feat(access): Filter history permissions

ref: #873 #875 closes #643
2025-07-23 11:26:40 +09:30
parent 36303ec28f
commit 3d45e0ddfc
2 changed files with 56 additions and 4 deletions
--- a/app/access/functions/permissions.py
+++ b/app/access/functions/permissions.py
@ -1,4 +1,10 @@
-from django.contrib.auth.models import Permission
+from django.apps import apps
+from django.contrib.auth.models import (
+    ContentType,
+    Permission
+)
+from django.conf import settings
+

 def permission_queryset():
    """Filter Permissions to those used within the application
@ -7,7 +13,7 @@ def permission_queryset():
        list: Filtered queryset that only contains the used permissions
    """

-    apps = [
+    centurion_apps = [
        'access',
        'accounting',
        'assistance',
@ -52,10 +58,50 @@ def permission_queryset():
        'view_history',
    ]

+
+    if not settings.RUNNING_TESTS:
+
+        models = apps.get_models()
+
+        for model in models:
+
+            if(
+                not str(model._meta.object_name).endswith('AuditHistory')
+                and not str(model._meta.model_name).lower().endswith('history')
+            ):
+                # check `endswith('history')` can be removed when the old history models are removed
+                continue
+
+            content_type = ContentType.objects.get(
+                app_label = model._meta.app_label,
+                model = model._meta.model_name
+            )
+
+            permissions = Permission.objects.filter(
+                content_type = content_type,
+            )
+
+            for permission in permissions:
+
+                if(
+                    not permission.codename == 'view_' + str(model._meta.model_name)
+                    and str(model._meta.object_name).endswith('AuditHistory')
+                ):
+                    exclude_permissions += [ permission.codename ]
+
+                elif(
+                    not str(model._meta.object_name).endswith('AuditHistory')
+                    and str(model._meta.model_name).lower().endswith('history')
+                ):
+                    # This `elif` can be removed when the old history models are removed
+
+                    exclude_permissions += [ permission.codename ]
+
+
    return Permission.objects.select_related('content_type').filter(
-            content_type__app_label__in=apps,
+            content_type__app_label__in = centurion_apps,
        ).exclude(
-            content_type__model__in=exclude_models
+            content_type__model__in = exclude_models
        ).exclude(
            codename__in = exclude_permissions
        )