matthias/mayan-edms
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Remove support for raising 404

Browse Source 
Remove explict support for raising 404 error when the
object access fails.

The new method to use is to restrict the queryset using
the .restrict_queryset manager method and then .get() the
desired object. If the object access control failed then
the desired object will not be found in the queryset
and an error 404 will be raised. The end result is the same:
error 404, the method to raise the error is what differs now.

Signed-off-by: Roberto Rosario <Roberto.Rosario@mayan-edms.com>
This commit is contained in:
Roberto Rosario
2019-01-19 01:12:39 -04:00
parent 7c4ae1aef0
commit 383d0fcc38
3 changed files with 19 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
mayan/apps/common/literals.py
View File

@@ -11,7 +11,7 @@ MESSAGE_SQLITE_WARNING = _(
'for development and testing, not for production.' 'for development and testing, not for production.'
) )
PYPI_URL = 'https://pypi.python.org/pypi' PYPI_URL = 'https://pypi.python.org/pypi'
PK_LIST_SEPARATOR = ','
TEXT_LIST_AS_ITEMS_PARAMETER = '_list_mode' TEXT_LIST_AS_ITEMS_PARAMETER = '_list_mode'
TEXT_LIST_AS_ITEMS_VARIABLE_NAME = 'list_as_items' TEXT_LIST_AS_ITEMS_VARIABLE_NAME = 'list_as_items'
TEXT_CHOICE_ITEMS = 'items' TEXT_CHOICE_ITEMS = 'items'

41
mayan/apps/common/mixins.py
View File

@@ -16,8 +16,8 @@ from mayan.apps.permissions import Permission
from .exceptions import ActionError from .exceptions import ActionError
from .forms import DynamicForm from .forms import DynamicForm
from .literals import ( from .literals import (
TEXT_CHOICE_ITEMS, TEXT_CHOICE_LIST, TEXT_LIST_AS_ITEMS_PARAMETER, PK_LIST_SEPARATOR, TEXT_CHOICE_ITEMS, TEXT_CHOICE_LIST,
TEXT_LIST_AS_ITEMS_VARIABLE_NAME TEXT_LIST_AS_ITEMS_PARAMETER, TEXT_LIST_AS_ITEMS_VARIABLE_NAME
) )
__all__ = ( __all__ = (
@@ -73,7 +73,7 @@ class ExtraContextMixin(object):
return context return context
class ExternalObjectViewMixin(object): class ExternalObjectMixin(object):
external_object_class = None external_object_class = None
external_object_permission = None external_object_permission = None
external_object_pk_url_kwarg = 'pk' external_object_pk_url_kwarg = 'pk'
@@ -214,7 +214,7 @@ class MultipleObjectMixin(object):
model = None model = None
object_permission = None object_permission = None
pk_list_key = 'id_list' pk_list_key = 'id_list'
pk_list_separator = ',' pk_list_separator = PK_LIST_SEPARATOR
pk_url_kwarg = 'pk' pk_url_kwarg = 'pk'
queryset = None queryset = None
slug_url_kwarg = 'slug' slug_url_kwarg = 'slug'
@@ -334,7 +334,7 @@ class ObjectListPermissionFilterMixin(object):
if not self.access_object_retrieve_method and self.object_permission: if not self.access_object_retrieve_method and self.object_permission:
return AccessControlList.objects.filter_by_access( return AccessControlList.objects.filter_by_access(
obj=self.object_permission, queryset=queryset, permission=self.object_permission, queryset=queryset,
user=self.request.user user=self.request.user
) )
else: else:
@@ -359,38 +359,27 @@ class ObjectNameMixin(object):
class ObjectPermissionCheckMixin(object): class ObjectPermissionCheckMixin(object):
""" """
If object_permission_raise_404 is True an HTTP 404 error will be raised Filter the queryset of the view by the `object_permission` provided.
instead of the normal 403. If no `object_permission` is provide the queryset will be returned
as is.
""" """
object_permission = None object_permission = None
object_permission_raise_404 = False
def get_permission_object(self): def get_queryset(self):
return self.get_object() queryset = super(ObjectPermissionCheckMixin, self).get_queryset()
def dispatch(self, request, *args, **kwargs):
if self.object_permission: if self.object_permission:
try: return AccessControlList.objects.restrict_queryset(
AccessControlList.objects.check_access( permission=self.object_permission, queryset=queryset,
obj=self.get_permission_object(), user=self.request.user
permissions=self.object_permission,
related=getattr(self, 'object_permission_related', None),
user=request.user
) )
except PermissionDenied:
if self.object_permission_raise_404:
raise Http404
else:
raise
return super( return queryset
ObjectPermissionCheckMixin, self
).dispatch(request, *args, **kwargs)
class RedirectionMixin(object): class RedirectionMixin(object):
post_action_redirect = None
action_cancel_redirect = None action_cancel_redirect = None
post_action_redirect = None
def dispatch(self, request, *args, **kwargs): def dispatch(self, request, *args, **kwargs):
post_action_redirect = self.get_post_action_redirect() post_action_redirect = self.get_post_action_redirect()

4
mayan/apps/common/views.py
View File

@@ -16,7 +16,7 @@ from django.views.generic import RedirectView, TemplateView
from mayan.apps.acls.models import AccessControlList from mayan.apps.acls.models import AccessControlList
from mayan.apps.common.mixins import ( from mayan.apps.common.mixins import (
ContentTypeViewMixin, ExternalObjectViewMixin ContentTypeViewMixin, ExternalObjectMixin
) )
from .exceptions import NotLatestVersion, UnknownLatestVersion from .exceptions import NotLatestVersion, UnknownLatestVersion
@@ -174,7 +174,7 @@ class ObjectErrorLogEntryListClearView(ConfirmView):
) )
class ObjectErrorLogEntryListView(ContentTypeViewMixin, ExternalObjectViewMixin, SingleObjectListView): class ObjectErrorLogEntryListView(ContentTypeViewMixin, ExternalObjectMixin, SingleObjectListView):
#TODO: Update for MERC 6. Return 404. #TODO: Update for MERC 6. Return 404.
""" """
def dispatch(self, request, *args, **kwargs): def dispatch(self, request, *args, **kwargs):