diff --git a/mayan/apps/acls/managers.py b/mayan/apps/acls/managers.py index e9bbb88b5b..c817371005 100644 --- a/mayan/apps/acls/managers.py +++ b/mayan/apps/acls/managers.py @@ -9,6 +9,7 @@ from django.db.models import Q from django.utils.translation import ugettext from common.utils import return_attrib +from permissions import Permission from permissions.models import StoredPermission from .classes import ModelPermission @@ -88,41 +89,52 @@ class AccessControlListManager(models.Manager): if user.is_superuser or user.is_staff: return queryset - user_roles = [] - for group in user.groups.all(): - for role in group.roles.all(): - user_roles.append(role) - try: - parent_accessor = ModelPermission.get_inheritance(queryset.model) - except KeyError: - parent_acl_query = Q() - else: - instance = queryset.first() - if instance: - parent_object = getattr(instance, parent_accessor) - parent_content_type = ContentType.objects.get_for_model( - parent_object + Permission.check_permissions( + requester=user, permissions=(permission,) + ) + except PermissionDenied: + user_roles = [] + for group in user.groups.all(): + for role in group.roles.all(): + user_roles.append(role) + + try: + parent_accessor = ModelPermission.get_inheritance( + model=queryset.model ) - parent_queryset = self.filter( - content_type=parent_content_type, role__in=user_roles, - permissions=permission.stored_permission - ) - parent_acl_query = Q( - **{ - '{}__pk__in'.format( - parent_accessor - ): parent_queryset.values_list('object_id', flat=True) - } - ) - else: + except KeyError: parent_acl_query = Q() + else: + instance = queryset.first() + if instance: + parent_object = getattr(instance, parent_accessor) + parent_content_type = ContentType.objects.get_for_model( + parent_object + ) + parent_queryset = self.filter( + content_type=parent_content_type, role__in=user_roles, + permissions=permission.stored_permission + ) + parent_acl_query = Q( + **{ + '{}__pk__in'.format( + parent_accessor + ): parent_queryset.values_list( + 'object_id', flat=True + ) + } + ) + else: + parent_acl_query = Q() - # Directly granted access - content_type = ContentType.objects.get_for_model(queryset.model) - acl_query = Q(pk__in=self.filter( - content_type=content_type, role__in=user_roles, - permissions=permission.stored_permission - ).values_list('object_id', flat=True)) + # Directly granted access + content_type = ContentType.objects.get_for_model(queryset.model) + acl_query = Q(pk__in=self.filter( + content_type=content_type, role__in=user_roles, + permissions=permission.stored_permission + ).values_list('object_id', flat=True)) - return queryset.filter(parent_acl_query | acl_query) + return queryset.filter(parent_acl_query | acl_query) + else: + return queryset diff --git a/mayan/apps/acls/tests/test_models.py b/mayan/apps/acls/tests/test_models.py index 571350452c..76241bd68c 100644 --- a/mayan/apps/acls/tests/test_models.py +++ b/mayan/apps/acls/tests/test_models.py @@ -89,8 +89,6 @@ class PermissionTestCase(TestCase): self.fail('PermissionDenied exception was not expected.') def test_filtering_with_permissions(self): - self.role.permissions.add(permission_document_view.stored_permission) - acl = AccessControlList.objects.create( content_object=self.document_1, role=self.role ) @@ -137,8 +135,6 @@ class PermissionTestCase(TestCase): self.fail('PermissionDenied exception was not expected.') def test_filtering_with_inherited_permissions(self): - self.role.permissions.add(permission_document_view.stored_permission) - acl = AccessControlList.objects.create( content_object=self.document_type_1, role=self.role ) @@ -148,6 +144,10 @@ class PermissionTestCase(TestCase): permission=permission_document_view, user=self.user, queryset=Document.objects.all() ) + + # Since document_1 and document_2 are of document_type_1 + # they are the only ones that should be returned + self.assertTrue(self.document_1 in result) self.assertTrue(self.document_2 in result) self.assertTrue(self.document_3 not in result) diff --git a/mayan/apps/checkouts/api_views.py b/mayan/apps/checkouts/api_views.py index 939cf28f1d..507854d428 100644 --- a/mayan/apps/checkouts/api_views.py +++ b/mayan/apps/checkouts/api_views.py @@ -31,18 +31,10 @@ class APICheckedoutDocumentListView(generics.ListCreateAPIView): return DocumentCheckoutSerializer def get_queryset(self): - documents = DocumentCheckout.objects.checked_out_documents() - - try: - Permission.check_permissions( - self.request.user, (permission_document_view,) - ) - except PermissionDenied: - filtered_documents = AccessControlList.objects.filter_by_access( - (permission_document_view,), self.request.user, documents - ) - else: - filtered_documents = documents + filtered_documents = AccessControlList.objects.filter_by_access( + (permission_document_view,), self.request.user, + queryset=DocumentCheckout.objects.checked_out_documents() + ) return DocumentCheckout.objects.filter( document__pk__in=filtered_documents.values_list('pk', flat=True) @@ -104,18 +96,10 @@ class APICheckedoutDocumentView(generics.RetrieveDestroyAPIView): def get_queryset(self): if self.request.method == 'GET': - documents = DocumentCheckout.objects.checked_out_documents() - - try: - Permission.check_permissions( - self.request.user, (permission_document_view,) - ) - except PermissionDenied: - filtered_documents = AccessControlList.objects.filter_by_access( - (permission_document_view,), self.request.user, documents - ) - else: - filtered_documents = documents + filtered_documents = AccessControlList.objects.filter_by_access( + (permission_document_view,), self.request.user, + queryset=DocumentCheckout.objects.checked_out_documents() + ) return DocumentCheckout.objects.filter( document__pk__in=filtered_documents.values_list( diff --git a/mayan/apps/common/classes.py b/mayan/apps/common/classes.py index d342ab062e..0ef0e12578 100644 --- a/mayan/apps/common/classes.py +++ b/mayan/apps/common/classes.py @@ -1,12 +1,9 @@ from __future__ import unicode_literals from django.apps import apps -from django.core.exceptions import PermissionDenied from django.db import models from django.utils.translation import ugettext -from permissions import Permission - class ModelAttribute(object): __registry = {} @@ -137,20 +134,9 @@ class Filter(object): queryset = queryset.distinct() if self.object_permission: - try: - # Check to see if the user has the permissions globally - Permission.check_permissions( - user, (self.object_permission,) - ) - except PermissionDenied: - # No global permission, filter ther queryset per object + - # permission - return AccessControlList.objects.filter_by_access( - self.object_permission, user, queryset - ) - else: - # Has the permission globally, return all results - return queryset + return AccessControlList.objects.filter_by_access( + self.object_permission, user, queryset=queryset + ) else: return queryset diff --git a/mayan/apps/common/mixins.py b/mayan/apps/common/mixins.py index a4cf0a42d2..8571f18c09 100644 --- a/mayan/apps/common/mixins.py +++ b/mayan/apps/common/mixins.py @@ -93,20 +93,9 @@ class ObjectListPermissionFilterMixin(object): queryset = super(ObjectListPermissionFilterMixin, self).get_queryset() if self.object_permission: - try: - # Check to see if the user has the permissions globally - Permission.check_permissions( - self.request.user, (self.object_permission,) - ) - except PermissionDenied: - # No global permission, filter ther queryset per object + - # permission - return AccessControlList.objects.filter_by_access( - self.object_permission, self.request.user, queryset - ) - else: - # Has the permission globally, return all results - return queryset + return AccessControlList.objects.filter_by_access( + self.object_permission, self.request.user, queryset=queryset + ) else: return queryset diff --git a/mayan/apps/converter/__init__.py b/mayan/apps/converter/__init__.py index 8578c59ddb..c40a4a2e78 100644 --- a/mayan/apps/converter/__init__.py +++ b/mayan/apps/converter/__init__.py @@ -1,9 +1,9 @@ from __future__ import unicode_literals -from .classes import ( +from .classes import ( # NOQA BaseTransformation, TransformationResize, TransformationRotate, TransformationZoom -) # NOQA +) from .runtime import converter_class # NOQA default_app_config = 'converter.apps.ConverterApp' diff --git a/mayan/apps/converter/classes.py b/mayan/apps/converter/classes.py index bf151afbbd..db5d4aabee 100644 --- a/mayan/apps/converter/classes.py +++ b/mayan/apps/converter/classes.py @@ -2,7 +2,6 @@ from __future__ import unicode_literals import base64 import logging -from operator import xor import os try: diff --git a/mayan/apps/converter/tests/test_classes.py b/mayan/apps/converter/tests/test_classes.py index 6d6146e151..aece4b2733 100644 --- a/mayan/apps/converter/tests/test_classes.py +++ b/mayan/apps/converter/tests/test_classes.py @@ -78,13 +78,6 @@ class TransformationTestCase(TestCase): percent=TRANSFORMATION_ZOOM_PERCENT ) - #self.assertEqual( - # #transformation_rotate ^ transformation_resize ^ transformation_zoom, - # transformation_rotate ^ transformation_resize ^ transformation_zoom, - # #transformation_resize ^ transformation_zoom, - # TRANSFORMATION_COMBINED_CACHE_HASH - #) - self.assertEqual( BaseTransformation.combine( (transformation_rotate, transformation_resize, transformation_zoom) diff --git a/mayan/apps/document_indexing/models.py b/mayan/apps/document_indexing/models.py index e6c983813c..e3499c718a 100644 --- a/mayan/apps/document_indexing/models.py +++ b/mayan/apps/document_indexing/models.py @@ -1,6 +1,5 @@ from __future__ import absolute_import, unicode_literals -from django.core.exceptions import PermissionDenied from django.core.urlresolvers import reverse from django.db import models from django.utils.encoding import python_2_unicode_compatible @@ -12,7 +11,6 @@ from mptt.models import MPTTModel from acls.models import AccessControlList from documents.models import Document, DocumentType from documents.permissions import permission_document_view -from permissions import Permission from .managers import ( DocumentIndexInstanceNodeManager, IndexManager, IndexInstanceNodeManager @@ -177,14 +175,9 @@ class IndexInstanceNode(MPTTModel): def get_item_count(self, user): if self.index_template_node.link_documents: - queryset = self.documents - - try: - Permission.check_permissions(user, (permission_document_view,)) - except PermissionDenied: - queryset = AccessControlList.objects.filter_by_access( - permission_document_view, user, queryset - ) + queryset = AccessControlList.objects.filter_by_access( + permission_document_view, user, queryset=self.documents + ) return queryset.count() else: diff --git a/mayan/apps/document_indexing/views.py b/mayan/apps/document_indexing/views.py index 92e704289b..44b932285d 100644 --- a/mayan/apps/document_indexing/views.py +++ b/mayan/apps/document_indexing/views.py @@ -86,18 +86,10 @@ class SetupIndexDocumentTypesView(AssignRemoveView): self.get_object().document_types.add(item) def get_document_queryset(self): - queryset = DocumentType.objects.all() - - try: - Permission.check_permissions( - self.request.user, (permission_document_view,) - ) - except PermissionDenied: - queryset = AccessControlList.objects.filter_by_access( - permission_document_view, self.request.user, queryset - ) - - return queryset + return AccessControlList.objects.filter_by_access( + permission_document_view, self.request.user, + queryset=DocumentType.objects.all() + ) def get_extra_context(self): return { diff --git a/mayan/apps/document_signatures/forms.py b/mayan/apps/document_signatures/forms.py index 15c8f46663..d5347bf20f 100644 --- a/mayan/apps/document_signatures/forms.py +++ b/mayan/apps/document_signatures/forms.py @@ -3,11 +3,9 @@ from __future__ import absolute_import, unicode_literals import logging from django import forms -from django.core.exceptions import PermissionDenied from django.utils.translation import ugettext_lazy as _ from acls.models import AccessControlList -from permissions import Permission from common.forms import DetailForm from django_gpg.models import Key @@ -35,14 +33,9 @@ class DocumentVersionSignatureCreateForm(forms.Form): DocumentVersionSignatureCreateForm, self ).__init__(*args, **kwargs) - queryset = Key.objects.private_keys() - - try: - Permission.check_permissions(user, (permission_key_sign,)) - except PermissionDenied: - queryset = AccessControlList.objects.filter_by_access( - permission_key_sign, user, queryset - ) + queryset = AccessControlList.objects.filter_by_access( + permission_key_sign, user, queryset=Key.objects.private_keys() + ) self.fields['key'].queryset = queryset diff --git a/mayan/apps/documents/apps.py b/mayan/apps/documents/apps.py index 64c18a5beb..ee975aa16a 100644 --- a/mayan/apps/documents/apps.py +++ b/mayan/apps/documents/apps.py @@ -154,8 +154,9 @@ class DocumentsApp(MayanAppConfig): func=lambda context: document_html_widget( document_page=context['object'].latest_version.pages.first(), click_view='rest_api:documentpage-image', - click_view_arguments_lazy=lambda: (context['object'].latest_version.pages.first().pk,), - click_view_querydict={'size': setting_display_size.value}, + click_view_arguments_lazy=lambda: ( + context['object'].latest_version.pages.first().pk, + ), click_view_querydict={'size': setting_display_size.value}, gallery_name='documents:document_list', size=setting_thumbnail_size.value, title=getattr(context['object'], 'label', None), @@ -212,8 +213,9 @@ class DocumentsApp(MayanAppConfig): func=lambda context: document_html_widget( document_page=context['object'].latest_version.pages.first(), click_view='rest_api:documentpage-image', - click_view_arguments_lazy=lambda: (context['object'].latest_version.pages.first().pk,), - click_view_querydict={'size': setting_display_size.value}, + click_view_arguments_lazy=lambda: ( + context['object'].latest_version.pages.first().pk, + ), click_view_querydict={'size': setting_display_size.value}, gallery_name='documents:delete_document_list', size=setting_thumbnail_size.value, title=getattr(context['object'], 'label', None), diff --git a/mayan/apps/documents/forms.py b/mayan/apps/documents/forms.py index 4ee5f4abd8..57a95478e5 100644 --- a/mayan/apps/documents/forms.py +++ b/mayan/apps/documents/forms.py @@ -4,13 +4,11 @@ import logging from operator import itemgetter from django import forms -from django.core.exceptions import PermissionDenied from django.template.defaultfilters import filesizeformat from django.utils.translation import ugettext_lazy as _ from acls.models import AccessControlList from common.forms import DetailForm, ModelForm -from permissions import Permission from .models import ( Document, DocumentType, DocumentPage, DocumentTypeFilename @@ -162,13 +160,10 @@ class DocumentTypeSelectForm(forms.Form): logger.debug('user: %s', user) super(DocumentTypeSelectForm, self).__init__(*args, **kwargs) - queryset = DocumentType.objects.all() - try: - Permission.check_permissions(user, (permission_document_create,)) - except PermissionDenied: - queryset = AccessControlList.objects.filter_by_access( - permission_document_create, user, queryset - ) + queryset = AccessControlList.objects.filter_by_access( + permission_document_create, user, + queryset=DocumentType.objects.all() + ) self.fields['document_type'] = forms.ModelChoiceField( empty_label=None, label=_('Document type'), queryset=queryset, diff --git a/mayan/apps/documents/models.py b/mayan/apps/documents/models.py index a8e89701b9..06f3afb64b 100644 --- a/mayan/apps/documents/models.py +++ b/mayan/apps/documents/models.py @@ -5,7 +5,6 @@ import logging import uuid from django.conf import settings -from django.core.exceptions import PermissionDenied from django.core.files import File from django.core.urlresolvers import reverse from django.db import models, transaction @@ -23,7 +22,6 @@ from converter.exceptions import InvalidOfficeFormat, PageCountError from converter.literals import DEFAULT_ZOOM_LEVEL, DEFAULT_ROTATION from converter.models import Transformation from mimetype.api import get_mimetype -from permissions import Permission from .events import ( event_document_create, event_document_new_version, @@ -113,14 +111,9 @@ class DocumentType(models.Model): return DeletedDocument.objects.filter(document_type=self) def get_document_count(self, user): - queryset = self.documents - - try: - Permission.check_permissions(user, (permission_document_view,)) - except PermissionDenied: - queryset = AccessControlList.objects.filter_by_access( - permission_document_view, user, queryset - ) + queryset = AccessControlList.objects.filter_by_access( + permission_document_view, user, queryset=self.documents + ) return queryset.count() diff --git a/mayan/apps/documents/views.py b/mayan/apps/documents/views.py index 3508ed1ddd..4655f1bdce 100644 --- a/mayan/apps/documents/views.py +++ b/mayan/apps/documents/views.py @@ -95,19 +95,9 @@ class DeletedDocumentListView(DocumentListView): } def get_document_queryset(self): - queryset = Document.trash.all() - - try: - Permission.check_permissions( - self.request.user, (permission_document_view,) - ) - except PermissionDenied: - queryset = AccessControlList.objects.filter_by_access( - permission_document_view, self.request.user, queryset - ) - - return DeletedDocument.objects.filter( - pk__in=queryset.values_list('pk', flat=True) + return AccessControlList.objects.filter_by_access( + permission_document_view, self.request.user, + queryset=DeletedDocument.trash.all() ) @@ -663,14 +653,9 @@ def document_document_type_edit(request, document_id=None, document_id_list=None elif document_id_list: queryset = Document.objects.filter(pk__in=document_id_list) - try: - Permission.check_permissions( - request.user, (permission_document_properties_edit,) - ) - except PermissionDenied: - queryset = AccessControlList.objects.filter_by_access( - permission_document_properties_edit, request.user, queryset - ) + queryset = AccessControlList.objects.filter_by_access( + permission_document_properties_edit, request.user, queryset=queryset + ) if not queryset: if document_id: @@ -806,18 +791,10 @@ class DocumentDownloadFormView(FormView): return self.post_action_redirect def get_queryset(self): - queryset = self.get_document_queryset() - - try: - Permission.check_permissions( - self.request.user, (permission_document_download,) - ) - except PermissionDenied: - return AccessControlList.objects.filter_by_access( - permission_document_download, self.request.user, queryset - ) - else: - return queryset + return AccessControlList.objects.filter_by_access( + permission_document_download, self.request.user, + queryset=self.get_document_queryset() + ) class DocumentDownloadView(SingleObjectDownloadView): @@ -863,16 +840,9 @@ class DocumentDownloadView(SingleObjectDownloadView): queryset = self.model.objects.filter(pk__in=id_list.split(',')) - try: - Permission.check_permissions( - self.request.user, (permission_document_download,) - ) - except PermissionDenied: - return AccessControlList.objects.filter_by_access( - permission_document_download, self.request.user, queryset - ) - else: - return queryset + return AccessControlList.objects.filter_by_access( + permission_document_download, self.request.user, queryset + ) def get_file(self): queryset = self.get_document_queryset() @@ -949,14 +919,9 @@ def document_update_page_count(request, document_id=None, document_id_list=None) messages.error(request, _('At least one document must be selected.')) return HttpResponseRedirect(request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL))) - try: - Permission.check_permissions( - request.user, (permission_document_tools,) - ) - except PermissionDenied: - documents = AccessControlList.objects.filter_by_access( - permission_document_tools, request.user, documents - ) + documents = AccessControlList.objects.filter_by_access( + permission_document_tools, request.user, queryset=documents + ) previous = request.POST.get('previous', request.GET.get('previous', request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL)))) @@ -1018,14 +983,9 @@ def document_clear_transformations(request, document_id=None, document_id_list=N ) ) - try: - Permission.check_permissions( - request.user, (permission_transformation_delete,) - ) - except PermissionDenied: - documents = AccessControlList.objects.filter_by_access( - permission_transformation_delete, request.user, documents - ) + documents = AccessControlList.objects.filter_by_access( + permission_transformation_delete, request.user, queryset=documents + ) previous = request.POST.get('previous', request.GET.get('previous', request.META.get('HTTP_REFERER', post_redirect or reverse('documents:document_list')))) next = request.POST.get('next', request.GET.get('next', request.META.get('HTTP_REFERER', post_redirect or reverse('documents:document_list')))) diff --git a/mayan/apps/dynamic_search/classes.py b/mayan/apps/dynamic_search/classes.py index aa3b03b122..ea4635a103 100644 --- a/mayan/apps/dynamic_search/classes.py +++ b/mayan/apps/dynamic_search/classes.py @@ -5,12 +5,10 @@ import logging import re from django.apps import apps -from django.core.exceptions import PermissionDenied from django.db.models import Q from django.utils.module_loading import import_string from django.utils.translation import ugettext as _ -from permissions import Permission from .settings import setting_limit @@ -229,12 +227,9 @@ class SearchModel(object): ) if self.permission: - try: - Permission.check_permissions(user, [self.permission]) - except PermissionDenied: - queryset = AccessControlList.objects.filter_by_access( - self.permission, user, queryset - ) + queryset = AccessControlList.objects.filter_by_access( + self.permission, user, queryset + ) return queryset, result_set, elapsed_time diff --git a/mayan/apps/folders/api_views.py b/mayan/apps/folders/api_views.py index 730194b621..04b336cf3d 100644 --- a/mayan/apps/folders/api_views.py +++ b/mayan/apps/folders/api_views.py @@ -147,18 +147,10 @@ class APIFolderDocumentListView(generics.ListCreateAPIView): def get_queryset(self): folder = self.get_folder() - documents = folder.documents.all() - - try: - Permission.check_permissions( - self.request.user, (permission_document_view,) - ) - except PermissionDenied: - documents = AccessControlList.objects.filter_by_access( - permission_document_view, self.request.user, documents - ) - - return documents + return AccessControlList.objects.filter_by_access( + permission_document_view, self.request.user, + queryset=folder.documents.all() + ) def perform_create(self, serializer): serializer.save(folder=self.get_folder()) diff --git a/mayan/apps/folders/forms.py b/mayan/apps/folders/forms.py index e0a4b991c7..cb20818141 100644 --- a/mayan/apps/folders/forms.py +++ b/mayan/apps/folders/forms.py @@ -3,11 +3,9 @@ from __future__ import absolute_import, unicode_literals import logging from django import forms -from django.core.exceptions import PermissionDenied from django.utils.translation import ugettext_lazy as _ from acls.models import AccessControlList -from permissions import Permission from .models import Folder from .permissions import permission_folder_view @@ -21,15 +19,10 @@ class FolderListForm(forms.Form): logger.debug('user: %s', user) super(FolderListForm, self).__init__(*args, **kwargs) - queryset = Folder.objects.all() - try: - Permission.check_permissions(user, (permission_folder_view,)) - except PermissionDenied: - queryset = AccessControlList.objects.filter_by_access( - permission_folder_view, user, queryset - ) + queryset = AccessControlList.objects.filter_by_access( + permission_folder_view, user, queryset=Folder.objects.all() + ) self.fields['folder'] = forms.ModelChoiceField( - queryset=queryset, - label=_('Folder') + queryset=queryset, label=_('Folder') ) diff --git a/mayan/apps/folders/models.py b/mayan/apps/folders/models.py index b6e97d87a4..067ca1ff73 100644 --- a/mayan/apps/folders/models.py +++ b/mayan/apps/folders/models.py @@ -1,6 +1,5 @@ from __future__ import absolute_import, unicode_literals -from django.core.exceptions import PermissionDenied from django.core.urlresolvers import reverse from django.db import models from django.utils.encoding import python_2_unicode_compatible @@ -9,7 +8,6 @@ from django.utils.translation import ugettext_lazy as _ from acls.models import AccessControlList from documents.models import Document from documents.permissions import permission_document_view -from permissions import Permission from .managers import FolderManager @@ -45,14 +43,9 @@ class Folder(models.Model): verbose_name_plural = _('Folders') def get_document_count(self, user): - queryset = self.documents - - try: - Permission.check_permissions(user, (permission_document_view,)) - except PermissionDenied: - queryset = AccessControlList.objects.filter_by_access( - permission_document_view, user, queryset - ) + queryset = AccessControlList.objects.filter_by_access( + permission_document_view, user, queryset=self.documents + ) return queryset.count() diff --git a/mayan/apps/folders/views.py b/mayan/apps/folders/views.py index ffde47a614..7d7c2f7c3e 100644 --- a/mayan/apps/folders/views.py +++ b/mayan/apps/folders/views.py @@ -145,14 +145,9 @@ def folder_add_document(request, document_id=None, document_id_list=None): ) ) - try: - Permission.check_permissions( - request.user, (permission_folder_add_document,) - ) - except PermissionDenied: - queryset = AccessControlList.objects.filter_by_access( - permission_folder_add_document, request.user, queryset - ) + queryset = AccessControlList.objects.filter_by_access( + permission_folder_add_document, request.user, queryset=queryset + ) post_action_redirect = None if document_id: @@ -227,14 +222,9 @@ def folder_document_remove(request, folder_id, document_id=None, document_id_lis messages.error(request, _('Must provide at least one folder document.')) return HttpResponseRedirect(request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL))) - try: - Permission.check_permissions( - request.user, (permission_folder_remove_document,) - ) - except PermissionDenied: - queryset = AccessControlList.objects.filter_by_access( - permission_folder_remove_document, request.user, queryset - ) + queryset = AccessControlList.objects.filter_by_access( + permission_folder_remove_document, request.user, queryset=queryset + ) previous = request.POST.get('previous', request.GET.get('previous', request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL)))) next = request.POST.get('next', request.GET.get('next', post_action_redirect if post_action_redirect else request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL)))) diff --git a/mayan/apps/mailer/views.py b/mayan/apps/mailer/views.py index e3965003bd..e26002d730 100644 --- a/mayan/apps/mailer/views.py +++ b/mayan/apps/mailer/views.py @@ -3,7 +3,6 @@ from __future__ import absolute_import, unicode_literals from django.conf import settings from django.contrib import messages from django.contrib.sites.models import Site -from django.core.exceptions import PermissionDenied from django.core.urlresolvers import reverse from django.http import HttpResponseRedirect from django.shortcuts import render_to_response @@ -14,7 +13,6 @@ from django.utils.translation import ugettext_lazy as _ from acls.models import AccessControlList from common.generics import SingleObjectListView from documents.models import Document -from permissions import Permission from .forms import DocumentMailForm from .models import LogEntry @@ -45,12 +43,9 @@ def send_document_link(request, document_id=None, document_id_list=None, as_atta else: permission = permission_mailing_link - try: - Permission.check_permissions(request.user, (permission,)) - except PermissionDenied: - documents = AccessControlList.objects.filter_by_access( - permission, request.user, documents - ) + documents = AccessControlList.objects.filter_by_access( + permission, request.user, queryset=documents + ) if not documents: messages.error(request, _('Must provide at least one document.')) diff --git a/mayan/apps/metadata/views.py b/mayan/apps/metadata/views.py index 62631129b0..e367823037 100644 --- a/mayan/apps/metadata/views.py +++ b/mayan/apps/metadata/views.py @@ -42,14 +42,9 @@ def metadata_edit(request, document_id=None, document_id_list=None): elif document_id_list: documents = Document.objects.filter(pk__in=document_id_list) - try: - Permission.check_permissions( - request.user, (permission_metadata_document_edit,) - ) - except PermissionDenied: - documents = AccessControlList.objects.filter_by_access( - permission_metadata_document_edit, request.user, documents - ) + documents = AccessControlList.objects.filter_by_access( + permission_metadata_document_edit, request.user, queryset=documents + ) if not documents: if document_id: @@ -201,14 +196,9 @@ def metadata_add(request, document_id=None, document_id_list=None): ) ) - try: - Permission.check_permissions( - request.user, (permission_metadata_document_add,) - ) - except PermissionDenied: - documents = AccessControlList.objects.filter_by_access( - permission_metadata_document_add, request.user, documents - ) + documents = AccessControlList.objects.filter_by_access( + permission_metadata_document_add, request.user, queryset=documents + ) if not documents: if document_id: @@ -337,14 +327,9 @@ def metadata_remove(request, document_id=None, document_id_list=None): elif document_id_list: documents = Document.objects.filter(pk__in=document_id_list) - try: - Permission.check_permissions( - request.user, (permission_metadata_document_remove,) - ) - except PermissionDenied: - documents = AccessControlList.objects.filter_by_access( - permission_metadata_document_remove, request.user, documents - ) + documents = AccessControlList.objects.filter_by_access( + permission_metadata_document_remove, request.user, queryset=documents + ) if not documents: if document_id: diff --git a/mayan/apps/navigation/classes.py b/mayan/apps/navigation/classes.py index 2d45129369..ca141efd2b 100644 --- a/mayan/apps/navigation/classes.py +++ b/mayan/apps/navigation/classes.py @@ -358,9 +358,11 @@ class SourceColumn(object): return cls._registry[source] except KeyError: try: + # Try it as a queryset return cls._registry[source.model] except AttributeError: try: + # It seems to be an instance, try its class return cls._registry[source.__class__] except KeyError: try: diff --git a/mayan/apps/navigation/templatetags/navigation_tags.py b/mayan/apps/navigation/templatetags/navigation_tags.py index b77995b390..6d0a2a60f7 100644 --- a/mayan/apps/navigation/templatetags/navigation_tags.py +++ b/mayan/apps/navigation/templatetags/navigation_tags.py @@ -48,7 +48,7 @@ def get_source_columns(source): # Is iterable? source = source[0] except TypeError: - # It is not + # It is not an iterable pass except IndexError: # It a list and it's empty diff --git a/mayan/apps/rest_api/filters.py b/mayan/apps/rest_api/filters.py index e390fb8bb5..845622fdb5 100644 --- a/mayan/apps/rest_api/filters.py +++ b/mayan/apps/rest_api/filters.py @@ -1,27 +1,22 @@ from __future__ import absolute_import, unicode_literals -from django.core.exceptions import PermissionDenied - from rest_framework.filters import BaseFilterBackend from acls.models import AccessControlList -from permissions import Permission class MayanObjectPermissionsFilter(BaseFilterBackend): def filter_queryset(self, request, queryset, view): - required_permission = getattr( + # TODO: fix variable name to make it clear it should be a single + # permission + + required_permissions = getattr( view, 'mayan_object_permissions', {} ).get(request.method, None) - if required_permission: - try: - Permission.check_permissions(request.user, required_permission) - except PermissionDenied: - return AccessControlList.objects.filter_by_access( - required_permission[0], request.user, queryset - ) - else: - return queryset + if required_permissions: + return AccessControlList.objects.filter_by_access( + required_permissions[0], request.user, queryset=queryset + ) else: return queryset diff --git a/mayan/apps/tags/forms.py b/mayan/apps/tags/forms.py index b71631c11d..61e83aa800 100644 --- a/mayan/apps/tags/forms.py +++ b/mayan/apps/tags/forms.py @@ -3,11 +3,9 @@ from __future__ import absolute_import, unicode_literals import logging from django import forms -from django.core.exceptions import PermissionDenied from django.utils.translation import ugettext_lazy as _ from acls.models import AccessControlList -from permissions import Permission from .models import Tag from .permissions import permission_tag_view @@ -21,17 +19,13 @@ class TagListForm(forms.Form): logger.debug('user: %s', user) super(TagListForm, self).__init__(*args, **kwargs) - queryset = Tag.objects.all() - try: - Permission.check_permissions(user, (permission_tag_view,)) - except PermissionDenied: - queryset = AccessControlList.objects.filter_by_access( - permission_tag_view, user, queryset - ) + queryset = AccessControlList.objects.filter_by_access( + permission_tag_view, user, queryset=Tag.objects.all() + ) self.fields['tag'] = forms.ModelChoiceField( - queryset=queryset, - label=_('Tags')) + queryset=queryset, label=_('Tags') + ) class TagMultipleSelectionForm(forms.Form): @@ -40,13 +34,9 @@ class TagMultipleSelectionForm(forms.Form): logger.debug('user: %s', user) super(TagMultipleSelectionForm, self).__init__(*args, **kwargs) - queryset = Tag.objects.all() - try: - Permission.check_permissions(user, (permission_tag_view,)) - except PermissionDenied: - queryset = AccessControlList.objects.filter_by_access( - permission_tag_view, user, queryset - ) + queryset = AccessControlList.objects.filter_by_access( + permission_tag_view, user, queryset=Tag.objects.all() + ) self.fields['tags'] = forms.MultipleChoiceField( label=_('Tags'), choices=queryset.values_list('id', 'label'), diff --git a/mayan/apps/tags/models.py b/mayan/apps/tags/models.py index 941654ffca..09dc170d98 100644 --- a/mayan/apps/tags/models.py +++ b/mayan/apps/tags/models.py @@ -2,7 +2,6 @@ from __future__ import absolute_import, unicode_literals from django.core.urlresolvers import reverse from django.db import models -from django.core.exceptions import PermissionDenied from django.utils.encoding import python_2_unicode_compatible from django.utils.translation import ugettext_lazy as _ @@ -11,7 +10,6 @@ from colorful.fields import RGBColorField from acls.models import AccessControlList from documents.models import Document from documents.permissions import permission_document_view -from permissions import Permission @python_2_unicode_compatible @@ -35,14 +33,9 @@ class Tag(models.Model): verbose_name_plural = _('Tags') def get_document_count(self, user): - queryset = self.documents - - try: - Permission.check_permissions(user, (permission_document_view,)) - except PermissionDenied: - queryset = AccessControlList.objects.filter_by_access( - permission_document_view, user, queryset - ) + queryset = AccessControlList.objects.filter_by_access( + permission_document_view, user, queryset=self.documents + ) return queryset.count() diff --git a/mayan/apps/tags/views.py b/mayan/apps/tags/views.py index 32e8234830..592ecaa28a 100644 --- a/mayan/apps/tags/views.py +++ b/mayan/apps/tags/views.py @@ -45,12 +45,9 @@ def tag_attach(request, document_id=None, document_id_list=None): elif document_id_list: queryset = Document.objects.filter(pk__in=document_id_list) - try: - Permission.check_permissions(request.user, (permission_tag_attach,)) - except PermissionDenied: - queryset = AccessControlList.objects.filter_by_access( - permission_tag_attach, request.user, queryset - ) + queryset = AccessControlList.objects.filter_by_access( + permission_tag_attach, request.user, queryset=queryset + ) if not queryset: if document_id: @@ -164,12 +161,9 @@ def tag_delete(request, tag_id=None, tag_id_list=None): ) ) - try: - Permission.check_permissions(request.user, (permission_tag_delete,)) - except PermissionDenied: - queryset = AccessControlList.objects.filter_by_access( - permission_tag_delete, request.user, queryset - ) + queryset = AccessControlList.objects.filter_by_access( + permission_tag_delete, request.user, queryset=queryset + ) previous = request.POST.get('previous', request.GET.get('previous', request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL)))) next = request.POST.get('next', request.GET.get('next', post_action_redirect if post_action_redirect else request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL)))) @@ -291,12 +285,9 @@ def tag_remove(request, document_id=None, document_id_list=None, tag_id=None, ta ) ) - try: - Permission.check_permissions(request.user, (permission_tag_remove,)) - except PermissionDenied: - documents = AccessControlList.objects.filter_by_access( - permission_tag_remove, request.user, documents - ) + documents = AccessControlList.objects.filter_by_access( + permission_tag_remove, request.user, documents + ) post_action_redirect = None diff --git a/mayan/apps/tags/widgets.py b/mayan/apps/tags/widgets.py index ec1cf31ff4..aa6595a71d 100644 --- a/mayan/apps/tags/widgets.py +++ b/mayan/apps/tags/widgets.py @@ -1,12 +1,9 @@ from __future__ import absolute_import, unicode_literals from django.apps import apps -from django.core.exceptions import PermissionDenied from django.utils.html import escape from django.utils.safestring import mark_safe -from permissions import Permission - from .permissions import permission_tag_view @@ -20,14 +17,9 @@ def widget_document_tags(document, user): tags_template = [] - tags = document.attached_tags().all() - - try: - Permission.check_permissions(user, (permission_tag_view,)) - except PermissionDenied: - tags = AccessControlList.objects.filter_by_access( - permission_tag_view, user, tags - ) + tags = AccessControlList.objects.filter_by_access( + permission_tag_view, user, queryset=document.attached_tags().all() + ) for tag in tags: tags_template.append(widget_single_tag(tag))