Add asset groups and restrictions

Implement extra permission checks and mutations on restriction mixin
Implement CRUD for asset groups
2023-02-10 14:33:17 +00:00 · 2023-02-10 14:32:51 +00:00 · 2023-02-10 07:20:19 +00:00
10 changed files with 471 additions and 3 deletions
--- a/app/urls.py
+++ b/app/urls.py
@@ -23,6 +23,7 @@ from two_factor.urls import urlpatterns as tf_urls

 from core.views import (
    accounts,
+    assets,
    base,
    callbacks,
    hooks,
@@ -215,6 +216,7 @@ urlpatterns = [
        notifications.NotificationsUpdate.as_view(),
        name="notifications_update",
    ),
+    # Risks
    path(
        "risk/<str:type>/",
        risk.RiskList.as_view(),
@@ -235,4 +237,46 @@ urlpatterns = [
        risk.RiskDelete.as_view(),
        name="risk_delete",
    ),
+    # Asset Groups
+    path(
+        "group/<str:type>/",
+        assets.AssetGroupList.as_view(),
+        name="assetgroups",
+    ),
+    path(
+        "group/<str:type>/create/",
+        assets.AssetGroupCreate.as_view(),
+        name="assetgroup_create",
+    ),
+    path(
+        "group/<str:type>/update/<str:pk>/",
+        assets.AssetGroupUpdate.as_view(),
+        name="assetgroup_update",
+    ),
+    path(
+        "group/<str:type>/delete/<str:pk>/",
+        assets.AssetGroupDelete.as_view(),
+        name="assetgroup_delete",
+    ),
+    # Asset Restrictions
+    path(
+        "restriction/<str:type>/<str:group>/",
+        assets.AssetRestrictionList.as_view(),
+        name="assetrestrictions",
+    ),
+    path(
+        "restriction/<str:type>/create/<str:group>/",
+        assets.AssetRestrictionCreate.as_view(),
+        name="assetrestriction_create",
+    ),
+    path(
+        "restriction/<str:type>/update/<str:group>/<str:pk>/",
+        assets.AssetRestrictionUpdate.as_view(),
+        name="assetrestriction_update",
+    ),
+    path(
+        "restriction/<str:type>/delete/<str:group>/<str:pk>/",
+        assets.AssetRestrictionDelete.as_view(),
+        name="assetrestriction_delete",
+    ),
 ] + static(settings.STATIC_URL, document_root=settings.STATIC_ROOT)
--- a/core/forms.py
+++ b/core/forms.py
@@ -5,6 +5,8 @@ from django.forms import ModelForm

 from .models import (
    Account,
+    AssetGroup,
+    AssetRestriction,
    Hook,
    NotificationSettings,
    RiskModel,
@@ -326,3 +328,52 @@ class RiskModelForm(RestrictedFormMixin, ModelForm):
            "max_open_trades": "The maximum number of open trades.",
            "max_open_trades_per_symbol": "The maximum number of open trades per symbol.",
        }
+
+
+class AssetGroupForm(RestrictedFormMixin, ModelForm):
+    class Meta:
+        model = AssetGroup
+        fields = (
+            "name",
+            "description",
+            "account",
+        )
+        help_texts = {
+            "name": "Name of the asset group. Informational only.",
+            "description": "Description of the asset group. Informational only.",
+            "account": "Account to pull assets from.",
+        }
+
+
+class AssetRestrictionForm(RestrictedFormMixin, ModelForm):
+    class Meta:
+        model = AssetRestriction
+        fields = (
+            "name",
+            "description",
+            "pairs",
+        )
+        help_texts = {
+            "name": "Name of the asset restriction group. Informational only.",
+            "description": "Description of the asset restriction group. Informational only.",
+            "pairs": "Comma-separated list of pairs to restrict.",
+        }
+
+    def clean(self):
+        cleaned_data = super(AssetRestrictionForm, self).clean()
+        if "pairs" in cleaned_data and cleaned_data["pairs"]:
+            new_pairs = []
+            pair_split = cleaned_data["pairs"].split(",")
+            if not pair_split:
+                self.add_error("pairs", "You must specify at least one pair.")
+                return
+            for pair in pair_split:
+                if pair:
+                    new_pairs.append(pair.strip())
+                else:
+                    self.add_error("pairs", f"You cannot have an empty pair: {pair}")
+                    return
+
+            cleaned_data["pairs_parsed"] = new_pairs
+
+        return cleaned_data
--- a/core/migrations/0052_assetgroup_assetrestriction.py
+++ b/core/migrations/0052_assetgroup_assetrestriction.py
@@ -0,0 +1,37 @@
+# Generated by Django 4.1.4 on 2023-02-10 13:29
+
+import django.db.models.deletion
+from django.conf import settings
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('core', '0051_account_initial_balance'),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='AssetGroup',
+            fields=[
+                ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('name', models.CharField(max_length=255)),
+                ('description', models.TextField(blank=True, null=True)),
+                ('allowed', models.JSONField(blank=True, null=True)),
+                ('account', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to='core.account')),
+                ('user', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to=settings.AUTH_USER_MODEL)),
+            ],
+        ),
+        migrations.CreateModel(
+            name='AssetRestriction',
+            fields=[
+                ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('name', models.CharField(max_length=255)),
+                ('description', models.TextField(blank=True, null=True)),
+                ('pairs', models.CharField(blank=True, max_length=4096, null=True)),
+                ('group', models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.CASCADE, to='core.assetgroup')),
+                ('user', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to=settings.AUTH_USER_MODEL)),
+            ],
+        ),
+    ]
--- a/core/migrations/0053_assetrestriction_pairs_parsed_and_more.py
+++ b/core/migrations/0053_assetrestriction_pairs_parsed_and_more.py
@@ -0,0 +1,23 @@
+# Generated by Django 4.1.4 on 2023-02-10 13:38
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('core', '0052_assetgroup_assetrestriction'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='assetrestriction',
+            name='pairs_parsed',
+            field=models.JSONField(blank=True, null=True),
+        ),
+        migrations.AlterField(
+            model_name='assetgroup',
+            name='allowed',
+            field=models.JSONField(blank=True, default={}, null=True),
+        ),
+    ]
--- a/core/models.py
+++ b/core/models.py
@@ -399,3 +399,46 @@ class RiskModel(models.Model):

    def __str__(self):
        return self.name
+
+
+class AssetGroup(models.Model):
+    user = models.ForeignKey(User, on_delete=models.CASCADE)
+    name = models.CharField(max_length=255)
+    description = models.TextField(null=True, blank=True)
+
+    # Account for checking pairs on children if specified
+    account = models.ForeignKey(Account, on_delete=models.CASCADE)
+
+    # Dict like {"RUB": True, "USD": False}
+    allowed = models.JSONField(null=True, blank=True, default=dict)
+
+    def __str__(self):
+        return self.name
+
+    @property
+    def matches(self):
+        """
+        Get the total number of matches for this group.
+        """
+        if isinstance(self.allowed, dict):
+            truthy_values = [x for x in self.allowed.values() if x is True]
+            return f"{len(truthy_values)}/{len(self.allowed)}"
+
+    @property
+    def restrictions(self):
+        """
+        Get the total number of restrictions for this group.
+        """
+        return self.assetrestriction_set.count()
+
+
+class AssetRestriction(models.Model):
+    user = models.ForeignKey(User, on_delete=models.CASCADE)
+    name = models.CharField(max_length=255)
+    description = models.TextField(null=True, blank=True)
+    pairs = models.CharField(max_length=4096, null=True, blank=True)
+    pairs_parsed = models.JSONField(null=True, blank=True)
+
+    group = models.ForeignKey(
+        AssetGroup, on_delete=models.CASCADE, null=True, blank=True
+    )
--- a/core/templates/base.html
+++ b/core/templates/base.html
@@ -257,6 +257,9 @@
                <a class="navbar-item" href="{% url 'risks' type='page' %}">
                  Risk Management
                </a>
+                <a class="navbar-item" href="{% url 'assetgroups' type='page' %}">
+                  Asset Groups
+                </a>
              </div>
            </div>
            <div class="navbar-item has-dropdown is-hoverable">
--- a/core/templates/partials/assetgroup-list.html
+++ b/core/templates/partials/assetgroup-list.html
@@ -0,0 +1,72 @@
+{% include 'partials/notify.html' %}
+
+<table
+  class="table is-fullwidth is-hoverable"
+  hx-target="#{{ context_object_name }}-table"
+  id="{{ context_object_name }}-table"
+  hx-swap="outerHTML"
+  hx-trigger="{{ context_object_name_singular }}Event from:body"
+  hx-get="{{ list_url }}">
+  <thead>
+    <th>id</th>
+    <th>user</th>
+    <th>name</th>
+    <th>description</th>
+    <th>account</th>
+    <th>status</th>
+    <th>restrictions</th>
+    <th>actions</th>
+  </thead>
+  {% for item in object_list %}
+    <tr>
+      <td>{{ item.id }}</td>
+      <td>{{ item.user }}</td>
+      <td>{{ item.name }}</td>
+      <td>{{ item.description }}</td>
+      <td>{{ item.account }}</td>
+      <td>{{ item.matches }}</td>
+      <td>{{ item.restrictions }}</td>
+      <td>
+        <div class="buttons">
+          <button
+            hx-headers='{"X-CSRFToken": "{{ csrf_token }}"}'
+            hx-get="{% url 'assetgroup_update' type=type pk=item.id %}"
+            hx-trigger="click"
+            hx-target="#{{ type }}s-here"
+            hx-swap="innerHTML"
+            class="button">
+            <span class="icon-text">
+              <span class="icon">
+                <i class="fa-solid fa-pencil"></i>
+              </span>
+            </span>
+          </button>
+          <button
+            hx-headers='{"X-CSRFToken": "{{ csrf_token }}"}'
+            hx-delete="{% url 'assetgroup_delete' type=type pk=item.id %}"
+            hx-trigger="click"
+            hx-target="#modals-here"
+            hx-swap="innerHTML"
+            hx-confirm="Are you sure you wish to delete {{ item.name }}?"
+            class="button">
+            <span class="icon-text">
+              <span class="icon">
+                <i class="fa-solid fa-xmark"></i>
+              </span>
+            </span>
+          </button>
+          <a href="{% url 'assetrestrictions' type='page' group=item.id %}"><button
+            class="button">
+            <span class="icon-text">
+              <span class="icon">
+                <i class="fa-solid fa-eye"></i>
+              </span>
+            </span>
+          </button>
+          </a>
+        </div>
+      </td>
+    </tr>
+  {% endfor %}
+
+</table>
--- a/core/templates/partials/assetrestriction-list.html
+++ b/core/templates/partials/assetrestriction-list.html
@@ -0,0 +1,61 @@
+{% include 'partials/notify.html' %}
+
+<table
+  class="table is-fullwidth is-hoverable"
+  hx-target="#{{ context_object_name }}-table"
+  id="{{ context_object_name }}-table"
+  hx-swap="outerHTML"
+  hx-trigger="{{ context_object_name_singular }}Event from:body"
+  hx-get="{{ list_url }}">
+  <thead>
+    <th>id</th>
+    <th>user</th>
+    <th>name</th>
+    <th>description</th>
+    <th>pairs</th>
+    <th>group</th>
+    <th>actions</th>
+  </thead>
+  {% for item in object_list %}
+    <tr>
+      <td>{{ item.id }}</td>
+      <td>{{ item.user }}</td>
+      <td>{{ item.name }}</td>
+      <td>{{ item.description }}</td>
+      <td>{{ item.pairs_parsed|length }}</td>
+      <td>{{ item.group }}</td>
+      <td>
+        <div class="buttons">
+          <button
+            hx-headers='{"X-CSRFToken": "{{ csrf_token }}"}'
+            hx-get="{% url 'assetrestriction_update' type=type group=item.group.id pk=item.id %}"
+            hx-trigger="click"
+            hx-target="#{{ type }}s-here"
+            hx-swap="innerHTML"
+            class="button">
+            <span class="icon-text">
+              <span class="icon">
+                <i class="fa-solid fa-pencil"></i>
+              </span>
+            </span>
+          </button>
+          <button
+            hx-headers='{"X-CSRFToken": "{{ csrf_token }}"}'
+            hx-delete="{% url 'assetrestriction_delete' type=type group=item.group.id pk=item.id %}"
+            hx-trigger="click"
+            hx-target="#modals-here"
+            hx-swap="innerHTML"
+            hx-confirm="Are you sure you wish to delete {{ item.name }}?"
+            class="button">
+            <span class="icon-text">
+              <span class="icon">
+                <i class="fa-solid fa-xmark"></i>
+              </span>
+            </span>
+          </button>
+        </div>
+      </td>
+    </tr>
+  {% endfor %}
+
+</table>
--- a/core/views/init.py
+++ b/core/views/init.py
@@ -15,6 +15,10 @@ from core.util import logs
 log = logs.get_logger(__name__)


+class AbortSave(Exception):
+    pass
+
+
 class RestrictedViewMixin:
    """
    This mixin overrides two helpers in order to pass the user object to the filters.
@@ -33,17 +37,28 @@ class RestrictedViewMixin:
    page_kwarg = "page"
    ordering = None

+    def set_extra_args(self, user):
+        """
+        This function is overriden to filter the objects by the requesting user.
+        """
+        self.extra_permission_args = {}
+
    def get_queryset(self, **kwargs):
        """
        This function is overriden to filter the objects by the requesting user.
        """
+        self.set_extra_args(self.request.user)
        if self.queryset is not None:
            queryset = self.queryset
            if isinstance(queryset, QuerySet):
                # queryset = queryset.all()
-                queryset = queryset.filter(user=self.request.user)
+                queryset = queryset.filter(
+                    user=self.request.user, **self.extra_permission_args
+                )
        elif self.model is not None:
-            queryset = self.model._default_manager.filter(user=self.request.user)
+            queryset = self.model._default_manager.filter(
+                user=self.request.user, **self.extra_permission_args
+            )
        else:
            raise ImproperlyConfigured(
                "%(cls)s is missing a QuerySet. Define "
@@ -99,6 +114,7 @@ class ObjectList(RestrictedViewMixin, ObjectNameMixin, ListView):
    list_url_args = ["type"]

    submit_url_name = None
+    submit_url_args = ["type"]

    delete_all_url_name = None
    widget_options = None
@@ -146,6 +162,13 @@ class ObjectList(RestrictedViewMixin, ObjectNameMixin, ListView):
            if is_empty:
                raise Http404("Empty list")

+        submit_url_args = {}
+        for arg in self.submit_url_args:
+            if arg in locals():
+                submit_url_args[arg] = locals()[arg]
+            elif arg in kwargs:
+                submit_url_args[arg] = kwargs[arg]
+
        context = self.get_context_data()
        context["title"] = self.title + f" ({type})"
        context["title_singular"] = self.title_singular
@@ -159,7 +182,9 @@ class ObjectList(RestrictedViewMixin, ObjectNameMixin, ListView):
        context["context_object_name_singular"] = self.context_object_name_singular

        if self.submit_url_name is not None:
-            context["submit_url"] = reverse(self.submit_url_name, kwargs={"type": type})
+            context["submit_url"] = reverse(
+                self.submit_url_name, kwargs=submit_url_args
+            )

        if self.list_url_name is not None:
            context["list_url"] = reverse(self.list_url_name, kwargs=list_url_args)
@@ -204,11 +229,19 @@ class ObjectCreate(RestrictedViewMixin, ObjectNameMixin, CreateView):
    def post_save(self, obj):
        pass

+    def pre_save_mutate(self, user, obj):
+        pass
+
    def form_valid(self, form):
        obj = form.save(commit=False)
        if self.request is None:
            raise Exception("Request is None")
        obj.user = self.request.user
+        try:
+            self.pre_save_mutate(self.request.user, obj)
+        except AbortSave as e:
+            context = {"message": f"Failed to save: {e}", "class": "danger"}
+            return self.render_to_response(context)
        obj.save()
        form.save_m2m()
        self.post_save(obj)
--- a/core/views/assets.py
+++ b/core/views/assets.py
@@ -0,0 +1,101 @@
+from django.contrib.auth.mixins import LoginRequiredMixin
+
+from core.forms import AssetGroupForm, AssetRestrictionForm
+from core.models import AssetGroup, AssetRestriction
+from core.util import logs
+from core.views import AbortSave, ObjectCreate, ObjectDelete, ObjectList, ObjectUpdate
+
+log = logs.get_logger(__name__)
+
+# Asset Groups
+
+
+class AssetGroupList(LoginRequiredMixin, ObjectList):
+    list_template = "partials/assetgroup-list.html"
+    model = AssetGroup
+    page_title = "List of asset groups for restrictions. Linked to accounts."
+
+    list_url_name = "assetgroups"
+    list_url_args = ["type"]
+
+    submit_url_name = "assetgroup_create"
+
+
+class AssetGroupCreate(LoginRequiredMixin, ObjectCreate):
+    model = AssetGroup
+    form_class = AssetGroupForm
+
+    submit_url_name = "assetgroup_create"
+
+
+class AssetGroupUpdate(LoginRequiredMixin, ObjectUpdate):
+    model = AssetGroup
+    form_class = AssetGroupForm
+
+    submit_url_name = "assetgroup_update"
+
+
+class AssetGroupDelete(LoginRequiredMixin, ObjectDelete):
+    model = AssetGroup
+
+
+# Asset Restrictions
+
+
+class AssetRestrictionsPermissionMixin:
+    # Check the user has permission to view the asset group
+    # We have a user check on the AssetRestriction, but we need to check the
+    # AssetGroup as well
+    def set_extra_args(self, user):
+        self.extra_permission_args = {
+            "group__user": user,
+            "group__pk": self.kwargs["group"],
+        }
+
+
+class AssetRestrictionList(
+    LoginRequiredMixin, AssetRestrictionsPermissionMixin, ObjectList
+):
+    list_template = "partials/assetrestriction-list.html"
+    model = AssetRestriction
+    page_title = "List of asset restrictions. Linked to asset groups."
+
+    list_url_name = "assetrestrictions"
+    list_url_args = ["type", "group"]
+
+    submit_url_name = "assetrestriction_create"
+    submit_url_args = ["type", "group"]
+
+
+class AssetRestrictionCreate(
+    LoginRequiredMixin, AssetRestrictionsPermissionMixin, ObjectCreate
+):
+    model = AssetRestriction
+    form_class = AssetRestrictionForm
+
+    submit_url_name = "assetrestriction_create"
+    submit_url_args = ["type", "group"]
+
+    def pre_save_mutate(self, user, obj):
+        try:
+            assetgroup = AssetGroup.objects.get(pk=self.kwargs["group"], user=user)
+            obj.group = assetgroup
+        except AssetGroup.DoesNotExist:
+            log.error(f"Asset Group {self.kwargs['group']} does not exist")
+            raise AbortSave("asset group does not exist or you don't have access")
+
+
+class AssetRestrictionUpdate(
+    LoginRequiredMixin, AssetRestrictionsPermissionMixin, ObjectUpdate
+):
+    model = AssetRestriction
+    form_class = AssetRestrictionForm
+
+    submit_url_name = "assetrestriction_update"
+    submit_url_args = ["type", "pk", "group"]
+
+
+class AssetRestrictionDelete(
+    LoginRequiredMixin, AssetRestrictionsPermissionMixin, ObjectDelete
+):
+    model = AssetRestriction
Author	SHA1	Message	Date
Mark Veidemanis	f81d632df3	Add asset groups and restrictions	2023-02-10 14:33:17 +00:00
Mark Veidemanis	7938bffc8d	Implement extra permission checks and mutations on restriction mixin	2023-02-10 14:32:51 +00:00
Mark Veidemanis	72055181bc	Implement CRUD for asset groups	2023-02-10 07:20:19 +00:00