Remove related attribute of check_access
Remove filter_by_access. Replaced by restrict_queryset. Signed-off-by: Roberto Rosario <roberto.rosario.gonzalez@gmail.com>
This commit is contained in:
Roberto Rosario
@@ -242,6 +242,8 @@
|
||||
* Remove ObjectListPermissionFilterMixin.
|
||||
* Add deprecation warning to convertdb
|
||||
* Add the preparestatic command.
|
||||
* Remove the related attribute of check_access.
|
||||
* Remove filter_by_access. Replaced by restrict_queryset.
|
||||
|
||||
3.1.11 (2019-04-XX)
|
||||
===================
|
||||
|
||||
@@ -276,6 +276,18 @@ Other changes
|
||||
* Add deprecation warning to convertdb
|
||||
* Add the preparestatic command.
|
||||
|
||||
* Remove filter_by_access. Replaced by restrict_queryset.
|
||||
|
||||
* Remove the related attribute of check_access
|
||||
- 'Passing the argument `related` to check_access() is '
|
||||
- 'deprecated. Use the ModelPermission\'s class '
|
||||
- '.register_inheritance() class method to register the access '
|
||||
- 'relationship between two models. The registered relationship '
|
||||
- 'will be automatically used by check_access().',
|
||||
- InterfaceWarning
|
||||
|
||||
|
||||
|
||||
|
||||
Removals
|
||||
--------
|
||||
|
||||
@@ -190,20 +190,7 @@ class AccessControlListManager(models.Manager):
|
||||
|
||||
return result
|
||||
|
||||
def check_access(self, obj, permissions, user, related=None):
|
||||
"""
|
||||
The `related` argument is ignored.
|
||||
"""
|
||||
if related:
|
||||
warnings.warn(
|
||||
'Passing the argument `related` to check_access() is '
|
||||
'deprecated. Use the ModelPermission\'s class '
|
||||
'.register_inheritance() class method to register the access '
|
||||
'relationship between two models. The registered relationship '
|
||||
'will be automatically used by check_access().',
|
||||
InterfaceWarning
|
||||
)
|
||||
|
||||
def check_access(self, obj, permissions, user):
|
||||
meta = getattr(obj, '_meta', None)
|
||||
|
||||
if not meta:
|
||||
@@ -234,11 +221,6 @@ class AccessControlListManager(models.Manager):
|
||||
)
|
||||
)
|
||||
|
||||
def filter_by_access(self, permission, user, queryset):
|
||||
return self.restrict_queryset(
|
||||
permission=permission, queryset=queryset, user=user
|
||||
)
|
||||
|
||||
def restrict_queryset(self, permission, queryset, user):
|
||||
# Check directly granted permission via a role
|
||||
try:
|
||||
|
||||
@@ -28,7 +28,7 @@ class PermissionTestCase(ACLTestMixin, BaseTestCase):
|
||||
self._setup_test_object()
|
||||
|
||||
self.assertEqual(
|
||||
AccessControlList.objects.filter_by_access(
|
||||
AccessControlList.objects.restrict_queryset(
|
||||
permission=self.test_permission,
|
||||
queryset=self.test_object._meta.model._default_manager.all(),
|
||||
user=self._test_case_user
|
||||
@@ -58,7 +58,7 @@ class PermissionTestCase(ACLTestMixin, BaseTestCase):
|
||||
)
|
||||
|
||||
self.assertTrue(
|
||||
self.test_object in AccessControlList.objects.filter_by_access(
|
||||
self.test_object in AccessControlList.objects.restrict_queryset(
|
||||
permission=self.test_permission,
|
||||
queryset=self.test_object._meta.model._default_manager.all(),
|
||||
user=self._test_case_user
|
||||
@@ -136,7 +136,7 @@ class PermissionTestCase(ACLTestMixin, BaseTestCase):
|
||||
obj=self.test_object_parent, permission=self.test_permission
|
||||
)
|
||||
|
||||
result = AccessControlList.objects.filter_by_access(
|
||||
result = AccessControlList.objects.restrict_queryset(
|
||||
permission=self.test_permission,
|
||||
queryset=self.test_object_child._meta.model._default_manager.all(),
|
||||
user=self._test_case_user
|
||||
@@ -154,7 +154,7 @@ class PermissionTestCase(ACLTestMixin, BaseTestCase):
|
||||
obj=self.test_object_child, permission=self.test_permission
|
||||
)
|
||||
|
||||
result = AccessControlList.objects.filter_by_access(
|
||||
result = AccessControlList.objects.restrict_queryset(
|
||||
permission=self.test_permission,
|
||||
queryset=self.test_object_child._meta.model._default_manager.all(),
|
||||
user=self._test_case_user,
|
||||
|
||||
@@ -140,9 +140,9 @@ class APICabinetDocumentListView(generics.ListCreateAPIView):
|
||||
def get_queryset(self):
|
||||
cabinet = self.get_cabinet()
|
||||
|
||||
return AccessControlList.objects.filter_by_access(
|
||||
permission_document_view, self.request.user,
|
||||
queryset=cabinet.documents.all()
|
||||
return AccessControlList.objects.restrict_queryset(
|
||||
permission=permission_document_view,
|
||||
queryset=cabinet.documents.all(), user=self.request.user
|
||||
)
|
||||
|
||||
def perform_create(self, serializer):
|
||||
|
||||
@@ -71,8 +71,9 @@ class Cabinet(MPTTModel):
|
||||
Provide a queryset of the documents in a cabinet. The queryset is
|
||||
filtered by access.
|
||||
"""
|
||||
return AccessControlList.objects.filter_by_access(
|
||||
permission_document_view, user, queryset=self.documents
|
||||
return AccessControlList.objects.restrict_queryset(
|
||||
permission=permission_document_view, queryset=self.documents,
|
||||
user=user
|
||||
)
|
||||
|
||||
def get_full_path(self):
|
||||
|
||||
@@ -42,7 +42,7 @@ def widget_document_cabinets(document, user):
|
||||
app_label='acls', model_name='AccessControlList'
|
||||
)
|
||||
|
||||
cabinets = AccessControlList.objects.filter_by_access(
|
||||
cabinets = AccessControlList.objects.restrict_queryset(
|
||||
permission_cabinet_view, queryset=document.document_cabinets(),
|
||||
user=user
|
||||
)
|
||||
|
||||
@@ -33,11 +33,11 @@ class APICheckedoutDocumentListView(generics.ListCreateAPIView):
|
||||
return DocumentCheckoutSerializer
|
||||
|
||||
def get_queryset(self):
|
||||
filtered_documents = AccessControlList.objects.filter_by_access(
|
||||
filtered_documents = AccessControlList.objects.restrict_queryset(
|
||||
permission=permission_document_view, user=self.request.user,
|
||||
queryset=DocumentCheckout.objects.checked_out_documents()
|
||||
)
|
||||
filtered_documents = AccessControlList.objects.filter_by_access(
|
||||
filtered_documents = AccessControlList.objects.restrict_queryset(
|
||||
permission=permission_document_check_out_detail_view, user=self.request.user,
|
||||
queryset=filtered_documents
|
||||
)
|
||||
@@ -56,12 +56,12 @@ class APICheckedoutDocumentView(generics.RetrieveDestroyAPIView):
|
||||
|
||||
def get_queryset(self):
|
||||
if self.request.method == 'GET':
|
||||
filtered_documents = AccessControlList.objects.filter_by_access(
|
||||
filtered_documents = AccessControlList.objects.restrict_queryset(
|
||||
permission=permission_document_view,
|
||||
queryset=DocumentCheckout.objects.checked_out_documents(),
|
||||
user=self.request.user
|
||||
)
|
||||
filtered_documents = AccessControlList.objects.filter_by_access(
|
||||
filtered_documents = AccessControlList.objects.restrict_queryset(
|
||||
permission=permission_document_check_out_detail_view,
|
||||
queryset=filtered_documents, user=self.request.user
|
||||
)
|
||||
|
||||
@@ -23,12 +23,12 @@ class DashboardWidgetTotalCheckouts(DashboardWidgetNumeric):
|
||||
DocumentCheckout = apps.get_model(
|
||||
app_label='checkouts', model_name='DocumentCheckout'
|
||||
)
|
||||
queryset = AccessControlList.objects.filter_by_access(
|
||||
queryset = AccessControlList.objects.restrict_queryset(
|
||||
permission=permission_document_check_out_detail_view,
|
||||
queryset=DocumentCheckout.objects.checked_out_documents(),
|
||||
user=request.user
|
||||
)
|
||||
queryset = AccessControlList.objects.filter_by_access(
|
||||
queryset = AccessControlList.objects.restrict_queryset(
|
||||
permission=permission_document_view, queryset=queryset,
|
||||
user=request.user
|
||||
)
|
||||
|
||||
@@ -133,7 +133,7 @@ class CheckoutDocumentView(SingleObjectCreateView):
|
||||
|
||||
class CheckoutListView(DocumentListView):
|
||||
def get_document_queryset(self):
|
||||
return AccessControlList.objects.filter_by_access(
|
||||
return AccessControlList.objects.restrict_queryset(
|
||||
permission=permission_document_check_out_detail_view,
|
||||
queryset=DocumentCheckout.objects.checked_out_documents(),
|
||||
user=self.request.user
|
||||
|
||||
@@ -255,7 +255,7 @@ class FilteredSelectionForm(forms.Form):
|
||||
widget_class = opts.widget_class
|
||||
|
||||
if opts.permission:
|
||||
queryset = AccessControlList.objects.filter_by_access(
|
||||
queryset = AccessControlList.objects.restrict_queryset(
|
||||
permission=opts.permission, queryset=queryset,
|
||||
user=opts.user
|
||||
)
|
||||
|
||||
@@ -369,7 +369,7 @@ class AddRemoveView(
|
||||
queryset = self.secondary_object_model._meta.default_manager.all()
|
||||
|
||||
if self.secondary_object_permission:
|
||||
return AccessControlList.objects.filter_by_access(
|
||||
return AccessControlList.objects.restrict_queryset(
|
||||
permission=self.secondary_object_permission, queryset=queryset,
|
||||
user=self.request.user
|
||||
)
|
||||
|
||||
@@ -109,7 +109,7 @@ class ExternalObjectMixin(object):
|
||||
permission = self.get_external_object_permission()
|
||||
|
||||
if permission:
|
||||
queryset = AccessControlList.objects.filter_by_access(
|
||||
queryset = AccessControlList.objects.restrict_queryset(
|
||||
permission=permission, queryset=queryset,
|
||||
user=self.request.user
|
||||
)
|
||||
@@ -309,7 +309,6 @@ class ObjectPermissionCheckMixin(object):
|
||||
AccessControlList.objects.check_access(
|
||||
obj=self.get_permission_object(),
|
||||
permissions=(self.object_permission,),
|
||||
related=getattr(self, 'object_permission_related', None),
|
||||
user=request.user
|
||||
)
|
||||
|
||||
@@ -395,7 +394,7 @@ class RestrictedQuerysetMixin(object):
|
||||
queryset = self.get_source_queryset()
|
||||
|
||||
if self.object_permission:
|
||||
queryset = AccessControlList.objects.filter_by_access(
|
||||
queryset = AccessControlList.objects.restrict_queryset(
|
||||
permission=self.object_permission, queryset=queryset,
|
||||
user=self.request.user
|
||||
)
|
||||
|
||||
@@ -405,7 +405,7 @@ class IndexInstanceNode(MPTTModel):
|
||||
return self.get_descendants().count()
|
||||
|
||||
def get_descendants_document_count(self, user):
|
||||
return AccessControlList.objects.filter_by_access(
|
||||
return AccessControlList.objects.restrict_queryset(
|
||||
permission=permission_document_view,
|
||||
queryset=Document.objects.filter(
|
||||
index_instance_nodes__in=self.get_descendants(
|
||||
@@ -426,7 +426,7 @@ class IndexInstanceNode(MPTTModel):
|
||||
|
||||
def get_item_count(self, user):
|
||||
if self.index_template_node.link_documents:
|
||||
queryset = AccessControlList.objects.filter_by_access(
|
||||
queryset = AccessControlList.objects.restrict_queryset(
|
||||
permission=permission_document_view, queryset=self.documents,
|
||||
user=user
|
||||
)
|
||||
|
||||
@@ -444,7 +444,7 @@ class WorkflowInstance(models.Model):
|
||||
If not ACL access to the workflow, filter transition
|
||||
options by each transition ACL access
|
||||
"""
|
||||
queryset = AccessControlList.objects.filter_by_access(
|
||||
queryset = AccessControlList.objects.restrict_queryset(
|
||||
permission=permission_workflow_transition,
|
||||
queryset=queryset,
|
||||
user=_user
|
||||
|
||||
@@ -34,7 +34,7 @@ class DashboardWidgetDocumentPagesTotal(DashboardWidgetNumeric):
|
||||
DocumentPage = apps.get_model(
|
||||
app_label='documents', model_name='DocumentPage'
|
||||
)
|
||||
self.count = AccessControlList.objects.filter_by_access(
|
||||
self.count = AccessControlList.objects.restrict_queryset(
|
||||
permission=permission_document_view, user=request.user,
|
||||
queryset=DocumentPage.objects.all()
|
||||
).count()
|
||||
@@ -53,7 +53,7 @@ class DashboardWidgetDocumentsTotal(DashboardWidgetNumeric):
|
||||
Document = apps.get_model(
|
||||
app_label='documents', model_name='Document'
|
||||
)
|
||||
self.count = AccessControlList.objects.filter_by_access(
|
||||
self.count = AccessControlList.objects.restrict_queryset(
|
||||
permission=permission_document_view, user=request.user,
|
||||
queryset=Document.objects.all()
|
||||
).count()
|
||||
@@ -72,7 +72,7 @@ class DashboardWidgetDocumentsInTrash(DashboardWidgetNumeric):
|
||||
DeletedDocument = apps.get_model(
|
||||
app_label='documents', model_name='DeletedDocument'
|
||||
)
|
||||
self.count = AccessControlList.objects.filter_by_access(
|
||||
self.count = AccessControlList.objects.restrict_queryset(
|
||||
permission=permission_document_view, user=request.user,
|
||||
queryset=DeletedDocument.objects.all()
|
||||
).count()
|
||||
@@ -91,7 +91,7 @@ class DashboardWidgetDocumentsTypesTotal(DashboardWidgetNumeric):
|
||||
DocumentType = apps.get_model(
|
||||
app_label='documents', model_name='DocumentType'
|
||||
)
|
||||
self.count = AccessControlList.objects.filter_by_access(
|
||||
self.count = AccessControlList.objects.restrict_queryset(
|
||||
permission=permission_document_type_view, user=request.user,
|
||||
queryset=DocumentType.objects.all()
|
||||
).count()
|
||||
|
||||
@@ -34,7 +34,7 @@ class DocumentTypeFilteredSelectForm(forms.Form):
|
||||
|
||||
queryset = DocumentType.objects.all()
|
||||
if permission:
|
||||
queryset = AccessControlList.objects.filter_by_access(
|
||||
queryset = AccessControlList.objects.restrict_queryset(
|
||||
permission=permission, queryset=queryset, user=user
|
||||
)
|
||||
|
||||
|
||||
@@ -85,7 +85,7 @@ class DocumentType(models.Model):
|
||||
)
|
||||
|
||||
def get_document_count(self, user):
|
||||
queryset = AccessControlList.objects.filter_by_access(
|
||||
queryset = AccessControlList.objects.restrict_queryset(
|
||||
permission_document_view, user, queryset=self.documents
|
||||
)
|
||||
|
||||
|
||||
@@ -70,7 +70,7 @@ def new_documents_this_month(user=None):
|
||||
queryset = Document.objects.all()
|
||||
|
||||
if user:
|
||||
queryset = AccessControlList.objects.filter_by_access(
|
||||
queryset = AccessControlList.objects.restrict_queryset(
|
||||
permission=permission_document_view, user=user,
|
||||
queryset=queryset
|
||||
)
|
||||
@@ -112,7 +112,7 @@ def new_document_pages_this_month(user=None):
|
||||
queryset = DocumentPage.objects.all()
|
||||
|
||||
if user:
|
||||
queryset = AccessControlList.objects.filter_by_access(
|
||||
queryset = AccessControlList.objects.restrict_queryset(
|
||||
permission=permission_document_view, user=user,
|
||||
queryset=queryset
|
||||
)
|
||||
|
||||
@@ -230,9 +230,9 @@ class DocumentDownloadFormView(FormView):
|
||||
return kwargs
|
||||
|
||||
def get_queryset(self):
|
||||
return AccessControlList.objects.filter_by_access(
|
||||
permission_document_download, self.request.user,
|
||||
queryset=self.get_document_queryset()
|
||||
return AccessControlList.objects.restrict_queryset(
|
||||
permission=permission_document_download,
|
||||
queryset=self.get_document_queryset(), user=self.request.user
|
||||
)
|
||||
|
||||
|
||||
@@ -269,8 +269,9 @@ class DocumentDownloadView(SingleObjectDownloadView):
|
||||
|
||||
queryset = self.model.objects.filter(pk__in=id_list.split(','))
|
||||
|
||||
return AccessControlList.objects.filter_by_access(
|
||||
permission_document_download, self.request.user, queryset
|
||||
return AccessControlList.objects.restrict_queryset(
|
||||
permission=permission_document_download, queryset=queryset,
|
||||
user=self.request.user
|
||||
)
|
||||
|
||||
def get_file(self):
|
||||
|
||||
@@ -111,7 +111,7 @@ class TrashedDocumentListView(DocumentListView):
|
||||
object_permission = None
|
||||
|
||||
def get_document_queryset(self):
|
||||
return AccessControlList.objects.filter_by_access(
|
||||
return AccessControlList.objects.restrict_queryset(
|
||||
permission=permission_document_view,
|
||||
queryset=DeletedDocument.trash.all(),
|
||||
user=self.request.user
|
||||
|
||||
@@ -166,7 +166,7 @@ class SearchModel(object):
|
||||
queryset = self.model.objects.filter(search_query.query).distinct()
|
||||
|
||||
if self.permission:
|
||||
queryset = AccessControlList.objects.filter_by_access(
|
||||
queryset = AccessControlList.objects.restrict_queryset(
|
||||
permission=self.permission, queryset=queryset, user=user
|
||||
)
|
||||
|
||||
|
||||
@@ -177,7 +177,7 @@ class ObjectEventListView(EventListView):
|
||||
model=self.kwargs['model']
|
||||
)
|
||||
|
||||
queryset = AccessControlList.objects.filter_by_access(
|
||||
queryset = AccessControlList.objects.restrict_queryset(
|
||||
permission=permission_events_view,
|
||||
queryset=content_type.model_class().objects.all(),
|
||||
user=self.request.user
|
||||
|
||||
@@ -44,7 +44,7 @@ class DocumentMailForm(forms.Form):
|
||||
'project_website': setting_project_url.value
|
||||
}
|
||||
|
||||
queryset = AccessControlList.objects.filter_by_access(
|
||||
queryset = AccessControlList.objects.restrict_queryset(
|
||||
permission=permission_user_mailer_use, user=user,
|
||||
queryset=UserMailer.objects.filter(enabled=True)
|
||||
)
|
||||
|
||||
@@ -736,7 +736,7 @@ class SetupDocumentTypeMetadataTypes(FormView):
|
||||
|
||||
def get_queryset(self):
|
||||
queryset = self.submodel.objects.all()
|
||||
return AccessControlList.objects.filter_by_access(
|
||||
return AccessControlList.objects.restrict_queryset(
|
||||
permission=permission_document_type_edit,
|
||||
user=self.request.user, queryset=queryset
|
||||
)
|
||||
|
||||
@@ -35,7 +35,7 @@ def get_cascade_condition(app_label, model_name, object_permission, view_permiss
|
||||
else:
|
||||
return True
|
||||
|
||||
queryset = AccessControlList.objects.filter_by_access(
|
||||
queryset = AccessControlList.objects.restrict_queryset(
|
||||
permission=object_permission, user=context.request.user,
|
||||
queryset=Model.objects.all()
|
||||
)
|
||||
|
||||
@@ -15,8 +15,9 @@ class MayanObjectPermissionsFilter(BaseFilterBackend):
|
||||
).get(request.method, None)
|
||||
|
||||
if required_permissions:
|
||||
return AccessControlList.objects.filter_by_access(
|
||||
required_permissions[0], request.user, queryset=queryset
|
||||
return AccessControlList.objects.restrict_queryset(
|
||||
queryset=queryset, permission=required_permissions[0],
|
||||
user=request.user
|
||||
)
|
||||
else:
|
||||
return queryset
|
||||
|
||||
@@ -26,7 +26,7 @@ def condition_check_document_creation_acls(context):
|
||||
app_label='documents', model_name='DocumentType'
|
||||
)
|
||||
|
||||
queryset = AccessControlList.objects.filter_by_access(
|
||||
queryset = AccessControlList.objects.restrict_queryset(
|
||||
permission=permission_document_create,
|
||||
queryset=DocumentType.objects.all(), user=context['user']
|
||||
)
|
||||
|
||||
@@ -14,8 +14,9 @@ def widget_document_tags(document, user):
|
||||
app_label='acls', model_name='AccessControlList'
|
||||
)
|
||||
|
||||
tags = AccessControlList.objects.filter_by_access(
|
||||
permission_tag_view, user, queryset=document.attached_tags().all()
|
||||
tags = AccessControlList.objects.restrict_queryset(
|
||||
permission=permission_tag_view, queryset=document.attached_tags().all(),
|
||||
user=user
|
||||
)
|
||||
|
||||
return render_to_string(
|
||||
|
||||
@@ -63,7 +63,7 @@ class Tag(models.Model):
|
||||
Return the numeric count of documents that have this tag attached.
|
||||
The count if filtered by access.
|
||||
"""
|
||||
queryset = AccessControlList.objects.filter_by_access(
|
||||
queryset = AccessControlList.objects.restrict_queryset(
|
||||
permission_document_view, user, queryset=self.documents
|
||||
)
|
||||
|
||||
|
||||
@@ -37,7 +37,7 @@ class AttachTagAction(WorkflowAction):
|
||||
user = request.user
|
||||
logger.debug('user: %s', user)
|
||||
|
||||
queryset = AccessControlList.objects.filter_by_access(
|
||||
queryset = AccessControlList.objects.restrict_queryset(
|
||||
self.permission, user, queryset=Tag.objects.all()
|
||||
)
|
||||
|
||||
|
||||
@@ -135,9 +135,9 @@ class APIUserGroupList(generics.ListCreateAPIView):
|
||||
def get_queryset(self):
|
||||
user = self.get_user()
|
||||
|
||||
return AccessControlList.objects.filter_by_access(
|
||||
permission_group_view, self.request.user,
|
||||
queryset=user.groups.order_by('id')
|
||||
return AccessControlList.objects.restrict_queryset(
|
||||
permission=permission_group_view,
|
||||
queryset=user.groups.order_by('id'), user=self.request.user
|
||||
)
|
||||
|
||||
def get_user(self):
|
||||
|
||||
@@ -40,7 +40,7 @@ def method_group_get_users(self, user, permission=permission_user_view):
|
||||
app_label='acls', model_name='AccessControlList'
|
||||
)
|
||||
|
||||
return AccessControlList.objects.filter_by_access(
|
||||
return AccessControlList.objects.restrict_queryset(
|
||||
permission=permission, queryset=get_user_queryset().filter(
|
||||
id__in=self.user_set.all()
|
||||
), user=user
|
||||
@@ -82,7 +82,7 @@ def method_user_get_groups(self, user, permission=permission_group_view):
|
||||
app_label='acls', model_name='AccessControlList'
|
||||
)
|
||||
|
||||
return AccessControlList.objects.filter_by_access(
|
||||
return AccessControlList.objects.restrict_queryset(
|
||||
permission=permission, queryset=self.groups.all(), user=user
|
||||
)
|
||||
|
||||
|
||||
Reference in New Issue
Block a user