From 5e4518211f276808c9d33da57f7fb75a2c8e059c Mon Sep 17 00:00:00 2001 From: Roberto Rosario Date: Tue, 7 May 2019 02:26:50 -0400 Subject: [PATCH] Remove related attribute of check_access Remove filter_by_access. Replaced by restrict_queryset. Signed-off-by: Roberto Rosario --- HISTORY.rst | 2 ++ docs/releases/3.2.rst | 12 +++++++++++ mayan/apps/acls/managers.py | 20 +------------------ mayan/apps/acls/tests/test_models.py | 8 ++++---- mayan/apps/cabinets/api_views.py | 6 +++--- mayan/apps/cabinets/models.py | 5 +++-- mayan/apps/cabinets/widgets.py | 2 +- mayan/apps/checkouts/api_views.py | 8 ++++---- mayan/apps/checkouts/dashboard_widgets.py | 4 ++-- mayan/apps/checkouts/views.py | 2 +- mayan/apps/common/forms.py | 2 +- mayan/apps/common/generics.py | 2 +- mayan/apps/common/mixins.py | 5 ++--- mayan/apps/document_indexing/models.py | 4 ++-- mayan/apps/document_states/models.py | 2 +- mayan/apps/documents/dashboard_widgets.py | 8 ++++---- .../documents/forms/document_type_forms.py | 2 +- .../documents/models/document_type_models.py | 2 +- mayan/apps/documents/statistics.py | 4 ++-- mayan/apps/documents/views/document_views.py | 11 +++++----- .../documents/views/trashed_document_views.py | 2 +- mayan/apps/dynamic_search/classes.py | 2 +- mayan/apps/events/views.py | 2 +- mayan/apps/mailer/forms.py | 2 +- mayan/apps/metadata/views.py | 2 +- mayan/apps/navigation/utils.py | 2 +- mayan/apps/rest_api/filters.py | 5 +++-- mayan/apps/sources/links.py | 2 +- mayan/apps/tags/html_widgets.py | 5 +++-- mayan/apps/tags/models.py | 2 +- mayan/apps/tags/workflow_actions.py | 2 +- mayan/apps/user_management/api_views.py | 6 +++--- mayan/apps/user_management/methods.py | 4 ++-- 33 files changed, 74 insertions(+), 75 deletions(-) diff --git a/HISTORY.rst b/HISTORY.rst index 159d708a01..6405eebfea 100644 --- a/HISTORY.rst +++ b/HISTORY.rst @@ -242,6 +242,8 @@ * Remove ObjectListPermissionFilterMixin. * Add deprecation warning to convertdb * Add the preparestatic command. +* Remove the related attribute of check_access. +* Remove filter_by_access. Replaced by restrict_queryset. 3.1.11 (2019-04-XX) =================== diff --git a/docs/releases/3.2.rst b/docs/releases/3.2.rst index 5062804a40..1adfde2a0b 100644 --- a/docs/releases/3.2.rst +++ b/docs/releases/3.2.rst @@ -276,6 +276,18 @@ Other changes * Add deprecation warning to convertdb * Add the preparestatic command. +* Remove filter_by_access. Replaced by restrict_queryset. + +* Remove the related attribute of check_access +- 'Passing the argument `related` to check_access() is ' +- 'deprecated. Use the ModelPermission\'s class ' +- '.register_inheritance() class method to register the access ' +- 'relationship between two models. The registered relationship ' +- 'will be automatically used by check_access().', +- InterfaceWarning + + + Removals -------- diff --git a/mayan/apps/acls/managers.py b/mayan/apps/acls/managers.py index 7cd148cbaf..aa1a74323c 100644 --- a/mayan/apps/acls/managers.py +++ b/mayan/apps/acls/managers.py @@ -190,20 +190,7 @@ class AccessControlListManager(models.Manager): return result - def check_access(self, obj, permissions, user, related=None): - """ - The `related` argument is ignored. - """ - if related: - warnings.warn( - 'Passing the argument `related` to check_access() is ' - 'deprecated. Use the ModelPermission\'s class ' - '.register_inheritance() class method to register the access ' - 'relationship between two models. The registered relationship ' - 'will be automatically used by check_access().', - InterfaceWarning - ) - + def check_access(self, obj, permissions, user): meta = getattr(obj, '_meta', None) if not meta: @@ -234,11 +221,6 @@ class AccessControlListManager(models.Manager): ) ) - def filter_by_access(self, permission, user, queryset): - return self.restrict_queryset( - permission=permission, queryset=queryset, user=user - ) - def restrict_queryset(self, permission, queryset, user): # Check directly granted permission via a role try: diff --git a/mayan/apps/acls/tests/test_models.py b/mayan/apps/acls/tests/test_models.py index c5f4caa847..4847150d48 100644 --- a/mayan/apps/acls/tests/test_models.py +++ b/mayan/apps/acls/tests/test_models.py @@ -28,7 +28,7 @@ class PermissionTestCase(ACLTestMixin, BaseTestCase): self._setup_test_object() self.assertEqual( - AccessControlList.objects.filter_by_access( + AccessControlList.objects.restrict_queryset( permission=self.test_permission, queryset=self.test_object._meta.model._default_manager.all(), user=self._test_case_user @@ -58,7 +58,7 @@ class PermissionTestCase(ACLTestMixin, BaseTestCase): ) self.assertTrue( - self.test_object in AccessControlList.objects.filter_by_access( + self.test_object in AccessControlList.objects.restrict_queryset( permission=self.test_permission, queryset=self.test_object._meta.model._default_manager.all(), user=self._test_case_user @@ -136,7 +136,7 @@ class PermissionTestCase(ACLTestMixin, BaseTestCase): obj=self.test_object_parent, permission=self.test_permission ) - result = AccessControlList.objects.filter_by_access( + result = AccessControlList.objects.restrict_queryset( permission=self.test_permission, queryset=self.test_object_child._meta.model._default_manager.all(), user=self._test_case_user @@ -154,7 +154,7 @@ class PermissionTestCase(ACLTestMixin, BaseTestCase): obj=self.test_object_child, permission=self.test_permission ) - result = AccessControlList.objects.filter_by_access( + result = AccessControlList.objects.restrict_queryset( permission=self.test_permission, queryset=self.test_object_child._meta.model._default_manager.all(), user=self._test_case_user, diff --git a/mayan/apps/cabinets/api_views.py b/mayan/apps/cabinets/api_views.py index beb02ad5ed..04c002d550 100644 --- a/mayan/apps/cabinets/api_views.py +++ b/mayan/apps/cabinets/api_views.py @@ -140,9 +140,9 @@ class APICabinetDocumentListView(generics.ListCreateAPIView): def get_queryset(self): cabinet = self.get_cabinet() - return AccessControlList.objects.filter_by_access( - permission_document_view, self.request.user, - queryset=cabinet.documents.all() + return AccessControlList.objects.restrict_queryset( + permission=permission_document_view, + queryset=cabinet.documents.all(), user=self.request.user ) def perform_create(self, serializer): diff --git a/mayan/apps/cabinets/models.py b/mayan/apps/cabinets/models.py index 988d1c63f1..e163d4d576 100644 --- a/mayan/apps/cabinets/models.py +++ b/mayan/apps/cabinets/models.py @@ -71,8 +71,9 @@ class Cabinet(MPTTModel): Provide a queryset of the documents in a cabinet. The queryset is filtered by access. """ - return AccessControlList.objects.filter_by_access( - permission_document_view, user, queryset=self.documents + return AccessControlList.objects.restrict_queryset( + permission=permission_document_view, queryset=self.documents, + user=user ) def get_full_path(self): diff --git a/mayan/apps/cabinets/widgets.py b/mayan/apps/cabinets/widgets.py index da4ee6d594..983b19a296 100644 --- a/mayan/apps/cabinets/widgets.py +++ b/mayan/apps/cabinets/widgets.py @@ -42,7 +42,7 @@ def widget_document_cabinets(document, user): app_label='acls', model_name='AccessControlList' ) - cabinets = AccessControlList.objects.filter_by_access( + cabinets = AccessControlList.objects.restrict_queryset( permission_cabinet_view, queryset=document.document_cabinets(), user=user ) diff --git a/mayan/apps/checkouts/api_views.py b/mayan/apps/checkouts/api_views.py index cb80055d06..3207502700 100644 --- a/mayan/apps/checkouts/api_views.py +++ b/mayan/apps/checkouts/api_views.py @@ -33,11 +33,11 @@ class APICheckedoutDocumentListView(generics.ListCreateAPIView): return DocumentCheckoutSerializer def get_queryset(self): - filtered_documents = AccessControlList.objects.filter_by_access( + filtered_documents = AccessControlList.objects.restrict_queryset( permission=permission_document_view, user=self.request.user, queryset=DocumentCheckout.objects.checked_out_documents() ) - filtered_documents = AccessControlList.objects.filter_by_access( + filtered_documents = AccessControlList.objects.restrict_queryset( permission=permission_document_check_out_detail_view, user=self.request.user, queryset=filtered_documents ) @@ -56,12 +56,12 @@ class APICheckedoutDocumentView(generics.RetrieveDestroyAPIView): def get_queryset(self): if self.request.method == 'GET': - filtered_documents = AccessControlList.objects.filter_by_access( + filtered_documents = AccessControlList.objects.restrict_queryset( permission=permission_document_view, queryset=DocumentCheckout.objects.checked_out_documents(), user=self.request.user ) - filtered_documents = AccessControlList.objects.filter_by_access( + filtered_documents = AccessControlList.objects.restrict_queryset( permission=permission_document_check_out_detail_view, queryset=filtered_documents, user=self.request.user ) diff --git a/mayan/apps/checkouts/dashboard_widgets.py b/mayan/apps/checkouts/dashboard_widgets.py index b1f0b8cf85..bc4b0b8f77 100644 --- a/mayan/apps/checkouts/dashboard_widgets.py +++ b/mayan/apps/checkouts/dashboard_widgets.py @@ -23,12 +23,12 @@ class DashboardWidgetTotalCheckouts(DashboardWidgetNumeric): DocumentCheckout = apps.get_model( app_label='checkouts', model_name='DocumentCheckout' ) - queryset = AccessControlList.objects.filter_by_access( + queryset = AccessControlList.objects.restrict_queryset( permission=permission_document_check_out_detail_view, queryset=DocumentCheckout.objects.checked_out_documents(), user=request.user ) - queryset = AccessControlList.objects.filter_by_access( + queryset = AccessControlList.objects.restrict_queryset( permission=permission_document_view, queryset=queryset, user=request.user ) diff --git a/mayan/apps/checkouts/views.py b/mayan/apps/checkouts/views.py index 0aa249663f..65063d2cfe 100644 --- a/mayan/apps/checkouts/views.py +++ b/mayan/apps/checkouts/views.py @@ -133,7 +133,7 @@ class CheckoutDocumentView(SingleObjectCreateView): class CheckoutListView(DocumentListView): def get_document_queryset(self): - return AccessControlList.objects.filter_by_access( + return AccessControlList.objects.restrict_queryset( permission=permission_document_check_out_detail_view, queryset=DocumentCheckout.objects.checked_out_documents(), user=self.request.user diff --git a/mayan/apps/common/forms.py b/mayan/apps/common/forms.py index 055653a78d..791f2f8f9d 100644 --- a/mayan/apps/common/forms.py +++ b/mayan/apps/common/forms.py @@ -255,7 +255,7 @@ class FilteredSelectionForm(forms.Form): widget_class = opts.widget_class if opts.permission: - queryset = AccessControlList.objects.filter_by_access( + queryset = AccessControlList.objects.restrict_queryset( permission=opts.permission, queryset=queryset, user=opts.user ) diff --git a/mayan/apps/common/generics.py b/mayan/apps/common/generics.py index b26219f04d..41d101e0ae 100644 --- a/mayan/apps/common/generics.py +++ b/mayan/apps/common/generics.py @@ -369,7 +369,7 @@ class AddRemoveView( queryset = self.secondary_object_model._meta.default_manager.all() if self.secondary_object_permission: - return AccessControlList.objects.filter_by_access( + return AccessControlList.objects.restrict_queryset( permission=self.secondary_object_permission, queryset=queryset, user=self.request.user ) diff --git a/mayan/apps/common/mixins.py b/mayan/apps/common/mixins.py index 67a32e0e26..78b23f1054 100644 --- a/mayan/apps/common/mixins.py +++ b/mayan/apps/common/mixins.py @@ -109,7 +109,7 @@ class ExternalObjectMixin(object): permission = self.get_external_object_permission() if permission: - queryset = AccessControlList.objects.filter_by_access( + queryset = AccessControlList.objects.restrict_queryset( permission=permission, queryset=queryset, user=self.request.user ) @@ -309,7 +309,6 @@ class ObjectPermissionCheckMixin(object): AccessControlList.objects.check_access( obj=self.get_permission_object(), permissions=(self.object_permission,), - related=getattr(self, 'object_permission_related', None), user=request.user ) @@ -395,7 +394,7 @@ class RestrictedQuerysetMixin(object): queryset = self.get_source_queryset() if self.object_permission: - queryset = AccessControlList.objects.filter_by_access( + queryset = AccessControlList.objects.restrict_queryset( permission=self.object_permission, queryset=queryset, user=self.request.user ) diff --git a/mayan/apps/document_indexing/models.py b/mayan/apps/document_indexing/models.py index 852bcd1073..e356bf6ff9 100644 --- a/mayan/apps/document_indexing/models.py +++ b/mayan/apps/document_indexing/models.py @@ -405,7 +405,7 @@ class IndexInstanceNode(MPTTModel): return self.get_descendants().count() def get_descendants_document_count(self, user): - return AccessControlList.objects.filter_by_access( + return AccessControlList.objects.restrict_queryset( permission=permission_document_view, queryset=Document.objects.filter( index_instance_nodes__in=self.get_descendants( @@ -426,7 +426,7 @@ class IndexInstanceNode(MPTTModel): def get_item_count(self, user): if self.index_template_node.link_documents: - queryset = AccessControlList.objects.filter_by_access( + queryset = AccessControlList.objects.restrict_queryset( permission=permission_document_view, queryset=self.documents, user=user ) diff --git a/mayan/apps/document_states/models.py b/mayan/apps/document_states/models.py index d29e19cd91..5a5336ee91 100644 --- a/mayan/apps/document_states/models.py +++ b/mayan/apps/document_states/models.py @@ -444,7 +444,7 @@ class WorkflowInstance(models.Model): If not ACL access to the workflow, filter transition options by each transition ACL access """ - queryset = AccessControlList.objects.filter_by_access( + queryset = AccessControlList.objects.restrict_queryset( permission=permission_workflow_transition, queryset=queryset, user=_user diff --git a/mayan/apps/documents/dashboard_widgets.py b/mayan/apps/documents/dashboard_widgets.py index 518c3b4acb..49bf7c503a 100644 --- a/mayan/apps/documents/dashboard_widgets.py +++ b/mayan/apps/documents/dashboard_widgets.py @@ -34,7 +34,7 @@ class DashboardWidgetDocumentPagesTotal(DashboardWidgetNumeric): DocumentPage = apps.get_model( app_label='documents', model_name='DocumentPage' ) - self.count = AccessControlList.objects.filter_by_access( + self.count = AccessControlList.objects.restrict_queryset( permission=permission_document_view, user=request.user, queryset=DocumentPage.objects.all() ).count() @@ -53,7 +53,7 @@ class DashboardWidgetDocumentsTotal(DashboardWidgetNumeric): Document = apps.get_model( app_label='documents', model_name='Document' ) - self.count = AccessControlList.objects.filter_by_access( + self.count = AccessControlList.objects.restrict_queryset( permission=permission_document_view, user=request.user, queryset=Document.objects.all() ).count() @@ -72,7 +72,7 @@ class DashboardWidgetDocumentsInTrash(DashboardWidgetNumeric): DeletedDocument = apps.get_model( app_label='documents', model_name='DeletedDocument' ) - self.count = AccessControlList.objects.filter_by_access( + self.count = AccessControlList.objects.restrict_queryset( permission=permission_document_view, user=request.user, queryset=DeletedDocument.objects.all() ).count() @@ -91,7 +91,7 @@ class DashboardWidgetDocumentsTypesTotal(DashboardWidgetNumeric): DocumentType = apps.get_model( app_label='documents', model_name='DocumentType' ) - self.count = AccessControlList.objects.filter_by_access( + self.count = AccessControlList.objects.restrict_queryset( permission=permission_document_type_view, user=request.user, queryset=DocumentType.objects.all() ).count() diff --git a/mayan/apps/documents/forms/document_type_forms.py b/mayan/apps/documents/forms/document_type_forms.py index dbcc26b2da..cc8a029a03 100644 --- a/mayan/apps/documents/forms/document_type_forms.py +++ b/mayan/apps/documents/forms/document_type_forms.py @@ -34,7 +34,7 @@ class DocumentTypeFilteredSelectForm(forms.Form): queryset = DocumentType.objects.all() if permission: - queryset = AccessControlList.objects.filter_by_access( + queryset = AccessControlList.objects.restrict_queryset( permission=permission, queryset=queryset, user=user ) diff --git a/mayan/apps/documents/models/document_type_models.py b/mayan/apps/documents/models/document_type_models.py index 877567edee..8177e37408 100644 --- a/mayan/apps/documents/models/document_type_models.py +++ b/mayan/apps/documents/models/document_type_models.py @@ -85,7 +85,7 @@ class DocumentType(models.Model): ) def get_document_count(self, user): - queryset = AccessControlList.objects.filter_by_access( + queryset = AccessControlList.objects.restrict_queryset( permission_document_view, user, queryset=self.documents ) diff --git a/mayan/apps/documents/statistics.py b/mayan/apps/documents/statistics.py index 7ae0b6c9e0..2f1059e7d1 100644 --- a/mayan/apps/documents/statistics.py +++ b/mayan/apps/documents/statistics.py @@ -70,7 +70,7 @@ def new_documents_this_month(user=None): queryset = Document.objects.all() if user: - queryset = AccessControlList.objects.filter_by_access( + queryset = AccessControlList.objects.restrict_queryset( permission=permission_document_view, user=user, queryset=queryset ) @@ -112,7 +112,7 @@ def new_document_pages_this_month(user=None): queryset = DocumentPage.objects.all() if user: - queryset = AccessControlList.objects.filter_by_access( + queryset = AccessControlList.objects.restrict_queryset( permission=permission_document_view, user=user, queryset=queryset ) diff --git a/mayan/apps/documents/views/document_views.py b/mayan/apps/documents/views/document_views.py index abdc74a285..63bb37f972 100644 --- a/mayan/apps/documents/views/document_views.py +++ b/mayan/apps/documents/views/document_views.py @@ -230,9 +230,9 @@ class DocumentDownloadFormView(FormView): return kwargs def get_queryset(self): - return AccessControlList.objects.filter_by_access( - permission_document_download, self.request.user, - queryset=self.get_document_queryset() + return AccessControlList.objects.restrict_queryset( + permission=permission_document_download, + queryset=self.get_document_queryset(), user=self.request.user ) @@ -269,8 +269,9 @@ class DocumentDownloadView(SingleObjectDownloadView): queryset = self.model.objects.filter(pk__in=id_list.split(',')) - return AccessControlList.objects.filter_by_access( - permission_document_download, self.request.user, queryset + return AccessControlList.objects.restrict_queryset( + permission=permission_document_download, queryset=queryset, + user=self.request.user ) def get_file(self): diff --git a/mayan/apps/documents/views/trashed_document_views.py b/mayan/apps/documents/views/trashed_document_views.py index 64b53301ed..74e22545dc 100644 --- a/mayan/apps/documents/views/trashed_document_views.py +++ b/mayan/apps/documents/views/trashed_document_views.py @@ -111,7 +111,7 @@ class TrashedDocumentListView(DocumentListView): object_permission = None def get_document_queryset(self): - return AccessControlList.objects.filter_by_access( + return AccessControlList.objects.restrict_queryset( permission=permission_document_view, queryset=DeletedDocument.trash.all(), user=self.request.user diff --git a/mayan/apps/dynamic_search/classes.py b/mayan/apps/dynamic_search/classes.py index 2f4965f332..74f4ee51c5 100644 --- a/mayan/apps/dynamic_search/classes.py +++ b/mayan/apps/dynamic_search/classes.py @@ -166,7 +166,7 @@ class SearchModel(object): queryset = self.model.objects.filter(search_query.query).distinct() if self.permission: - queryset = AccessControlList.objects.filter_by_access( + queryset = AccessControlList.objects.restrict_queryset( permission=self.permission, queryset=queryset, user=user ) diff --git a/mayan/apps/events/views.py b/mayan/apps/events/views.py index 2289b34e0c..1ab8c5b486 100644 --- a/mayan/apps/events/views.py +++ b/mayan/apps/events/views.py @@ -177,7 +177,7 @@ class ObjectEventListView(EventListView): model=self.kwargs['model'] ) - queryset = AccessControlList.objects.filter_by_access( + queryset = AccessControlList.objects.restrict_queryset( permission=permission_events_view, queryset=content_type.model_class().objects.all(), user=self.request.user diff --git a/mayan/apps/mailer/forms.py b/mayan/apps/mailer/forms.py index 4b3072c6fa..a2e9b18173 100644 --- a/mayan/apps/mailer/forms.py +++ b/mayan/apps/mailer/forms.py @@ -44,7 +44,7 @@ class DocumentMailForm(forms.Form): 'project_website': setting_project_url.value } - queryset = AccessControlList.objects.filter_by_access( + queryset = AccessControlList.objects.restrict_queryset( permission=permission_user_mailer_use, user=user, queryset=UserMailer.objects.filter(enabled=True) ) diff --git a/mayan/apps/metadata/views.py b/mayan/apps/metadata/views.py index f2ff2f6e01..5f0f7f7341 100644 --- a/mayan/apps/metadata/views.py +++ b/mayan/apps/metadata/views.py @@ -736,7 +736,7 @@ class SetupDocumentTypeMetadataTypes(FormView): def get_queryset(self): queryset = self.submodel.objects.all() - return AccessControlList.objects.filter_by_access( + return AccessControlList.objects.restrict_queryset( permission=permission_document_type_edit, user=self.request.user, queryset=queryset ) diff --git a/mayan/apps/navigation/utils.py b/mayan/apps/navigation/utils.py index 41de539cd5..9e907db01b 100644 --- a/mayan/apps/navigation/utils.py +++ b/mayan/apps/navigation/utils.py @@ -35,7 +35,7 @@ def get_cascade_condition(app_label, model_name, object_permission, view_permiss else: return True - queryset = AccessControlList.objects.filter_by_access( + queryset = AccessControlList.objects.restrict_queryset( permission=object_permission, user=context.request.user, queryset=Model.objects.all() ) diff --git a/mayan/apps/rest_api/filters.py b/mayan/apps/rest_api/filters.py index 1b561c598e..1946769bc6 100644 --- a/mayan/apps/rest_api/filters.py +++ b/mayan/apps/rest_api/filters.py @@ -15,8 +15,9 @@ class MayanObjectPermissionsFilter(BaseFilterBackend): ).get(request.method, None) if required_permissions: - return AccessControlList.objects.filter_by_access( - required_permissions[0], request.user, queryset=queryset + return AccessControlList.objects.restrict_queryset( + queryset=queryset, permission=required_permissions[0], + user=request.user ) else: return queryset diff --git a/mayan/apps/sources/links.py b/mayan/apps/sources/links.py index 016e595d97..b1793547f5 100644 --- a/mayan/apps/sources/links.py +++ b/mayan/apps/sources/links.py @@ -26,7 +26,7 @@ def condition_check_document_creation_acls(context): app_label='documents', model_name='DocumentType' ) - queryset = AccessControlList.objects.filter_by_access( + queryset = AccessControlList.objects.restrict_queryset( permission=permission_document_create, queryset=DocumentType.objects.all(), user=context['user'] ) diff --git a/mayan/apps/tags/html_widgets.py b/mayan/apps/tags/html_widgets.py index 142fa357e8..847b1c3e8e 100644 --- a/mayan/apps/tags/html_widgets.py +++ b/mayan/apps/tags/html_widgets.py @@ -14,8 +14,9 @@ def widget_document_tags(document, user): app_label='acls', model_name='AccessControlList' ) - tags = AccessControlList.objects.filter_by_access( - permission_tag_view, user, queryset=document.attached_tags().all() + tags = AccessControlList.objects.restrict_queryset( + permission=permission_tag_view, queryset=document.attached_tags().all(), + user=user ) return render_to_string( diff --git a/mayan/apps/tags/models.py b/mayan/apps/tags/models.py index 9e824e8699..54304257df 100644 --- a/mayan/apps/tags/models.py +++ b/mayan/apps/tags/models.py @@ -63,7 +63,7 @@ class Tag(models.Model): Return the numeric count of documents that have this tag attached. The count if filtered by access. """ - queryset = AccessControlList.objects.filter_by_access( + queryset = AccessControlList.objects.restrict_queryset( permission_document_view, user, queryset=self.documents ) diff --git a/mayan/apps/tags/workflow_actions.py b/mayan/apps/tags/workflow_actions.py index b4a9401282..53ea2fe620 100644 --- a/mayan/apps/tags/workflow_actions.py +++ b/mayan/apps/tags/workflow_actions.py @@ -37,7 +37,7 @@ class AttachTagAction(WorkflowAction): user = request.user logger.debug('user: %s', user) - queryset = AccessControlList.objects.filter_by_access( + queryset = AccessControlList.objects.restrict_queryset( self.permission, user, queryset=Tag.objects.all() ) diff --git a/mayan/apps/user_management/api_views.py b/mayan/apps/user_management/api_views.py index 134cbe0e97..2174f5d011 100644 --- a/mayan/apps/user_management/api_views.py +++ b/mayan/apps/user_management/api_views.py @@ -135,9 +135,9 @@ class APIUserGroupList(generics.ListCreateAPIView): def get_queryset(self): user = self.get_user() - return AccessControlList.objects.filter_by_access( - permission_group_view, self.request.user, - queryset=user.groups.order_by('id') + return AccessControlList.objects.restrict_queryset( + permission=permission_group_view, + queryset=user.groups.order_by('id'), user=self.request.user ) def get_user(self): diff --git a/mayan/apps/user_management/methods.py b/mayan/apps/user_management/methods.py index e5d050fe1d..76ad154141 100644 --- a/mayan/apps/user_management/methods.py +++ b/mayan/apps/user_management/methods.py @@ -40,7 +40,7 @@ def method_group_get_users(self, user, permission=permission_user_view): app_label='acls', model_name='AccessControlList' ) - return AccessControlList.objects.filter_by_access( + return AccessControlList.objects.restrict_queryset( permission=permission, queryset=get_user_queryset().filter( id__in=self.user_set.all() ), user=user @@ -82,7 +82,7 @@ def method_user_get_groups(self, user, permission=permission_group_view): app_label='acls', model_name='AccessControlList' ) - return AccessControlList.objects.filter_by_access( + return AccessControlList.objects.restrict_queryset( permission=permission, queryset=self.groups.all(), user=user )