Roles: Folder Permissions. Issue ciur/papermerge#323.

papermerge/contrib/admin/context_processors.py

@@ -167,8 +167,12 @@ def user_perms(request):
     access_feature = request.user.has_perm(
         'core.view_access'
     )
+    new_folder = request.user.has_perm(
+        'core.add_folder'
+    )
     return {
         'has_perm_change_user': change_user,
         'has_perm_view_authtoken': auth_token,
-        'has_perm_access_feature': access_feature
+        'has_perm_access_feature': access_feature,
+        'has_perm_new_folder': new_folder
     }

papermerge/contrib/admin/templates/admin/index.html

@@ -26,7 +26,6 @@
 <div class="col-12 d-flex justify-content-between p-0 mb-2 xmain-actions-row">
   <div id="actions">
    <ul  class="nav nav-pills">
-
      <li class="mx-1">
          <button type="button" id="id_btn_upload" class="btn btn-light btn-bordered ">
             <i class="fa fa-upload mr-1  text-success"></i>
@@ -42,15 +41,17 @@
        multiple="true"
        hidden="true"
      />
-     <li class="mx-1">
-         <!--parent_id=object.id -->
-         <button id="new-folder" data-target-id="new-folder-form" class="new-folder btn btn-light btn-bordered">
-            <i class="fa fa-plus mr-1 text-success"></i>
-            <div class="d-none d-md-inline-block">
-              {% trans "New Folder" %}
-            </div>
-         </button>
-     </li>
+     {% if has_perm_new_folder %}
+       <li class="mx-1">
+           <!--parent_id=object.id -->
+           <button id="new-folder" data-target-id="new-folder-form" class="new-folder btn btn-light btn-bordered">
+              <i class="fa fa-plus mr-1 text-success"></i>
+              <div class="d-none d-md-inline-block">
+                {% trans "New Folder" %}
+              </div>
+           </button>
+       </li>
+     {% endif %}
   </ul>
   </div> <!-- #actions -->
   <div id="display-mode" class="d-flex flex-row  align-items-center">

papermerge/core/views/decorators.py

@@ -1,8 +1,11 @@
 import json
+from functools import wraps
 from django.http import (
     HttpResponse,
-    HttpResponseRedirect
+    HttpResponseRedirect,
+    HttpResponseForbidden
 )
+from django.utils.log import log_response
 
 
 def smart_dump(value):
@@ -63,3 +66,41 @@ def inner(*args, **kwargs):
 
     return inner
 
+
+def require_PERM(perm):
+    """
+    Decorator to make a view only accept users which has given permission.
+    Usage::
+
+        @require_PERM('add_folder')
+        def my_view(request):
+            # I can assume now that user logged in has 'add_folder' permission
+            # ...
+    """
+    def decorator(func):
+        @wraps(func)
+        def inner(request, *args, **kwargs):
+
+            if not request.user.has_perm(perm):
+                err_msg = f"Forbidden. You don't not have {perm} permission"
+                if request.headers.get('x-requested-with') == 'XMLHttpRequest':
+                    response = HttpResponseForbidden(
+                        json.dumps({
+                            'msg': err_msg
+                        }),
+                        content_type="application/json"
+                    )
+                else:
+                    response = HttpResponseForbidden(err_msg)
+
+                log_response(
+                    "Access forbidden for %s to %s",
+                    request.user,
+                    request.path,
+                    response=response,
+                    request=request,
+                )
+                return response
+            return func(request, *args, **kwargs)
+        return inner
+    return decorator

papermerge/core/views/documents.py

@@ -26,7 +26,7 @@
 
 from papermerge.core.storage import default_storage
 from papermerge.core.lib.hocr import Hocr
-from .decorators import json_response
+from .decorators import json_response, require_PERM
 
 from papermerge.core.models import (
     Folder,
@@ -305,6 +305,7 @@ def rename_node(request, id):
 
 @login_required
 @require_POST
+@require_PERM('core.add_folder')
 def create_folder(request):
     """
     Creates a new folder.