Simplify filter_by_access boilerplate code

This commit is contained in:
Roberto Rosario
2016-11-02 03:48:16 -04:00
parent c0194c63dc
commit 621c988809
29 changed files with 173 additions and 376 deletions

View File

@@ -9,6 +9,7 @@ from django.db.models import Q
from django.utils.translation import ugettext
from common.utils import return_attrib
from permissions import Permission
from permissions.models import StoredPermission
from .classes import ModelPermission
@@ -88,41 +89,52 @@ class AccessControlListManager(models.Manager):
if user.is_superuser or user.is_staff:
return queryset
user_roles = []
for group in user.groups.all():
for role in group.roles.all():
user_roles.append(role)
try:
parent_accessor = ModelPermission.get_inheritance(queryset.model)
except KeyError:
parent_acl_query = Q()
else:
instance = queryset.first()
if instance:
parent_object = getattr(instance, parent_accessor)
parent_content_type = ContentType.objects.get_for_model(
parent_object
Permission.check_permissions(
requester=user, permissions=(permission,)
)
except PermissionDenied:
user_roles = []
for group in user.groups.all():
for role in group.roles.all():
user_roles.append(role)
try:
parent_accessor = ModelPermission.get_inheritance(
model=queryset.model
)
parent_queryset = self.filter(
content_type=parent_content_type, role__in=user_roles,
permissions=permission.stored_permission
)
parent_acl_query = Q(
**{
'{}__pk__in'.format(
parent_accessor
): parent_queryset.values_list('object_id', flat=True)
}
)
else:
except KeyError:
parent_acl_query = Q()
else:
instance = queryset.first()
if instance:
parent_object = getattr(instance, parent_accessor)
parent_content_type = ContentType.objects.get_for_model(
parent_object
)
parent_queryset = self.filter(
content_type=parent_content_type, role__in=user_roles,
permissions=permission.stored_permission
)
parent_acl_query = Q(
**{
'{}__pk__in'.format(
parent_accessor
): parent_queryset.values_list(
'object_id', flat=True
)
}
)
else:
parent_acl_query = Q()
# Directly granted access
content_type = ContentType.objects.get_for_model(queryset.model)
acl_query = Q(pk__in=self.filter(
content_type=content_type, role__in=user_roles,
permissions=permission.stored_permission
).values_list('object_id', flat=True))
# Directly granted access
content_type = ContentType.objects.get_for_model(queryset.model)
acl_query = Q(pk__in=self.filter(
content_type=content_type, role__in=user_roles,
permissions=permission.stored_permission
).values_list('object_id', flat=True))
return queryset.filter(parent_acl_query | acl_query)
return queryset.filter(parent_acl_query | acl_query)
else:
return queryset

View File

@@ -89,8 +89,6 @@ class PermissionTestCase(TestCase):
self.fail('PermissionDenied exception was not expected.')
def test_filtering_with_permissions(self):
self.role.permissions.add(permission_document_view.stored_permission)
acl = AccessControlList.objects.create(
content_object=self.document_1, role=self.role
)
@@ -137,8 +135,6 @@ class PermissionTestCase(TestCase):
self.fail('PermissionDenied exception was not expected.')
def test_filtering_with_inherited_permissions(self):
self.role.permissions.add(permission_document_view.stored_permission)
acl = AccessControlList.objects.create(
content_object=self.document_type_1, role=self.role
)
@@ -148,6 +144,10 @@ class PermissionTestCase(TestCase):
permission=permission_document_view, user=self.user,
queryset=Document.objects.all()
)
# Since document_1 and document_2 are of document_type_1
# they are the only ones that should be returned
self.assertTrue(self.document_1 in result)
self.assertTrue(self.document_2 in result)
self.assertTrue(self.document_3 not in result)

View File

@@ -31,18 +31,10 @@ class APICheckedoutDocumentListView(generics.ListCreateAPIView):
return DocumentCheckoutSerializer
def get_queryset(self):
documents = DocumentCheckout.objects.checked_out_documents()
try:
Permission.check_permissions(
self.request.user, (permission_document_view,)
)
except PermissionDenied:
filtered_documents = AccessControlList.objects.filter_by_access(
(permission_document_view,), self.request.user, documents
)
else:
filtered_documents = documents
filtered_documents = AccessControlList.objects.filter_by_access(
(permission_document_view,), self.request.user,
queryset=DocumentCheckout.objects.checked_out_documents()
)
return DocumentCheckout.objects.filter(
document__pk__in=filtered_documents.values_list('pk', flat=True)
@@ -104,18 +96,10 @@ class APICheckedoutDocumentView(generics.RetrieveDestroyAPIView):
def get_queryset(self):
if self.request.method == 'GET':
documents = DocumentCheckout.objects.checked_out_documents()
try:
Permission.check_permissions(
self.request.user, (permission_document_view,)
)
except PermissionDenied:
filtered_documents = AccessControlList.objects.filter_by_access(
(permission_document_view,), self.request.user, documents
)
else:
filtered_documents = documents
filtered_documents = AccessControlList.objects.filter_by_access(
(permission_document_view,), self.request.user,
queryset=DocumentCheckout.objects.checked_out_documents()
)
return DocumentCheckout.objects.filter(
document__pk__in=filtered_documents.values_list(

View File

@@ -1,12 +1,9 @@
from __future__ import unicode_literals
from django.apps import apps
from django.core.exceptions import PermissionDenied
from django.db import models
from django.utils.translation import ugettext
from permissions import Permission
class ModelAttribute(object):
__registry = {}
@@ -137,20 +134,9 @@ class Filter(object):
queryset = queryset.distinct()
if self.object_permission:
try:
# Check to see if the user has the permissions globally
Permission.check_permissions(
user, (self.object_permission,)
)
except PermissionDenied:
# No global permission, filter ther queryset per object +
# permission
return AccessControlList.objects.filter_by_access(
self.object_permission, user, queryset
)
else:
# Has the permission globally, return all results
return queryset
return AccessControlList.objects.filter_by_access(
self.object_permission, user, queryset=queryset
)
else:
return queryset

View File

@@ -93,20 +93,9 @@ class ObjectListPermissionFilterMixin(object):
queryset = super(ObjectListPermissionFilterMixin, self).get_queryset()
if self.object_permission:
try:
# Check to see if the user has the permissions globally
Permission.check_permissions(
self.request.user, (self.object_permission,)
)
except PermissionDenied:
# No global permission, filter ther queryset per object +
# permission
return AccessControlList.objects.filter_by_access(
self.object_permission, self.request.user, queryset
)
else:
# Has the permission globally, return all results
return queryset
return AccessControlList.objects.filter_by_access(
self.object_permission, self.request.user, queryset=queryset
)
else:
return queryset

View File

@@ -1,9 +1,9 @@
from __future__ import unicode_literals
from .classes import (
from .classes import ( # NOQA
BaseTransformation, TransformationResize, TransformationRotate,
TransformationZoom
) # NOQA
)
from .runtime import converter_class # NOQA
default_app_config = 'converter.apps.ConverterApp'

View File

@@ -2,7 +2,6 @@ from __future__ import unicode_literals
import base64
import logging
from operator import xor
import os
try:

View File

@@ -78,13 +78,6 @@ class TransformationTestCase(TestCase):
percent=TRANSFORMATION_ZOOM_PERCENT
)
#self.assertEqual(
# #transformation_rotate ^ transformation_resize ^ transformation_zoom,
# transformation_rotate ^ transformation_resize ^ transformation_zoom,
# #transformation_resize ^ transformation_zoom,
# TRANSFORMATION_COMBINED_CACHE_HASH
#)
self.assertEqual(
BaseTransformation.combine(
(transformation_rotate, transformation_resize, transformation_zoom)

View File

@@ -1,6 +1,5 @@
from __future__ import absolute_import, unicode_literals
from django.core.exceptions import PermissionDenied
from django.core.urlresolvers import reverse
from django.db import models
from django.utils.encoding import python_2_unicode_compatible
@@ -12,7 +11,6 @@ from mptt.models import MPTTModel
from acls.models import AccessControlList
from documents.models import Document, DocumentType
from documents.permissions import permission_document_view
from permissions import Permission
from .managers import (
DocumentIndexInstanceNodeManager, IndexManager, IndexInstanceNodeManager
@@ -177,14 +175,9 @@ class IndexInstanceNode(MPTTModel):
def get_item_count(self, user):
if self.index_template_node.link_documents:
queryset = self.documents
try:
Permission.check_permissions(user, (permission_document_view,))
except PermissionDenied:
queryset = AccessControlList.objects.filter_by_access(
permission_document_view, user, queryset
)
queryset = AccessControlList.objects.filter_by_access(
permission_document_view, user, queryset=self.documents
)
return queryset.count()
else:

View File

@@ -86,18 +86,10 @@ class SetupIndexDocumentTypesView(AssignRemoveView):
self.get_object().document_types.add(item)
def get_document_queryset(self):
queryset = DocumentType.objects.all()
try:
Permission.check_permissions(
self.request.user, (permission_document_view,)
)
except PermissionDenied:
queryset = AccessControlList.objects.filter_by_access(
permission_document_view, self.request.user, queryset
)
return queryset
return AccessControlList.objects.filter_by_access(
permission_document_view, self.request.user,
queryset=DocumentType.objects.all()
)
def get_extra_context(self):
return {

View File

@@ -3,11 +3,9 @@ from __future__ import absolute_import, unicode_literals
import logging
from django import forms
from django.core.exceptions import PermissionDenied
from django.utils.translation import ugettext_lazy as _
from acls.models import AccessControlList
from permissions import Permission
from common.forms import DetailForm
from django_gpg.models import Key
@@ -35,14 +33,9 @@ class DocumentVersionSignatureCreateForm(forms.Form):
DocumentVersionSignatureCreateForm, self
).__init__(*args, **kwargs)
queryset = Key.objects.private_keys()
try:
Permission.check_permissions(user, (permission_key_sign,))
except PermissionDenied:
queryset = AccessControlList.objects.filter_by_access(
permission_key_sign, user, queryset
)
queryset = AccessControlList.objects.filter_by_access(
permission_key_sign, user, queryset=Key.objects.private_keys()
)
self.fields['key'].queryset = queryset

View File

@@ -154,8 +154,9 @@ class DocumentsApp(MayanAppConfig):
func=lambda context: document_html_widget(
document_page=context['object'].latest_version.pages.first(),
click_view='rest_api:documentpage-image',
click_view_arguments_lazy=lambda: (context['object'].latest_version.pages.first().pk,),
click_view_querydict={'size': setting_display_size.value},
click_view_arguments_lazy=lambda: (
context['object'].latest_version.pages.first().pk,
), click_view_querydict={'size': setting_display_size.value},
gallery_name='documents:document_list',
size=setting_thumbnail_size.value,
title=getattr(context['object'], 'label', None),
@@ -212,8 +213,9 @@ class DocumentsApp(MayanAppConfig):
func=lambda context: document_html_widget(
document_page=context['object'].latest_version.pages.first(),
click_view='rest_api:documentpage-image',
click_view_arguments_lazy=lambda: (context['object'].latest_version.pages.first().pk,),
click_view_querydict={'size': setting_display_size.value},
click_view_arguments_lazy=lambda: (
context['object'].latest_version.pages.first().pk,
), click_view_querydict={'size': setting_display_size.value},
gallery_name='documents:delete_document_list',
size=setting_thumbnail_size.value,
title=getattr(context['object'], 'label', None),

View File

@@ -4,13 +4,11 @@ import logging
from operator import itemgetter
from django import forms
from django.core.exceptions import PermissionDenied
from django.template.defaultfilters import filesizeformat
from django.utils.translation import ugettext_lazy as _
from acls.models import AccessControlList
from common.forms import DetailForm, ModelForm
from permissions import Permission
from .models import (
Document, DocumentType, DocumentPage, DocumentTypeFilename
@@ -162,13 +160,10 @@ class DocumentTypeSelectForm(forms.Form):
logger.debug('user: %s', user)
super(DocumentTypeSelectForm, self).__init__(*args, **kwargs)
queryset = DocumentType.objects.all()
try:
Permission.check_permissions(user, (permission_document_create,))
except PermissionDenied:
queryset = AccessControlList.objects.filter_by_access(
permission_document_create, user, queryset
)
queryset = AccessControlList.objects.filter_by_access(
permission_document_create, user,
queryset=DocumentType.objects.all()
)
self.fields['document_type'] = forms.ModelChoiceField(
empty_label=None, label=_('Document type'), queryset=queryset,

View File

@@ -5,7 +5,6 @@ import logging
import uuid
from django.conf import settings
from django.core.exceptions import PermissionDenied
from django.core.files import File
from django.core.urlresolvers import reverse
from django.db import models, transaction
@@ -23,7 +22,6 @@ from converter.exceptions import InvalidOfficeFormat, PageCountError
from converter.literals import DEFAULT_ZOOM_LEVEL, DEFAULT_ROTATION
from converter.models import Transformation
from mimetype.api import get_mimetype
from permissions import Permission
from .events import (
event_document_create, event_document_new_version,
@@ -113,14 +111,9 @@ class DocumentType(models.Model):
return DeletedDocument.objects.filter(document_type=self)
def get_document_count(self, user):
queryset = self.documents
try:
Permission.check_permissions(user, (permission_document_view,))
except PermissionDenied:
queryset = AccessControlList.objects.filter_by_access(
permission_document_view, user, queryset
)
queryset = AccessControlList.objects.filter_by_access(
permission_document_view, user, queryset=self.documents
)
return queryset.count()

View File

@@ -95,19 +95,9 @@ class DeletedDocumentListView(DocumentListView):
}
def get_document_queryset(self):
queryset = Document.trash.all()
try:
Permission.check_permissions(
self.request.user, (permission_document_view,)
)
except PermissionDenied:
queryset = AccessControlList.objects.filter_by_access(
permission_document_view, self.request.user, queryset
)
return DeletedDocument.objects.filter(
pk__in=queryset.values_list('pk', flat=True)
return AccessControlList.objects.filter_by_access(
permission_document_view, self.request.user,
queryset=DeletedDocument.trash.all()
)
@@ -663,14 +653,9 @@ def document_document_type_edit(request, document_id=None, document_id_list=None
elif document_id_list:
queryset = Document.objects.filter(pk__in=document_id_list)
try:
Permission.check_permissions(
request.user, (permission_document_properties_edit,)
)
except PermissionDenied:
queryset = AccessControlList.objects.filter_by_access(
permission_document_properties_edit, request.user, queryset
)
queryset = AccessControlList.objects.filter_by_access(
permission_document_properties_edit, request.user, queryset=queryset
)
if not queryset:
if document_id:
@@ -806,18 +791,10 @@ class DocumentDownloadFormView(FormView):
return self.post_action_redirect
def get_queryset(self):
queryset = self.get_document_queryset()
try:
Permission.check_permissions(
self.request.user, (permission_document_download,)
)
except PermissionDenied:
return AccessControlList.objects.filter_by_access(
permission_document_download, self.request.user, queryset
)
else:
return queryset
return AccessControlList.objects.filter_by_access(
permission_document_download, self.request.user,
queryset=self.get_document_queryset()
)
class DocumentDownloadView(SingleObjectDownloadView):
@@ -863,16 +840,9 @@ class DocumentDownloadView(SingleObjectDownloadView):
queryset = self.model.objects.filter(pk__in=id_list.split(','))
try:
Permission.check_permissions(
self.request.user, (permission_document_download,)
)
except PermissionDenied:
return AccessControlList.objects.filter_by_access(
permission_document_download, self.request.user, queryset
)
else:
return queryset
return AccessControlList.objects.filter_by_access(
permission_document_download, self.request.user, queryset
)
def get_file(self):
queryset = self.get_document_queryset()
@@ -949,14 +919,9 @@ def document_update_page_count(request, document_id=None, document_id_list=None)
messages.error(request, _('At least one document must be selected.'))
return HttpResponseRedirect(request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL)))
try:
Permission.check_permissions(
request.user, (permission_document_tools,)
)
except PermissionDenied:
documents = AccessControlList.objects.filter_by_access(
permission_document_tools, request.user, documents
)
documents = AccessControlList.objects.filter_by_access(
permission_document_tools, request.user, queryset=documents
)
previous = request.POST.get('previous', request.GET.get('previous', request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL))))
@@ -1018,14 +983,9 @@ def document_clear_transformations(request, document_id=None, document_id_list=N
)
)
try:
Permission.check_permissions(
request.user, (permission_transformation_delete,)
)
except PermissionDenied:
documents = AccessControlList.objects.filter_by_access(
permission_transformation_delete, request.user, documents
)
documents = AccessControlList.objects.filter_by_access(
permission_transformation_delete, request.user, queryset=documents
)
previous = request.POST.get('previous', request.GET.get('previous', request.META.get('HTTP_REFERER', post_redirect or reverse('documents:document_list'))))
next = request.POST.get('next', request.GET.get('next', request.META.get('HTTP_REFERER', post_redirect or reverse('documents:document_list'))))

View File

@@ -5,12 +5,10 @@ import logging
import re
from django.apps import apps
from django.core.exceptions import PermissionDenied
from django.db.models import Q
from django.utils.module_loading import import_string
from django.utils.translation import ugettext as _
from permissions import Permission
from .settings import setting_limit
@@ -229,12 +227,9 @@ class SearchModel(object):
)
if self.permission:
try:
Permission.check_permissions(user, [self.permission])
except PermissionDenied:
queryset = AccessControlList.objects.filter_by_access(
self.permission, user, queryset
)
queryset = AccessControlList.objects.filter_by_access(
self.permission, user, queryset
)
return queryset, result_set, elapsed_time

View File

@@ -147,18 +147,10 @@ class APIFolderDocumentListView(generics.ListCreateAPIView):
def get_queryset(self):
folder = self.get_folder()
documents = folder.documents.all()
try:
Permission.check_permissions(
self.request.user, (permission_document_view,)
)
except PermissionDenied:
documents = AccessControlList.objects.filter_by_access(
permission_document_view, self.request.user, documents
)
return documents
return AccessControlList.objects.filter_by_access(
permission_document_view, self.request.user,
queryset=folder.documents.all()
)
def perform_create(self, serializer):
serializer.save(folder=self.get_folder())

View File

@@ -3,11 +3,9 @@ from __future__ import absolute_import, unicode_literals
import logging
from django import forms
from django.core.exceptions import PermissionDenied
from django.utils.translation import ugettext_lazy as _
from acls.models import AccessControlList
from permissions import Permission
from .models import Folder
from .permissions import permission_folder_view
@@ -21,15 +19,10 @@ class FolderListForm(forms.Form):
logger.debug('user: %s', user)
super(FolderListForm, self).__init__(*args, **kwargs)
queryset = Folder.objects.all()
try:
Permission.check_permissions(user, (permission_folder_view,))
except PermissionDenied:
queryset = AccessControlList.objects.filter_by_access(
permission_folder_view, user, queryset
)
queryset = AccessControlList.objects.filter_by_access(
permission_folder_view, user, queryset=Folder.objects.all()
)
self.fields['folder'] = forms.ModelChoiceField(
queryset=queryset,
label=_('Folder')
queryset=queryset, label=_('Folder')
)

View File

@@ -1,6 +1,5 @@
from __future__ import absolute_import, unicode_literals
from django.core.exceptions import PermissionDenied
from django.core.urlresolvers import reverse
from django.db import models
from django.utils.encoding import python_2_unicode_compatible
@@ -9,7 +8,6 @@ from django.utils.translation import ugettext_lazy as _
from acls.models import AccessControlList
from documents.models import Document
from documents.permissions import permission_document_view
from permissions import Permission
from .managers import FolderManager
@@ -45,14 +43,9 @@ class Folder(models.Model):
verbose_name_plural = _('Folders')
def get_document_count(self, user):
queryset = self.documents
try:
Permission.check_permissions(user, (permission_document_view,))
except PermissionDenied:
queryset = AccessControlList.objects.filter_by_access(
permission_document_view, user, queryset
)
queryset = AccessControlList.objects.filter_by_access(
permission_document_view, user, queryset=self.documents
)
return queryset.count()

View File

@@ -145,14 +145,9 @@ def folder_add_document(request, document_id=None, document_id_list=None):
)
)
try:
Permission.check_permissions(
request.user, (permission_folder_add_document,)
)
except PermissionDenied:
queryset = AccessControlList.objects.filter_by_access(
permission_folder_add_document, request.user, queryset
)
queryset = AccessControlList.objects.filter_by_access(
permission_folder_add_document, request.user, queryset=queryset
)
post_action_redirect = None
if document_id:
@@ -227,14 +222,9 @@ def folder_document_remove(request, folder_id, document_id=None, document_id_lis
messages.error(request, _('Must provide at least one folder document.'))
return HttpResponseRedirect(request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL)))
try:
Permission.check_permissions(
request.user, (permission_folder_remove_document,)
)
except PermissionDenied:
queryset = AccessControlList.objects.filter_by_access(
permission_folder_remove_document, request.user, queryset
)
queryset = AccessControlList.objects.filter_by_access(
permission_folder_remove_document, request.user, queryset=queryset
)
previous = request.POST.get('previous', request.GET.get('previous', request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL))))
next = request.POST.get('next', request.GET.get('next', post_action_redirect if post_action_redirect else request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL))))

View File

@@ -3,7 +3,6 @@ from __future__ import absolute_import, unicode_literals
from django.conf import settings
from django.contrib import messages
from django.contrib.sites.models import Site
from django.core.exceptions import PermissionDenied
from django.core.urlresolvers import reverse
from django.http import HttpResponseRedirect
from django.shortcuts import render_to_response
@@ -14,7 +13,6 @@ from django.utils.translation import ugettext_lazy as _
from acls.models import AccessControlList
from common.generics import SingleObjectListView
from documents.models import Document
from permissions import Permission
from .forms import DocumentMailForm
from .models import LogEntry
@@ -45,12 +43,9 @@ def send_document_link(request, document_id=None, document_id_list=None, as_atta
else:
permission = permission_mailing_link
try:
Permission.check_permissions(request.user, (permission,))
except PermissionDenied:
documents = AccessControlList.objects.filter_by_access(
permission, request.user, documents
)
documents = AccessControlList.objects.filter_by_access(
permission, request.user, queryset=documents
)
if not documents:
messages.error(request, _('Must provide at least one document.'))

View File

@@ -42,14 +42,9 @@ def metadata_edit(request, document_id=None, document_id_list=None):
elif document_id_list:
documents = Document.objects.filter(pk__in=document_id_list)
try:
Permission.check_permissions(
request.user, (permission_metadata_document_edit,)
)
except PermissionDenied:
documents = AccessControlList.objects.filter_by_access(
permission_metadata_document_edit, request.user, documents
)
documents = AccessControlList.objects.filter_by_access(
permission_metadata_document_edit, request.user, queryset=documents
)
if not documents:
if document_id:
@@ -201,14 +196,9 @@ def metadata_add(request, document_id=None, document_id_list=None):
)
)
try:
Permission.check_permissions(
request.user, (permission_metadata_document_add,)
)
except PermissionDenied:
documents = AccessControlList.objects.filter_by_access(
permission_metadata_document_add, request.user, documents
)
documents = AccessControlList.objects.filter_by_access(
permission_metadata_document_add, request.user, queryset=documents
)
if not documents:
if document_id:
@@ -337,14 +327,9 @@ def metadata_remove(request, document_id=None, document_id_list=None):
elif document_id_list:
documents = Document.objects.filter(pk__in=document_id_list)
try:
Permission.check_permissions(
request.user, (permission_metadata_document_remove,)
)
except PermissionDenied:
documents = AccessControlList.objects.filter_by_access(
permission_metadata_document_remove, request.user, documents
)
documents = AccessControlList.objects.filter_by_access(
permission_metadata_document_remove, request.user, queryset=documents
)
if not documents:
if document_id:

View File

@@ -358,9 +358,11 @@ class SourceColumn(object):
return cls._registry[source]
except KeyError:
try:
# Try it as a queryset
return cls._registry[source.model]
except AttributeError:
try:
# It seems to be an instance, try its class
return cls._registry[source.__class__]
except KeyError:
try:

View File

@@ -48,7 +48,7 @@ def get_source_columns(source):
# Is iterable?
source = source[0]
except TypeError:
# It is not
# It is not an iterable
pass
except IndexError:
# It a list and it's empty

View File

@@ -1,27 +1,22 @@
from __future__ import absolute_import, unicode_literals
from django.core.exceptions import PermissionDenied
from rest_framework.filters import BaseFilterBackend
from acls.models import AccessControlList
from permissions import Permission
class MayanObjectPermissionsFilter(BaseFilterBackend):
def filter_queryset(self, request, queryset, view):
required_permission = getattr(
# TODO: fix variable name to make it clear it should be a single
# permission
required_permissions = getattr(
view, 'mayan_object_permissions', {}
).get(request.method, None)
if required_permission:
try:
Permission.check_permissions(request.user, required_permission)
except PermissionDenied:
return AccessControlList.objects.filter_by_access(
required_permission[0], request.user, queryset
)
else:
return queryset
if required_permissions:
return AccessControlList.objects.filter_by_access(
required_permissions[0], request.user, queryset=queryset
)
else:
return queryset

View File

@@ -3,11 +3,9 @@ from __future__ import absolute_import, unicode_literals
import logging
from django import forms
from django.core.exceptions import PermissionDenied
from django.utils.translation import ugettext_lazy as _
from acls.models import AccessControlList
from permissions import Permission
from .models import Tag
from .permissions import permission_tag_view
@@ -21,17 +19,13 @@ class TagListForm(forms.Form):
logger.debug('user: %s', user)
super(TagListForm, self).__init__(*args, **kwargs)
queryset = Tag.objects.all()
try:
Permission.check_permissions(user, (permission_tag_view,))
except PermissionDenied:
queryset = AccessControlList.objects.filter_by_access(
permission_tag_view, user, queryset
)
queryset = AccessControlList.objects.filter_by_access(
permission_tag_view, user, queryset=Tag.objects.all()
)
self.fields['tag'] = forms.ModelChoiceField(
queryset=queryset,
label=_('Tags'))
queryset=queryset, label=_('Tags')
)
class TagMultipleSelectionForm(forms.Form):
@@ -40,13 +34,9 @@ class TagMultipleSelectionForm(forms.Form):
logger.debug('user: %s', user)
super(TagMultipleSelectionForm, self).__init__(*args, **kwargs)
queryset = Tag.objects.all()
try:
Permission.check_permissions(user, (permission_tag_view,))
except PermissionDenied:
queryset = AccessControlList.objects.filter_by_access(
permission_tag_view, user, queryset
)
queryset = AccessControlList.objects.filter_by_access(
permission_tag_view, user, queryset=Tag.objects.all()
)
self.fields['tags'] = forms.MultipleChoiceField(
label=_('Tags'), choices=queryset.values_list('id', 'label'),

View File

@@ -2,7 +2,6 @@ from __future__ import absolute_import, unicode_literals
from django.core.urlresolvers import reverse
from django.db import models
from django.core.exceptions import PermissionDenied
from django.utils.encoding import python_2_unicode_compatible
from django.utils.translation import ugettext_lazy as _
@@ -11,7 +10,6 @@ from colorful.fields import RGBColorField
from acls.models import AccessControlList
from documents.models import Document
from documents.permissions import permission_document_view
from permissions import Permission
@python_2_unicode_compatible
@@ -35,14 +33,9 @@ class Tag(models.Model):
verbose_name_plural = _('Tags')
def get_document_count(self, user):
queryset = self.documents
try:
Permission.check_permissions(user, (permission_document_view,))
except PermissionDenied:
queryset = AccessControlList.objects.filter_by_access(
permission_document_view, user, queryset
)
queryset = AccessControlList.objects.filter_by_access(
permission_document_view, user, queryset=self.documents
)
return queryset.count()

View File

@@ -45,12 +45,9 @@ def tag_attach(request, document_id=None, document_id_list=None):
elif document_id_list:
queryset = Document.objects.filter(pk__in=document_id_list)
try:
Permission.check_permissions(request.user, (permission_tag_attach,))
except PermissionDenied:
queryset = AccessControlList.objects.filter_by_access(
permission_tag_attach, request.user, queryset
)
queryset = AccessControlList.objects.filter_by_access(
permission_tag_attach, request.user, queryset=queryset
)
if not queryset:
if document_id:
@@ -164,12 +161,9 @@ def tag_delete(request, tag_id=None, tag_id_list=None):
)
)
try:
Permission.check_permissions(request.user, (permission_tag_delete,))
except PermissionDenied:
queryset = AccessControlList.objects.filter_by_access(
permission_tag_delete, request.user, queryset
)
queryset = AccessControlList.objects.filter_by_access(
permission_tag_delete, request.user, queryset=queryset
)
previous = request.POST.get('previous', request.GET.get('previous', request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL))))
next = request.POST.get('next', request.GET.get('next', post_action_redirect if post_action_redirect else request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL))))
@@ -291,12 +285,9 @@ def tag_remove(request, document_id=None, document_id_list=None, tag_id=None, ta
)
)
try:
Permission.check_permissions(request.user, (permission_tag_remove,))
except PermissionDenied:
documents = AccessControlList.objects.filter_by_access(
permission_tag_remove, request.user, documents
)
documents = AccessControlList.objects.filter_by_access(
permission_tag_remove, request.user, documents
)
post_action_redirect = None

View File

@@ -1,12 +1,9 @@
from __future__ import absolute_import, unicode_literals
from django.apps import apps
from django.core.exceptions import PermissionDenied
from django.utils.html import escape
from django.utils.safestring import mark_safe
from permissions import Permission
from .permissions import permission_tag_view
@@ -20,14 +17,9 @@ def widget_document_tags(document, user):
tags_template = []
tags = document.attached_tags().all()
try:
Permission.check_permissions(user, (permission_tag_view,))
except PermissionDenied:
tags = AccessControlList.objects.filter_by_access(
permission_tag_view, user, tags
)
tags = AccessControlList.objects.filter_by_access(
permission_tag_view, user, queryset=document.attached_tags().all()
)
for tag in tags:
tags_template.append(widget_single_tag(tag))