SLEEP-1439 Add permission for offline setup zip download

Also: Enable task api in case of access to offline setup file. Without this, the user will see an error when the frontend tries to render the progress bar.
BLSQ · Aug 21, 2024 · 361290e · 361290e
1 parent 79f5597
commit 361290e
Show file tree

Hide file tree

Showing 10 changed files with 167 additions and 8 deletions.
diff --git a/hat/assets/js/apps/Iaso/domains/app/translations/en.json b/hat/assets/js/apps/Iaso/domains/app/translations/en.json
@@ -959,6 +959,8 @@
     "iaso.permissions.iaso_write_sources": "Geo data sources - Read and Write",
     "iaso.permissions.links": "Geo data sources matching",
     "iaso.permissions.mappings": "DHIS2 mappings",
+    "iaso.permissions.mobile_app_offline_setup": "Download offline setup for mobile app",
+    "iaso.permissions.mobile_app_offline_setup_tooltip": "Allow the download of a zip archive to set up the mobile application without internet for a specific user.",
     "iaso.permissions.modules": "Modules",
     "iaso.permissions.orgUnits": "Organisation units management",
     "iaso.permissions.pages": "Web embedded links management - Read only",

diff --git a/hat/assets/js/apps/Iaso/domains/app/translations/fr.json b/hat/assets/js/apps/Iaso/domains/app/translations/fr.json
@@ -959,6 +959,8 @@
     "iaso.permissions.iaso_write_sources": "Sources de données géo - Lecture et écriture",
     "iaso.permissions.links": "Liens entre sources de données géo",
     "iaso.permissions.mappings": "Liens avec DHIS2",
+    "iaso.permissions.mobile_app_offline_setup": "Télécharger l'installation hors ligne de l'application mobile",
+    "iaso.permissions.mobile_app_offline_setup_tooltip": "Permettre le téléchargement d'une archive zip pour configurer l'application mobile sans internet pour un utilisateur spécifique.",
     "iaso.permissions.modules": "Modules",
     "iaso.permissions.orgUnits": "Gestion des unités d’organisation",
     "iaso.permissions.pages": "Gestion des liens intégrés web - lecture seule",

diff --git a/hat/assets/js/apps/Iaso/domains/users/config.js b/hat/assets/js/apps/Iaso/domains/users/config.js
@@ -92,7 +92,10 @@ export const usersTableColumns = ({
                             }
                         />
                     )}
-                {currentUser.is_superuser && (
+                {userHasPermission(
+                    Permission.MOBILE_APP_OFFLINE_SETUP,
+                    currentUser,
+                ) && (
                     <ExportMobileAppSetupDialog
                         selectedUser={settings.row.original}
                         titleMessage={MESSAGES.exportMobileAppTitle}

diff --git a/hat/assets/js/apps/Iaso/domains/users/permissionsMessages.ts b/hat/assets/js/apps/Iaso/domains/users/permissionsMessages.ts
@@ -328,6 +328,15 @@ const PERMISSIONS_MESSAGES = defineMessages({
         defaultMessage:
             'Manage multiple geo data sources: create or edit sources (name, description, project(s), default version, DHIS2 links)',
     },
+    iaso_mobile_app_offline_setup: {
+        id: 'iaso.permissions.mobile_app_offline_setup',
+        defaultMessage: 'Download offline setup for mobile app',
+    },
+    iaso_mobile_app_offline_setup_tooltip: {
+        id: 'iaso.permissions.mobile_app_offline_setup_tooltip',
+        defaultMessage:
+            'Allow the download of a zip archive to set up the mobile application without internet for a specific user.',
+    },
     iaso_polio_vaccine_authorizations_admin: {
         id: 'iaso.permissions.polio_vaccine_authorizations_admin',
         defaultMessage: 'Polio Vaccine Authorizations: Admin',

diff --git a/hat/assets/js/apps/Iaso/utils/permissions.ts b/hat/assets/js/apps/Iaso/utils/permissions.ts
@@ -10,6 +10,7 @@ const FORMS = 'iaso_forms';
 const FORMS_STATS = 'iaso_forms_stats';
 const LINKS = 'iaso_links';
 const MAPPINGS = 'iaso_mappings';
+const MOBILE_APP_OFFLINE_SETUP = 'iaso_mobile_app_offline_setup';
 const ORG_UNIT_GROUPS = 'iaso_org_unit_groups';
 const ORG_UNIT_TYPES = 'iaso_org_unit_types';
 const ORG_UNITS = 'iaso_org_units';
@@ -57,6 +58,7 @@ export {
     FORMS_STATS,
     LINKS,
     MAPPINGS,
+    MOBILE_APP_OFFLINE_SETUP,
     MODULES,
     ORG_UNITS,
     ORG_UNITS_CHANGE_REQUEST_REVIEW,

diff --git a/hat/menupermissions/constants.py b/hat/menupermissions/constants.py
@@ -21,6 +21,7 @@
         "iaso_user_roles",
         "iaso_teams",
         "iaso_modules",
+        "iaso_mobile_app_offline_setup",
     ],
     "DHIS2_MAPPING": ["iaso_mappings"],
     "EMBEDDED_LINKS": ["iaso_pages", "iaso_page_write"],
@@ -139,5 +140,6 @@
         "iaso_user_roles",
         "iaso_teams",
         "iaso_modules",
+        "iaso_mobile_app_offline_setup",
     ],
 }
diff --git a/hat/menupermissions/migrations/0065_alter_custompermissionsupport_options.py b/hat/menupermissions/migrations/0065_alter_custompermissionsupport_options.py
@@ -0,0 +1,136 @@
+# Generated by Django 4.2.14 on 2024-08-21 08:20
+
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ("menupermissions", "0064_alter_custompermissionsupport_options"),
+    ]
+
+    operations = [
+        migrations.AlterModelOptions(
+            name="custompermissionsupport",
+            options={
+                "managed": False,
+                "permissions": (
+                    ("iaso_forms", "Formulaires"),
+                    ("iaso_forms_stats", "Statistiques pour les formulaires"),
+                    ("iaso_mappings", "Correspondances avec DHIS2"),
+                    ("iaso_modules", "modules"),
+                    ("iaso_completeness", "Complétude des données"),
+                    ("iaso_org_units", "Unités d'organisations"),
+                    ("iaso_registry_write", "Editer le Registre"),
+                    ("iaso_registry_read", "Lire le Registre"),
+                    ("iaso_links", "Correspondances sources"),
+                    ("iaso_users", "Users"),
+                    ("iaso_users_managed", "Users managed"),
+                    ("iaso_pages", "Pages"),
+                    ("iaso_projects", "Projets"),
+                    ("iaso_sources", "Sources"),
+                    ("iaso_data_tasks", "Tâches"),
+                    ("iaso_submissions", "Soumissions"),
+                    ("iaso_update_submission", "Editer soumissions"),
+                    ("iaso_planning_write", "Editer le planning"),
+                    ("iaso_planning_read", "Lire le planning"),
+                    ("iaso_reports", "Reports"),
+                    ("iaso_teams", "Equipes"),
+                    ("iaso_assignments", "Attributions"),
+                    ("iaso_polio_budget", "Budget Polio"),
+                    ("iaso_entities", "Entities"),
+                    ("iaso_entity_type_write", "Write entity type"),
+                    ("iaso_storages", "Storages"),
+                    ("iaso_completeness_stats", "Completeness stats"),
+                    ("iaso_workflows", "Workflows"),
+                    ("iaso_polio_budget_admin", "Budget Polio Admin"),
+                    ("iaso_entity_duplicates_read", "Read Entity duplicates"),
+                    ("iaso_entity_duplicates_write", "Write Entity duplicates"),
+                    ("iaso_user_roles", "Manage user roles"),
+                    ("iaso_datastore_read", "Read data store"),
+                    ("iaso_datastore_write", "Write data store"),
+                    ("iaso_org_unit_types", "Org unit types"),
+                    ("iaso_org_unit_groups", "Org unit groups"),
+                    (
+                        "iaso_org_unit_change_request_review",
+                        "Org unit change request review",
+                    ),
+                    ("iaso_write_sources", "Write data source"),
+                    ("iaso_page_write", "Write page"),
+                    ("iaso_payments", "Payments page"),
+                    ("iaso_mobile_app_offline_setup", "Mobile app offline setup"),
+                    ("iaso_polio", "Polio"),
+                    ("iaso_polio_config", "Polio config"),
+                    ("iaso_polio_chronogram", "Polio chronogram"),
+                    (
+                        "iaso_polio_chronogram_restricted_write",
+                        "Polio chronogram user (restricted write)",
+                    ),
+                    ("iaso_polio_notifications", "Polio notifications"),
+                    (
+                        "iaso_polio_vaccine_authorizations_read_only",
+                        "Polio Vaccine Authorizations Read Only",
+                    ),
+                    (
+                        "iaso_polio_vaccine_authorizations_admin",
+                        "Polio Vaccine Authorizations Admin",
+                    ),
+                    (
+                        "iaso_polio_vaccine_supply_chain_read",
+                        "Polio Vaccine Supply Chain Read",
+                    ),
+                    (
+                        "iaso_polio_vaccine_supply_chain_write",
+                        "Polio Vaccine Supply Chain Write",
+                    ),
+                    (
+                        "iaso_polio_vaccine_stock_management_read",
+                        "Polio Vaccine Stock Management Read",
+                    ),
+                    (
+                        "iaso_polio_vaccine_stock_management_write",
+                        "Polio Vaccine Stock Management Write",
+                    ),
+                    ("iaso_trypelim_anonymous", "Anonymisation des patients"),
+                    ("iaso_trypelim_management_areas", "Areas"),
+                    ("iaso_trypelim_management_edit_areas", "Edit areas"),
+                    ("iaso_trypelim_management_edit_shape_areas", "Edit areas shapes"),
+                    ("iaso_trypelim_case_cases", "Cases"),
+                    ("iaso_trypelim_case_analysis", "Cases analysis"),
+                    ("iaso_trypelim_management_coordinations", "Coordinations"),
+                    ("iaso_trypelim_management_devices", "Devices"),
+                    ("iaso_trypelim_datas_download", "Téléchargement de données"),
+                    ("iaso_trypelim_duplicates", "Doublons"),
+                    ("iaso_trypelim_datas_patient_edition", "Edition d'un patient"),
+                    ("iaso_trypelim_stats_graphs", "Graphs"),
+                    ("iaso_trypelim_management_health_structures", "Health facilities"),
+                    ("iaso_trypelim_lab", "Labo"),
+                    ("iaso_trypelim_labupload", "Labo import"),
+                    ("iaso_trypelim_locator", "Locator"),
+                    ("iaso_trypelim_plannings_macroplanning", "Macroplanning"),
+                    ("iaso_trypelim_plannings_microplanning", "Microplanning"),
+                    ("iaso_trypelim_modifications", "Modifications"),
+                    ("iaso_trypelim_management_plannings", "Plannings"),
+                    (
+                        "iaso_trypelim_management_plannings_template",
+                        "Plannings template",
+                    ),
+                    ("iaso_trypelim_qualitycontrol", "Quality control"),
+                    ("iaso_trypelim_case_reconciliation", "Reconciliation"),
+                    ("iaso_trypelim_plannings_routes", "Routes"),
+                    ("iaso_trypelim_datasets_datauploads", "Upload of cases files"),
+                    (
+                        "iaso_trypelim_datasets_villageuploads",
+                        "Upload of villages files",
+                    ),
+                    ("iaso_trypelim_management_users", "Users"),
+                    ("iaso_trypelim_vectorcontrol", "Vector control"),
+                    ("iaso_trypelim_vectorcontrolupload", "Vector control import Gpx"),
+                    ("iaso_trypelim_management_villages", "Villages"),
+                    ("iaso_trypelim_management_workzones", "Work zones"),
+                    ("iaso_trypelim_management_zones", "Zones"),
+                    ("iaso_trypelim_management_edit_zones", "Edit zones"),
+                    ("iaso_trypelim_management_edit_shape_zones", "Edit zones shapes"),
+                ),
+            },
+        ),
+    ]
diff --git a/hat/menupermissions/models.py b/hat/menupermissions/models.py
@@ -37,6 +37,7 @@
 _FORMS_STATS = "iaso_forms_stats"
 _LINKS = "iaso_links"
 _MAPPINGS = "iaso_mappings"
+_MOBILE_APP_OFFLINE_SETUP = "iaso_mobile_app_offline_setup"
 _MODULES = "iaso_modules"
 _ORG_UNITS = "iaso_org_units"
 _ORG_UNITS_TYPES = "iaso_org_unit_types"
@@ -128,6 +129,7 @@
 FORMS_STATS = _PREFIX + _FORMS_STATS
 LINKS = _PREFIX + _LINKS
 MAPPINGS = _PREFIX + _MAPPINGS
+MOBILE_APP_OFFLINE_SETUP = _PREFIX + _MOBILE_APP_OFFLINE_SETUP
 MODULES = _PREFIX + _MODULES
 ORG_UNITS = _PREFIX + _ORG_UNITS
 ORG_UNITS_TYPES = _PREFIX + _ORG_UNITS_TYPES
@@ -270,6 +272,7 @@ class Meta:
             (_SOURCE_WRITE, _("Write data source")),
             (_PAGE_WRITE, _("Write page")),
             (_PAYMENTS, _("Payments page")),
+            (_MOBILE_APP_OFFLINE_SETUP, ("Mobile app offline setup")),
             # Polio
             (_POLIO, _("Polio")),
             (_POLIO_CONFIG, _("Polio config")),

diff --git a/iaso/api/tasks/__init__.py b/iaso/api/tasks/__init__.py
@@ -72,7 +72,7 @@ class TaskSourceViewSet(ModelViewSet):
     PATCH /api/tasks/<id>
     """
 
-    permission_classes = [permissions.IsAuthenticated, HasPermission(permission.DATA_TASKS)]  # type: ignore
+    permission_classes = [permissions.IsAuthenticated, HasPermission(permission.DATA_TASKS, permission.MOBILE_APP_OFFLINE_SETUP)]  # type: ignore
     serializer_class = TaskSerializer
     results_key = "tasks"
     queryset = Task.objects.all()

diff --git a/iaso/api/tasks/create/export_mobile_setup.py b/iaso/api/tasks/create/export_mobile_setup.py
@@ -3,15 +3,12 @@
 
 from django.contrib.auth.password_validation import validate_password
 
+from hat.menupermissions import models as permission
+from iaso.api.common import HasPermission
 from iaso.api.tasks import TaskSerializer
 from iaso.tasks.export_mobile_app_setup_for_user import export_mobile_app_setup_for_user
 
 
-class HasPermission(permissions.BasePermission):
-    def has_permission(self, request, _view):
-        return request.user.is_superuser
-
-
 class ExportMobileSetupSerializer(serializers.Serializer):
     user_id = serializers.IntegerField(required=True)
     project_id = serializers.IntegerField(required=True)
@@ -24,7 +21,10 @@ def validate_password(self, password):
 class ExportMobileSetupViewSet(viewsets.ViewSet):
     """Export mobile app setup"""
 
-    permission_classes = [permissions.IsAuthenticated, HasPermission]
+    permission_classes = [
+        permissions.IsAuthenticated,
+        HasPermission(permission.MOBILE_APP_OFFLINE_SETUP),
+    ]
 
     def create(self, request):
         serializer = ExportMobileSetupSerializer(data=request.data)