Add restrictions based on API key accessMask

app/hr/admin.py

@@ -41,7 +41,7 @@ class BlacklistSourceAdmin(admin.ModelAdmin):
 admin.site.register(BlacklistSource, BlacklistSourceAdmin)
 
 class ApplicationConfigAdmin(admin.ModelAdmin):
-    list_display = ('corporation', 'is_accepting', 'api_required', 'api_view')
+    list_display = ('corporation', 'is_accepting', 'api_required', 'api_accessmask', 'api_view')
 
 admin.site.register(ApplicationConfig, ApplicationConfigAdmin)
 

app/hr/forms.py

@@ -38,9 +38,9 @@ class ApplicationForm(forms.Form):
     corporation = forms.ModelChoiceField(queryset=EVEPlayerCorporation.objects.filter(application_config__is_accepting=True), required=True, empty_label=None)
 
     def __init__(self, *args, **kwargs):
-        user = kwargs.pop('user', None)
+        self.user = kwargs.pop('user', None)
         super(ApplicationForm, self).__init__(*args, **kwargs)
-        self.fields['character'].queryset = EVEPlayerCharacter.objects.filter(eveaccount__user=user, eveaccount__api_status=API_STATUS_OK).distinct()
+        self.fields['character'].queryset = EVEPlayerCharacter.objects.filter(eveaccount__user=self.user, eveaccount__api_status=API_STATUS_OK).distinct()
 
     def clean_character(self):
         if not 'character' in self.cleaned_data or not self.cleaned_data['character']:
@@ -57,9 +57,17 @@ class ApplicationForm(forms.Form):
 
         if char and corp:
             if char.corporation == corp:
-                raise forms.ValidationError("%s is already a member of %s" % (char, corp))
+                raise forms.ValidationError("%s is already a member of %s." % (char, corp))
-            if not char.account.api_keytype == corp.application_config.api_required:
+            if not char.eveaccount_set.filter(user=self.user, api_keytype=corp.application_config.api_required).count():
-                raise forms.ValidationError("%s requires a %s API key for this application" % (corp, corp.application_config.get_api_required_display()))
+                raise forms.ValidationError("%s requires a %s API key for this application." % (corp, corp.application_config.get_api_required_display()))
+            if corp.application_config.api_accessmask:
+                access = False
+                for acc in char.eveaccount_set.filter(user=self.user, api_keytype=corp.application_config.api_required):
+                    if acc.check_access(corp.application_config.api_accessmask):
+                        access = True
+                        break
+                if not access:
+                    raise forms.ValidationError("%s requires a API key with greater access than the one you have added, please add a key with the correct access." % (corp, corp.application_config.api_accessmask))
 
         return self.cleaned_data
 

app/hr/models.py

@@ -167,8 +167,10 @@ class ApplicationConfig(models.Model):
     corporation = models.OneToOneField(EVEPlayerCorporation, blank=False, verbose_name="Corporation", related_name="application_config")
     is_accepting = models.BooleanField(verbose_name="Accepting Applications",
                                        help_text="Defines if the corporation is accepting applications")
-    api_required = models.IntegerField(choices=API_KEYTYPE_CHOICES, default=1, verbose_name="Minimum API Key Level",
+    api_required = models.IntegerField(choices=API_KEYTYPE_CHOICES, default=1, verbose_name="API Key Type",
-                                       help_text="This defines the minimum level of API needed to create a application")
+                                       help_text="This defines the type of API key needed to create a application")
+    api_accessmask = models.IntegerField(verbose_name="Minimum Access Level",
+                                       help_text="Defines the minimum level API accepted as valid, provided as a CAK accessMask")
     api_view = models.BooleanField(verbose_name="View Applicant APIs",
                                        help_text="This allows HR staff to see the applicant's API keys")