diff --git a/api/tacticalrmm/accounts/migrations/0021_role_can_view_core_settings.py b/api/tacticalrmm/accounts/migrations/0021_role_can_view_core_settings.py new file mode 100644 index 00000000..88d0fb12 --- /dev/null +++ b/api/tacticalrmm/accounts/migrations/0021_role_can_view_core_settings.py @@ -0,0 +1,18 @@ +# Generated by Django 3.2.4 on 2021-06-17 04:29 + +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ('accounts', '0020_role_can_manage_roles'), + ] + + operations = [ + migrations.AddField( + model_name='role', + name='can_view_core_settings', + field=models.BooleanField(default=False), + ), + ] diff --git a/api/tacticalrmm/accounts/models.py b/api/tacticalrmm/accounts/models.py index 8d7f075f..366118da 100644 --- a/api/tacticalrmm/accounts/models.py +++ b/api/tacticalrmm/accounts/models.py @@ -90,6 +90,7 @@ class Role(models.Model): # core can_manage_notes = models.BooleanField(default=False) + can_view_core_settings = models.BooleanField(default=False) can_edit_core_settings = models.BooleanField(default=False) can_do_server_maint = models.BooleanField(default=False) can_code_sign = models.BooleanField(default=False) @@ -153,6 +154,7 @@ class Role(models.Model): "can_run_scripts", "can_run_bulk", "can_manage_notes", + "can_view_core_settings", "can_edit_core_settings", "can_do_server_maint", "can_code_sign", diff --git a/api/tacticalrmm/core/permissions.py b/api/tacticalrmm/core/permissions.py index f9f15ed9..a896d319 100644 --- a/api/tacticalrmm/core/permissions.py +++ b/api/tacticalrmm/core/permissions.py @@ -3,6 +3,11 @@ from rest_framework import permissions from tacticalrmm.permissions import _has_perm +class ViewCoreSettingsPerms(permissions.BasePermission): + def has_permission(self, r, view): + return _has_perm(r, "can_view_core_settings") + + class EditCoreSettingsPerms(permissions.BasePermission): def has_permission(self, r, view): return _has_perm(r, "can_edit_core_settings") diff --git a/api/tacticalrmm/core/views.py b/api/tacticalrmm/core/views.py index c30d714a..cd94a26a 100644 --- a/api/tacticalrmm/core/views.py +++ b/api/tacticalrmm/core/views.py @@ -15,7 +15,12 @@ from agents.permissions import MeshPerms from tacticalrmm.utils import notify_error from .models import CodeSignToken, CoreSettings, CustomField, GlobalKVStore, URLAction -from .permissions import CodeSignPerms, EditCoreSettingsPerms, ServerMaintPerms +from .permissions import ( + CodeSignPerms, + ViewCoreSettingsPerms, + EditCoreSettingsPerms, + ServerMaintPerms, +) from .serializers import ( CodeSignTokenSerializer, CoreSettingsSerializer, @@ -46,6 +51,7 @@ class UploadMeshAgent(APIView): @api_view() +@permission_classes([IsAuthenticated, ViewCoreSettingsPerms]) def get_core_settings(request): settings = CoreSettings.objects.first() return Response(CoreSettingsSerializer(settings).data) diff --git a/api/tacticalrmm/requirements-dev.txt b/api/tacticalrmm/requirements-dev.txt index 6976380b..d2cef4c9 100644 --- a/api/tacticalrmm/requirements-dev.txt +++ b/api/tacticalrmm/requirements-dev.txt @@ -6,4 +6,6 @@ mkdocs-material pymdown-extensions Pygments isort -mypy \ No newline at end of file +mypy +types-pytz +types-pytz \ No newline at end of file diff --git a/web/src/components/modals/admin/RolesForm.vue b/web/src/components/modals/admin/RolesForm.vue index dd1de061..a26b2a7f 100644 --- a/web/src/components/modals/admin/RolesForm.vue +++ b/web/src/components/modals/admin/RolesForm.vue @@ -52,6 +52,7 @@
+ @@ -176,6 +177,7 @@ export default { can_run_scripts: false, can_run_bulk: false, can_manage_notes: false, + can_view_core_settings: false, can_edit_core_settings: false, can_do_server_maint: false, can_code_sign: false,