feat(notifications): hide unallowed categories

Fixes #3262
PnX-SI · Nov 20, 2024 · 35e508c · 35e508c
1 parent b91808b
commit 35e508c
Show file tree

Hide file tree

Showing 2 changed files with 38 additions and 15 deletions.
diff --git a/backend/geonature/core/notifications/models.py b/backend/geonature/core/notifications/models.py
@@ -3,10 +3,13 @@
 """
 
 import datetime
+from math import perm
 
+from geonature.core.gn_commons.models.base import TModules
+from geonature.core.gn_permissions.models import PermAction, PermObject
+from geonature.core.gn_permissions.tools import get_user_permissions
 import sqlalchemy as sa
 from sqlalchemy import ForeignKey
-from sqlalchemy.sql import select
 from sqlalchemy.orm import relationship
 from flask import g
 from utils_flask_sqla.models import qfilter
@@ -44,6 +47,26 @@ class NotificationCategory(db.Model):
     label = db.Column(db.Unicode)
     description = db.Column(db.UnicodeText)
 
+    id_module = db.Column(db.Integer, ForeignKey("gn_commons.t_modules.id_module"))
+    module = relationship(TModules)
+    id_object = db.Column(db.Integer, ForeignKey("gn_permissions.t_objects.id_object"))
+    object = relationship(PermObject)
+    id_action = db.Column(db.Integer, ForeignKey("gn_permissions.bib_actions.id_action"))
+    action = relationship(PermAction)
+
+    def is_allowed(self, user=None) -> bool:
+        if user is None:
+            user = g.current_user
+        id_role = user.id_role
+        permissions = get_user_permissions(id_role)
+        if self.id_module:
+            permissions = [p for p in permissions if p.id_module == self.id_module]
+        if self.id_object:
+            permissions = [p for p in permissions if p.id_object == self.id_object]
+        if self.id_action:
+            permissions = [p for p in permissions if p.id_action == self.id_action]
+        return bool(permissions)
+
     @property
     def display(self):
         if self.label:

diff --git a/backend/geonature/core/notifications/routes.py b/backend/geonature/core/notifications/routes.py
@@ -1,5 +1,3 @@
-import json
-
 import logging
 
 from flask import (
@@ -193,17 +191,19 @@ def list_notification_methods():
 @routes.route("/categories", methods=["GET"])
 @permissions.login_required
 def list_notification_categories():
-    notificationCategories = db.session.scalars(
+    categories = db.session.scalars(
         select(NotificationCategory).order_by(NotificationCategory.code.asc())
     ).all()
-    result = [
-        notificationsCategory.as_dict(
-            fields=[
-                "code",
-                "label",
-                "description",
-            ]
-        )
-        for notificationsCategory in notificationCategories
-    ]
-    return jsonify(result)
+    categories = [category for category in categories if category.is_allowed()]
+    return jsonify(
+        [
+            category.as_dict(
+                fields=[
+                    "code",
+                    "label",
+                    "description",
+                ]
+            )
+            for category in categories
+        ]
+    )