Add more fine-grained permissions to rules

This commit is contained in:
Mark Veidemanis 2023-02-02 19:08:10 +00:00
parent 0cbd2d8a6f
commit 97e932cbae
Signed by: m
GPG Key ID: 5ACFCEED46C0904F
3 changed files with 34 additions and 0 deletions

View File

@ -23,6 +23,7 @@ SECONDS_PER_UNIT = {"s": 1, "m": 60, "h": 3600, "d": 86400, "w": 604800}
MAX_WINDOW = 2592000 MAX_WINDOW = 2592000
MAX_AMOUNT_NTFY = 10 MAX_AMOUNT_NTFY = 10
MAX_AMOUNT_WEBHOOK = 1000 MAX_AMOUNT_WEBHOOK = 1000
HIGH_FREQUENCY_MIN_SEC = 60
class RuleParseError(Exception): class RuleParseError(Exception):
@ -454,6 +455,20 @@ class NotificationRuleData(object):
service = self.cleaned_data.get("service") service = self.cleaned_data.get("service")
on_demand = interval == 0 on_demand = interval == 0
# Not on demand and interval is too low
if not on_demand and interval <= HIGH_FREQUENCY_MIN_SEC:
if not self.user.has_perm("core.rules_high_frequency"):
raise RuleParseError(
"User does not have permission to use high frequency rules", "data"
)
if not on_demand:
if not self.user.has_perm("core.rules_scheduled"):
raise RuleParseError(
"User does not have permission to use scheduled rules", "data"
)
if on_demand and window is not None: if on_demand and window is not None:
# Interval is on demand and window is specified # Interval is on demand and window is specified
# We can't have a window with on-demand rules # We can't have a window with on-demand rules

View File

@ -0,0 +1,17 @@
# Generated by Django 4.1.5 on 2023-02-02 19:07
from django.db import migrations
class Migration(migrations.Migration):
dependencies = [
('core', '0022_notificationrule_send_empty_and_more'),
]
operations = [
migrations.AlterModelOptions(
name='perms',
options={'permissions': (('post_irc', 'Can post to IRC'), ('post_discord', 'Can post to Discord'), ('use_insights', 'Can use the Insights page'), ('use_rules', 'Can use the Rules page'), ('rules_scheduled', 'Can use the scheduled rules'), ('rules_high_frequency', 'Can use the high frequency rules'), ('index_internal', 'Can use the internal index'), ('index_meta', 'Can use the meta index'), ('index_restricted', 'Can use the restricted index'), ('restricted_sources', 'Can access restricted sources'))},
),
]

View File

@ -165,6 +165,8 @@ class Perms(models.Model):
("post_discord", "Can post to Discord"), ("post_discord", "Can post to Discord"),
("use_insights", "Can use the Insights page"), ("use_insights", "Can use the Insights page"),
("use_rules", "Can use the Rules page"), ("use_rules", "Can use the Rules page"),
("rules_scheduled", "Can use the scheduled rules"),
("rules_high_frequency", "Can use the high frequency rules"),
("index_internal", "Can use the internal index"), ("index_internal", "Can use the internal index"),
("index_meta", "Can use the meta index"), ("index_meta", "Can use the meta index"),
("index_restricted", "Can use the restricted index"), ("index_restricted", "Can use the restricted index"),