From 9d19f7b805d2c9de19992ad796699c41f8647ef6 Mon Sep 17 00:00:00 2001 From: sniedzielski Date: Mon, 21 Oct 2024 20:56:21 +0200 Subject: [PATCH] OM-351: added search all groups for IMIS admin --- worker_voucher/apps.py | 2 + .../0016_group_search_all_rights.py | 46 +++++++++++++++++++ worker_voucher/schema.py | 4 +- worker_voucher/services.py | 2 +- 4 files changed, 52 insertions(+), 2 deletions(-) create mode 100644 worker_voucher/migrations/0016_group_search_all_rights.py diff --git a/worker_voucher/apps.py b/worker_voucher/apps.py index 3a597ef..1121be0 100644 --- a/worker_voucher/apps.py +++ b/worker_voucher/apps.py @@ -15,6 +15,7 @@ "gql_group_of_worker_create_perms": ["205002"], "gql_group_of_worker_update_perms": ["205003"], "gql_group_of_worker_delete_perms": ["205004"], + "gql_group_of_worker_search_all_perms": ["205005"], "unassigned_voucher_enabled": True, "price_per_voucher": "100.00", "max_generic_vouchers": 1000, @@ -50,6 +51,7 @@ class WorkerVoucherConfig(AppConfig, ConfigUtilMixin): gql_group_of_worker_create_perms = None gql_group_of_worker_update_perms = None gql_group_of_worker_delete_perms = None + gql_group_of_worker_search_all_perms = None unassigned_voucher_enabled = None price_per_voucher = None diff --git a/worker_voucher/migrations/0016_group_search_all_rights.py b/worker_voucher/migrations/0016_group_search_all_rights.py new file mode 100644 index 0000000..442cdfa --- /dev/null +++ b/worker_voucher/migrations/0016_group_search_all_rights.py @@ -0,0 +1,46 @@ +from django.db import migrations + +rights = ['205005'] +roles = ['IMIS Administrator'] + + +def add_rights(role_name, role_model, role_right_model): + role = role_model.objects.get(name=role_name, validity_to__isnull=True) + for right_id in rights: + if not role_right_model.objects.filter(validity_to__isnull=True, role=role, right_id=right_id).exists(): + _add_right_for_role(role, right_id, role_right_model) + + +def _add_right_for_role(role, right_id, role_right_model): + role_right_model.objects.create(role=role, right_id=right_id, audit_user_id=1) + + +def remove_rights(role_id, role_right_model): + role_right_model.objects.filter( + role__is_system=role_id, + right_id__in=rights, + validity_to__isnull=True + ).delete() + + +def on_migration(apps, schema_editor): + role_model = apps.get_model("core", "role") + role_right_model = apps.get_model("core", "roleright") + for role in roles: + add_rights(role, role_model, role_right_model) + + +def on_reverse_migration(apps, schema_editor): + role_right_model = apps.get_model("core", "roleright") + for role in roles: + remove_rights(role, role_right_model) + + +class Migration(migrations.Migration): + dependencies = [ + ('worker_voucher', '0015_group_of_worker_rights'), + ] + + operations = [ + migrations.RunPython(on_migration, on_reverse_migration), + ] diff --git a/worker_voucher/schema.py b/worker_voucher/schema.py index 5f4e95e..511306b 100644 --- a/worker_voucher/schema.py +++ b/worker_voucher/schema.py @@ -227,8 +227,10 @@ def resolve_group_of_worker(self, info, economic_unit_code=None, **kwargs): client_mutation_id = kwargs.get("client_mutation_id", None) if client_mutation_id: filters.append(Q(mutations__mutation__client_mutation_id=client_mutation_id)) + if economic_unit_code: + filters.append(Q(policyholder__code=economic_unit_code)) filters.extend(get_group_worker_user_filters(info.context.user)) - return gql_optimizer.query(query.filter(*filters, policyholder__code=economic_unit_code), info) + return gql_optimizer.query(query.filter(*filters), info) @staticmethod def _check_permissions(user, perms): diff --git a/worker_voucher/services.py b/worker_voucher/services.py index 9992f17..5edd175 100644 --- a/worker_voucher/services.py +++ b/worker_voucher/services.py @@ -88,7 +88,7 @@ def get_group_worker_user_filters(user: InteractiveUser) -> Iterable[Q]: policyholder__policyholderuser__is_deleted=False, policyholder__policyholderuser__user__validity_to__isnull=True, policyholder__policyholderuser__user__i_user__validity_to__isnull=True, - )] if user.has_perms(WorkerVoucherConfig.gql_group_of_worker_search_perms) else [] + )] if not user.has_perms(WorkerVoucherConfig.gql_group_of_worker_search_all_perms) else [] def validate_acquire_unassigned_vouchers(user: User, eu_code: str, count: Union[int, str]) -> Dict: