From 45e30ceec77b0ebe74e9b2b378e295eb6c2c6e63 Mon Sep 17 00:00:00 2001
From: Christian Merten <christian@merten.dev>
Date: Thu, 6 Apr 2023 15:21:06 +0200
Subject: [PATCH] members/admin: fix missing viewable annotation when
 list_global_member permission is present

---
 jdav_web/contrib/admin.py  | 11 ++++++++---
 jdav_web/members/models.py | 22 ++++++++++++++++++++++
 2 files changed, 30 insertions(+), 3 deletions(-)

diff --git a/jdav_web/contrib/admin.py b/jdav_web/contrib/admin.py
index d2a4af3..6936998 100644
--- a/jdav_web/contrib/admin.py
+++ b/jdav_web/contrib/admin.py
@@ -51,9 +51,14 @@ class FilteredQuerysetAdminMixin:
         if ordering:
             qs = qs.order_by(*ordering)
         queryset = qs
-        perm = '%s.list_global_%s' % (self.opts.app_label, self.opts.model_name)
-        if request.user.has_perm(perm):
-            return queryset
+        list_global_perm = '%s.list_global_%s' % (self.opts.app_label, self.opts.model_name)
+        if request.user.has_perm(list_global_perm):
+            view_global_perm = '%s.view_global_%s' % (self.opts.app_label, self.opts.model_name)
+            if request.user.has_perm(view_global_perm):
+               return queryset
+            if hasattr(request.user, 'member'):
+                return request.user.member.annotate_view_permission(queryset, model=self.model)
+            return queryset.annotate(_viewable=models.Value(False))
 
         if not hasattr(request.user, 'member'):
             return self.model.objects.none()
diff --git a/jdav_web/members/models.py b/jdav_web/members/models.py
index 03c0cd7..aad93fe 100644
--- a/jdav_web/members/models.py
+++ b/jdav_web/members/models.py
@@ -424,6 +424,28 @@ class Member(Person):
 
         return filtered.annotate(_viewable=Case(When(pk__in=view_pks, then=Value(True)), default=Value(False), output_field=models.BooleanField()))
 
+    def annotate_view_permission(self, queryset, model):
+        name = model._meta.object_name
+        if name != 'Member':
+            return queryset
+        view_pks = [self.pk]
+
+        if hasattr(self, 'permissions'):
+            view_pks += [ m.pk for m in self.permissions.view_members.all() ]
+
+            for group in self.permissions.view_groups.all():
+                view_pks += [ m.pk for m in group.member_set.all() ]
+
+        for group in self.group.all():
+            if hasattr(group, 'permissions'):
+                view_pks += [ m.pk for m in group.permissions.view_members.all() ]
+
+                for gr in group.permissions.view_groups.all():
+                    view_pks += [ m.pk for m in gr.member_set.all()]
+
+        return queryset.annotate(_viewable=Case(When(pk__in=view_pks, then=Value(True)), default=Value(False), output_field=models.BooleanField()))
+
+
     def filter_messages_by_permissions(self, queryset, annotate=False):
         # ignores annotate
         return queryset.filter(created_by=self)