Simplify filter_by_access boilerplate code
This commit is contained in:
@@ -9,6 +9,7 @@ from django.db.models import Q
|
||||
from django.utils.translation import ugettext
|
||||
|
||||
from common.utils import return_attrib
|
||||
from permissions import Permission
|
||||
from permissions.models import StoredPermission
|
||||
|
||||
from .classes import ModelPermission
|
||||
@@ -88,41 +89,52 @@ class AccessControlListManager(models.Manager):
|
||||
if user.is_superuser or user.is_staff:
|
||||
return queryset
|
||||
|
||||
user_roles = []
|
||||
for group in user.groups.all():
|
||||
for role in group.roles.all():
|
||||
user_roles.append(role)
|
||||
|
||||
try:
|
||||
parent_accessor = ModelPermission.get_inheritance(queryset.model)
|
||||
except KeyError:
|
||||
parent_acl_query = Q()
|
||||
else:
|
||||
instance = queryset.first()
|
||||
if instance:
|
||||
parent_object = getattr(instance, parent_accessor)
|
||||
parent_content_type = ContentType.objects.get_for_model(
|
||||
parent_object
|
||||
Permission.check_permissions(
|
||||
requester=user, permissions=(permission,)
|
||||
)
|
||||
except PermissionDenied:
|
||||
user_roles = []
|
||||
for group in user.groups.all():
|
||||
for role in group.roles.all():
|
||||
user_roles.append(role)
|
||||
|
||||
try:
|
||||
parent_accessor = ModelPermission.get_inheritance(
|
||||
model=queryset.model
|
||||
)
|
||||
parent_queryset = self.filter(
|
||||
content_type=parent_content_type, role__in=user_roles,
|
||||
permissions=permission.stored_permission
|
||||
)
|
||||
parent_acl_query = Q(
|
||||
**{
|
||||
'{}__pk__in'.format(
|
||||
parent_accessor
|
||||
): parent_queryset.values_list('object_id', flat=True)
|
||||
}
|
||||
)
|
||||
else:
|
||||
except KeyError:
|
||||
parent_acl_query = Q()
|
||||
else:
|
||||
instance = queryset.first()
|
||||
if instance:
|
||||
parent_object = getattr(instance, parent_accessor)
|
||||
parent_content_type = ContentType.objects.get_for_model(
|
||||
parent_object
|
||||
)
|
||||
parent_queryset = self.filter(
|
||||
content_type=parent_content_type, role__in=user_roles,
|
||||
permissions=permission.stored_permission
|
||||
)
|
||||
parent_acl_query = Q(
|
||||
**{
|
||||
'{}__pk__in'.format(
|
||||
parent_accessor
|
||||
): parent_queryset.values_list(
|
||||
'object_id', flat=True
|
||||
)
|
||||
}
|
||||
)
|
||||
else:
|
||||
parent_acl_query = Q()
|
||||
|
||||
# Directly granted access
|
||||
content_type = ContentType.objects.get_for_model(queryset.model)
|
||||
acl_query = Q(pk__in=self.filter(
|
||||
content_type=content_type, role__in=user_roles,
|
||||
permissions=permission.stored_permission
|
||||
).values_list('object_id', flat=True))
|
||||
# Directly granted access
|
||||
content_type = ContentType.objects.get_for_model(queryset.model)
|
||||
acl_query = Q(pk__in=self.filter(
|
||||
content_type=content_type, role__in=user_roles,
|
||||
permissions=permission.stored_permission
|
||||
).values_list('object_id', flat=True))
|
||||
|
||||
return queryset.filter(parent_acl_query | acl_query)
|
||||
return queryset.filter(parent_acl_query | acl_query)
|
||||
else:
|
||||
return queryset
|
||||
|
||||
@@ -89,8 +89,6 @@ class PermissionTestCase(TestCase):
|
||||
self.fail('PermissionDenied exception was not expected.')
|
||||
|
||||
def test_filtering_with_permissions(self):
|
||||
self.role.permissions.add(permission_document_view.stored_permission)
|
||||
|
||||
acl = AccessControlList.objects.create(
|
||||
content_object=self.document_1, role=self.role
|
||||
)
|
||||
@@ -137,8 +135,6 @@ class PermissionTestCase(TestCase):
|
||||
self.fail('PermissionDenied exception was not expected.')
|
||||
|
||||
def test_filtering_with_inherited_permissions(self):
|
||||
self.role.permissions.add(permission_document_view.stored_permission)
|
||||
|
||||
acl = AccessControlList.objects.create(
|
||||
content_object=self.document_type_1, role=self.role
|
||||
)
|
||||
@@ -148,6 +144,10 @@ class PermissionTestCase(TestCase):
|
||||
permission=permission_document_view, user=self.user,
|
||||
queryset=Document.objects.all()
|
||||
)
|
||||
|
||||
# Since document_1 and document_2 are of document_type_1
|
||||
# they are the only ones that should be returned
|
||||
|
||||
self.assertTrue(self.document_1 in result)
|
||||
self.assertTrue(self.document_2 in result)
|
||||
self.assertTrue(self.document_3 not in result)
|
||||
|
||||
@@ -31,18 +31,10 @@ class APICheckedoutDocumentListView(generics.ListCreateAPIView):
|
||||
return DocumentCheckoutSerializer
|
||||
|
||||
def get_queryset(self):
|
||||
documents = DocumentCheckout.objects.checked_out_documents()
|
||||
|
||||
try:
|
||||
Permission.check_permissions(
|
||||
self.request.user, (permission_document_view,)
|
||||
)
|
||||
except PermissionDenied:
|
||||
filtered_documents = AccessControlList.objects.filter_by_access(
|
||||
(permission_document_view,), self.request.user, documents
|
||||
)
|
||||
else:
|
||||
filtered_documents = documents
|
||||
filtered_documents = AccessControlList.objects.filter_by_access(
|
||||
(permission_document_view,), self.request.user,
|
||||
queryset=DocumentCheckout.objects.checked_out_documents()
|
||||
)
|
||||
|
||||
return DocumentCheckout.objects.filter(
|
||||
document__pk__in=filtered_documents.values_list('pk', flat=True)
|
||||
@@ -104,18 +96,10 @@ class APICheckedoutDocumentView(generics.RetrieveDestroyAPIView):
|
||||
|
||||
def get_queryset(self):
|
||||
if self.request.method == 'GET':
|
||||
documents = DocumentCheckout.objects.checked_out_documents()
|
||||
|
||||
try:
|
||||
Permission.check_permissions(
|
||||
self.request.user, (permission_document_view,)
|
||||
)
|
||||
except PermissionDenied:
|
||||
filtered_documents = AccessControlList.objects.filter_by_access(
|
||||
(permission_document_view,), self.request.user, documents
|
||||
)
|
||||
else:
|
||||
filtered_documents = documents
|
||||
filtered_documents = AccessControlList.objects.filter_by_access(
|
||||
(permission_document_view,), self.request.user,
|
||||
queryset=DocumentCheckout.objects.checked_out_documents()
|
||||
)
|
||||
|
||||
return DocumentCheckout.objects.filter(
|
||||
document__pk__in=filtered_documents.values_list(
|
||||
|
||||
@@ -1,12 +1,9 @@
|
||||
from __future__ import unicode_literals
|
||||
|
||||
from django.apps import apps
|
||||
from django.core.exceptions import PermissionDenied
|
||||
from django.db import models
|
||||
from django.utils.translation import ugettext
|
||||
|
||||
from permissions import Permission
|
||||
|
||||
|
||||
class ModelAttribute(object):
|
||||
__registry = {}
|
||||
@@ -137,20 +134,9 @@ class Filter(object):
|
||||
queryset = queryset.distinct()
|
||||
|
||||
if self.object_permission:
|
||||
try:
|
||||
# Check to see if the user has the permissions globally
|
||||
Permission.check_permissions(
|
||||
user, (self.object_permission,)
|
||||
)
|
||||
except PermissionDenied:
|
||||
# No global permission, filter ther queryset per object +
|
||||
# permission
|
||||
return AccessControlList.objects.filter_by_access(
|
||||
self.object_permission, user, queryset
|
||||
)
|
||||
else:
|
||||
# Has the permission globally, return all results
|
||||
return queryset
|
||||
return AccessControlList.objects.filter_by_access(
|
||||
self.object_permission, user, queryset=queryset
|
||||
)
|
||||
else:
|
||||
return queryset
|
||||
|
||||
|
||||
@@ -93,20 +93,9 @@ class ObjectListPermissionFilterMixin(object):
|
||||
queryset = super(ObjectListPermissionFilterMixin, self).get_queryset()
|
||||
|
||||
if self.object_permission:
|
||||
try:
|
||||
# Check to see if the user has the permissions globally
|
||||
Permission.check_permissions(
|
||||
self.request.user, (self.object_permission,)
|
||||
)
|
||||
except PermissionDenied:
|
||||
# No global permission, filter ther queryset per object +
|
||||
# permission
|
||||
return AccessControlList.objects.filter_by_access(
|
||||
self.object_permission, self.request.user, queryset
|
||||
)
|
||||
else:
|
||||
# Has the permission globally, return all results
|
||||
return queryset
|
||||
return AccessControlList.objects.filter_by_access(
|
||||
self.object_permission, self.request.user, queryset=queryset
|
||||
)
|
||||
else:
|
||||
return queryset
|
||||
|
||||
|
||||
@@ -1,9 +1,9 @@
|
||||
from __future__ import unicode_literals
|
||||
|
||||
from .classes import (
|
||||
from .classes import ( # NOQA
|
||||
BaseTransformation, TransformationResize, TransformationRotate,
|
||||
TransformationZoom
|
||||
) # NOQA
|
||||
)
|
||||
from .runtime import converter_class # NOQA
|
||||
|
||||
default_app_config = 'converter.apps.ConverterApp'
|
||||
|
||||
@@ -2,7 +2,6 @@ from __future__ import unicode_literals
|
||||
|
||||
import base64
|
||||
import logging
|
||||
from operator import xor
|
||||
import os
|
||||
|
||||
try:
|
||||
|
||||
@@ -78,13 +78,6 @@ class TransformationTestCase(TestCase):
|
||||
percent=TRANSFORMATION_ZOOM_PERCENT
|
||||
)
|
||||
|
||||
#self.assertEqual(
|
||||
# #transformation_rotate ^ transformation_resize ^ transformation_zoom,
|
||||
# transformation_rotate ^ transformation_resize ^ transformation_zoom,
|
||||
# #transformation_resize ^ transformation_zoom,
|
||||
# TRANSFORMATION_COMBINED_CACHE_HASH
|
||||
#)
|
||||
|
||||
self.assertEqual(
|
||||
BaseTransformation.combine(
|
||||
(transformation_rotate, transformation_resize, transformation_zoom)
|
||||
|
||||
@@ -1,6 +1,5 @@
|
||||
from __future__ import absolute_import, unicode_literals
|
||||
|
||||
from django.core.exceptions import PermissionDenied
|
||||
from django.core.urlresolvers import reverse
|
||||
from django.db import models
|
||||
from django.utils.encoding import python_2_unicode_compatible
|
||||
@@ -12,7 +11,6 @@ from mptt.models import MPTTModel
|
||||
from acls.models import AccessControlList
|
||||
from documents.models import Document, DocumentType
|
||||
from documents.permissions import permission_document_view
|
||||
from permissions import Permission
|
||||
|
||||
from .managers import (
|
||||
DocumentIndexInstanceNodeManager, IndexManager, IndexInstanceNodeManager
|
||||
@@ -177,14 +175,9 @@ class IndexInstanceNode(MPTTModel):
|
||||
|
||||
def get_item_count(self, user):
|
||||
if self.index_template_node.link_documents:
|
||||
queryset = self.documents
|
||||
|
||||
try:
|
||||
Permission.check_permissions(user, (permission_document_view,))
|
||||
except PermissionDenied:
|
||||
queryset = AccessControlList.objects.filter_by_access(
|
||||
permission_document_view, user, queryset
|
||||
)
|
||||
queryset = AccessControlList.objects.filter_by_access(
|
||||
permission_document_view, user, queryset=self.documents
|
||||
)
|
||||
|
||||
return queryset.count()
|
||||
else:
|
||||
|
||||
@@ -86,18 +86,10 @@ class SetupIndexDocumentTypesView(AssignRemoveView):
|
||||
self.get_object().document_types.add(item)
|
||||
|
||||
def get_document_queryset(self):
|
||||
queryset = DocumentType.objects.all()
|
||||
|
||||
try:
|
||||
Permission.check_permissions(
|
||||
self.request.user, (permission_document_view,)
|
||||
)
|
||||
except PermissionDenied:
|
||||
queryset = AccessControlList.objects.filter_by_access(
|
||||
permission_document_view, self.request.user, queryset
|
||||
)
|
||||
|
||||
return queryset
|
||||
return AccessControlList.objects.filter_by_access(
|
||||
permission_document_view, self.request.user,
|
||||
queryset=DocumentType.objects.all()
|
||||
)
|
||||
|
||||
def get_extra_context(self):
|
||||
return {
|
||||
|
||||
@@ -3,11 +3,9 @@ from __future__ import absolute_import, unicode_literals
|
||||
import logging
|
||||
|
||||
from django import forms
|
||||
from django.core.exceptions import PermissionDenied
|
||||
from django.utils.translation import ugettext_lazy as _
|
||||
|
||||
from acls.models import AccessControlList
|
||||
from permissions import Permission
|
||||
|
||||
from common.forms import DetailForm
|
||||
from django_gpg.models import Key
|
||||
@@ -35,14 +33,9 @@ class DocumentVersionSignatureCreateForm(forms.Form):
|
||||
DocumentVersionSignatureCreateForm, self
|
||||
).__init__(*args, **kwargs)
|
||||
|
||||
queryset = Key.objects.private_keys()
|
||||
|
||||
try:
|
||||
Permission.check_permissions(user, (permission_key_sign,))
|
||||
except PermissionDenied:
|
||||
queryset = AccessControlList.objects.filter_by_access(
|
||||
permission_key_sign, user, queryset
|
||||
)
|
||||
queryset = AccessControlList.objects.filter_by_access(
|
||||
permission_key_sign, user, queryset=Key.objects.private_keys()
|
||||
)
|
||||
|
||||
self.fields['key'].queryset = queryset
|
||||
|
||||
|
||||
@@ -154,8 +154,9 @@ class DocumentsApp(MayanAppConfig):
|
||||
func=lambda context: document_html_widget(
|
||||
document_page=context['object'].latest_version.pages.first(),
|
||||
click_view='rest_api:documentpage-image',
|
||||
click_view_arguments_lazy=lambda: (context['object'].latest_version.pages.first().pk,),
|
||||
click_view_querydict={'size': setting_display_size.value},
|
||||
click_view_arguments_lazy=lambda: (
|
||||
context['object'].latest_version.pages.first().pk,
|
||||
), click_view_querydict={'size': setting_display_size.value},
|
||||
gallery_name='documents:document_list',
|
||||
size=setting_thumbnail_size.value,
|
||||
title=getattr(context['object'], 'label', None),
|
||||
@@ -212,8 +213,9 @@ class DocumentsApp(MayanAppConfig):
|
||||
func=lambda context: document_html_widget(
|
||||
document_page=context['object'].latest_version.pages.first(),
|
||||
click_view='rest_api:documentpage-image',
|
||||
click_view_arguments_lazy=lambda: (context['object'].latest_version.pages.first().pk,),
|
||||
click_view_querydict={'size': setting_display_size.value},
|
||||
click_view_arguments_lazy=lambda: (
|
||||
context['object'].latest_version.pages.first().pk,
|
||||
), click_view_querydict={'size': setting_display_size.value},
|
||||
gallery_name='documents:delete_document_list',
|
||||
size=setting_thumbnail_size.value,
|
||||
title=getattr(context['object'], 'label', None),
|
||||
|
||||
@@ -4,13 +4,11 @@ import logging
|
||||
from operator import itemgetter
|
||||
|
||||
from django import forms
|
||||
from django.core.exceptions import PermissionDenied
|
||||
from django.template.defaultfilters import filesizeformat
|
||||
from django.utils.translation import ugettext_lazy as _
|
||||
|
||||
from acls.models import AccessControlList
|
||||
from common.forms import DetailForm, ModelForm
|
||||
from permissions import Permission
|
||||
|
||||
from .models import (
|
||||
Document, DocumentType, DocumentPage, DocumentTypeFilename
|
||||
@@ -162,13 +160,10 @@ class DocumentTypeSelectForm(forms.Form):
|
||||
logger.debug('user: %s', user)
|
||||
super(DocumentTypeSelectForm, self).__init__(*args, **kwargs)
|
||||
|
||||
queryset = DocumentType.objects.all()
|
||||
try:
|
||||
Permission.check_permissions(user, (permission_document_create,))
|
||||
except PermissionDenied:
|
||||
queryset = AccessControlList.objects.filter_by_access(
|
||||
permission_document_create, user, queryset
|
||||
)
|
||||
queryset = AccessControlList.objects.filter_by_access(
|
||||
permission_document_create, user,
|
||||
queryset=DocumentType.objects.all()
|
||||
)
|
||||
|
||||
self.fields['document_type'] = forms.ModelChoiceField(
|
||||
empty_label=None, label=_('Document type'), queryset=queryset,
|
||||
|
||||
@@ -5,7 +5,6 @@ import logging
|
||||
import uuid
|
||||
|
||||
from django.conf import settings
|
||||
from django.core.exceptions import PermissionDenied
|
||||
from django.core.files import File
|
||||
from django.core.urlresolvers import reverse
|
||||
from django.db import models, transaction
|
||||
@@ -23,7 +22,6 @@ from converter.exceptions import InvalidOfficeFormat, PageCountError
|
||||
from converter.literals import DEFAULT_ZOOM_LEVEL, DEFAULT_ROTATION
|
||||
from converter.models import Transformation
|
||||
from mimetype.api import get_mimetype
|
||||
from permissions import Permission
|
||||
|
||||
from .events import (
|
||||
event_document_create, event_document_new_version,
|
||||
@@ -113,14 +111,9 @@ class DocumentType(models.Model):
|
||||
return DeletedDocument.objects.filter(document_type=self)
|
||||
|
||||
def get_document_count(self, user):
|
||||
queryset = self.documents
|
||||
|
||||
try:
|
||||
Permission.check_permissions(user, (permission_document_view,))
|
||||
except PermissionDenied:
|
||||
queryset = AccessControlList.objects.filter_by_access(
|
||||
permission_document_view, user, queryset
|
||||
)
|
||||
queryset = AccessControlList.objects.filter_by_access(
|
||||
permission_document_view, user, queryset=self.documents
|
||||
)
|
||||
|
||||
return queryset.count()
|
||||
|
||||
|
||||
@@ -95,19 +95,9 @@ class DeletedDocumentListView(DocumentListView):
|
||||
}
|
||||
|
||||
def get_document_queryset(self):
|
||||
queryset = Document.trash.all()
|
||||
|
||||
try:
|
||||
Permission.check_permissions(
|
||||
self.request.user, (permission_document_view,)
|
||||
)
|
||||
except PermissionDenied:
|
||||
queryset = AccessControlList.objects.filter_by_access(
|
||||
permission_document_view, self.request.user, queryset
|
||||
)
|
||||
|
||||
return DeletedDocument.objects.filter(
|
||||
pk__in=queryset.values_list('pk', flat=True)
|
||||
return AccessControlList.objects.filter_by_access(
|
||||
permission_document_view, self.request.user,
|
||||
queryset=DeletedDocument.trash.all()
|
||||
)
|
||||
|
||||
|
||||
@@ -663,14 +653,9 @@ def document_document_type_edit(request, document_id=None, document_id_list=None
|
||||
elif document_id_list:
|
||||
queryset = Document.objects.filter(pk__in=document_id_list)
|
||||
|
||||
try:
|
||||
Permission.check_permissions(
|
||||
request.user, (permission_document_properties_edit,)
|
||||
)
|
||||
except PermissionDenied:
|
||||
queryset = AccessControlList.objects.filter_by_access(
|
||||
permission_document_properties_edit, request.user, queryset
|
||||
)
|
||||
queryset = AccessControlList.objects.filter_by_access(
|
||||
permission_document_properties_edit, request.user, queryset=queryset
|
||||
)
|
||||
|
||||
if not queryset:
|
||||
if document_id:
|
||||
@@ -806,18 +791,10 @@ class DocumentDownloadFormView(FormView):
|
||||
return self.post_action_redirect
|
||||
|
||||
def get_queryset(self):
|
||||
queryset = self.get_document_queryset()
|
||||
|
||||
try:
|
||||
Permission.check_permissions(
|
||||
self.request.user, (permission_document_download,)
|
||||
)
|
||||
except PermissionDenied:
|
||||
return AccessControlList.objects.filter_by_access(
|
||||
permission_document_download, self.request.user, queryset
|
||||
)
|
||||
else:
|
||||
return queryset
|
||||
return AccessControlList.objects.filter_by_access(
|
||||
permission_document_download, self.request.user,
|
||||
queryset=self.get_document_queryset()
|
||||
)
|
||||
|
||||
|
||||
class DocumentDownloadView(SingleObjectDownloadView):
|
||||
@@ -863,16 +840,9 @@ class DocumentDownloadView(SingleObjectDownloadView):
|
||||
|
||||
queryset = self.model.objects.filter(pk__in=id_list.split(','))
|
||||
|
||||
try:
|
||||
Permission.check_permissions(
|
||||
self.request.user, (permission_document_download,)
|
||||
)
|
||||
except PermissionDenied:
|
||||
return AccessControlList.objects.filter_by_access(
|
||||
permission_document_download, self.request.user, queryset
|
||||
)
|
||||
else:
|
||||
return queryset
|
||||
return AccessControlList.objects.filter_by_access(
|
||||
permission_document_download, self.request.user, queryset
|
||||
)
|
||||
|
||||
def get_file(self):
|
||||
queryset = self.get_document_queryset()
|
||||
@@ -949,14 +919,9 @@ def document_update_page_count(request, document_id=None, document_id_list=None)
|
||||
messages.error(request, _('At least one document must be selected.'))
|
||||
return HttpResponseRedirect(request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL)))
|
||||
|
||||
try:
|
||||
Permission.check_permissions(
|
||||
request.user, (permission_document_tools,)
|
||||
)
|
||||
except PermissionDenied:
|
||||
documents = AccessControlList.objects.filter_by_access(
|
||||
permission_document_tools, request.user, documents
|
||||
)
|
||||
documents = AccessControlList.objects.filter_by_access(
|
||||
permission_document_tools, request.user, queryset=documents
|
||||
)
|
||||
|
||||
previous = request.POST.get('previous', request.GET.get('previous', request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL))))
|
||||
|
||||
@@ -1018,14 +983,9 @@ def document_clear_transformations(request, document_id=None, document_id_list=N
|
||||
)
|
||||
)
|
||||
|
||||
try:
|
||||
Permission.check_permissions(
|
||||
request.user, (permission_transformation_delete,)
|
||||
)
|
||||
except PermissionDenied:
|
||||
documents = AccessControlList.objects.filter_by_access(
|
||||
permission_transformation_delete, request.user, documents
|
||||
)
|
||||
documents = AccessControlList.objects.filter_by_access(
|
||||
permission_transformation_delete, request.user, queryset=documents
|
||||
)
|
||||
|
||||
previous = request.POST.get('previous', request.GET.get('previous', request.META.get('HTTP_REFERER', post_redirect or reverse('documents:document_list'))))
|
||||
next = request.POST.get('next', request.GET.get('next', request.META.get('HTTP_REFERER', post_redirect or reverse('documents:document_list'))))
|
||||
|
||||
@@ -5,12 +5,10 @@ import logging
|
||||
import re
|
||||
|
||||
from django.apps import apps
|
||||
from django.core.exceptions import PermissionDenied
|
||||
from django.db.models import Q
|
||||
from django.utils.module_loading import import_string
|
||||
from django.utils.translation import ugettext as _
|
||||
|
||||
from permissions import Permission
|
||||
|
||||
from .settings import setting_limit
|
||||
|
||||
@@ -229,12 +227,9 @@ class SearchModel(object):
|
||||
)
|
||||
|
||||
if self.permission:
|
||||
try:
|
||||
Permission.check_permissions(user, [self.permission])
|
||||
except PermissionDenied:
|
||||
queryset = AccessControlList.objects.filter_by_access(
|
||||
self.permission, user, queryset
|
||||
)
|
||||
queryset = AccessControlList.objects.filter_by_access(
|
||||
self.permission, user, queryset
|
||||
)
|
||||
|
||||
return queryset, result_set, elapsed_time
|
||||
|
||||
|
||||
@@ -147,18 +147,10 @@ class APIFolderDocumentListView(generics.ListCreateAPIView):
|
||||
def get_queryset(self):
|
||||
folder = self.get_folder()
|
||||
|
||||
documents = folder.documents.all()
|
||||
|
||||
try:
|
||||
Permission.check_permissions(
|
||||
self.request.user, (permission_document_view,)
|
||||
)
|
||||
except PermissionDenied:
|
||||
documents = AccessControlList.objects.filter_by_access(
|
||||
permission_document_view, self.request.user, documents
|
||||
)
|
||||
|
||||
return documents
|
||||
return AccessControlList.objects.filter_by_access(
|
||||
permission_document_view, self.request.user,
|
||||
queryset=folder.documents.all()
|
||||
)
|
||||
|
||||
def perform_create(self, serializer):
|
||||
serializer.save(folder=self.get_folder())
|
||||
|
||||
@@ -3,11 +3,9 @@ from __future__ import absolute_import, unicode_literals
|
||||
import logging
|
||||
|
||||
from django import forms
|
||||
from django.core.exceptions import PermissionDenied
|
||||
from django.utils.translation import ugettext_lazy as _
|
||||
|
||||
from acls.models import AccessControlList
|
||||
from permissions import Permission
|
||||
|
||||
from .models import Folder
|
||||
from .permissions import permission_folder_view
|
||||
@@ -21,15 +19,10 @@ class FolderListForm(forms.Form):
|
||||
logger.debug('user: %s', user)
|
||||
super(FolderListForm, self).__init__(*args, **kwargs)
|
||||
|
||||
queryset = Folder.objects.all()
|
||||
try:
|
||||
Permission.check_permissions(user, (permission_folder_view,))
|
||||
except PermissionDenied:
|
||||
queryset = AccessControlList.objects.filter_by_access(
|
||||
permission_folder_view, user, queryset
|
||||
)
|
||||
queryset = AccessControlList.objects.filter_by_access(
|
||||
permission_folder_view, user, queryset=Folder.objects.all()
|
||||
)
|
||||
|
||||
self.fields['folder'] = forms.ModelChoiceField(
|
||||
queryset=queryset,
|
||||
label=_('Folder')
|
||||
queryset=queryset, label=_('Folder')
|
||||
)
|
||||
|
||||
@@ -1,6 +1,5 @@
|
||||
from __future__ import absolute_import, unicode_literals
|
||||
|
||||
from django.core.exceptions import PermissionDenied
|
||||
from django.core.urlresolvers import reverse
|
||||
from django.db import models
|
||||
from django.utils.encoding import python_2_unicode_compatible
|
||||
@@ -9,7 +8,6 @@ from django.utils.translation import ugettext_lazy as _
|
||||
from acls.models import AccessControlList
|
||||
from documents.models import Document
|
||||
from documents.permissions import permission_document_view
|
||||
from permissions import Permission
|
||||
|
||||
from .managers import FolderManager
|
||||
|
||||
@@ -45,14 +43,9 @@ class Folder(models.Model):
|
||||
verbose_name_plural = _('Folders')
|
||||
|
||||
def get_document_count(self, user):
|
||||
queryset = self.documents
|
||||
|
||||
try:
|
||||
Permission.check_permissions(user, (permission_document_view,))
|
||||
except PermissionDenied:
|
||||
queryset = AccessControlList.objects.filter_by_access(
|
||||
permission_document_view, user, queryset
|
||||
)
|
||||
queryset = AccessControlList.objects.filter_by_access(
|
||||
permission_document_view, user, queryset=self.documents
|
||||
)
|
||||
|
||||
return queryset.count()
|
||||
|
||||
|
||||
@@ -145,14 +145,9 @@ def folder_add_document(request, document_id=None, document_id_list=None):
|
||||
)
|
||||
)
|
||||
|
||||
try:
|
||||
Permission.check_permissions(
|
||||
request.user, (permission_folder_add_document,)
|
||||
)
|
||||
except PermissionDenied:
|
||||
queryset = AccessControlList.objects.filter_by_access(
|
||||
permission_folder_add_document, request.user, queryset
|
||||
)
|
||||
queryset = AccessControlList.objects.filter_by_access(
|
||||
permission_folder_add_document, request.user, queryset=queryset
|
||||
)
|
||||
|
||||
post_action_redirect = None
|
||||
if document_id:
|
||||
@@ -227,14 +222,9 @@ def folder_document_remove(request, folder_id, document_id=None, document_id_lis
|
||||
messages.error(request, _('Must provide at least one folder document.'))
|
||||
return HttpResponseRedirect(request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL)))
|
||||
|
||||
try:
|
||||
Permission.check_permissions(
|
||||
request.user, (permission_folder_remove_document,)
|
||||
)
|
||||
except PermissionDenied:
|
||||
queryset = AccessControlList.objects.filter_by_access(
|
||||
permission_folder_remove_document, request.user, queryset
|
||||
)
|
||||
queryset = AccessControlList.objects.filter_by_access(
|
||||
permission_folder_remove_document, request.user, queryset=queryset
|
||||
)
|
||||
|
||||
previous = request.POST.get('previous', request.GET.get('previous', request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL))))
|
||||
next = request.POST.get('next', request.GET.get('next', post_action_redirect if post_action_redirect else request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL))))
|
||||
|
||||
@@ -3,7 +3,6 @@ from __future__ import absolute_import, unicode_literals
|
||||
from django.conf import settings
|
||||
from django.contrib import messages
|
||||
from django.contrib.sites.models import Site
|
||||
from django.core.exceptions import PermissionDenied
|
||||
from django.core.urlresolvers import reverse
|
||||
from django.http import HttpResponseRedirect
|
||||
from django.shortcuts import render_to_response
|
||||
@@ -14,7 +13,6 @@ from django.utils.translation import ugettext_lazy as _
|
||||
from acls.models import AccessControlList
|
||||
from common.generics import SingleObjectListView
|
||||
from documents.models import Document
|
||||
from permissions import Permission
|
||||
|
||||
from .forms import DocumentMailForm
|
||||
from .models import LogEntry
|
||||
@@ -45,12 +43,9 @@ def send_document_link(request, document_id=None, document_id_list=None, as_atta
|
||||
else:
|
||||
permission = permission_mailing_link
|
||||
|
||||
try:
|
||||
Permission.check_permissions(request.user, (permission,))
|
||||
except PermissionDenied:
|
||||
documents = AccessControlList.objects.filter_by_access(
|
||||
permission, request.user, documents
|
||||
)
|
||||
documents = AccessControlList.objects.filter_by_access(
|
||||
permission, request.user, queryset=documents
|
||||
)
|
||||
|
||||
if not documents:
|
||||
messages.error(request, _('Must provide at least one document.'))
|
||||
|
||||
@@ -42,14 +42,9 @@ def metadata_edit(request, document_id=None, document_id_list=None):
|
||||
elif document_id_list:
|
||||
documents = Document.objects.filter(pk__in=document_id_list)
|
||||
|
||||
try:
|
||||
Permission.check_permissions(
|
||||
request.user, (permission_metadata_document_edit,)
|
||||
)
|
||||
except PermissionDenied:
|
||||
documents = AccessControlList.objects.filter_by_access(
|
||||
permission_metadata_document_edit, request.user, documents
|
||||
)
|
||||
documents = AccessControlList.objects.filter_by_access(
|
||||
permission_metadata_document_edit, request.user, queryset=documents
|
||||
)
|
||||
|
||||
if not documents:
|
||||
if document_id:
|
||||
@@ -201,14 +196,9 @@ def metadata_add(request, document_id=None, document_id_list=None):
|
||||
)
|
||||
)
|
||||
|
||||
try:
|
||||
Permission.check_permissions(
|
||||
request.user, (permission_metadata_document_add,)
|
||||
)
|
||||
except PermissionDenied:
|
||||
documents = AccessControlList.objects.filter_by_access(
|
||||
permission_metadata_document_add, request.user, documents
|
||||
)
|
||||
documents = AccessControlList.objects.filter_by_access(
|
||||
permission_metadata_document_add, request.user, queryset=documents
|
||||
)
|
||||
|
||||
if not documents:
|
||||
if document_id:
|
||||
@@ -337,14 +327,9 @@ def metadata_remove(request, document_id=None, document_id_list=None):
|
||||
elif document_id_list:
|
||||
documents = Document.objects.filter(pk__in=document_id_list)
|
||||
|
||||
try:
|
||||
Permission.check_permissions(
|
||||
request.user, (permission_metadata_document_remove,)
|
||||
)
|
||||
except PermissionDenied:
|
||||
documents = AccessControlList.objects.filter_by_access(
|
||||
permission_metadata_document_remove, request.user, documents
|
||||
)
|
||||
documents = AccessControlList.objects.filter_by_access(
|
||||
permission_metadata_document_remove, request.user, queryset=documents
|
||||
)
|
||||
|
||||
if not documents:
|
||||
if document_id:
|
||||
|
||||
@@ -358,9 +358,11 @@ class SourceColumn(object):
|
||||
return cls._registry[source]
|
||||
except KeyError:
|
||||
try:
|
||||
# Try it as a queryset
|
||||
return cls._registry[source.model]
|
||||
except AttributeError:
|
||||
try:
|
||||
# It seems to be an instance, try its class
|
||||
return cls._registry[source.__class__]
|
||||
except KeyError:
|
||||
try:
|
||||
|
||||
@@ -48,7 +48,7 @@ def get_source_columns(source):
|
||||
# Is iterable?
|
||||
source = source[0]
|
||||
except TypeError:
|
||||
# It is not
|
||||
# It is not an iterable
|
||||
pass
|
||||
except IndexError:
|
||||
# It a list and it's empty
|
||||
|
||||
@@ -1,27 +1,22 @@
|
||||
from __future__ import absolute_import, unicode_literals
|
||||
|
||||
from django.core.exceptions import PermissionDenied
|
||||
|
||||
from rest_framework.filters import BaseFilterBackend
|
||||
|
||||
from acls.models import AccessControlList
|
||||
from permissions import Permission
|
||||
|
||||
|
||||
class MayanObjectPermissionsFilter(BaseFilterBackend):
|
||||
def filter_queryset(self, request, queryset, view):
|
||||
required_permission = getattr(
|
||||
# TODO: fix variable name to make it clear it should be a single
|
||||
# permission
|
||||
|
||||
required_permissions = getattr(
|
||||
view, 'mayan_object_permissions', {}
|
||||
).get(request.method, None)
|
||||
|
||||
if required_permission:
|
||||
try:
|
||||
Permission.check_permissions(request.user, required_permission)
|
||||
except PermissionDenied:
|
||||
return AccessControlList.objects.filter_by_access(
|
||||
required_permission[0], request.user, queryset
|
||||
)
|
||||
else:
|
||||
return queryset
|
||||
if required_permissions:
|
||||
return AccessControlList.objects.filter_by_access(
|
||||
required_permissions[0], request.user, queryset=queryset
|
||||
)
|
||||
else:
|
||||
return queryset
|
||||
|
||||
@@ -3,11 +3,9 @@ from __future__ import absolute_import, unicode_literals
|
||||
import logging
|
||||
|
||||
from django import forms
|
||||
from django.core.exceptions import PermissionDenied
|
||||
from django.utils.translation import ugettext_lazy as _
|
||||
|
||||
from acls.models import AccessControlList
|
||||
from permissions import Permission
|
||||
|
||||
from .models import Tag
|
||||
from .permissions import permission_tag_view
|
||||
@@ -21,17 +19,13 @@ class TagListForm(forms.Form):
|
||||
logger.debug('user: %s', user)
|
||||
super(TagListForm, self).__init__(*args, **kwargs)
|
||||
|
||||
queryset = Tag.objects.all()
|
||||
try:
|
||||
Permission.check_permissions(user, (permission_tag_view,))
|
||||
except PermissionDenied:
|
||||
queryset = AccessControlList.objects.filter_by_access(
|
||||
permission_tag_view, user, queryset
|
||||
)
|
||||
queryset = AccessControlList.objects.filter_by_access(
|
||||
permission_tag_view, user, queryset=Tag.objects.all()
|
||||
)
|
||||
|
||||
self.fields['tag'] = forms.ModelChoiceField(
|
||||
queryset=queryset,
|
||||
label=_('Tags'))
|
||||
queryset=queryset, label=_('Tags')
|
||||
)
|
||||
|
||||
|
||||
class TagMultipleSelectionForm(forms.Form):
|
||||
@@ -40,13 +34,9 @@ class TagMultipleSelectionForm(forms.Form):
|
||||
logger.debug('user: %s', user)
|
||||
super(TagMultipleSelectionForm, self).__init__(*args, **kwargs)
|
||||
|
||||
queryset = Tag.objects.all()
|
||||
try:
|
||||
Permission.check_permissions(user, (permission_tag_view,))
|
||||
except PermissionDenied:
|
||||
queryset = AccessControlList.objects.filter_by_access(
|
||||
permission_tag_view, user, queryset
|
||||
)
|
||||
queryset = AccessControlList.objects.filter_by_access(
|
||||
permission_tag_view, user, queryset=Tag.objects.all()
|
||||
)
|
||||
|
||||
self.fields['tags'] = forms.MultipleChoiceField(
|
||||
label=_('Tags'), choices=queryset.values_list('id', 'label'),
|
||||
|
||||
@@ -2,7 +2,6 @@ from __future__ import absolute_import, unicode_literals
|
||||
|
||||
from django.core.urlresolvers import reverse
|
||||
from django.db import models
|
||||
from django.core.exceptions import PermissionDenied
|
||||
from django.utils.encoding import python_2_unicode_compatible
|
||||
from django.utils.translation import ugettext_lazy as _
|
||||
|
||||
@@ -11,7 +10,6 @@ from colorful.fields import RGBColorField
|
||||
from acls.models import AccessControlList
|
||||
from documents.models import Document
|
||||
from documents.permissions import permission_document_view
|
||||
from permissions import Permission
|
||||
|
||||
|
||||
@python_2_unicode_compatible
|
||||
@@ -35,14 +33,9 @@ class Tag(models.Model):
|
||||
verbose_name_plural = _('Tags')
|
||||
|
||||
def get_document_count(self, user):
|
||||
queryset = self.documents
|
||||
|
||||
try:
|
||||
Permission.check_permissions(user, (permission_document_view,))
|
||||
except PermissionDenied:
|
||||
queryset = AccessControlList.objects.filter_by_access(
|
||||
permission_document_view, user, queryset
|
||||
)
|
||||
queryset = AccessControlList.objects.filter_by_access(
|
||||
permission_document_view, user, queryset=self.documents
|
||||
)
|
||||
|
||||
return queryset.count()
|
||||
|
||||
|
||||
@@ -45,12 +45,9 @@ def tag_attach(request, document_id=None, document_id_list=None):
|
||||
elif document_id_list:
|
||||
queryset = Document.objects.filter(pk__in=document_id_list)
|
||||
|
||||
try:
|
||||
Permission.check_permissions(request.user, (permission_tag_attach,))
|
||||
except PermissionDenied:
|
||||
queryset = AccessControlList.objects.filter_by_access(
|
||||
permission_tag_attach, request.user, queryset
|
||||
)
|
||||
queryset = AccessControlList.objects.filter_by_access(
|
||||
permission_tag_attach, request.user, queryset=queryset
|
||||
)
|
||||
|
||||
if not queryset:
|
||||
if document_id:
|
||||
@@ -164,12 +161,9 @@ def tag_delete(request, tag_id=None, tag_id_list=None):
|
||||
)
|
||||
)
|
||||
|
||||
try:
|
||||
Permission.check_permissions(request.user, (permission_tag_delete,))
|
||||
except PermissionDenied:
|
||||
queryset = AccessControlList.objects.filter_by_access(
|
||||
permission_tag_delete, request.user, queryset
|
||||
)
|
||||
queryset = AccessControlList.objects.filter_by_access(
|
||||
permission_tag_delete, request.user, queryset=queryset
|
||||
)
|
||||
|
||||
previous = request.POST.get('previous', request.GET.get('previous', request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL))))
|
||||
next = request.POST.get('next', request.GET.get('next', post_action_redirect if post_action_redirect else request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL))))
|
||||
@@ -291,12 +285,9 @@ def tag_remove(request, document_id=None, document_id_list=None, tag_id=None, ta
|
||||
)
|
||||
)
|
||||
|
||||
try:
|
||||
Permission.check_permissions(request.user, (permission_tag_remove,))
|
||||
except PermissionDenied:
|
||||
documents = AccessControlList.objects.filter_by_access(
|
||||
permission_tag_remove, request.user, documents
|
||||
)
|
||||
documents = AccessControlList.objects.filter_by_access(
|
||||
permission_tag_remove, request.user, documents
|
||||
)
|
||||
|
||||
post_action_redirect = None
|
||||
|
||||
|
||||
@@ -1,12 +1,9 @@
|
||||
from __future__ import absolute_import, unicode_literals
|
||||
|
||||
from django.apps import apps
|
||||
from django.core.exceptions import PermissionDenied
|
||||
from django.utils.html import escape
|
||||
from django.utils.safestring import mark_safe
|
||||
|
||||
from permissions import Permission
|
||||
|
||||
from .permissions import permission_tag_view
|
||||
|
||||
|
||||
@@ -20,14 +17,9 @@ def widget_document_tags(document, user):
|
||||
|
||||
tags_template = []
|
||||
|
||||
tags = document.attached_tags().all()
|
||||
|
||||
try:
|
||||
Permission.check_permissions(user, (permission_tag_view,))
|
||||
except PermissionDenied:
|
||||
tags = AccessControlList.objects.filter_by_access(
|
||||
permission_tag_view, user, tags
|
||||
)
|
||||
tags = AccessControlList.objects.filter_by_access(
|
||||
permission_tag_view, user, queryset=document.attached_tags().all()
|
||||
)
|
||||
|
||||
for tag in tags:
|
||||
tags_template.append(widget_single_tag(tag))
|
||||
|
||||
Reference in New Issue
Block a user