From f1fd003dca5b6125076cb1564d85e0fbe99d0925 Mon Sep 17 00:00:00 2001
From: Lance Edgar <lance@edbob.org>
Date: Thu, 11 Nov 2021 12:30:00 -0600
Subject: [PATCH] Add permission for viewing "all" employees

previously we showed all if user had "edit" perm
---
 tailbone/views/employees.py | 32 +++++++++++++++++++++++++-------
 1 file changed, 25 insertions(+), 7 deletions(-)

diff --git a/tailbone/views/employees.py b/tailbone/views/employees.py
index 3ad331ab..febe521e 100644
--- a/tailbone/views/employees.py
+++ b/tailbone/views/employees.py
@@ -83,6 +83,7 @@ class EmployeeView(MasterView):
     def configure_grid(self, g):
         super(EmployeeView, self).configure_grid(g)
         route_prefix = self.get_route_prefix()
+        use_buefy = self.get_use_buefy()
 
         # phone
         g.set_joiner('phone', lambda q: q.outerjoin(model.EmployeePhoneNumber, sa.and_(
@@ -114,21 +115,23 @@ class EmployeeView(MasterView):
             g.hide_column('username')
 
         # id
-        if self.request.has_perm('{}.edit'.format(route_prefix)):
+        if self.has_perm('edit'):
             g.set_link('id')
         else:
-            g.hide_column('id')
+            g.remove('id')
             del g.filters['id']
 
         # status
-        if self.request.has_perm('{}.edit'.format(route_prefix)):
+        if self.has_perm('view_all'):
             g.set_enum('status', self.enum.EMPLOYEE_STATUS)
             g.filters['status'].default_active = True
             g.filters['status'].default_verb = 'equal'
-            # TODO: why must we set unicode string value here?
-            g.filters['status'].default_value = six.text_type(self.enum.EMPLOYEE_STATUS_CURRENT)
+            if use_buefy:
+                g.filters['status'].default_value = six.text_type(self.enum.EMPLOYEE_STATUS_CURRENT)
+            else:
+                g.filters['status'].default_value = self.enum.EMPLOYEE_STATUS_CURRENT
         else:
-            g.hide_column('status')
+            g.remove('status')
             del g.filters['status']
 
         g.filters['first_name'].default_active = True
@@ -151,7 +154,7 @@ class EmployeeView(MasterView):
 
     def query(self, session):
         q = session.query(model.Employee).join(model.Person)
-        if not self.request.has_perm('employees.edit'):
+        if not self.has_perm('view_all'):
             q = q.filter(model.Employee.status == self.enum.EMPLOYEE_STATUS_CURRENT)
         return q
 
@@ -310,6 +313,21 @@ class EmployeeView(MasterView):
             (model.EmployeeDepartment, 'employee_uuid'),
         ]
 
+    @classmethod
+    def defaults(cls, config):
+        cls._defaults(config)
+        cls._employee_defaults(config)
+
+    @classmethod
+    def _employee_defaults(cls, config):
+        permission_prefix = cls.get_permission_prefix()
+        model_title_plural = cls.get_model_title_plural()
+
+        # view *all* employees
+        config.add_tailbone_permission(permission_prefix,
+                                       '{}.view_all'.format(permission_prefix),
+                                       "View *all* (not just current) {}".format(model_title_plural))
+
 
 def includeme(config):
     EmployeeView.defaults(config)