django-bom 1.259__py3-none-any.whl → 1.265__py3-none-any.whl

bom/auth_backends.py

@@ -12,36 +12,46 @@ class OrganizationPermissionBackend:
 
     - Uses Django's has_perm(user, perm, obj) to evaluate permissions tied to an Organization.
     - Superusers are granted all permissions.
-    - For `bom.manage_members`: User must be owner or admin within the organization.
+    - Owners and Admins are granted all permissions within their organization.
+    - Viewers are granted view-only permissions within their organization.
     """
 
     def authenticate(self, request, **credentials):  # pragma: no cover - not used for auth
         return None
 
     def has_perm(self, user_obj, perm: str, obj: Optional[object] = None):
-        # Only handle our specific object-level permission. Let other backends process others.
         if not user_obj or not user_obj.is_authenticated:
             return False
 
         if user_obj.is_superuser:
             return True
 
-        if perm != 'bom.manage_members':
+        # Only handle 'bom' app permissions.
+        if not perm.startswith('bom.'):
             return None
 
-        if obj is None or not isinstance(obj, Organization):
-            return False
-
         profile = user_obj.bom_profile()
-        if not profile or profile.organization_id != obj.id:
+        if not profile or not profile.organization:
             return False
 
-        if obj.subscription != constants.SUBSCRIPTION_TYPE_PRO:
-            return False
+        # If an object is provided, ensure it belongs to the user's organization.
+        if obj is not None:
+            obj_org = None
+            if isinstance(obj, Organization):
+                obj_org = obj
+            elif hasattr(obj, 'organization'):
+                obj_org = obj.organization
 
-        is_owner = obj.owner_id == user_obj.id
-        is_admin = getattr(profile, 'role', None) == constants.ROLE_TYPE_ADMIN
-        if not (is_owner or is_admin):
-            return False
+            if obj_org and obj_org.id != profile.organization_id:
+                return False
+
+        # Owners and Admins can do everything within their organization
+        if profile.can_manage_organization():
+            return True
+
+        # Viewers can only view within their organization
+        if profile.role == constants.ROLE_TYPE_VIEWER:
+            if perm.startswith('bom.view_'):
+                return True
 
-        return True
+        return False

bom/decorators.py

@@ -1,5 +1,4 @@
 from django.contrib import messages
-from django.core.exceptions import PermissionDenied
 from django.http import HttpResponseRedirect
 from django.urls import reverse
 
@@ -22,9 +21,10 @@ def google_authenticated(function):
 
 def organization_admin(function):
     def wrap(request, *args, **kwargs):
-        if request.user.bom_profile().role != 'A':
+        organization = request.user.bom_profile().organization
+        if not request.user.has_perm('bom.manage_members', organization):
             messages.error(request, "You don't have permission to perform this action.")
-            return HttpResponseRedirect(request.META.get('HTTP_REFERER'), reverse('bom:home'))
+            return HttpResponseRedirect(request.META.get('HTTP_REFERER') or reverse('bom:home'))
         return function(request, *args, **kwargs)
 
     wrap.__doc__ = function.__doc__

bom/models.py

@@ -187,6 +187,9 @@ class AbstractUserMeta(models.Model):
     def is_organization_owner(self) -> bool:
         return self.organization.owner == self.user if self.organization else False
 
+    def can_manage_organization(self) -> bool:
+        return self.role == ROLE_TYPE_ADMIN or self.is_organization_owner()
+
     class Meta:
         abstract = True
 

bom/settings.py

@@ -103,6 +103,7 @@ TEMPLATES = [
 
 AUTHENTICATION_BACKENDS = (
     'social_core.backends.google.GoogleOAuth2',
+    'bom.auth_backends.OrganizationPermissionBackend',
     'django.contrib.auth.backends.ModelBackend',
 )
 

bom/static/bom/css/style.css

@@ -8,38 +8,36 @@ main {
     min-height: 100vh;
 }
 
-p {
-    font-size: 1.2em;
-    font-weight: 300;
-}
-
-li {
-    font-size: 1.2em;
+p, li {
+    font-size: 1.1rem; /* Slightly larger to compensate for thin weight */
     font-weight: 300;
 }
 
+/* We use significant size differences to replace the lack of bold weights */
 h1 {
-    font-size: 3.5rem;
+    font-size: 2.5rem;
     font-weight: 300;
+    line-height: 1.1;
 }
 
 h2 {
-    font-size: 3.0rem;
+    font-size: 2.0rem;
     font-weight: 300;
 }
 
 h3 {
-    font-size: 1.6rem;
+    font-size: 1.7rem;
     font-weight: 300;
 }
 
 h4 {
-    font-size: 1.3rem;
+    font-size: 1.4rem;
     font-weight: 300;
 }
 
 h5 {
     font-size: 1.1rem;
+    font-weight: 400;
 }
 
 .tabs {
@@ -415,4 +413,70 @@ a.anchor {
 .container-app .right-align .btn,
 .container-app .right-align .btn-flat {
     margin-left: 4px;
+}
+
+
+/* Master-Detail Settings Layout */
+.settings-grid {
+    margin-top: 20px;
+}
+
+@media only screen and (min-width: 993px) {
+    .settings-grid {
+        display: flex;
+        flex-wrap: nowrap;
+        align-items: stretch;
+    }
+}
+
+.settings-nav {
+    padding: 0 !important;
+    border-right: 1px solid #e0e0e0;
+    min-height: 70vh;
+}
+
+.settings-nav .collection {
+    border: none;
+    margin: 0;
+}
+
+.settings-nav .collection .collection-item {
+    border: none;
+    padding: 12px 20px;
+    display: flex;
+    align-items: center;
+    color: #5f6368;
+    cursor: pointer;
+    transition: background-color 0.2s;
+}
+
+.settings-nav .collection .collection-item:hover {
+    background-color: #f1f3f4;
+}
+
+.settings-nav .collection .collection-item.active {
+    background-color: rgba(165, 214, 167, 0.5);
+    color: #000000;
+    font-weight: 500;
+}
+
+.settings-nav .collection .collection-item .material-icons {
+    margin-right: 16px;
+    font-size: 20px;
+}
+
+.settings-content {
+    padding: 0 40px !important;
+}
+
+@media only screen and (max-width: 992px) {
+    .settings-nav {
+        border-right: none;
+        border-bottom: 1px solid #e0e0e0;
+        min-height: auto;
+    }
+
+    .settings-content {
+        padding: 0 20px !important;
+    }
 }

bom/templates/bom/bom-form-modal.html

@@ -17,11 +17,11 @@
             </div>
         </div>
         <div class="modal-footer">
-            <a href="#!" class="modal-close waves-effect waves-green btn-flat">Cancel</a>
+            <button type="button" class="modal-close waves-effect waves-green btn-flat">Cancel</button>
             {% if form %}
                 <button class="waves-effect waves-light btn btn-primary" type="submit" name="{{ name }}">Submit</button>
             {% else %}
-                <a href="#!" class="modal-close waves-effect green lighten-1 waves-green btn-flat">Ok</a>
+                <button type="button" class="modal-close waves-effect green lighten-1 waves-green btn-flat">Ok</button>
             {% endif %}
         </div>
     </form>

bom/templates/bom/bom-modal-add-users.html

@@ -28,13 +28,12 @@
             </div>
         </div>
         <div class="modal-footer">
-            <a href="#!" class="modal-close waves-effect waves-green btn-flat">Cancel</a>
+            <button type="button" class="modal-close waves-effect waves-green btn-flat">Cancel</button>
+
             {% if is_pro and user_can_manage_members %}
                 <button class="waves-effect waves-light btn btn-primary" type="submit" name="{{ name }}">Submit</button>
-            {% elif is_pro and not user_can_manage_members %}
-                <a href="#!" class="modal-close waves-effect green lighten-1 waves-green btn-flat">Ok</a>
             {% else %}
-                <a href="#!" class="modal-close waves-effect green lighten-1 waves-green btn-flat">Ok</a>
+                <button type="button" class="modal-close waves-effect green lighten-1 waves-green btn-flat">Ok</button>
             {% endif %}
         </div>
     </form>