From e461d70b1431e4e2e7ea858f68248731e1008c15 Mon Sep 17 00:00:00 2001
From: Yohann D'ANELLO <yohann.danello@gmail.com>
Date: Wed, 18 Mar 2020 15:49:52 +0100
Subject: [PATCH] Improve add permissions

---
 apps/note/models/transactions.py |  7 ++++---
 apps/permission/models.py        | 20 ++++++++++++++++----
 apps/permission/signals.py       |  4 ++++
 3 files changed, 24 insertions(+), 7 deletions(-)

diff --git a/apps/note/models/transactions.py b/apps/note/models/transactions.py
index 86c00737..ee890c9d 100644
--- a/apps/note/models/transactions.py
+++ b/apps/note/models/transactions.py
@@ -129,14 +129,13 @@ class Transaction(PolymorphicModel):
             models.Index(fields=['destination']),
         ]
 
-    def save(self, *args, **kwargs):
+    def post_save(self, *args, **kwargs):
         """
         When saving, also transfer money between two notes
         """
 
         if self.source.pk == self.destination.pk:
             # When source == destination, no money is transfered
-            super().save(*args, **kwargs)
             return
 
         created = self.pk is None
@@ -152,10 +151,12 @@ class Transaction(PolymorphicModel):
             self.source.balance -= to_transfer
             self.destination.balance += to_transfer
 
+        # We save first the transaction, in case of the user has no right to transfer money
+        super().save(*args, **kwargs)
+
         # Save notes
         self.source.save()
         self.destination.save()
-        super().save(*args, **kwargs)
 
     @property
     def total(self):
diff --git a/apps/permission/models.py b/apps/permission/models.py
index b90fcfb9..ead3f721 100644
--- a/apps/permission/models.py
+++ b/apps/permission/models.py
@@ -25,13 +25,14 @@ class InstancedPermission:
         Returns True if the permission applies to
         the field `field_name` object `obj`
         """
+        if ContentType.objects.get_for_model(obj) != self.model:
+            # The permission does not apply to the model
+            return False
+
         if self.type == 'add':
             if permission_type == self.type:
                 return self.query(obj)
 
-        if ContentType.objects.get_for_model(obj) != self.model:
-            # The permission does not apply to the model
-            return False
         if permission_type == self.type:
             if self.field and field_name != self.field:
                 return False
@@ -202,7 +203,18 @@ class Permission(models.Model):
             def func(obj):
                 nonlocal q_kwargs
                 for arg in q_kwargs:
-                    if getattr(obj, arg) != q_kwargs[arg]:
+                    spl = arg.split('__')
+                    value = obj
+                    last = None
+                    for s in spl:
+                        if not hasattr(obj, s):
+                            last = s
+                            break
+                        value = getattr(obj, s)
+                    if last == "lte":  # TODO Add more filters
+                        if value > q_kwargs[arg]:
+                            return False
+                    elif value != q_kwargs[arg]:
                         return False
                 return True
             return func
diff --git a/apps/permission/signals.py b/apps/permission/signals.py
index a051482e..e93c1666 100644
--- a/apps/permission/signals.py
+++ b/apps/permission/signals.py
@@ -14,6 +14,10 @@ EXCLUDED = [
     'contenttypes.contenttype',
     'logs.changelog',
     'migrations.migration',
+    'note.note',
+    'note.noteuser',
+    'note.noteclub',
+    'note.notespecial',
     'sessions.session',
 ]
 
-- 
GitLab