Add permission for Rooms

Author: pkuGenuine

Appointment/migrations/0005_alter_room_options_room_required_perm.py

@@ -0,0 +1,34 @@
+# Generated by Django 5.0.9 on 2024-12-28 12:28
+
+import django.db.models.deletion
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ("Appointment", "0004_room_image_room_quick_reservable_roomclass"),
+        ("auth", "0012_alter_user_first_name_max_length"),
+    ]
+
+    operations = [
+        migrations.AlterModelOptions(
+            name="room",
+            options={
+                "ordering": ["Rid"],
+                "permissions": [("can_book_example_rooms", "可预约样例房间")],
+                "verbose_name": "房间",
+                "verbose_name_plural": "房间",
+            },
+        ),
+        migrations.AddField(
+            model_name="room",
+            name="required_perm",
+            field=models.ForeignKey(
+                blank=True,
+                default=None,
+                null=True,
+                on_delete=django.db.models.deletion.SET_NULL,
+                to="auth.permission",
+            ),
+        ),
+    ]

Appointment/models.py

@@ -6,13 +6,15 @@
 from django.db.models import QuerySet, Q
 from django.dispatch import receiver
 from django.db import transaction
+from django.contrib.auth.models import Permission
 
 from utils.models.descriptor import admin_only
 from utils.models.choice import choice, CustomizedDisplay, DefaultDisplay
 from utils.models.manager import ManyRelatedManager
 from utils.models.permission import PermissionModelBase, BasePermission
 from generic.models import User
 from Appointment.config import appointment_config as CONFIG
+from Appointment.apps import AppointmentConfig
 
 __all__ = [
     'User',
@@ -144,6 +146,10 @@ class Meta:
         verbose_name = '房间'
         verbose_name_plural = verbose_name
         ordering = ['Rid']
+        # 可以临时修改来生成 migrations 文件，但具体的权限不要留在 develop 分支里
+        permissions = [
+            ('can_book_example_rooms', '可预约样例房间'),
+        ]
 
     # 房间编号我不确定是否需要。如果地下室有门牌的话（例如B101）保留房间编号比较好
     # 如果删除Rid记得把Rtitle设置成主键
@@ -156,6 +162,15 @@ class Meta:
     Rlatest_time = models.DateTimeField("摄像头心跳", auto_now_add=True)
     Rpresent = models.IntegerField('目前人数', default=0)
     image = models.ImageField('房间图片', upload_to='room_images', null=True)
+    # 不使用 “perms”，避免又一个 many-to-many 的表
+    required_perm = models.ForeignKey(
+        Permission, default=None, null=True, blank=True,
+        on_delete=models.SET_NULL)
+
+    def check_user_perm(self, user: User) -> bool:
+        '''检查用户是否有权限预约此房间'''
+        return self.required_perm is None or user.has_perm(
+            f'{AppointmentConfig.name}.{self.required_perm.codename}')
 
     # Rstatus 标记当前房间是否允许预约，可由管理员修改
     class Status(models.IntegerChoices):

Appointment/views.py

@@ -270,10 +270,8 @@ def credit(request):
 
 @identity_check(redirect_field_name='origin', auth_func=lambda x: True)
 def index(request):  # 主页
-    render_context = {}
-    render_context.update(
-        show_admin=(request.user.is_superuser or request.user.is_staff),
-    )
+    user: User = request.user
+    render_context = dict(show_admin=(user.is_superuser or user.is_staff))
     # 处理学院公告
     announcements = College_Announcement.objects.filter(
         show=College_Announcement.Show_Status.Yes)
@@ -308,11 +306,14 @@ def format_time(delta):  # 格式化timedelta，隐去0h
         '-Rtitle')                     # 开放房间
     statistics_info = [(room, (room.Rpresent * 10) // (room.Rmax or 1))
                        for room in unlimited_rooms]                                # 开放房间人数统计
-    # TODO: optimization
-    reservable_room_classes = [
-        rclass for rclass in RoomClass.objects.order_by('sort_idx')
-        if rclass.rooms.permitted().exists()
-    ]
+    reservable_room_classes = []
+    for rclass in RoomClass.objects.order_by('sort_idx').prefetch_related('rooms'):
+        # TODO: perm check optimization?
+        rooms = [room for room in rclass.rooms.permitted()
+                 if room.check_user_perm(user)]
+        if rooms:
+            reservable_room_classes.append((rclass, rooms))
+
     quick_reservable_rooms = Room.objects.permitted().filter(quick_reservable=True)
     room_info = [(room, room.Rid in occupied_rooms,
                   format_time(room_appointments[room.Rid]))
@@ -384,10 +385,12 @@ def arrange_time(request: HttpRequest):
     """
     选择预约时间
     """
-
+    user: User = request.user
     room = Room.objects.permitted().get(Rid=request.GET.get('Rid'))
+    if not room.check_user_perm(user):
+        raise PermissionError('您没有权限预约该房间！')
     # 判断当前用户是否可以进行长期预约
-    has_longterm_permission = get_participant(request.user).longterm
+    has_longterm_permission = get_participant(user).longterm
     is_longterm = (request.GET.get(
         'longterm') == 'on') and has_longterm_permission
     next_week = (request.GET.get('start_week') == '1') and is_longterm
@@ -504,7 +507,9 @@ def arrange_talk_room(request):
             or re_time.date() - datetime.now().date() > timedelta(days=6)):
         return redirect(reverse("Appointment:index"))
 
-    room_list = RoomClass.objects.get(name=room_class).rooms.permitted()
+    room_list = [
+        room for room in RoomClass.objects.get(name=room_class).rooms.permitted()
+        if room.check_user_perm(request.user)]
     Rids = [room.Rid for room in room_list]
     # TODO: Fix `get_talkroom_timerange`
     t_start, t_finish = web_func.get_talkroom_timerange(

templates/Appointment/index.html

@@ -232,7 +232,7 @@ <h2 class="title col-0 my-auto mr-1">{{ room.Rid }}</h2>
 				</div>   
 			</section>	 
 
-			{% for room_class in reservable_room_classes %}
+			{% for room_class, rooms in reservable_room_classes %}
 				<section class="section section-doctor" >
 					<div class="container-fluid" >
 						<div class="section-header text-center">
@@ -254,7 +254,7 @@ <h2>{{room_class.name}}预约</h2>
 							</form>
 						</div>
 						<div class="doctor-slider slider" >
-						{% for room in room_class.rooms.permitted %}
+						{% for room in rooms %}
 							<div class="profile-widget">
 								<div class="doc-img">
 										<img class="img-fluid" alt="User Image" src="/media/{{room.image}}">