Add more fine-grained permissions to rules

2023-02-02 19:08:10 +00:00 · 2023-02-02 19:08:10 +00:00 · 97e932cbae
parent 0cbd2d8a6f
commit 97e932cbae
3 changed files with 34 additions and 0 deletions
--- a/core/lib/rules.py
+++ b/core/lib/rules.py
@ -23,6 +23,7 @@ SECONDS_PER_UNIT = {"s": 1, "m": 60, "h": 3600, "d": 86400, "w": 604800}
 MAX_WINDOW = 2592000
 MAX_AMOUNT_NTFY = 10
 MAX_AMOUNT_WEBHOOK = 1000
+HIGH_FREQUENCY_MIN_SEC = 60


 class RuleParseError(Exception):
@ -454,6 +455,20 @@ class NotificationRuleData(object):
        service = self.cleaned_data.get("service")

        on_demand = interval == 0
+
+        # Not on demand and interval is too low
+        if not on_demand and interval <= HIGH_FREQUENCY_MIN_SEC:
+            if not self.user.has_perm("core.rules_high_frequency"):
+                raise RuleParseError(
+                    "User does not have permission to use high frequency rules", "data"
+                )
+
+        if not on_demand:
+            if not self.user.has_perm("core.rules_scheduled"):
+                raise RuleParseError(
+                    "User does not have permission to use scheduled rules", "data"
+                )
+
        if on_demand and window is not None:
            # Interval is on demand and window is specified
            # We can't have a window with on-demand rules
--- a/core/migrations/0023_alter_perms_options.py
+++ b/core/migrations/0023_alter_perms_options.py
@ -0,0 +1,17 @@
+# Generated by Django 4.1.5 on 2023-02-02 19:07
+
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('core', '0022_notificationrule_send_empty_and_more'),
+    ]
+
+    operations = [
+        migrations.AlterModelOptions(
+            name='perms',
+            options={'permissions': (('post_irc', 'Can post to IRC'), ('post_discord', 'Can post to Discord'), ('use_insights', 'Can use the Insights page'), ('use_rules', 'Can use the Rules page'), ('rules_scheduled', 'Can use the scheduled rules'), ('rules_high_frequency', 'Can use the high frequency rules'), ('index_internal', 'Can use the internal index'), ('index_meta', 'Can use the meta index'), ('index_restricted', 'Can use the restricted index'), ('restricted_sources', 'Can access restricted sources'))},
+        ),
+    ]
--- a/core/models.py
+++ b/core/models.py
@ -165,6 +165,8 @@ class Perms(models.Model):
            ("post_discord", "Can post to Discord"),
            ("use_insights", "Can use the Insights page"),
            ("use_rules", "Can use the Rules page"),
+            ("rules_scheduled", "Can use the scheduled rules"),
+            ("rules_high_frequency", "Can use the high frequency rules"),
            ("index_internal", "Can use the internal index"),
            ("index_meta", "Can use the meta index"),
            ("index_restricted", "Can use the restricted index"),