Add asset groups and restrictions

app/urls.py

@@ -23,6 +23,7 @@ from two_factor.urls import urlpatterns as tf_urls
 
 from core.views import (
     accounts,
+    assets,
     base,
     callbacks,
     hooks,
@@ -215,6 +216,7 @@ urlpatterns = [
         notifications.NotificationsUpdate.as_view(),
         name="notifications_update",
     ),
+    # Risks
     path(
         "risk/<str:type>/",
         risk.RiskList.as_view(),
@@ -235,4 +237,46 @@ urlpatterns = [
         risk.RiskDelete.as_view(),
         name="risk_delete",
     ),
+    # Asset Groups
+    path(
+        "group/<str:type>/",
+        assets.AssetGroupList.as_view(),
+        name="assetgroups",
+    ),
+    path(
+        "group/<str:type>/create/",
+        assets.AssetGroupCreate.as_view(),
+        name="assetgroup_create",
+    ),
+    path(
+        "group/<str:type>/update/<str:pk>/",
+        assets.AssetGroupUpdate.as_view(),
+        name="assetgroup_update",
+    ),
+    path(
+        "group/<str:type>/delete/<str:pk>/",
+        assets.AssetGroupDelete.as_view(),
+        name="assetgroup_delete",
+    ),
+    # Asset Restrictions
+    path(
+        "restriction/<str:type>/<str:group>/",
+        assets.AssetRestrictionList.as_view(),
+        name="assetrestrictions",
+    ),
+    path(
+        "restriction/<str:type>/create/<str:group>/",
+        assets.AssetRestrictionCreate.as_view(),
+        name="assetrestriction_create",
+    ),
+    path(
+        "restriction/<str:type>/update/<str:group>/<str:pk>/",
+        assets.AssetRestrictionUpdate.as_view(),
+        name="assetrestriction_update",
+    ),
+    path(
+        "restriction/<str:type>/delete/<str:group>/<str:pk>/",
+        assets.AssetRestrictionDelete.as_view(),
+        name="assetrestriction_delete",
+    ),
 ] + static(settings.STATIC_URL, document_root=settings.STATIC_ROOT)

core/forms.py

@@ -5,6 +5,8 @@ from django.forms import ModelForm
 
 from .models import (
     Account,
+    AssetGroup,
+    AssetRestriction,
     Hook,
     NotificationSettings,
     RiskModel,
@@ -326,3 +328,52 @@ class RiskModelForm(RestrictedFormMixin, ModelForm):
             "max_open_trades": "The maximum number of open trades.",
             "max_open_trades_per_symbol": "The maximum number of open trades per symbol.",
         }
+
+
+class AssetGroupForm(RestrictedFormMixin, ModelForm):
+    class Meta:
+        model = AssetGroup
+        fields = (
+            "name",
+            "description",
+            "account",
+        )
+        help_texts = {
+            "name": "Name of the asset group. Informational only.",
+            "description": "Description of the asset group. Informational only.",
+            "account": "Account to pull assets from.",
+        }
+
+
+class AssetRestrictionForm(RestrictedFormMixin, ModelForm):
+    class Meta:
+        model = AssetRestriction
+        fields = (
+            "name",
+            "description",
+            "pairs",
+        )
+        help_texts = {
+            "name": "Name of the asset restriction group. Informational only.",
+            "description": "Description of the asset restriction group. Informational only.",
+            "pairs": "Comma-separated list of pairs to restrict.",
+        }
+
+    def clean(self):
+        cleaned_data = super(AssetRestrictionForm, self).clean()
+        if "pairs" in cleaned_data and cleaned_data["pairs"]:
+            new_pairs = []
+            pair_split = cleaned_data["pairs"].split(",")
+            if not pair_split:
+                self.add_error("pairs", "You must specify at least one pair.")
+                return
+            for pair in pair_split:
+                if pair:
+                    new_pairs.append(pair.strip())
+                else:
+                    self.add_error("pairs", f"You cannot have an empty pair: {pair}")
+                    return
+
+            cleaned_data["pairs_parsed"] = new_pairs
+
+        return cleaned_data

core/migrations/0052_assetgroup_assetrestriction.py

@@ -0,0 +1,37 @@
+# Generated by Django 4.1.4 on 2023-02-10 13:29
+
+import django.db.models.deletion
+from django.conf import settings
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('core', '0051_account_initial_balance'),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='AssetGroup',
+            fields=[
+                ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('name', models.CharField(max_length=255)),
+                ('description', models.TextField(blank=True, null=True)),
+                ('allowed', models.JSONField(blank=True, null=True)),
+                ('account', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to='core.account')),
+                ('user', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to=settings.AUTH_USER_MODEL)),
+            ],
+        ),
+        migrations.CreateModel(
+            name='AssetRestriction',
+            fields=[
+                ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('name', models.CharField(max_length=255)),
+                ('description', models.TextField(blank=True, null=True)),
+                ('pairs', models.CharField(blank=True, max_length=4096, null=True)),
+                ('group', models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.CASCADE, to='core.assetgroup')),
+                ('user', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to=settings.AUTH_USER_MODEL)),
+            ],
+        ),
+    ]

core/migrations/0053_assetrestriction_pairs_parsed_and_more.py

@@ -0,0 +1,23 @@
+# Generated by Django 4.1.4 on 2023-02-10 13:38
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('core', '0052_assetgroup_assetrestriction'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='assetrestriction',
+            name='pairs_parsed',
+            field=models.JSONField(blank=True, null=True),
+        ),
+        migrations.AlterField(
+            model_name='assetgroup',
+            name='allowed',
+            field=models.JSONField(blank=True, default={}, null=True),
+        ),
+    ]

core/models.py

@@ -399,3 +399,46 @@ class RiskModel(models.Model):
 
     def __str__(self):
         return self.name
+
+
+class AssetGroup(models.Model):
+    user = models.ForeignKey(User, on_delete=models.CASCADE)
+    name = models.CharField(max_length=255)
+    description = models.TextField(null=True, blank=True)
+
+    # Account for checking pairs on children if specified
+    account = models.ForeignKey(Account, on_delete=models.CASCADE)
+
+    # Dict like {"RUB": True, "USD": False}
+    allowed = models.JSONField(null=True, blank=True, default=dict)
+
+    def __str__(self):
+        return self.name
+
+    @property
+    def matches(self):
+        """
+        Get the total number of matches for this group.
+        """
+        if isinstance(self.allowed, dict):
+            truthy_values = [x for x in self.allowed.values() if x is True]
+            return f"{len(truthy_values)}/{len(self.allowed)}"
+
+    @property
+    def restrictions(self):
+        """
+        Get the total number of restrictions for this group.
+        """
+        return self.assetrestriction_set.count()
+
+
+class AssetRestriction(models.Model):
+    user = models.ForeignKey(User, on_delete=models.CASCADE)
+    name = models.CharField(max_length=255)
+    description = models.TextField(null=True, blank=True)
+    pairs = models.CharField(max_length=4096, null=True, blank=True)
+    pairs_parsed = models.JSONField(null=True, blank=True)
+
+    group = models.ForeignKey(
+        AssetGroup, on_delete=models.CASCADE, null=True, blank=True
+    )

core/templates/base.html

@@ -257,6 +257,9 @@
                 <a class="navbar-item" href="{% url 'risks' type='page' %}">
                   Risk Management
                 </a>
+                <a class="navbar-item" href="{% url 'assetgroups' type='page' %}">
+                  Asset Groups
+                </a>
               </div>
             </div>
             <div class="navbar-item has-dropdown is-hoverable">

core/templates/partials/assetgroup-list.html

@@ -0,0 +1,72 @@
+{% include 'partials/notify.html' %}
+
+<table
+  class="table is-fullwidth is-hoverable"
+  hx-target="#{{ context_object_name }}-table"
+  id="{{ context_object_name }}-table"
+  hx-swap="outerHTML"
+  hx-trigger="{{ context_object_name_singular }}Event from:body"
+  hx-get="{{ list_url }}">
+  <thead>
+    <th>id</th>
+    <th>user</th>
+    <th>name</th>
+    <th>description</th>
+    <th>account</th>
+    <th>status</th>
+    <th>restrictions</th>
+    <th>actions</th>
+  </thead>
+  {% for item in object_list %}
+    <tr>
+      <td>{{ item.id }}</td>
+      <td>{{ item.user }}</td>
+      <td>{{ item.name }}</td>
+      <td>{{ item.description }}</td>
+      <td>{{ item.account }}</td>
+      <td>{{ item.matches }}</td>
+      <td>{{ item.restrictions }}</td>
+      <td>
+        <div class="buttons">
+          <button
+            hx-headers='{"X-CSRFToken": "{{ csrf_token }}"}'
+            hx-get="{% url 'assetgroup_update' type=type pk=item.id %}"
+            hx-trigger="click"
+            hx-target="#{{ type }}s-here"
+            hx-swap="innerHTML"
+            class="button">
+            <span class="icon-text">
+              <span class="icon">
+                <i class="fa-solid fa-pencil"></i>
+              </span>
+            </span>
+          </button>
+          <button
+            hx-headers='{"X-CSRFToken": "{{ csrf_token }}"}'
+            hx-delete="{% url 'assetgroup_delete' type=type pk=item.id %}"
+            hx-trigger="click"
+            hx-target="#modals-here"
+            hx-swap="innerHTML"
+            hx-confirm="Are you sure you wish to delete {{ item.name }}?"
+            class="button">
+            <span class="icon-text">
+              <span class="icon">
+                <i class="fa-solid fa-xmark"></i>
+              </span>
+            </span>
+          </button>
+          <a href="{% url 'assetrestrictions' type='page' group=item.id %}"><button
+            class="button">
+            <span class="icon-text">
+              <span class="icon">
+                <i class="fa-solid fa-eye"></i>
+              </span>
+            </span>
+          </button>
+          </a>
+        </div>
+      </td>
+    </tr>
+  {% endfor %}
+
+</table>

core/templates/partials/assetrestriction-list.html

@@ -0,0 +1,61 @@
+{% include 'partials/notify.html' %}
+
+<table
+  class="table is-fullwidth is-hoverable"
+  hx-target="#{{ context_object_name }}-table"
+  id="{{ context_object_name }}-table"
+  hx-swap="outerHTML"
+  hx-trigger="{{ context_object_name_singular }}Event from:body"
+  hx-get="{{ list_url }}">
+  <thead>
+    <th>id</th>
+    <th>user</th>
+    <th>name</th>
+    <th>description</th>
+    <th>pairs</th>
+    <th>group</th>
+    <th>actions</th>
+  </thead>
+  {% for item in object_list %}
+    <tr>
+      <td>{{ item.id }}</td>
+      <td>{{ item.user }}</td>
+      <td>{{ item.name }}</td>
+      <td>{{ item.description }}</td>
+      <td>{{ item.pairs_parsed|length }}</td>
+      <td>{{ item.group }}</td>
+      <td>
+        <div class="buttons">
+          <button
+            hx-headers='{"X-CSRFToken": "{{ csrf_token }}"}'
+            hx-get="{% url 'assetrestriction_update' type=type group=item.group.id pk=item.id %}"
+            hx-trigger="click"
+            hx-target="#{{ type }}s-here"
+            hx-swap="innerHTML"
+            class="button">
+            <span class="icon-text">
+              <span class="icon">
+                <i class="fa-solid fa-pencil"></i>
+              </span>
+            </span>
+          </button>
+          <button
+            hx-headers='{"X-CSRFToken": "{{ csrf_token }}"}'
+            hx-delete="{% url 'assetrestriction_delete' type=type group=item.group.id pk=item.id %}"
+            hx-trigger="click"
+            hx-target="#modals-here"
+            hx-swap="innerHTML"
+            hx-confirm="Are you sure you wish to delete {{ item.name }}?"
+            class="button">
+            <span class="icon-text">
+              <span class="icon">
+                <i class="fa-solid fa-xmark"></i>
+              </span>
+            </span>
+          </button>
+        </div>
+      </td>
+    </tr>
+  {% endfor %}
+
+</table>

core/views/__init__.py

@@ -15,6 +15,10 @@ from core.util import logs
 log = logs.get_logger(__name__)
 
 
+class AbortSave(Exception):
+    pass
+
+
 class RestrictedViewMixin:
     """
     This mixin overrides two helpers in order to pass the user object to the filters.
@@ -33,17 +37,28 @@ class RestrictedViewMixin:
     page_kwarg = "page"
     ordering = None
 
+    def set_extra_args(self, user):
+        """
+        This function is overriden to filter the objects by the requesting user.
+        """
+        self.extra_permission_args = {}
+
     def get_queryset(self, **kwargs):
         """
         This function is overriden to filter the objects by the requesting user.
         """
+        self.set_extra_args(self.request.user)
         if self.queryset is not None:
             queryset = self.queryset
             if isinstance(queryset, QuerySet):
                 # queryset = queryset.all()
-                queryset = queryset.filter(user=self.request.user)
+                queryset = queryset.filter(
+                    user=self.request.user, **self.extra_permission_args
+                )
         elif self.model is not None:
-            queryset = self.model._default_manager.filter(user=self.request.user)
+            queryset = self.model._default_manager.filter(
+                user=self.request.user, **self.extra_permission_args
+            )
         else:
             raise ImproperlyConfigured(
                 "%(cls)s is missing a QuerySet. Define "
@@ -99,6 +114,7 @@ class ObjectList(RestrictedViewMixin, ObjectNameMixin, ListView):
     list_url_args = ["type"]
 
     submit_url_name = None
+    submit_url_args = ["type"]
 
     delete_all_url_name = None
     widget_options = None
@@ -146,6 +162,13 @@ class ObjectList(RestrictedViewMixin, ObjectNameMixin, ListView):
             if is_empty:
                 raise Http404("Empty list")
 
+        submit_url_args = {}
+        for arg in self.submit_url_args:
+            if arg in locals():
+                submit_url_args[arg] = locals()[arg]
+            elif arg in kwargs:
+                submit_url_args[arg] = kwargs[arg]
+
         context = self.get_context_data()
         context["title"] = self.title + f" ({type})"
         context["title_singular"] = self.title_singular
@@ -159,7 +182,9 @@ class ObjectList(RestrictedViewMixin, ObjectNameMixin, ListView):
         context["context_object_name_singular"] = self.context_object_name_singular
 
         if self.submit_url_name is not None:
-            context["submit_url"] = reverse(self.submit_url_name, kwargs={"type": type})
+            context["submit_url"] = reverse(
+                self.submit_url_name, kwargs=submit_url_args
+            )
 
         if self.list_url_name is not None:
             context["list_url"] = reverse(self.list_url_name, kwargs=list_url_args)
@@ -204,11 +229,19 @@ class ObjectCreate(RestrictedViewMixin, ObjectNameMixin, CreateView):
     def post_save(self, obj):
         pass
 
+    def pre_save_mutate(self, user, obj):
+        pass
+
     def form_valid(self, form):
         obj = form.save(commit=False)
         if self.request is None:
             raise Exception("Request is None")
         obj.user = self.request.user
+        try:
+            self.pre_save_mutate(self.request.user, obj)
+        except AbortSave as e:
+            context = {"message": f"Failed to save: {e}", "class": "danger"}
+            return self.render_to_response(context)
         obj.save()
         form.save_m2m()
         self.post_save(obj)

core/views/assets.py

@@ -0,0 +1,101 @@
+from django.contrib.auth.mixins import LoginRequiredMixin
+
+from core.forms import AssetGroupForm, AssetRestrictionForm
+from core.models import AssetGroup, AssetRestriction
+from core.util import logs
+from core.views import AbortSave, ObjectCreate, ObjectDelete, ObjectList, ObjectUpdate
+
+log = logs.get_logger(__name__)
+
+# Asset Groups
+
+
+class AssetGroupList(LoginRequiredMixin, ObjectList):
+    list_template = "partials/assetgroup-list.html"
+    model = AssetGroup
+    page_title = "List of asset groups for restrictions. Linked to accounts."
+
+    list_url_name = "assetgroups"
+    list_url_args = ["type"]
+
+    submit_url_name = "assetgroup_create"
+
+
+class AssetGroupCreate(LoginRequiredMixin, ObjectCreate):
+    model = AssetGroup
+    form_class = AssetGroupForm
+
+    submit_url_name = "assetgroup_create"
+
+
+class AssetGroupUpdate(LoginRequiredMixin, ObjectUpdate):
+    model = AssetGroup
+    form_class = AssetGroupForm
+
+    submit_url_name = "assetgroup_update"
+
+
+class AssetGroupDelete(LoginRequiredMixin, ObjectDelete):
+    model = AssetGroup
+
+
+# Asset Restrictions
+
+
+class AssetRestrictionsPermissionMixin:
+    # Check the user has permission to view the asset group
+    # We have a user check on the AssetRestriction, but we need to check the
+    # AssetGroup as well
+    def set_extra_args(self, user):
+        self.extra_permission_args = {
+            "group__user": user,
+            "group__pk": self.kwargs["group"],
+        }
+
+
+class AssetRestrictionList(
+    LoginRequiredMixin, AssetRestrictionsPermissionMixin, ObjectList
+):
+    list_template = "partials/assetrestriction-list.html"
+    model = AssetRestriction
+    page_title = "List of asset restrictions. Linked to asset groups."
+
+    list_url_name = "assetrestrictions"
+    list_url_args = ["type", "group"]
+
+    submit_url_name = "assetrestriction_create"
+    submit_url_args = ["type", "group"]
+
+
+class AssetRestrictionCreate(
+    LoginRequiredMixin, AssetRestrictionsPermissionMixin, ObjectCreate
+):
+    model = AssetRestriction
+    form_class = AssetRestrictionForm
+
+    submit_url_name = "assetrestriction_create"
+    submit_url_args = ["type", "group"]
+
+    def pre_save_mutate(self, user, obj):
+        try:
+            assetgroup = AssetGroup.objects.get(pk=self.kwargs["group"], user=user)
+            obj.group = assetgroup
+        except AssetGroup.DoesNotExist:
+            log.error(f"Asset Group {self.kwargs['group']} does not exist")
+            raise AbortSave("asset group does not exist or you don't have access")
+
+
+class AssetRestrictionUpdate(
+    LoginRequiredMixin, AssetRestrictionsPermissionMixin, ObjectUpdate
+):
+    model = AssetRestriction
+    form_class = AssetRestrictionForm
+
+    submit_url_name = "assetrestriction_update"
+    submit_url_args = ["type", "pk", "group"]
+
+
+class AssetRestrictionDelete(
+    LoginRequiredMixin, AssetRestrictionsPermissionMixin, ObjectDelete
+):
+    model = AssetRestriction