Add more fine-grained permissions to rules
This commit is contained in:
parent
0cbd2d8a6f
commit
97e932cbae
|
@ -23,6 +23,7 @@ SECONDS_PER_UNIT = {"s": 1, "m": 60, "h": 3600, "d": 86400, "w": 604800}
|
||||||
MAX_WINDOW = 2592000
|
MAX_WINDOW = 2592000
|
||||||
MAX_AMOUNT_NTFY = 10
|
MAX_AMOUNT_NTFY = 10
|
||||||
MAX_AMOUNT_WEBHOOK = 1000
|
MAX_AMOUNT_WEBHOOK = 1000
|
||||||
|
HIGH_FREQUENCY_MIN_SEC = 60
|
||||||
|
|
||||||
|
|
||||||
class RuleParseError(Exception):
|
class RuleParseError(Exception):
|
||||||
|
@ -454,6 +455,20 @@ class NotificationRuleData(object):
|
||||||
service = self.cleaned_data.get("service")
|
service = self.cleaned_data.get("service")
|
||||||
|
|
||||||
on_demand = interval == 0
|
on_demand = interval == 0
|
||||||
|
|
||||||
|
# Not on demand and interval is too low
|
||||||
|
if not on_demand and interval <= HIGH_FREQUENCY_MIN_SEC:
|
||||||
|
if not self.user.has_perm("core.rules_high_frequency"):
|
||||||
|
raise RuleParseError(
|
||||||
|
"User does not have permission to use high frequency rules", "data"
|
||||||
|
)
|
||||||
|
|
||||||
|
if not on_demand:
|
||||||
|
if not self.user.has_perm("core.rules_scheduled"):
|
||||||
|
raise RuleParseError(
|
||||||
|
"User does not have permission to use scheduled rules", "data"
|
||||||
|
)
|
||||||
|
|
||||||
if on_demand and window is not None:
|
if on_demand and window is not None:
|
||||||
# Interval is on demand and window is specified
|
# Interval is on demand and window is specified
|
||||||
# We can't have a window with on-demand rules
|
# We can't have a window with on-demand rules
|
||||||
|
|
|
@ -0,0 +1,17 @@
|
||||||
|
# Generated by Django 4.1.5 on 2023-02-02 19:07
|
||||||
|
|
||||||
|
from django.db import migrations
|
||||||
|
|
||||||
|
|
||||||
|
class Migration(migrations.Migration):
|
||||||
|
|
||||||
|
dependencies = [
|
||||||
|
('core', '0022_notificationrule_send_empty_and_more'),
|
||||||
|
]
|
||||||
|
|
||||||
|
operations = [
|
||||||
|
migrations.AlterModelOptions(
|
||||||
|
name='perms',
|
||||||
|
options={'permissions': (('post_irc', 'Can post to IRC'), ('post_discord', 'Can post to Discord'), ('use_insights', 'Can use the Insights page'), ('use_rules', 'Can use the Rules page'), ('rules_scheduled', 'Can use the scheduled rules'), ('rules_high_frequency', 'Can use the high frequency rules'), ('index_internal', 'Can use the internal index'), ('index_meta', 'Can use the meta index'), ('index_restricted', 'Can use the restricted index'), ('restricted_sources', 'Can access restricted sources'))},
|
||||||
|
),
|
||||||
|
]
|
|
@ -165,6 +165,8 @@ class Perms(models.Model):
|
||||||
("post_discord", "Can post to Discord"),
|
("post_discord", "Can post to Discord"),
|
||||||
("use_insights", "Can use the Insights page"),
|
("use_insights", "Can use the Insights page"),
|
||||||
("use_rules", "Can use the Rules page"),
|
("use_rules", "Can use the Rules page"),
|
||||||
|
("rules_scheduled", "Can use the scheduled rules"),
|
||||||
|
("rules_high_frequency", "Can use the high frequency rules"),
|
||||||
("index_internal", "Can use the internal index"),
|
("index_internal", "Can use the internal index"),
|
||||||
("index_meta", "Can use the meta index"),
|
("index_meta", "Can use the meta index"),
|
||||||
("index_restricted", "Can use the restricted index"),
|
("index_restricted", "Can use the restricted index"),
|
||||||
|
|
Loading…
Reference in New Issue