diff --git a/mayan/apps/acls/managers.py b/mayan/apps/acls/managers.py index c817371005..63eb8c6f48 100644 --- a/mayan/apps/acls/managers.py +++ b/mayan/apps/acls/managers.py @@ -52,38 +52,43 @@ class AccessControlListManager(models.Manager): return True try: - stored_permissions = [ - permission.stored_permission for permission in permissions - ] - except TypeError: - # Not a list of permissions, just one - stored_permissions = [permissions.stored_permission] - - if related: - obj = return_attrib(obj, related) - - try: - parent_accessor = ModelPermission.get_inheritance(obj._meta.model) - except KeyError: - pass - else: + return Permission.check_permissions( + requester=user, permissions=permissions + ) + except PermissionDenied: try: - return self.check_access( - permissions, user, getattr(obj, parent_accessor) - ) - except PermissionDenied: + stored_permissions = [ + permission.stored_permission for permission in permissions + ] + except TypeError: + # Not a list of permissions, just one + stored_permissions = (permissions.stored_permission,) + + if related: + obj = return_attrib(obj, related) + + try: + parent_accessor = ModelPermission.get_inheritance(obj._meta.model) + except KeyError: pass + else: + try: + return self.check_access( + permissions, user, getattr(obj, parent_accessor) + ) + except PermissionDenied: + pass - user_roles = [] - for group in user.groups.all(): - for role in group.roles.all(): - if set(stored_permissions).intersection(set(self.get_inherited_permissions(role=role, obj=obj))): - return True + user_roles = [] + for group in user.groups.all(): + for role in group.roles.all(): + if set(stored_permissions).intersection(set(self.get_inherited_permissions(role=role, obj=obj))): + return True - user_roles.append(role) + user_roles.append(role) - if not self.filter(content_type=ContentType.objects.get_for_model(obj), object_id=obj.pk, permissions__in=stored_permissions, role__in=user_roles).exists(): - raise PermissionDenied(ugettext('Insufficient access.')) + if not self.filter(content_type=ContentType.objects.get_for_model(obj), object_id=obj.pk, permissions__in=stored_permissions, role__in=user_roles).exists(): + raise PermissionDenied(ugettext('Insufficient access.')) def filter_by_access(self, permission, user, queryset): if user.is_superuser or user.is_staff: diff --git a/mayan/apps/acls/views.py b/mayan/apps/acls/views.py index 2ee1228f20..aae5ae888c 100644 --- a/mayan/apps/acls/views.py +++ b/mayan/apps/acls/views.py @@ -4,7 +4,6 @@ import itertools import logging from django.contrib.contenttypes.models import ContentType -from django.core.exceptions import PermissionDenied from django.core.urlresolvers import reverse from django.http import Http404, HttpResponseRedirect from django.shortcuts import get_object_or_404 @@ -14,7 +13,7 @@ from common.views import ( AssignRemoveView, SingleObjectCreateView, SingleObjectDeleteView, SingleObjectListView ) -from permissions import Permission, PermissionNamespace +from permissions import PermissionNamespace from permissions.models import StoredPermission from .classes import ModelPermission @@ -41,14 +40,10 @@ class ACLCreateView(SingleObjectCreateView): except self.content_type.model_class().DoesNotExist: raise Http404 - try: - Permission.check_permissions( - request.user, permissions=(permission_acl_edit,) - ) - except PermissionDenied: - AccessControlList.objects.check_access( - permission_acl_edit, request.user, self.content_object - ) + AccessControlList.objects.check_access( + permissions=permission_acl_edit, user=request.user, + obj=self.content_object + ) return super(ACLCreateView, self).dispatch(request, *args, **kwargs) @@ -92,14 +87,10 @@ class ACLDeleteView(SingleObjectDeleteView): def dispatch(self, request, *args, **kwargs): acl = get_object_or_404(AccessControlList, pk=self.kwargs['pk']) - try: - Permission.check_permissions( - request.user, permissions=(permission_acl_edit,) - ) - except PermissionDenied: - AccessControlList.objects.check_access( - permission_acl_edit, request.user, acl.content_object - ) + AccessControlList.objects.check_access( + permissions=permission_acl_edit, user=request.user, + obj=acl.content_object + ) return super(ACLDeleteView, self).dispatch(request, *args, **kwargs) @@ -133,14 +124,10 @@ class ACLListView(SingleObjectListView): except self.content_type.model_class().DoesNotExist: raise Http404 - try: - Permission.check_permissions( - request.user, permissions=(permission_acl_view,) - ) - except PermissionDenied: - AccessControlList.objects.check_access( - permission_acl_view, request.user, self.content_object - ) + AccessControlList.objects.check_access( + permissions=permission_acl_view, user=request.user, + obj=self.content_object + ) return super(ACLListView, self).dispatch(request, *args, **kwargs) @@ -183,14 +170,10 @@ class ACLPermissionsView(AssignRemoveView): def dispatch(self, request, *args, **kwargs): acl = get_object_or_404(AccessControlList, pk=self.kwargs['pk']) - try: - Permission.check_permissions( - request.user, permissions=(permission_acl_edit,) - ) - except PermissionDenied: - AccessControlList.objects.check_access( - permission_acl_edit, request.user, acl.content_object - ) + AccessControlList.objects.check_access( + permissions=permission_acl_edit, user=request.user, + obj=acl.content_object + ) return super( ACLPermissionsView, self diff --git a/mayan/apps/checkouts/api_views.py b/mayan/apps/checkouts/api_views.py index 507854d428..6264dfc4a4 100644 --- a/mayan/apps/checkouts/api_views.py +++ b/mayan/apps/checkouts/api_views.py @@ -2,7 +2,6 @@ from __future__ import absolute_import, unicode_literals import pytz -from django.core.exceptions import PermissionDenied from django.shortcuts import get_object_or_404 from rest_framework import generics, status @@ -11,7 +10,6 @@ from rest_framework.response import Response from acls.models import AccessControlList from documents.models import Document from documents.permissions import permission_document_view -from permissions import Permission from .models import DocumentCheckout from .permissions import ( @@ -60,14 +58,10 @@ class APICheckedoutDocumentListView(generics.ListCreateAPIView): document = get_object_or_404( Document, pk=serializer.data['document'] ) - try: - Permission.check_permissions( - request.user, (permission_document_checkout,) - ) - except PermissionDenied: - AccessControlList.objects.check_access( - permission_document_checkout, request.user, document - ) + AccessControlList.objects.check_access( + permissions=permission_document_checkout, user=request.user, + obj=document + ) timezone = pytz.utc @@ -126,24 +120,15 @@ class APICheckedoutDocumentView(generics.RetrieveDestroyAPIView): document = self.get_object().document if document.checkout_info().user == request.user: - try: - Permission.check_permissions( - request.user, (permission_document_checkin,) - ) - except PermissionDenied: - AccessControlList.objects.check_access( - permission_document_checkin, request.user, document - ) + AccessControlList.objects.check_access( + permissions=permission_document_checkin, user=request.user, + obj=document + ) else: - try: - Permission.check_permissions( - request.user, (permission_document_checkin_override,) - ) - except PermissionDenied: - AccessControlList.objects.check_access( - permission_document_checkin_override, request.user, - document - ) + AccessControlList.objects.check_access( + permissions=permission_document_checkin_override, + user=request.user, obj=document + ) return super( APICheckedoutDocumentView, self diff --git a/mayan/apps/checkouts/views.py b/mayan/apps/checkouts/views.py index a469265964..71a4ed1e8b 100644 --- a/mayan/apps/checkouts/views.py +++ b/mayan/apps/checkouts/views.py @@ -1,7 +1,6 @@ from __future__ import absolute_import, unicode_literals from django.contrib import messages -from django.core.exceptions import PermissionDenied from django.core.urlresolvers import reverse from django.http import HttpResponseRedirect from django.shortcuts import get_object_or_404 @@ -15,7 +14,6 @@ from common.generics import ( ConfirmView, SingleObjectCreateView, SingleObjectDetailView ) from common.utils import encapsulate -from permissions import Permission from .exceptions import DocumentAlreadyCheckedOut, DocumentNotCheckedOut from .forms import DocumentCheckoutForm, DocumentCheckoutDefailForm @@ -32,14 +30,10 @@ class CheckoutDocumentView(SingleObjectCreateView): def dispatch(self, request, *args, **kwargs): self.document = get_object_or_404(Document, pk=self.kwargs['pk']) - try: - Permission.check_permissions( - request.user, (permission_document_checkout,) - ) - except PermissionDenied: - AccessControlList.objects.check_access( - permission_document_checkout, request.user, self.document - ) + AccessControlList.objects.check_access( + permissions=permission_document_checkout, user=request.user, + obj=self.document + ) return super( CheckoutDocumentView, self @@ -151,24 +145,15 @@ class DocumentCheckinView(ConfirmView): document = self.get_object() if document.checkout_info().user == self.request.user: - try: - Permission.check_permissions( - self.request.user, (permission_document_checkin,) - ) - except PermissionDenied: - AccessControlList.objects.check_access( - permission_document_checkin, self.request.user, document - ) + AccessControlList.objects.check_access( + permissions=permission_document_checkin, + user=self.request.user, obj=document + ) else: - try: - Permission.check_permissions( - self.request.user, (permission_document_checkin_override,) - ) - except PermissionDenied: - AccessControlList.objects.check_access( - permission_document_checkin_override, self.request.user, - document - ) + AccessControlList.objects.check_access( + permissions=permission_document_checkin_override, + user=self.request.user, obj=document + ) try: document.check_in(user=self.request.user) diff --git a/mayan/apps/common/mixins.py b/mayan/apps/common/mixins.py index 8571f18c09..97768c6743 100644 --- a/mayan/apps/common/mixins.py +++ b/mayan/apps/common/mixins.py @@ -128,16 +128,11 @@ class ObjectPermissionCheckMixin(object): ) if self.object_permission: - try: - Permission.check_permissions( - request.user, (self.object_permission,) - ) - except PermissionDenied: - AccessControlList.objects.check_access( - self.object_permission, request.user, - self.get_permission_object(), - related=getattr(self, 'object_permission_related', None) - ) + AccessControlList.objects.check_access( + permissions=self.object_permission, user=request.user, + obj=self.get_permission_object(), + related=getattr(self, 'object_permission_related', None) + ) return super( ObjectPermissionCheckMixin, self diff --git a/mayan/apps/converter/views.py b/mayan/apps/converter/views.py index c1fe4044e2..540ad144a9 100644 --- a/mayan/apps/converter/views.py +++ b/mayan/apps/converter/views.py @@ -3,7 +3,6 @@ from __future__ import absolute_import, unicode_literals import logging from django.contrib.contenttypes.models import ContentType -from django.core.exceptions import PermissionDenied from django.core.urlresolvers import reverse from django.http import Http404 from django.shortcuts import get_object_or_404 @@ -14,7 +13,6 @@ from common.views import ( SingleObjectCreateView, SingleObjectDeleteView, SingleObjectEditView, SingleObjectListView ) -from permissions import Permission from .models import Transformation from .permissions import ( @@ -33,15 +31,10 @@ class TransformationDeleteView(SingleObjectDeleteView): Transformation, pk=self.kwargs['pk'] ) - try: - Permission.check_permissions( - request.user, (permission_transformation_delete,) - ) - except PermissionDenied: - AccessControlList.objects.check_access( - permission_transformation_delete, request.user, - self.transformation.content_object - ) + AccessControlList.objects.check_access( + permissions=permission_transformation_delete, user=request.user, + obj=self.transformation.content_object + ) return super(TransformationDeleteView, self).dispatch( request, *args, **kwargs @@ -94,15 +87,10 @@ class TransformationCreateView(SingleObjectCreateView): except content_type.model_class().DoesNotExist: raise Http404 - try: - Permission.check_permissions( - request.user, (permission_transformation_create,) - ) - except PermissionDenied: - AccessControlList.objects.check_access( - permission_transformation_create, request.user, - self.content_object - ) + AccessControlList.objects.check_access( + permissions=permission_transformation_create, user=request.user, + obj=self.content_object + ) return super(TransformationCreateView, self).dispatch( request, *args, **kwargs @@ -150,15 +138,10 @@ class TransformationEditView(SingleObjectEditView): Transformation, pk=self.kwargs['pk'] ) - try: - Permission.check_permissions( - request.user, (permission_transformation_edit,) - ) - except PermissionDenied: - AccessControlList.objects.check_access( - permission_transformation_edit, request.user, - self.transformation.content_object - ) + AccessControlList.objects.check_access( + permissions=permission_transformation_edit, user=request.user, + obj=self.transformation.content_object + ) return super(TransformationEditView, self).dispatch( request, *args, **kwargs @@ -212,15 +195,10 @@ class TransformationListView(SingleObjectListView): except content_type.model_class().DoesNotExist: raise Http404 - try: - Permission.check_permissions( - request.user, (permission_transformation_view,) - ) - except PermissionDenied: - AccessControlList.objects.check_access( - permission_transformation_view, request.user, - self.content_object - ) + AccessControlList.objects.check_access( + permissions=permission_transformation_view, user=request.user, + obj=self.content_object + ) return super(TransformationListView, self).dispatch( request, *args, **kwargs diff --git a/mayan/apps/document_comments/views.py b/mayan/apps/document_comments/views.py index 943475d886..767dc85b13 100644 --- a/mayan/apps/document_comments/views.py +++ b/mayan/apps/document_comments/views.py @@ -1,6 +1,5 @@ from __future__ import absolute_import, unicode_literals -from django.core.exceptions import PermissionDenied from django.core.urlresolvers import reverse from django.shortcuts import get_object_or_404 from django.utils.translation import ugettext_lazy as _ @@ -10,7 +9,6 @@ from common.generics import ( SingleObjectCreateView, SingleObjectDeleteView, SingleObjectListView ) from documents.models import Document -from permissions import Permission from .models import Comment from .permissions import ( @@ -25,14 +23,10 @@ class DocumentCommentCreateView(SingleObjectCreateView): object_verbose_name = _('Comment') def dispatch(self, request, *args, **kwargs): - try: - Permission.check_permissions( - request.user, (permission_comment_create,) - ) - except PermissionDenied: - AccessControlList.objects.check_access( - permission_comment_create, request.user, self.get_document() - ) + AccessControlList.objects.check_access( + permissions=permission_comment_create, user=request.user, + obj=self.get_document() + ) return super( DocumentCommentCreateView, self @@ -67,15 +61,10 @@ class DocumentCommentDeleteView(SingleObjectDeleteView): model = Comment def dispatch(self, request, *args, **kwargs): - try: - Permission.check_permissions( - request.user, (permission_comment_delete,) - ) - except PermissionDenied: - AccessControlList.objects.check_access( - permission_comment_delete, request.user, - self.get_object().document - ) + AccessControlList.objects.check_access( + permissions=permission_comment_delete, user=request.user, + obj=self.get_object().document + ) return super( DocumentCommentDeleteView, self @@ -102,15 +91,10 @@ class DocumentCommentListView(SingleObjectListView): return get_object_or_404(Document, pk=self.kwargs['pk']) def get_queryset(self): - try: - Permission.check_permissions( - self.request.user, (permission_comment_view,) - ) - except PermissionDenied: - AccessControlList.objects.check_access( - permission_comment_view, self.request.user, - self.get_document() - ) + AccessControlList.objects.check_access( + permissions=permission_comment_view, user=self.request.user, + obj=self.get_document() + ) return self.get_document().comments.all() diff --git a/mayan/apps/document_indexing/api_views.py b/mayan/apps/document_indexing/api_views.py index 80b5b063bb..02126ccd5d 100644 --- a/mayan/apps/document_indexing/api_views.py +++ b/mayan/apps/document_indexing/api_views.py @@ -1,6 +1,5 @@ from __future__ import absolute_import, unicode_literals -from django.core.exceptions import PermissionDenied from django.shortcuts import get_object_or_404 from rest_framework import generics @@ -9,7 +8,6 @@ from acls.models import AccessControlList from documents.models import Document from documents.permissions import permission_document_view from documents.serializers import DocumentSerializer -from permissions import Permission from rest_api.filters import MayanObjectPermissionsFilter from rest_api.permissions import MayanPermission @@ -99,15 +97,10 @@ class APIIndexNodeInstanceDocumentListView(generics.ListAPIView): index_node_instance = get_object_or_404( IndexInstanceNode, pk=self.kwargs['pk'] ) - try: - Permission.check_permissions( - self.request.user, (permission_document_indexing_view,) - ) - except PermissionDenied: - AccessControlList.objects.check_access( - permission_document_indexing_view, self.request.user, - index_node_instance.index - ) + AccessControlList.objects.check_access( + permissions=permission_document_indexing_view, + user=self.request.user, obj=index_node_instance.index + ) return index_node_instance.documents.all() @@ -177,13 +170,9 @@ class APIDocumentIndexListView(generics.ListAPIView): def get_queryset(self): document = get_object_or_404(Document, pk=self.kwargs['pk']) - try: - Permission.check_permissions( - self.request.user, (permission_document_view,) - ) - except PermissionDenied: - AccessControlList.objects.check_access( - permission_document_view, self.request.user, document - ) + AccessControlList.objects.check_access( + permissions=permission_document_view, user=self.request.user, + obj=document + ) return document.node_instances.all() diff --git a/mayan/apps/document_indexing/views.py b/mayan/apps/document_indexing/views.py index 44b932285d..2642289c87 100644 --- a/mayan/apps/document_indexing/views.py +++ b/mayan/apps/document_indexing/views.py @@ -1,7 +1,6 @@ from __future__ import absolute_import, unicode_literals from django.contrib import messages -from django.core.exceptions import PermissionDenied from django.core.urlresolvers import reverse, reverse_lazy from django.shortcuts import get_object_or_404 from django.utils.html import mark_safe @@ -15,7 +14,6 @@ from common.views import ( from documents.models import Document, DocumentType from documents.permissions import permission_document_view from documents.views import DocumentListView -from permissions import Permission from .forms import IndexTemplateNodeForm from .models import ( @@ -143,15 +141,10 @@ class TemplateNodeCreateView(SingleObjectCreateView): model = IndexTemplateNode def dispatch(self, request, *args, **kwargs): - try: - Permission.check_permissions( - request.user, (permission_document_indexing_edit,) - ) - except PermissionDenied: - AccessControlList.objects.check_access( - permission_document_indexing_edit, request.user, - self.get_parent_node().index - ) + AccessControlList.objects.check_access( + permissions=permission_document_indexing_edit, user=request.user, + obj=self.get_parent_node().index + ) return super( TemplateNodeCreateView, self @@ -236,15 +229,10 @@ class IndexInstanceNodeView(DocumentListView): IndexInstanceNode, pk=self.kwargs['pk'] ) - try: - Permission.check_permissions( - request.user, (permission_document_indexing_view,) - ) - except PermissionDenied: - AccessControlList.objects.check_access( - permission_document_indexing_view, - request.user, self.index_instance_node.index() - ) + AccessControlList.objects.check_access( + permissions=permission_document_indexing_view, + user=request.user, obj=self.index_instance_node.index() + ) if self.index_instance_node: if self.index_instance_node.index_template_node.link_documents: @@ -299,14 +287,10 @@ class DocumentIndexNodeListView(SingleObjectListView): object_permission_related = 'index' def dispatch(self, request, *args, **kwargs): - try: - Permission.check_permissions( - request.user, (permission_document_view,) - ) - except PermissionDenied: - AccessControlList.objects.check_access( - permission_document_view, request.user, self.get_document() - ) + AccessControlList.objects.check_access( + permissions=permission_document_view, user=request.user, + obj=self.get_document() + ) return super( DocumentIndexNodeListView, self diff --git a/mayan/apps/document_signatures/views.py b/mayan/apps/document_signatures/views.py index 3057086c44..b556c4601a 100644 --- a/mayan/apps/document_signatures/views.py +++ b/mayan/apps/document_signatures/views.py @@ -3,7 +3,6 @@ from __future__ import absolute_import, unicode_literals import logging from django.contrib import messages -from django.core.exceptions import PermissionDenied from django.core.files import File from django.core.urlresolvers import reverse from django.http import HttpResponseRedirect @@ -19,7 +18,6 @@ from common.utils import TemporaryFile from django_gpg.exceptions import NeedPassphrase, PassphraseError from django_gpg.permissions import permission_key_sign from documents.models import DocumentVersion -from permissions import Permission from .forms import ( DocumentVersionSignatureCreateForm, @@ -47,14 +45,9 @@ class DocumentVersionDetachedSignatureCreateView(FormView): key = form.cleaned_data['key'] passphrase = form.cleaned_data['passphrase'] or None - try: - Permission.check_permissions( - self.request.user, (permission_key_sign,) - ) - except PermissionDenied: - AccessControlList.objects.check_access( - permission_key_sign, self.request.user, key - ) + AccessControlList.objects.check_access( + permissions=permission_key_sign, user=self.request.user, obj=key + ) try: with self.get_document_version().open() as file_object: @@ -103,15 +96,10 @@ class DocumentVersionDetachedSignatureCreateView(FormView): ).form_valid(form) def dispatch(self, request, *args, **kwargs): - try: - Permission.check_permissions( - request.user, (permission_document_version_sign_detached,) - ) - except PermissionDenied: - AccessControlList.objects.check_access( - permission_document_version_sign_detached, request.user, - self.get_document_version().document - ) + AccessControlList.objects.check_access( + permissions=permission_document_version_sign_detached, + user=request.user, obj=self.get_document_version().document + ) return super( DocumentVersionDetachedSignatureCreateView, self @@ -153,14 +141,9 @@ class DocumentVersionEmbeddedSignatureCreateView(FormView): key = form.cleaned_data['key'] passphrase = form.cleaned_data['passphrase'] or None - try: - Permission.check_permissions( - self.request.user, (permission_key_sign,) - ) - except PermissionDenied: - AccessControlList.objects.check_access( - permission_key_sign, self.request.user, key - ) + AccessControlList.objects.check_access( + permissions=permission_key_sign, user=self.request.user, obj=key + ) try: with self.get_document_version().open() as file_object: @@ -214,15 +197,10 @@ class DocumentVersionEmbeddedSignatureCreateView(FormView): ).form_valid(form) def dispatch(self, request, *args, **kwargs): - try: - Permission.check_permissions( - request.user, (permission_document_version_sign_embedded,) - ) - except PermissionDenied: - AccessControlList.objects.check_access( - permission_document_version_sign_embedded, request.user, - self.get_document_version().document - ) + AccessControlList.objects.check_access( + permissions=permission_document_version_sign_embedded, + user=request.user, obj=self.get_document_version().document + ) return super( DocumentVersionEmbeddedSignatureCreateView, self @@ -312,15 +290,10 @@ class DocumentVersionSignatureDownloadView(SingleObjectDownloadView): class DocumentVersionSignatureListView(SingleObjectListView): def dispatch(self, request, *args, **kwargs): - try: - Permission.check_permissions( - request.user, (permission_document_version_signature_view,) - ) - except PermissionDenied: - AccessControlList.objects.check_access( - permission_document_version_signature_view, request.user, - self.get_document_version() - ) + AccessControlList.objects.check_access( + permissions=permission_document_version_signature_view, + user=request.user, obj=self.get_document_version() + ) return super( DocumentVersionSignatureListView, self @@ -349,15 +322,10 @@ class DocumentVersionSignatureUploadView(SingleObjectCreateView): model = DetachedSignature def dispatch(self, request, *args, **kwargs): - try: - Permission.check_permissions( - request.user, (permission_document_version_signature_upload,) - ) - except PermissionDenied: - AccessControlList.objects.check_access( - permission_document_version_signature_upload, request.user, - self.get_document_version() - ) + AccessControlList.objects.check_access( + permissions=permission_document_version_signature_upload, + user=request.user, obj=self.get_document_version() + ) return super( DocumentVersionSignatureUploadView, self diff --git a/mayan/apps/document_states/views.py b/mayan/apps/document_states/views.py index 132212c8f0..c63ac0f777 100644 --- a/mayan/apps/document_states/views.py +++ b/mayan/apps/document_states/views.py @@ -1,7 +1,6 @@ from __future__ import absolute_import, unicode_literals from django.contrib import messages -from django.core.exceptions import PermissionDenied from django.core.urlresolvers import reverse, reverse_lazy from django.db.utils import IntegrityError from django.http import HttpResponseRedirect @@ -16,7 +15,6 @@ from common.views import ( ) from documents.models import Document from documents.views import DocumentListView -from permissions import Permission from .forms import ( WorkflowForm, WorkflowInstanceTransitionForm, WorkflowStateForm, @@ -32,15 +30,10 @@ from .permissions import ( class DocumentWorkflowInstanceListView(SingleObjectListView): def dispatch(self, request, *args, **kwargs): - try: - Permission.check_permissions( - request.user, (permission_workflow_view,) - ) - except PermissionDenied: - AccessControlList.objects.check_access( - permission_workflow_view, request.user, - self.get_document() - ) + AccessControlList.objects.check_access( + permissions=permission_workflow_view, user=request.user, + obj=self.get_document() + ) return super( DocumentWorkflowInstanceListView, self @@ -66,14 +59,10 @@ class WorkflowDocumentListView(DocumentListView): def dispatch(self, request, *args, **kwargs): self.workflow = get_object_or_404(Workflow, pk=self.kwargs['pk']) - try: - Permission.check_permissions( - request.user, (permission_workflow_view,) - ) - except PermissionDenied: - AccessControlList.objects.check_access( - permission_workflow_view, request.user, self.workflow - ) + AccessControlList.objects.check_access( + permissions=permission_workflow_view, user=request.user, + obj=self.workflow + ) return super( WorkflowDocumentListView, self @@ -94,15 +83,10 @@ class WorkflowDocumentListView(DocumentListView): class WorkflowInstanceDetailView(SingleObjectListView): def dispatch(self, request, *args, **kwargs): - try: - Permission.check_permissions( - request.user, (permission_workflow_view,) - ) - except PermissionDenied: - AccessControlList.objects.check_access( - permission_workflow_view, request.user, - self.get_workflow_instance().document - ) + AccessControlList.objects.check_access( + permissions=permission_workflow_view, users=request.user, + obj=self.get_workflow_instance().document + ) return super( WorkflowInstanceDetailView, self @@ -131,15 +115,10 @@ class WorkflowInstanceTransitionView(FormView): template_name = 'appearance/generic_form.html' def dispatch(self, request, *args, **kwargs): - try: - Permission.check_permissions( - request.user, (permission_workflow_transition,) - ) - except PermissionDenied: - AccessControlList.objects.check_access( - permission_workflow_transition, request.user, - self.get_workflow_instance().document - ) + AccessControlList.objects.check_access( + permissions=permission_workflow_transition, user=request.user, + obj=self.get_workflow_instance().document + ) return super( WorkflowInstanceTransitionView, self @@ -249,14 +228,10 @@ class SetupWorkflowDocumentTypesView(AssignRemoveView): class SetupWorkflowStateListView(SingleObjectListView): def dispatch(self, request, *args, **kwargs): - try: - Permission.check_permissions( - request.user, (permission_workflow_view,) - ) - except PermissionDenied: - AccessControlList.objects.check_access( - permission_workflow_view, request.user, self.get_workflow() - ) + AccessControlList.objects.check_access( + permissions=permission_workflow_view, user=request.user, + obj=self.get_workflow() + ) return super( SetupWorkflowStateListView, self diff --git a/mayan/apps/documents/api_views.py b/mayan/apps/documents/api_views.py index e1ff278262..49678e87b1 100644 --- a/mayan/apps/documents/api_views.py +++ b/mayan/apps/documents/api_views.py @@ -2,7 +2,6 @@ from __future__ import absolute_import, unicode_literals import logging -from django.core.exceptions import PermissionDenied from django.http import HttpResponse from django.shortcuts import get_object_or_404 @@ -11,7 +10,6 @@ from rest_framework import generics, status from rest_framework.response import Response from acls.models import AccessControlList -from permissions import Permission from rest_api.filters import MayanObjectPermissionsFilter from rest_api.permissions import MayanPermission @@ -379,15 +377,10 @@ class APIDocumentTypeDocumentListView(generics.ListAPIView): def get_queryset(self): document_type = get_object_or_404(DocumentType, pk=self.kwargs['pk']) - try: - Permission.check_permissions( - self.request.user, (permission_document_type_view,) - ) - except PermissionDenied: - AccessControlList.objects.check_access( - permission_document_type_view, self.request.user, - document_type - ) + AccessControlList.objects.check_access( + permissions=permission_document_type_view, user=self.request.user, + obj=document_type + ) return document_type.documents.all() diff --git a/mayan/apps/documents/views.py b/mayan/apps/documents/views.py index 4655f1bdce..cf42c29bd7 100644 --- a/mayan/apps/documents/views.py +++ b/mayan/apps/documents/views.py @@ -25,7 +25,6 @@ from common.mixins import MultipleInstanceActionMixin from converter.literals import DEFAULT_ZOOM_LEVEL from converter.models import Transformation from converter.permissions import permission_transformation_delete -from permissions import Permission from .events import event_document_download, event_document_view from .forms import ( @@ -111,14 +110,10 @@ class DeletedDocumentDeleteView(ConfirmView): Document.passthrough, pk=instance.pk ) - try: - Permission.check_permissions( - self.request.user, (permission_document_delete,) - ) - except PermissionDenied: - AccessControlList.objects.check_access( - permission_document_delete, self.request.user, source_document - ) + AccessControlList.objects.check_access( + permissions=permission_document_delete, user=self.request.user, + obj=source_document + ) instance.delete() @@ -180,14 +175,10 @@ class DocumentRestoreView(ConfirmView): Document.passthrough, pk=instance.pk ) - try: - Permission.check_permissions( - self.request.user, (permission_document_restore,) - ) - except PermissionDenied: - AccessControlList.objects.check_access( - permission_document_restore, self.request.user, source_document - ) + AccessControlList.objects.check_access( + permissions=permission_document_restore, user=self.request.user, + obj=source_document + ) instance.restore() @@ -214,15 +205,10 @@ class DocumentRestoreManyView(MultipleInstanceActionMixin, DocumentRestoreView): class DocumentPageListView(SingleObjectListView): def dispatch(self, request, *args, **kwargs): - try: - Permission.check_permissions( - self.request.user, (permission_document_view,) - ) - except PermissionDenied: - AccessControlList.objects.check_access( - permission_document_view, self.request.user, - self.get_document() - ) + AccessControlList.objects.check_access( + permissions=permission_document_view, user=self.request.user, + obj=self.get_document() + ) return super( DocumentPageListView, self @@ -245,15 +231,11 @@ class DocumentPageView(SimpleView): template_name = 'appearance/generic_form.html' def dispatch(self, request, *args, **kwargs): - try: - Permission.check_permissions( - request.user, (permission_document_view,) - ) - except PermissionDenied: - AccessControlList.objects.check_access( - permission_document_view, request.user, - self.get_object().document - ) + AccessControlList.objects.check_access( + permissions=permission_document_view, user=request.user, + obj=self.get_object().document + ) + return super( DocumentPageView, self ).dispatch(request, *args, **kwargs) @@ -329,14 +311,10 @@ class DocumentTrashView(ConfirmView): return reverse('documents:document_list_recent') def object_action(self, instance): - try: - Permission.check_permissions( - self.request.user, (permission_document_trash,) - ) - except PermissionDenied: - AccessControlList.objects.check_access( - permission_document_trash, self.request.user, instance - ) + AccessControlList.objects.check_access( + permissions=permission_document_trash, user=self.request.user, + obj=instance + ) instance.delete() @@ -437,15 +415,10 @@ class DocumentTypeFilenameCreateView(SingleObjectCreateView): form_class = DocumentTypeFilenameForm_create def dispatch(self, request, *args, **kwargs): - try: - Permission.check_permissions( - request.user, (permission_document_type_edit,) - ) - except PermissionDenied: - AccessControlList.objects.check_access( - permission_document_type_edit, request.user, - self.get_document_type() - ) + AccessControlList.objects.check_access( + permissions=permission_document_type_edit, user=request.user, + obj=self.get_document_type() + ) return super(DocumentTypeFilenameCreateView, self).dispatch( request, *args, **kwargs @@ -543,14 +516,10 @@ class DocumentTypeFilenameListView(SingleObjectListView): class DocumentVersionListView(SingleObjectListView): def dispatch(self, request, *args, **kwargs): - try: - Permission.check_permissions( - request.user, (permission_document_view,) - ) - except PermissionDenied: - AccessControlList.objects.check_access( - permission_document_view, request.user, self.get_document() - ) + AccessControlList.objects.check_access( + permissions=permission_document_view, user=request.user, + obj=self.get_document() + ) self.get_document().add_as_recent_document_for_user(request.user) @@ -1045,10 +1014,10 @@ def document_multiple_clear_transformations(request): def document_page_navigation_next(request, document_page_id): document_page = get_object_or_404(DocumentPage, pk=document_page_id) - try: - Permission.check_permissions(request.user, (permission_document_view,)) - except PermissionDenied: - AccessControlList.objects.check_access(permission_document_view, request.user, document_page.document) + AccessControlList.objects.check_access( + permissions=permission_document_view, user=request.user, + obj=document_page.document + ) view = resolve(urlparse.urlparse(request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL))).path).view_name @@ -1063,10 +1032,10 @@ def document_page_navigation_next(request, document_page_id): def document_page_navigation_previous(request, document_page_id): document_page = get_object_or_404(DocumentPage, pk=document_page_id) - try: - Permission.check_permissions(request.user, (permission_document_view,)) - except PermissionDenied: - AccessControlList.objects.check_access(permission_document_view, request.user, document_page.document) + AccessControlList.objects.check_access( + permissions=permission_document_view, user=request.user, + obj=document_page.document + ) view = resolve(urlparse.urlparse(request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL))).path).view_name @@ -1082,10 +1051,10 @@ def document_page_navigation_first(request, document_page_id): document_page = get_object_or_404(DocumentPage, pk=document_page_id) document_page = get_object_or_404(document_page.siblings, page_number=1) - try: - Permission.check_permissions(request.user, (permission_document_view,)) - except PermissionDenied: - AccessControlList.objects.check_access(permission_document_view, request.user, document_page.document) + AccessControlList.objects.check_access( + permissions=permission_document_view, user=request.user, + obj=document_page.document + ) view = resolve(urlparse.urlparse(request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL))).path).view_name @@ -1096,10 +1065,10 @@ def document_page_navigation_last(request, document_page_id): document_page = get_object_or_404(DocumentPage, pk=document_page_id) document_page = get_object_or_404(document_page.siblings, page_number=document_page.siblings.count()) - try: - Permission.check_permissions(request.user, (permission_document_view,)) - except PermissionDenied: - AccessControlList.objects.check_access(permission_document_view, request.user, document_page.document) + AccessControlList.objects.check_access( + permissions=permission_document_view, user=request.user, + obj=document_page.document + ) view = resolve(urlparse.urlparse(request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL))).path).view_name @@ -1109,10 +1078,10 @@ def document_page_navigation_last(request, document_page_id): def transform_page(request, document_page_id, zoom_function=None, rotation_function=None): document_page = get_object_or_404(DocumentPage, pk=document_page_id) - try: - Permission.check_permissions(request.user, (permission_document_view,)) - except PermissionDenied: - AccessControlList.objects.check_access(permission_document_view, request.user, document_page.document) + AccessControlList.objects.check_access( + permissions=permission_document_view, user=request.user, + obj=document_page.document + ) view = resolve(urlparse.urlparse(request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL))).path).view_name @@ -1172,10 +1141,9 @@ def document_page_rotate_left(request, document_page_id): def document_print(request, document_id): document = get_object_or_404(Document, pk=document_id) - try: - Permission.check_permissions(request.user, (permission_document_print,)) - except PermissionDenied: - AccessControlList.objects.check_access(permission_document_print, request.user, document) + AccessControlList.objects.check_access( + permissions=permission_document_print, user=request.user, obj=document + ) document.add_as_recent_document_for_user(request.user) diff --git a/mayan/apps/events/views.py b/mayan/apps/events/views.py index 779bfbc005..326ba6cb18 100644 --- a/mayan/apps/events/views.py +++ b/mayan/apps/events/views.py @@ -1,7 +1,6 @@ from __future__ import absolute_import, unicode_literals from django.contrib.contenttypes.models import ContentType -from django.core.exceptions import PermissionDenied from django.http import Http404 from django.shortcuts import get_object_or_404 from django.utils.translation import ugettext_lazy as _ @@ -11,7 +10,6 @@ from actstream.models import Action, any_stream from acls.models import AccessControlList from common.utils import encapsulate from common.views import SingleObjectListView -from permissions import Permission from .classes import Event from .permissions import permission_events_view @@ -55,14 +53,10 @@ class ObjectEventListView(EventListView): except self.object_content_type.model_class().DoesNotExist: raise Http404 - try: - Permission.check_permissions( - request.user, permissions=(permission_events_view,) - ) - except PermissionDenied: - AccessControlList.objects.check_access( - permission_events_view, request.user, self.content_object - ) + AccessControlList.objects.check_access( + permissions=permission_events_view, user=request.user, + obj=self.content_object + ) return super( ObjectEventListView, self diff --git a/mayan/apps/folders/api_views.py b/mayan/apps/folders/api_views.py index 04b336cf3d..8f6e306dde 100644 --- a/mayan/apps/folders/api_views.py +++ b/mayan/apps/folders/api_views.py @@ -1,6 +1,5 @@ from __future__ import absolute_import, unicode_literals -from django.core.exceptions import PermissionDenied from django.shortcuts import get_object_or_404 from rest_framework import generics @@ -9,7 +8,6 @@ from rest_framework.response import Response from acls.models import AccessControlList from documents.models import Document from documents.permissions import permission_document_view -from permissions import Permission from rest_api.filters import MayanObjectPermissionsFilter from rest_api.permissions import MayanPermission @@ -37,14 +35,10 @@ class APIDocumentFolderListView(generics.ListAPIView): def get_queryset(self): document = get_object_or_404(Document, pk=self.kwargs['pk']) - try: - Permission.check_permissions( - self.request.user, (permission_document_view,) - ) - except PermissionDenied: - AccessControlList.objects.check_access( - permission_document_view, self.request.user, document - ) + AccessControlList.objects.check_access( + permissions=permission_document_view, user=self.request.user, + obj=document + ) queryset = document.document_folders().all() return queryset @@ -207,14 +201,10 @@ class APIFolderDocumentView(generics.RetrieveDestroyAPIView): def retrieve(self, request, *args, **kwargs): instance = self.get_object() - try: - Permission.check_permissions( - self.request.user, (permission_document_view,) - ) - except PermissionDenied: - AccessControlList.objects.check_access( - permission_document_view, self.request.user, instance - ) + AccessControlList.objects.check_access( + permissions=permission_document_view, user=self.request.user, + obj=instance + ) serializer = self.get_serializer(instance) return Response(serializer.data) diff --git a/mayan/apps/folders/views.py b/mayan/apps/folders/views.py index 7d7c2f7c3e..90d01b6896 100644 --- a/mayan/apps/folders/views.py +++ b/mayan/apps/folders/views.py @@ -4,7 +4,6 @@ import logging from django.conf import settings from django.contrib import messages -from django.core.exceptions import PermissionDenied from django.core.urlresolvers import reverse, reverse_lazy from django.http import HttpResponseRedirect from django.shortcuts import get_object_or_404, render_to_response @@ -19,7 +18,6 @@ from common.views import ( from documents.permissions import permission_document_view from documents.models import Document from documents.views import DocumentListView -from permissions import Permission from .forms import FolderListForm from .models import Folder @@ -69,14 +67,10 @@ class FolderDetailView(DocumentListView): def get_folder(self): folder = get_object_or_404(Folder, pk=self.kwargs['pk']) - try: - Permission.check_permissions( - self.request.user, (permission_folder_view,) - ) - except PermissionDenied: - AccessControlList.objects.check_access( - permission_folder_view, self.request.user, folder - ) + AccessControlList.objects.check_access( + permissions=permission_folder_view, user=self.request.user, + obj=folder + ) return folder @@ -109,16 +103,14 @@ class DocumentFolderListView(FolderListView): def dispatch(self, request, *args, **kwargs): self.document = get_object_or_404(Document, pk=self.kwargs['pk']) - try: - Permission.check_permissions( - request.user, (permission_document_view,) - ) - except PermissionDenied: - AccessControlList.objects.check_access( - permission_document_view, request.user, self.document - ) + AccessControlList.objects.check_access( + permissions=permission_document_view, user=request.user, + obj=self.document + ) - return super(DocumentFolderListView, self).dispatch(request, *args, **kwargs) + return super(DocumentFolderListView, self).dispatch( + request, *args, **kwargs + ) def get_extra_context(self): return { diff --git a/mayan/apps/linking/views.py b/mayan/apps/linking/views.py index c7e03b0482..0af56cfcd4 100644 --- a/mayan/apps/linking/views.py +++ b/mayan/apps/linking/views.py @@ -3,7 +3,6 @@ from __future__ import absolute_import, unicode_literals import logging from django.contrib import messages -from django.core.exceptions import PermissionDenied from django.core.urlresolvers import reverse, reverse_lazy from django.shortcuts import get_object_or_404 from django.utils.translation import ugettext_lazy as _ @@ -16,7 +15,6 @@ from common.generics import ( from documents.models import Document, DocumentType from documents.permissions import permission_document_view from documents.views import DocumentListView -from permissions import Permission from .forms import SmartLinkConditionForm, SmartLinkForm from .models import ResolvedSmartLink, SmartLink, SmartLinkCondition @@ -37,23 +35,15 @@ class ResolvedSmartLinkView(DocumentListView): SmartLink, pk=self.kwargs['smart_link_pk'] ) - try: - Permission.check_permissions( - request.user, (permission_document_view,) - ) - except PermissionDenied: - AccessControlList.objects.check_access( - permission_document_view, request.user, self.document - ) + AccessControlList.objects.check_access( + permissions=permission_document_view, user=request.user, + obj=self.document + ) - try: - Permission.check_permissions( - request.user, (permission_smart_link_view,) - ) - except PermissionDenied: - AccessControlList.objects.check_access( - permission_smart_link_view, request.user, self.smart_link - ) + AccessControlList.objects.check_access( + permissions=permission_smart_link_view, user=request.user, + obj=self.smart_link + ) return super( ResolvedSmartLinkView, self @@ -151,14 +141,10 @@ class DocumentSmartLinkListView(SmartLinkListView): def dispatch(self, request, *args, **kwargs): self.document = get_object_or_404(Document, pk=self.kwargs['pk']) - try: - Permission.check_permissions( - request.user, (permission_document_view,) - ) - except PermissionDenied: - AccessControlList.objects.check_access( - permission_document_view, request.user, self.document - ) + AccessControlList.objects.check_access( + permissions=permission_document_view, user=request.user, + obj=self.document + ) return super( DocumentSmartLinkListView, self @@ -234,15 +220,11 @@ class SmartLinkConditionCreateView(SingleObjectCreateView): form_class = SmartLinkConditionForm def dispatch(self, request, *args, **kwargs): - try: - Permission.check_permissions( - request.user, (permission_smart_link_edit,) - ) - except PermissionDenied: - AccessControlList.objects.check_access( - (permission_smart_link_edit,), request.user, - self.get_smart_link() - ) + AccessControlList.objects.check_access( + permissions=permission_smart_link_edit, user=request.user, + obj=self.get_smart_link() + ) + return super( SmartLinkConditionCreateView, self ).dispatch(request, *args, **kwargs) @@ -277,15 +259,10 @@ class SmartLinkConditionEditView(SingleObjectEditView): model = SmartLinkCondition def dispatch(self, request, *args, **kwargs): - try: - Permission.check_permissions( - request.user, (permission_smart_link_edit,) - ) - except PermissionDenied: - AccessControlList.objects.check_access( - (permission_smart_link_edit,), request.user, - self.get_object().smart_link - ) + AccessControlList.objects.check_access( + permissions=permission_smart_link_edit, user=request.user, + obj=self.get_object().smart_link + ) return super( SmartLinkConditionEditView, self @@ -311,15 +288,10 @@ class SmartLinkConditionDeleteView(SingleObjectDeleteView): model = SmartLinkCondition def dispatch(self, request, *args, **kwargs): - try: - Permission.check_permissions( - request.user, (permission_smart_link_edit,) - ) - except PermissionDenied: - AccessControlList.objects.check_access( - (permission_smart_link_edit,), request.user, - self.get_object().smart_link - ) + AccessControlList.objects.check_access( + permissions=permission_smart_link_edit, user=request.user, + obj=self.get_object().smart_link + ) return super( SmartLinkConditionDeleteView, self diff --git a/mayan/apps/metadata/api_views.py b/mayan/apps/metadata/api_views.py index 569a95277d..7c7a6070f0 100644 --- a/mayan/apps/metadata/api_views.py +++ b/mayan/apps/metadata/api_views.py @@ -1,6 +1,5 @@ from __future__ import absolute_import, unicode_literals -from django.core.exceptions import PermissionDenied from django.shortcuts import get_object_or_404 from rest_framework import generics, status, views @@ -11,7 +10,6 @@ from documents.models import Document, DocumentType from documents.permissions import ( permission_document_type_view, permission_document_type_edit ) -from permissions import Permission from rest_api.filters import MayanObjectPermissionsFilter from rest_api.permissions import MayanPermission @@ -100,31 +98,21 @@ class APIDocumentMetadataListView(generics.ListCreateAPIView): if self.request.method == 'GET': # Make sure the use has the permission to see the metadata for # this document - try: - Permission.check_permissions( - self.request.user, (permission_metadata_document_view,) - ) - except PermissionDenied: - AccessControlList.objects.check_access( - permission_metadata_document_view, self.request.user, - document - ) - else: - return document.metadata.all() + AccessControlList.objects.check_access( + permissions=permission_metadata_document_view, + user=self.request.user, obj=document + ) + + return document.metadata.all() elif self.request.method == 'POST': # Make sure the use has the permission to add metadata to this # document - try: - Permission.check_permissions( - self.request.user, (permission_metadata_document_add,) - ) - except PermissionDenied: - AccessControlList.objects.check_access( - permission_metadata_document_add, self.request.user, - document - ) - else: - return document.metadata.all() + AccessControlList.objects.check_access( + permissions=permission_metadata_document_add, + user=self.request.user, obj=document + ) + + return document.metadata.all() def get_serializer_class(self): if self.request.method == 'GET': @@ -222,15 +210,10 @@ class APIDocumentTypeMetadataTypeOptionalListView(generics.ListCreateAPIView): document_type = get_object_or_404( DocumentType, pk=self.kwargs['document_type_pk'] ) - try: - Permission.check_permissions( - self.request.user, (permission_document_type_view,) - ) - except PermissionDenied: - AccessControlList.objects.check_access( - permission_document_type_view, self.request.user, - document_type - ) + AccessControlList.objects.check_access( + permissions=permission_document_type_view, user=self.request.user, + obj=document_type + ) return document_type.metadata.filter(required=self.required_metadata) @@ -256,15 +239,10 @@ class APIDocumentTypeMetadataTypeOptionalListView(generics.ListCreateAPIView): DocumentType, pk=self.kwargs['document_type_pk'] ) - try: - Permission.check_permissions( - self.request.user, (permission_document_type_edit,) - ) - except PermissionDenied: - AccessControlList.objects.check_access( - permission_document_type_edit, self.request.user, - document_type - ) + AccessControlList.objects.check_access( + permissions=permission_document_type_edit, user=self.request.user, + obj=document_type + ) serializer = self.get_serializer(data=self.request.POST) @@ -316,15 +294,10 @@ class APIDocumentTypeMetadataTypeView(views.APIView): DocumentTypeMetadataType, pk=self.kwargs['pk'] ) - try: - Permission.check_permissions( - self.request.user, (permission_document_type_edit,) - ) - except PermissionDenied: - AccessControlList.objects.check_access( - permission_document_type_edit, self.request.user, - document_type_metadata_type.document_type - ) + AccessControlList.objects.check_access( + permissions=permission_document_type_edit, user=self.request.user, + obj=document_type_metadata_type.document_type + ) document_type_metadata_type.delete() return Response(status=status.HTTP_204_NO_CONTENT) diff --git a/mayan/apps/metadata/views.py b/mayan/apps/metadata/views.py index e367823037..c5cc970e74 100644 --- a/mayan/apps/metadata/views.py +++ b/mayan/apps/metadata/views.py @@ -19,7 +19,6 @@ from documents.models import Document, DocumentType from documents.permissions import ( permission_document_type_edit ) -from permissions import Permission from .api import save_metadata_list from .forms import ( @@ -464,15 +463,10 @@ def metadata_multiple_remove(request): class DocumentMetadataListView(SingleObjectListView): def dispatch(self, request, *args, **kwargs): - try: - Permission.check_permissions( - self.request.user, (permission_metadata_document_view,) - ) - except PermissionDenied: - AccessControlList.objects.check_access( - permission_metadata_document_view, self.request.user, - self.get_document() - ) + AccessControlList.objects.check_access( + permissions=permission_metadata_document_view, + user=self.request.user, obj=self.get_document() + ) return super(DocumentMetadataListView, self).dispatch( request, *args, **kwargs diff --git a/mayan/apps/navigation/classes.py b/mayan/apps/navigation/classes.py index ca141efd2b..049ddc44bc 100644 --- a/mayan/apps/navigation/classes.py +++ b/mayan/apps/navigation/classes.py @@ -15,7 +15,6 @@ from django.utils.encoding import smart_str, smart_unicode from django.utils.http import urlencode, urlquote from common.utils import return_attrib -from permissions import Permission logger = logging.getLogger(__name__) @@ -250,22 +249,16 @@ class Link(object): # If this link has a required permission check that the user have it # too if self.permissions: - try: - Permission.check_permissions(request.user, self.permissions) - except PermissionDenied: - # If the user doesn't have the permission, and we are passed - # an instance, check to see if the user has at least ACL - # access to the instance. - if resolved_object: - try: - AccessControlList.objects.check_access( - self.permissions, request.user, resolved_object, - related=self.permissions_related - ) - except PermissionDenied: - return None - else: + if resolved_object: + try: + AccessControlList.objects.check_access( + permissions=self.permissions, user=request.user, + obj=resolved_object, related=self.permissions_related + ) + except PermissionDenied: return None + else: + return None # Check to see if link has conditional display function and only # display it if the result of the conditional display function is diff --git a/mayan/apps/ocr/views.py b/mayan/apps/ocr/views.py index 2c4f237867..ff9495d441 100644 --- a/mayan/apps/ocr/views.py +++ b/mayan/apps/ocr/views.py @@ -1,7 +1,6 @@ from __future__ import absolute_import, unicode_literals from django.contrib import messages -from django.core.exceptions import PermissionDenied from django.core.urlresolvers import reverse from django.http import HttpResponseRedirect from django.shortcuts import get_object_or_404 @@ -14,7 +13,6 @@ from common.generics import ( ) from common.mixins import MultipleInstanceActionMixin from documents.models import Document, DocumentType -from permissions import Permission from .forms import DocumentContentForm, DocumentTypeSelectForm from .models import DocumentVersionOCRError @@ -52,14 +50,10 @@ class DocumentSubmitView(ConfirmView): return Document.objects.get(pk=self.kwargs['pk']) def object_action(self, instance): - try: - Permission.check_permissions( - self.request.user, (permission_ocr_document,) - ) - except PermissionDenied: - AccessControlList.objects.check_access( - permission_ocr_document, self.request.user, instance - ) + AccessControlList.objects.check_access( + permissions=permission_ocr_document, user=self.request.user, + obj=instance + ) instance.submit_for_ocr() diff --git a/mayan/apps/permissions/classes.py b/mayan/apps/permissions/classes.py index a5b6dcb093..8bcd8030d4 100644 --- a/mayan/apps/permissions/classes.py +++ b/mayan/apps/permissions/classes.py @@ -54,8 +54,13 @@ class Permission(object): @classmethod def check_permissions(cls, requester, permissions): - for permission in permissions: - if permission.stored_permission.requester_has_this(requester): + try: + for permission in permissions: + if permission.stored_permission.requester_has_this(requester): + return True + except TypeError: + # Not a list of permissions, just one + if permissions.stored_permission.requester_has_this(requester): return True logger.debug('no permission') diff --git a/mayan/apps/rest_api/permissions.py b/mayan/apps/rest_api/permissions.py index 206b16ef04..0443a61370 100644 --- a/mayan/apps/rest_api/permissions.py +++ b/mayan/apps/rest_api/permissions.py @@ -33,23 +33,19 @@ class MayanPermission(BasePermission): if required_permission: try: - Permission.check_permissions(request.user, required_permission) - except PermissionDenied: - try: - if hasattr(view, 'mayan_permission_attribute_check'): - AccessControlList.objects.check_access( - permissions=required_permission, - user=request.user, obj=obj, - related=view.mayan_permission_attribute_check - ) - else: - AccessControlList.objects.check_access( - required_permission, request.user, obj - ) - except PermissionDenied: - return False + if hasattr(view, 'mayan_permission_attribute_check'): + AccessControlList.objects.check_access( + permissions=required_permission, + user=request.user, obj=obj, + related=view.mayan_permission_attribute_check + ) else: - return True + AccessControlList.objects.check_access( + permissions=required_permission, user=request.user, + obj=obj + ) + except PermissionDenied: + return False else: return True else: diff --git a/mayan/apps/sources/views.py b/mayan/apps/sources/views.py index 288cfcd40d..0fb4d16c60 100644 --- a/mayan/apps/sources/views.py +++ b/mayan/apps/sources/views.py @@ -1,7 +1,6 @@ from __future__ import absolute_import, unicode_literals from django.contrib import messages -from django.core.exceptions import PermissionDenied from django.core.urlresolvers import reverse, reverse_lazy from django.http import HttpResponseRedirect from django.shortcuts import get_object_or_404 @@ -23,7 +22,6 @@ from documents.permissions import ( from documents.tasks import task_upload_new_version from metadata.api import decode_metadata_from_url from navigation import Link -from permissions import Permission from .forms import ( NewDocumentForm, NewVersionForm, WebFormUploadForm, @@ -195,15 +193,10 @@ class UploadInteractiveView(UploadBaseView): ) ) - try: - Permission.check_permissions( - request.user, (permission_document_create,) - ) - except PermissionDenied: - AccessControlList.objects.check_access( - permission_document_create, request.user, - self.document_type - ) + AccessControlList.objects.check_access( + permissions=permission_document_create, user=request.user, + obj=self.document_type + ) self.tab_links = UploadBaseView.get_active_tab_links() @@ -333,15 +326,10 @@ class UploadInteractiveVersionView(UploadBaseView): ) ) - try: - Permission.check_permissions( - self.request.user, (permission_document_new_version,) - ) - except PermissionDenied: - AccessControlList.objects.check_access( - permission_document_new_version, self.request.user, - self.document - ) + AccessControlList.objects.check_access( + permissions=permission_document_new_version, + user=self.request.user, obj=self.document + ) self.tab_links = UploadBaseView.get_active_tab_links(self.document) diff --git a/mayan/apps/tags/api_views.py b/mayan/apps/tags/api_views.py index f24e267ef3..522a5cac38 100644 --- a/mayan/apps/tags/api_views.py +++ b/mayan/apps/tags/api_views.py @@ -1,6 +1,5 @@ from __future__ import absolute_import, unicode_literals -from django.core.exceptions import PermissionDenied from django.shortcuts import get_object_or_404 from rest_framework import generics @@ -11,7 +10,6 @@ from acls.models import AccessControlList from documents.models import Document from documents.permissions import permission_document_view from documents.serializers import DocumentSerializer -from permissions import Permission from rest_api.filters import MayanObjectPermissionsFilter from rest_api.permissions import MayanPermission @@ -105,14 +103,10 @@ class APITagDocumentListView(generics.ListAPIView): def get_queryset(self): tag = get_object_or_404(Tag, pk=self.kwargs['pk']) - try: - Permission.check_permissions( - self.request.user, (permission_tag_view,) - ) - except PermissionDenied: - AccessControlList.objects.check_access( - permission_tag_view, self.request.user, tag - ) + + AccessControlList.objects.check_access( + permissions=permission_tag_view, user=self.request.user, obj=tag + ) return tag.documents.all() @@ -130,14 +124,11 @@ class APIDocumentTagListView(generics.ListCreateAPIView): def get_queryset(self): document = self.get_document() - try: - Permission.check_permissions( - self.request.user, (permission_document_view,) - ) - except PermissionDenied: - AccessControlList.objects.check_access( - permission_document_view, self.request.user, document - ) + + AccessControlList.objects.check_access( + permissions=permission_document_view, user=self.request.user, + obj=document + ) return document.attached_tags().all() @@ -198,14 +189,10 @@ class APIDocumentTagView(generics.RetrieveDestroyAPIView): def get_document(self): document = get_object_or_404(Document, pk=self.kwargs['document_pk']) - try: - Permission.check_permissions( - self.request.user, (permission_document_view,) - ) - except PermissionDenied: - AccessControlList.objects.check_access( - permission_document_view, self.request.user, document - ) + AccessControlList.objects.check_access( + permissions=permission_document_view, user=self.request.user, + obj=document + ) return document def get_queryset(self): diff --git a/mayan/apps/tags/serializers.py b/mayan/apps/tags/serializers.py index 3f49cf2e42..63c655ae16 100644 --- a/mayan/apps/tags/serializers.py +++ b/mayan/apps/tags/serializers.py @@ -1,6 +1,5 @@ from __future__ import absolute_import, unicode_literals -from django.core.exceptions import PermissionDenied from django.utils.translation import ugettext_lazy as _ from rest_framework import serializers @@ -8,7 +7,6 @@ from rest_framework.exceptions import ValidationError from rest_framework.reverse import reverse from acls.models import AccessControlList -from permissions import Permission from .models import Tag from .permissions import permission_tag_attach @@ -50,14 +48,10 @@ class NewDocumentTagSerializer(serializers.Serializer): try: tag = Tag.objects.get(pk=validated_data['tag']) - try: - Permission.check_permissions( - self.context['request'].user, (permission_tag_attach,) - ) - except PermissionDenied: - AccessControlList.objects.check_access( - permission_tag_attach, self.context['request'], tag - ) + AccessControlList.objects.check_access( + permissions=permission_tag_attach, + user=self.context['request'].user, obj=tag + ) tag.documents.add(validated_data['document']) except Exception as exception: diff --git a/mayan/apps/tags/views.py b/mayan/apps/tags/views.py index 592ecaa28a..42506cff14 100644 --- a/mayan/apps/tags/views.py +++ b/mayan/apps/tags/views.py @@ -18,7 +18,6 @@ from common.views import ( from documents.models import Document from documents.views import DocumentListView from documents.permissions import permission_document_view -from permissions import Permission from .forms import TagListForm from .models import Tag @@ -245,18 +244,14 @@ class DocumentTagListView(TagListView): def dispatch(self, request, *args, **kwargs): self.document = get_object_or_404(Document, pk=self.kwargs['pk']) - try: - Permission.check_permissions( - request.user, (permission_document_view,) - ) - except PermissionDenied: - AccessControlList.objects.check_access( - permission_document_view, request.user, self.document - ) + AccessControlList.objects.check_access( + permissions=permission_document_view, user=request.user, + obj=self.document + ) - return super( - DocumentTagListView, self - ).dispatch(request, *args, **kwargs) + return super(DocumentTagListView, self).dispatch( + request, *args, **kwargs + ) def get_extra_context(self): return {