.actions import SBAdminCustomAction
 from django_smartbase_admin.engine.const import GLOBAL_FILTER_DATA_KEY
 from django_smartbase_admin.utils import to_list
 
@@ -126,9 +127,18 @@ def restrict_queryset(
     ):
         return qs
 
+    def has_action_permission(
+        self, request, request_data, view, model, obj, permission
+    ):
+        return request.user.is_staff
+
     def has_permission(
         self, request, request_data, view, model=None, obj=None, permission=None
     ):
+        if isinstance(permission, SBAdminCustomAction):
+            return self.has_action_permission(
+                request, request_data, view, model, obj, permission
+            )
         if model:
             opts = model._meta
             codename = get_permission_codename(permission, opts)
