Simplify filter_by_access boilerplate code
This commit is contained in:
Roberto Rosario
@@ -9,6 +9,7 @@ from django.db.models import Q
|
|||||||
from django.utils.translation import ugettext
|
from django.utils.translation import ugettext
|
||||||
|
|
||||||
from common.utils import return_attrib
|
from common.utils import return_attrib
|
||||||
|
from permissions import Permission
|
||||||
from permissions.models import StoredPermission
|
from permissions.models import StoredPermission
|
||||||
|
|
||||||
from .classes import ModelPermission
|
from .classes import ModelPermission
|
||||||
@@ -88,41 +89,52 @@ class AccessControlListManager(models.Manager):
|
|||||||
if user.is_superuser or user.is_staff:
|
if user.is_superuser or user.is_staff:
|
||||||
return queryset
|
return queryset
|
||||||
|
|
||||||
user_roles = []
|
|
||||||
for group in user.groups.all():
|
|
||||||
for role in group.roles.all():
|
|
||||||
user_roles.append(role)
|
|
||||||
|
|
||||||
try:
|
try:
|
||||||
parent_accessor = ModelPermission.get_inheritance(queryset.model)
|
Permission.check_permissions(
|
||||||
except KeyError:
|
requester=user, permissions=(permission,)
|
||||||
parent_acl_query = Q()
|
)
|
||||||
else:
|
except PermissionDenied:
|
||||||
instance = queryset.first()
|
user_roles = []
|
||||||
if instance:
|
for group in user.groups.all():
|
||||||
parent_object = getattr(instance, parent_accessor)
|
for role in group.roles.all():
|
||||||
parent_content_type = ContentType.objects.get_for_model(
|
user_roles.append(role)
|
||||||
parent_object
|
|
||||||
|
try:
|
||||||
|
parent_accessor = ModelPermission.get_inheritance(
|
||||||
|
model=queryset.model
|
||||||
)
|
)
|
||||||
parent_queryset = self.filter(
|
except KeyError:
|
||||||
content_type=parent_content_type, role__in=user_roles,
|
|
||||||
permissions=permission.stored_permission
|
|
||||||
)
|
|
||||||
parent_acl_query = Q(
|
|
||||||
**{
|
|
||||||
'{}__pk__in'.format(
|
|
||||||
parent_accessor
|
|
||||||
): parent_queryset.values_list('object_id', flat=True)
|
|
||||||
}
|
|
||||||
)
|
|
||||||
else:
|
|
||||||
parent_acl_query = Q()
|
parent_acl_query = Q()
|
||||||
|
else:
|
||||||
|
instance = queryset.first()
|
||||||
|
if instance:
|
||||||
|
parent_object = getattr(instance, parent_accessor)
|
||||||
|
parent_content_type = ContentType.objects.get_for_model(
|
||||||
|
parent_object
|
||||||
|
)
|
||||||
|
parent_queryset = self.filter(
|
||||||
|
content_type=parent_content_type, role__in=user_roles,
|
||||||
|
permissions=permission.stored_permission
|
||||||
|
)
|
||||||
|
parent_acl_query = Q(
|
||||||
|
**{
|
||||||
|
'{}__pk__in'.format(
|
||||||
|
parent_accessor
|
||||||
|
): parent_queryset.values_list(
|
||||||
|
'object_id', flat=True
|
||||||
|
)
|
||||||
|
}
|
||||||
|
)
|
||||||
|
else:
|
||||||
|
parent_acl_query = Q()
|
||||||
|
|
||||||
# Directly granted access
|
# Directly granted access
|
||||||
content_type = ContentType.objects.get_for_model(queryset.model)
|
content_type = ContentType.objects.get_for_model(queryset.model)
|
||||||
acl_query = Q(pk__in=self.filter(
|
acl_query = Q(pk__in=self.filter(
|
||||||
content_type=content_type, role__in=user_roles,
|
content_type=content_type, role__in=user_roles,
|
||||||
permissions=permission.stored_permission
|
permissions=permission.stored_permission
|
||||||
).values_list('object_id', flat=True))
|
).values_list('object_id', flat=True))
|
||||||
|
|
||||||
return queryset.filter(parent_acl_query | acl_query)
|
return queryset.filter(parent_acl_query | acl_query)
|
||||||
|
else:
|
||||||
|
return queryset
|
||||||
|
|||||||
@@ -89,8 +89,6 @@ class PermissionTestCase(TestCase):
|
|||||||
self.fail('PermissionDenied exception was not expected.')
|
self.fail('PermissionDenied exception was not expected.')
|
||||||
|
|
||||||
def test_filtering_with_permissions(self):
|
def test_filtering_with_permissions(self):
|
||||||
self.role.permissions.add(permission_document_view.stored_permission)
|
|
||||||
|
|
||||||
acl = AccessControlList.objects.create(
|
acl = AccessControlList.objects.create(
|
||||||
content_object=self.document_1, role=self.role
|
content_object=self.document_1, role=self.role
|
||||||
)
|
)
|
||||||
@@ -137,8 +135,6 @@ class PermissionTestCase(TestCase):
|
|||||||
self.fail('PermissionDenied exception was not expected.')
|
self.fail('PermissionDenied exception was not expected.')
|
||||||
|
|
||||||
def test_filtering_with_inherited_permissions(self):
|
def test_filtering_with_inherited_permissions(self):
|
||||||
self.role.permissions.add(permission_document_view.stored_permission)
|
|
||||||
|
|
||||||
acl = AccessControlList.objects.create(
|
acl = AccessControlList.objects.create(
|
||||||
content_object=self.document_type_1, role=self.role
|
content_object=self.document_type_1, role=self.role
|
||||||
)
|
)
|
||||||
@@ -148,6 +144,10 @@ class PermissionTestCase(TestCase):
|
|||||||
permission=permission_document_view, user=self.user,
|
permission=permission_document_view, user=self.user,
|
||||||
queryset=Document.objects.all()
|
queryset=Document.objects.all()
|
||||||
)
|
)
|
||||||
|
|
||||||
|
# Since document_1 and document_2 are of document_type_1
|
||||||
|
# they are the only ones that should be returned
|
||||||
|
|
||||||
self.assertTrue(self.document_1 in result)
|
self.assertTrue(self.document_1 in result)
|
||||||
self.assertTrue(self.document_2 in result)
|
self.assertTrue(self.document_2 in result)
|
||||||
self.assertTrue(self.document_3 not in result)
|
self.assertTrue(self.document_3 not in result)
|
||||||
|
|||||||
@@ -31,18 +31,10 @@ class APICheckedoutDocumentListView(generics.ListCreateAPIView):
|
|||||||
return DocumentCheckoutSerializer
|
return DocumentCheckoutSerializer
|
||||||
|
|
||||||
def get_queryset(self):
|
def get_queryset(self):
|
||||||
documents = DocumentCheckout.objects.checked_out_documents()
|
filtered_documents = AccessControlList.objects.filter_by_access(
|
||||||
|
(permission_document_view,), self.request.user,
|
||||||
try:
|
queryset=DocumentCheckout.objects.checked_out_documents()
|
||||||
Permission.check_permissions(
|
)
|
||||||
self.request.user, (permission_document_view,)
|
|
||||||
)
|
|
||||||
except PermissionDenied:
|
|
||||||
filtered_documents = AccessControlList.objects.filter_by_access(
|
|
||||||
(permission_document_view,), self.request.user, documents
|
|
||||||
)
|
|
||||||
else:
|
|
||||||
filtered_documents = documents
|
|
||||||
|
|
||||||
return DocumentCheckout.objects.filter(
|
return DocumentCheckout.objects.filter(
|
||||||
document__pk__in=filtered_documents.values_list('pk', flat=True)
|
document__pk__in=filtered_documents.values_list('pk', flat=True)
|
||||||
@@ -104,18 +96,10 @@ class APICheckedoutDocumentView(generics.RetrieveDestroyAPIView):
|
|||||||
|
|
||||||
def get_queryset(self):
|
def get_queryset(self):
|
||||||
if self.request.method == 'GET':
|
if self.request.method == 'GET':
|
||||||
documents = DocumentCheckout.objects.checked_out_documents()
|
filtered_documents = AccessControlList.objects.filter_by_access(
|
||||||
|
(permission_document_view,), self.request.user,
|
||||||
try:
|
queryset=DocumentCheckout.objects.checked_out_documents()
|
||||||
Permission.check_permissions(
|
)
|
||||||
self.request.user, (permission_document_view,)
|
|
||||||
)
|
|
||||||
except PermissionDenied:
|
|
||||||
filtered_documents = AccessControlList.objects.filter_by_access(
|
|
||||||
(permission_document_view,), self.request.user, documents
|
|
||||||
)
|
|
||||||
else:
|
|
||||||
filtered_documents = documents
|
|
||||||
|
|
||||||
return DocumentCheckout.objects.filter(
|
return DocumentCheckout.objects.filter(
|
||||||
document__pk__in=filtered_documents.values_list(
|
document__pk__in=filtered_documents.values_list(
|
||||||
|
|||||||
@@ -1,12 +1,9 @@
|
|||||||
from __future__ import unicode_literals
|
from __future__ import unicode_literals
|
||||||
|
|
||||||
from django.apps import apps
|
from django.apps import apps
|
||||||
from django.core.exceptions import PermissionDenied
|
|
||||||
from django.db import models
|
from django.db import models
|
||||||
from django.utils.translation import ugettext
|
from django.utils.translation import ugettext
|
||||||
|
|
||||||
from permissions import Permission
|
|
||||||
|
|
||||||
|
|
||||||
class ModelAttribute(object):
|
class ModelAttribute(object):
|
||||||
__registry = {}
|
__registry = {}
|
||||||
@@ -137,20 +134,9 @@ class Filter(object):
|
|||||||
queryset = queryset.distinct()
|
queryset = queryset.distinct()
|
||||||
|
|
||||||
if self.object_permission:
|
if self.object_permission:
|
||||||
try:
|
return AccessControlList.objects.filter_by_access(
|
||||||
# Check to see if the user has the permissions globally
|
self.object_permission, user, queryset=queryset
|
||||||
Permission.check_permissions(
|
)
|
||||||
user, (self.object_permission,)
|
|
||||||
)
|
|
||||||
except PermissionDenied:
|
|
||||||
# No global permission, filter ther queryset per object +
|
|
||||||
# permission
|
|
||||||
return AccessControlList.objects.filter_by_access(
|
|
||||||
self.object_permission, user, queryset
|
|
||||||
)
|
|
||||||
else:
|
|
||||||
# Has the permission globally, return all results
|
|
||||||
return queryset
|
|
||||||
else:
|
else:
|
||||||
return queryset
|
return queryset
|
||||||
|
|
||||||
|
|||||||
@@ -93,20 +93,9 @@ class ObjectListPermissionFilterMixin(object):
|
|||||||
queryset = super(ObjectListPermissionFilterMixin, self).get_queryset()
|
queryset = super(ObjectListPermissionFilterMixin, self).get_queryset()
|
||||||
|
|
||||||
if self.object_permission:
|
if self.object_permission:
|
||||||
try:
|
return AccessControlList.objects.filter_by_access(
|
||||||
# Check to see if the user has the permissions globally
|
self.object_permission, self.request.user, queryset=queryset
|
||||||
Permission.check_permissions(
|
)
|
||||||
self.request.user, (self.object_permission,)
|
|
||||||
)
|
|
||||||
except PermissionDenied:
|
|
||||||
# No global permission, filter ther queryset per object +
|
|
||||||
# permission
|
|
||||||
return AccessControlList.objects.filter_by_access(
|
|
||||||
self.object_permission, self.request.user, queryset
|
|
||||||
)
|
|
||||||
else:
|
|
||||||
# Has the permission globally, return all results
|
|
||||||
return queryset
|
|
||||||
else:
|
else:
|
||||||
return queryset
|
return queryset
|
||||||
|
|
||||||
|
|||||||
@@ -1,9 +1,9 @@
|
|||||||
from __future__ import unicode_literals
|
from __future__ import unicode_literals
|
||||||
|
|
||||||
from .classes import (
|
from .classes import ( # NOQA
|
||||||
BaseTransformation, TransformationResize, TransformationRotate,
|
BaseTransformation, TransformationResize, TransformationRotate,
|
||||||
TransformationZoom
|
TransformationZoom
|
||||||
) # NOQA
|
)
|
||||||
from .runtime import converter_class # NOQA
|
from .runtime import converter_class # NOQA
|
||||||
|
|
||||||
default_app_config = 'converter.apps.ConverterApp'
|
default_app_config = 'converter.apps.ConverterApp'
|
||||||
|
|||||||
@@ -2,7 +2,6 @@ from __future__ import unicode_literals
|
|||||||
|
|
||||||
import base64
|
import base64
|
||||||
import logging
|
import logging
|
||||||
from operator import xor
|
|
||||||
import os
|
import os
|
||||||
|
|
||||||
try:
|
try:
|
||||||
|
|||||||
@@ -78,13 +78,6 @@ class TransformationTestCase(TestCase):
|
|||||||
percent=TRANSFORMATION_ZOOM_PERCENT
|
percent=TRANSFORMATION_ZOOM_PERCENT
|
||||||
)
|
)
|
||||||
|
|
||||||
#self.assertEqual(
|
|
||||||
# #transformation_rotate ^ transformation_resize ^ transformation_zoom,
|
|
||||||
# transformation_rotate ^ transformation_resize ^ transformation_zoom,
|
|
||||||
# #transformation_resize ^ transformation_zoom,
|
|
||||||
# TRANSFORMATION_COMBINED_CACHE_HASH
|
|
||||||
#)
|
|
||||||
|
|
||||||
self.assertEqual(
|
self.assertEqual(
|
||||||
BaseTransformation.combine(
|
BaseTransformation.combine(
|
||||||
(transformation_rotate, transformation_resize, transformation_zoom)
|
(transformation_rotate, transformation_resize, transformation_zoom)
|
||||||
|
|||||||
@@ -1,6 +1,5 @@
|
|||||||
from __future__ import absolute_import, unicode_literals
|
from __future__ import absolute_import, unicode_literals
|
||||||
|
|
||||||
from django.core.exceptions import PermissionDenied
|
|
||||||
from django.core.urlresolvers import reverse
|
from django.core.urlresolvers import reverse
|
||||||
from django.db import models
|
from django.db import models
|
||||||
from django.utils.encoding import python_2_unicode_compatible
|
from django.utils.encoding import python_2_unicode_compatible
|
||||||
@@ -12,7 +11,6 @@ from mptt.models import MPTTModel
|
|||||||
from acls.models import AccessControlList
|
from acls.models import AccessControlList
|
||||||
from documents.models import Document, DocumentType
|
from documents.models import Document, DocumentType
|
||||||
from documents.permissions import permission_document_view
|
from documents.permissions import permission_document_view
|
||||||
from permissions import Permission
|
|
||||||
|
|
||||||
from .managers import (
|
from .managers import (
|
||||||
DocumentIndexInstanceNodeManager, IndexManager, IndexInstanceNodeManager
|
DocumentIndexInstanceNodeManager, IndexManager, IndexInstanceNodeManager
|
||||||
@@ -177,14 +175,9 @@ class IndexInstanceNode(MPTTModel):
|
|||||||
|
|
||||||
def get_item_count(self, user):
|
def get_item_count(self, user):
|
||||||
if self.index_template_node.link_documents:
|
if self.index_template_node.link_documents:
|
||||||
queryset = self.documents
|
queryset = AccessControlList.objects.filter_by_access(
|
||||||
|
permission_document_view, user, queryset=self.documents
|
||||||
try:
|
)
|
||||||
Permission.check_permissions(user, (permission_document_view,))
|
|
||||||
except PermissionDenied:
|
|
||||||
queryset = AccessControlList.objects.filter_by_access(
|
|
||||||
permission_document_view, user, queryset
|
|
||||||
)
|
|
||||||
|
|
||||||
return queryset.count()
|
return queryset.count()
|
||||||
else:
|
else:
|
||||||
|
|||||||
@@ -86,18 +86,10 @@ class SetupIndexDocumentTypesView(AssignRemoveView):
|
|||||||
self.get_object().document_types.add(item)
|
self.get_object().document_types.add(item)
|
||||||
|
|
||||||
def get_document_queryset(self):
|
def get_document_queryset(self):
|
||||||
queryset = DocumentType.objects.all()
|
return AccessControlList.objects.filter_by_access(
|
||||||
|
permission_document_view, self.request.user,
|
||||||
try:
|
queryset=DocumentType.objects.all()
|
||||||
Permission.check_permissions(
|
)
|
||||||
self.request.user, (permission_document_view,)
|
|
||||||
)
|
|
||||||
except PermissionDenied:
|
|
||||||
queryset = AccessControlList.objects.filter_by_access(
|
|
||||||
permission_document_view, self.request.user, queryset
|
|
||||||
)
|
|
||||||
|
|
||||||
return queryset
|
|
||||||
|
|
||||||
def get_extra_context(self):
|
def get_extra_context(self):
|
||||||
return {
|
return {
|
||||||
|
|||||||
@@ -3,11 +3,9 @@ from __future__ import absolute_import, unicode_literals
|
|||||||
import logging
|
import logging
|
||||||
|
|
||||||
from django import forms
|
from django import forms
|
||||||
from django.core.exceptions import PermissionDenied
|
|
||||||
from django.utils.translation import ugettext_lazy as _
|
from django.utils.translation import ugettext_lazy as _
|
||||||
|
|
||||||
from acls.models import AccessControlList
|
from acls.models import AccessControlList
|
||||||
from permissions import Permission
|
|
||||||
|
|
||||||
from common.forms import DetailForm
|
from common.forms import DetailForm
|
||||||
from django_gpg.models import Key
|
from django_gpg.models import Key
|
||||||
@@ -35,14 +33,9 @@ class DocumentVersionSignatureCreateForm(forms.Form):
|
|||||||
DocumentVersionSignatureCreateForm, self
|
DocumentVersionSignatureCreateForm, self
|
||||||
).__init__(*args, **kwargs)
|
).__init__(*args, **kwargs)
|
||||||
|
|
||||||
queryset = Key.objects.private_keys()
|
queryset = AccessControlList.objects.filter_by_access(
|
||||||
|
permission_key_sign, user, queryset=Key.objects.private_keys()
|
||||||
try:
|
)
|
||||||
Permission.check_permissions(user, (permission_key_sign,))
|
|
||||||
except PermissionDenied:
|
|
||||||
queryset = AccessControlList.objects.filter_by_access(
|
|
||||||
permission_key_sign, user, queryset
|
|
||||||
)
|
|
||||||
|
|
||||||
self.fields['key'].queryset = queryset
|
self.fields['key'].queryset = queryset
|
||||||
|
|
||||||
|
|||||||
@@ -154,8 +154,9 @@ class DocumentsApp(MayanAppConfig):
|
|||||||
func=lambda context: document_html_widget(
|
func=lambda context: document_html_widget(
|
||||||
document_page=context['object'].latest_version.pages.first(),
|
document_page=context['object'].latest_version.pages.first(),
|
||||||
click_view='rest_api:documentpage-image',
|
click_view='rest_api:documentpage-image',
|
||||||
click_view_arguments_lazy=lambda: (context['object'].latest_version.pages.first().pk,),
|
click_view_arguments_lazy=lambda: (
|
||||||
click_view_querydict={'size': setting_display_size.value},
|
context['object'].latest_version.pages.first().pk,
|
||||||
|
), click_view_querydict={'size': setting_display_size.value},
|
||||||
gallery_name='documents:document_list',
|
gallery_name='documents:document_list',
|
||||||
size=setting_thumbnail_size.value,
|
size=setting_thumbnail_size.value,
|
||||||
title=getattr(context['object'], 'label', None),
|
title=getattr(context['object'], 'label', None),
|
||||||
@@ -212,8 +213,9 @@ class DocumentsApp(MayanAppConfig):
|
|||||||
func=lambda context: document_html_widget(
|
func=lambda context: document_html_widget(
|
||||||
document_page=context['object'].latest_version.pages.first(),
|
document_page=context['object'].latest_version.pages.first(),
|
||||||
click_view='rest_api:documentpage-image',
|
click_view='rest_api:documentpage-image',
|
||||||
click_view_arguments_lazy=lambda: (context['object'].latest_version.pages.first().pk,),
|
click_view_arguments_lazy=lambda: (
|
||||||
click_view_querydict={'size': setting_display_size.value},
|
context['object'].latest_version.pages.first().pk,
|
||||||
|
), click_view_querydict={'size': setting_display_size.value},
|
||||||
gallery_name='documents:delete_document_list',
|
gallery_name='documents:delete_document_list',
|
||||||
size=setting_thumbnail_size.value,
|
size=setting_thumbnail_size.value,
|
||||||
title=getattr(context['object'], 'label', None),
|
title=getattr(context['object'], 'label', None),
|
||||||
|
|||||||
@@ -4,13 +4,11 @@ import logging
|
|||||||
from operator import itemgetter
|
from operator import itemgetter
|
||||||
|
|
||||||
from django import forms
|
from django import forms
|
||||||
from django.core.exceptions import PermissionDenied
|
|
||||||
from django.template.defaultfilters import filesizeformat
|
from django.template.defaultfilters import filesizeformat
|
||||||
from django.utils.translation import ugettext_lazy as _
|
from django.utils.translation import ugettext_lazy as _
|
||||||
|
|
||||||
from acls.models import AccessControlList
|
from acls.models import AccessControlList
|
||||||
from common.forms import DetailForm, ModelForm
|
from common.forms import DetailForm, ModelForm
|
||||||
from permissions import Permission
|
|
||||||
|
|
||||||
from .models import (
|
from .models import (
|
||||||
Document, DocumentType, DocumentPage, DocumentTypeFilename
|
Document, DocumentType, DocumentPage, DocumentTypeFilename
|
||||||
@@ -162,13 +160,10 @@ class DocumentTypeSelectForm(forms.Form):
|
|||||||
logger.debug('user: %s', user)
|
logger.debug('user: %s', user)
|
||||||
super(DocumentTypeSelectForm, self).__init__(*args, **kwargs)
|
super(DocumentTypeSelectForm, self).__init__(*args, **kwargs)
|
||||||
|
|
||||||
queryset = DocumentType.objects.all()
|
queryset = AccessControlList.objects.filter_by_access(
|
||||||
try:
|
permission_document_create, user,
|
||||||
Permission.check_permissions(user, (permission_document_create,))
|
queryset=DocumentType.objects.all()
|
||||||
except PermissionDenied:
|
)
|
||||||
queryset = AccessControlList.objects.filter_by_access(
|
|
||||||
permission_document_create, user, queryset
|
|
||||||
)
|
|
||||||
|
|
||||||
self.fields['document_type'] = forms.ModelChoiceField(
|
self.fields['document_type'] = forms.ModelChoiceField(
|
||||||
empty_label=None, label=_('Document type'), queryset=queryset,
|
empty_label=None, label=_('Document type'), queryset=queryset,
|
||||||
|
|||||||
@@ -5,7 +5,6 @@ import logging
|
|||||||
import uuid
|
import uuid
|
||||||
|
|
||||||
from django.conf import settings
|
from django.conf import settings
|
||||||
from django.core.exceptions import PermissionDenied
|
|
||||||
from django.core.files import File
|
from django.core.files import File
|
||||||
from django.core.urlresolvers import reverse
|
from django.core.urlresolvers import reverse
|
||||||
from django.db import models, transaction
|
from django.db import models, transaction
|
||||||
@@ -23,7 +22,6 @@ from converter.exceptions import InvalidOfficeFormat, PageCountError
|
|||||||
from converter.literals import DEFAULT_ZOOM_LEVEL, DEFAULT_ROTATION
|
from converter.literals import DEFAULT_ZOOM_LEVEL, DEFAULT_ROTATION
|
||||||
from converter.models import Transformation
|
from converter.models import Transformation
|
||||||
from mimetype.api import get_mimetype
|
from mimetype.api import get_mimetype
|
||||||
from permissions import Permission
|
|
||||||
|
|
||||||
from .events import (
|
from .events import (
|
||||||
event_document_create, event_document_new_version,
|
event_document_create, event_document_new_version,
|
||||||
@@ -113,14 +111,9 @@ class DocumentType(models.Model):
|
|||||||
return DeletedDocument.objects.filter(document_type=self)
|
return DeletedDocument.objects.filter(document_type=self)
|
||||||
|
|
||||||
def get_document_count(self, user):
|
def get_document_count(self, user):
|
||||||
queryset = self.documents
|
queryset = AccessControlList.objects.filter_by_access(
|
||||||
|
permission_document_view, user, queryset=self.documents
|
||||||
try:
|
)
|
||||||
Permission.check_permissions(user, (permission_document_view,))
|
|
||||||
except PermissionDenied:
|
|
||||||
queryset = AccessControlList.objects.filter_by_access(
|
|
||||||
permission_document_view, user, queryset
|
|
||||||
)
|
|
||||||
|
|
||||||
return queryset.count()
|
return queryset.count()
|
||||||
|
|
||||||
|
|||||||
@@ -95,19 +95,9 @@ class DeletedDocumentListView(DocumentListView):
|
|||||||
}
|
}
|
||||||
|
|
||||||
def get_document_queryset(self):
|
def get_document_queryset(self):
|
||||||
queryset = Document.trash.all()
|
return AccessControlList.objects.filter_by_access(
|
||||||
|
permission_document_view, self.request.user,
|
||||||
try:
|
queryset=DeletedDocument.trash.all()
|
||||||
Permission.check_permissions(
|
|
||||||
self.request.user, (permission_document_view,)
|
|
||||||
)
|
|
||||||
except PermissionDenied:
|
|
||||||
queryset = AccessControlList.objects.filter_by_access(
|
|
||||||
permission_document_view, self.request.user, queryset
|
|
||||||
)
|
|
||||||
|
|
||||||
return DeletedDocument.objects.filter(
|
|
||||||
pk__in=queryset.values_list('pk', flat=True)
|
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
||||||
@@ -663,14 +653,9 @@ def document_document_type_edit(request, document_id=None, document_id_list=None
|
|||||||
elif document_id_list:
|
elif document_id_list:
|
||||||
queryset = Document.objects.filter(pk__in=document_id_list)
|
queryset = Document.objects.filter(pk__in=document_id_list)
|
||||||
|
|
||||||
try:
|
queryset = AccessControlList.objects.filter_by_access(
|
||||||
Permission.check_permissions(
|
permission_document_properties_edit, request.user, queryset=queryset
|
||||||
request.user, (permission_document_properties_edit,)
|
)
|
||||||
)
|
|
||||||
except PermissionDenied:
|
|
||||||
queryset = AccessControlList.objects.filter_by_access(
|
|
||||||
permission_document_properties_edit, request.user, queryset
|
|
||||||
)
|
|
||||||
|
|
||||||
if not queryset:
|
if not queryset:
|
||||||
if document_id:
|
if document_id:
|
||||||
@@ -806,18 +791,10 @@ class DocumentDownloadFormView(FormView):
|
|||||||
return self.post_action_redirect
|
return self.post_action_redirect
|
||||||
|
|
||||||
def get_queryset(self):
|
def get_queryset(self):
|
||||||
queryset = self.get_document_queryset()
|
return AccessControlList.objects.filter_by_access(
|
||||||
|
permission_document_download, self.request.user,
|
||||||
try:
|
queryset=self.get_document_queryset()
|
||||||
Permission.check_permissions(
|
)
|
||||||
self.request.user, (permission_document_download,)
|
|
||||||
)
|
|
||||||
except PermissionDenied:
|
|
||||||
return AccessControlList.objects.filter_by_access(
|
|
||||||
permission_document_download, self.request.user, queryset
|
|
||||||
)
|
|
||||||
else:
|
|
||||||
return queryset
|
|
||||||
|
|
||||||
|
|
||||||
class DocumentDownloadView(SingleObjectDownloadView):
|
class DocumentDownloadView(SingleObjectDownloadView):
|
||||||
@@ -863,16 +840,9 @@ class DocumentDownloadView(SingleObjectDownloadView):
|
|||||||
|
|
||||||
queryset = self.model.objects.filter(pk__in=id_list.split(','))
|
queryset = self.model.objects.filter(pk__in=id_list.split(','))
|
||||||
|
|
||||||
try:
|
return AccessControlList.objects.filter_by_access(
|
||||||
Permission.check_permissions(
|
permission_document_download, self.request.user, queryset
|
||||||
self.request.user, (permission_document_download,)
|
)
|
||||||
)
|
|
||||||
except PermissionDenied:
|
|
||||||
return AccessControlList.objects.filter_by_access(
|
|
||||||
permission_document_download, self.request.user, queryset
|
|
||||||
)
|
|
||||||
else:
|
|
||||||
return queryset
|
|
||||||
|
|
||||||
def get_file(self):
|
def get_file(self):
|
||||||
queryset = self.get_document_queryset()
|
queryset = self.get_document_queryset()
|
||||||
@@ -949,14 +919,9 @@ def document_update_page_count(request, document_id=None, document_id_list=None)
|
|||||||
messages.error(request, _('At least one document must be selected.'))
|
messages.error(request, _('At least one document must be selected.'))
|
||||||
return HttpResponseRedirect(request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL)))
|
return HttpResponseRedirect(request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL)))
|
||||||
|
|
||||||
try:
|
documents = AccessControlList.objects.filter_by_access(
|
||||||
Permission.check_permissions(
|
permission_document_tools, request.user, queryset=documents
|
||||||
request.user, (permission_document_tools,)
|
)
|
||||||
)
|
|
||||||
except PermissionDenied:
|
|
||||||
documents = AccessControlList.objects.filter_by_access(
|
|
||||||
permission_document_tools, request.user, documents
|
|
||||||
)
|
|
||||||
|
|
||||||
previous = request.POST.get('previous', request.GET.get('previous', request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL))))
|
previous = request.POST.get('previous', request.GET.get('previous', request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL))))
|
||||||
|
|
||||||
@@ -1018,14 +983,9 @@ def document_clear_transformations(request, document_id=None, document_id_list=N
|
|||||||
)
|
)
|
||||||
)
|
)
|
||||||
|
|
||||||
try:
|
documents = AccessControlList.objects.filter_by_access(
|
||||||
Permission.check_permissions(
|
permission_transformation_delete, request.user, queryset=documents
|
||||||
request.user, (permission_transformation_delete,)
|
)
|
||||||
)
|
|
||||||
except PermissionDenied:
|
|
||||||
documents = AccessControlList.objects.filter_by_access(
|
|
||||||
permission_transformation_delete, request.user, documents
|
|
||||||
)
|
|
||||||
|
|
||||||
previous = request.POST.get('previous', request.GET.get('previous', request.META.get('HTTP_REFERER', post_redirect or reverse('documents:document_list'))))
|
previous = request.POST.get('previous', request.GET.get('previous', request.META.get('HTTP_REFERER', post_redirect or reverse('documents:document_list'))))
|
||||||
next = request.POST.get('next', request.GET.get('next', request.META.get('HTTP_REFERER', post_redirect or reverse('documents:document_list'))))
|
next = request.POST.get('next', request.GET.get('next', request.META.get('HTTP_REFERER', post_redirect or reverse('documents:document_list'))))
|
||||||
|
|||||||
@@ -5,12 +5,10 @@ import logging
|
|||||||
import re
|
import re
|
||||||
|
|
||||||
from django.apps import apps
|
from django.apps import apps
|
||||||
from django.core.exceptions import PermissionDenied
|
|
||||||
from django.db.models import Q
|
from django.db.models import Q
|
||||||
from django.utils.module_loading import import_string
|
from django.utils.module_loading import import_string
|
||||||
from django.utils.translation import ugettext as _
|
from django.utils.translation import ugettext as _
|
||||||
|
|
||||||
from permissions import Permission
|
|
||||||
|
|
||||||
from .settings import setting_limit
|
from .settings import setting_limit
|
||||||
|
|
||||||
@@ -229,12 +227,9 @@ class SearchModel(object):
|
|||||||
)
|
)
|
||||||
|
|
||||||
if self.permission:
|
if self.permission:
|
||||||
try:
|
queryset = AccessControlList.objects.filter_by_access(
|
||||||
Permission.check_permissions(user, [self.permission])
|
self.permission, user, queryset
|
||||||
except PermissionDenied:
|
)
|
||||||
queryset = AccessControlList.objects.filter_by_access(
|
|
||||||
self.permission, user, queryset
|
|
||||||
)
|
|
||||||
|
|
||||||
return queryset, result_set, elapsed_time
|
return queryset, result_set, elapsed_time
|
||||||
|
|
||||||
|
|||||||
@@ -147,18 +147,10 @@ class APIFolderDocumentListView(generics.ListCreateAPIView):
|
|||||||
def get_queryset(self):
|
def get_queryset(self):
|
||||||
folder = self.get_folder()
|
folder = self.get_folder()
|
||||||
|
|
||||||
documents = folder.documents.all()
|
return AccessControlList.objects.filter_by_access(
|
||||||
|
permission_document_view, self.request.user,
|
||||||
try:
|
queryset=folder.documents.all()
|
||||||
Permission.check_permissions(
|
)
|
||||||
self.request.user, (permission_document_view,)
|
|
||||||
)
|
|
||||||
except PermissionDenied:
|
|
||||||
documents = AccessControlList.objects.filter_by_access(
|
|
||||||
permission_document_view, self.request.user, documents
|
|
||||||
)
|
|
||||||
|
|
||||||
return documents
|
|
||||||
|
|
||||||
def perform_create(self, serializer):
|
def perform_create(self, serializer):
|
||||||
serializer.save(folder=self.get_folder())
|
serializer.save(folder=self.get_folder())
|
||||||
|
|||||||
@@ -3,11 +3,9 @@ from __future__ import absolute_import, unicode_literals
|
|||||||
import logging
|
import logging
|
||||||
|
|
||||||
from django import forms
|
from django import forms
|
||||||
from django.core.exceptions import PermissionDenied
|
|
||||||
from django.utils.translation import ugettext_lazy as _
|
from django.utils.translation import ugettext_lazy as _
|
||||||
|
|
||||||
from acls.models import AccessControlList
|
from acls.models import AccessControlList
|
||||||
from permissions import Permission
|
|
||||||
|
|
||||||
from .models import Folder
|
from .models import Folder
|
||||||
from .permissions import permission_folder_view
|
from .permissions import permission_folder_view
|
||||||
@@ -21,15 +19,10 @@ class FolderListForm(forms.Form):
|
|||||||
logger.debug('user: %s', user)
|
logger.debug('user: %s', user)
|
||||||
super(FolderListForm, self).__init__(*args, **kwargs)
|
super(FolderListForm, self).__init__(*args, **kwargs)
|
||||||
|
|
||||||
queryset = Folder.objects.all()
|
queryset = AccessControlList.objects.filter_by_access(
|
||||||
try:
|
permission_folder_view, user, queryset=Folder.objects.all()
|
||||||
Permission.check_permissions(user, (permission_folder_view,))
|
)
|
||||||
except PermissionDenied:
|
|
||||||
queryset = AccessControlList.objects.filter_by_access(
|
|
||||||
permission_folder_view, user, queryset
|
|
||||||
)
|
|
||||||
|
|
||||||
self.fields['folder'] = forms.ModelChoiceField(
|
self.fields['folder'] = forms.ModelChoiceField(
|
||||||
queryset=queryset,
|
queryset=queryset, label=_('Folder')
|
||||||
label=_('Folder')
|
|
||||||
)
|
)
|
||||||
|
|||||||
@@ -1,6 +1,5 @@
|
|||||||
from __future__ import absolute_import, unicode_literals
|
from __future__ import absolute_import, unicode_literals
|
||||||
|
|
||||||
from django.core.exceptions import PermissionDenied
|
|
||||||
from django.core.urlresolvers import reverse
|
from django.core.urlresolvers import reverse
|
||||||
from django.db import models
|
from django.db import models
|
||||||
from django.utils.encoding import python_2_unicode_compatible
|
from django.utils.encoding import python_2_unicode_compatible
|
||||||
@@ -9,7 +8,6 @@ from django.utils.translation import ugettext_lazy as _
|
|||||||
from acls.models import AccessControlList
|
from acls.models import AccessControlList
|
||||||
from documents.models import Document
|
from documents.models import Document
|
||||||
from documents.permissions import permission_document_view
|
from documents.permissions import permission_document_view
|
||||||
from permissions import Permission
|
|
||||||
|
|
||||||
from .managers import FolderManager
|
from .managers import FolderManager
|
||||||
|
|
||||||
@@ -45,14 +43,9 @@ class Folder(models.Model):
|
|||||||
verbose_name_plural = _('Folders')
|
verbose_name_plural = _('Folders')
|
||||||
|
|
||||||
def get_document_count(self, user):
|
def get_document_count(self, user):
|
||||||
queryset = self.documents
|
queryset = AccessControlList.objects.filter_by_access(
|
||||||
|
permission_document_view, user, queryset=self.documents
|
||||||
try:
|
)
|
||||||
Permission.check_permissions(user, (permission_document_view,))
|
|
||||||
except PermissionDenied:
|
|
||||||
queryset = AccessControlList.objects.filter_by_access(
|
|
||||||
permission_document_view, user, queryset
|
|
||||||
)
|
|
||||||
|
|
||||||
return queryset.count()
|
return queryset.count()
|
||||||
|
|
||||||
|
|||||||
@@ -145,14 +145,9 @@ def folder_add_document(request, document_id=None, document_id_list=None):
|
|||||||
)
|
)
|
||||||
)
|
)
|
||||||
|
|
||||||
try:
|
queryset = AccessControlList.objects.filter_by_access(
|
||||||
Permission.check_permissions(
|
permission_folder_add_document, request.user, queryset=queryset
|
||||||
request.user, (permission_folder_add_document,)
|
)
|
||||||
)
|
|
||||||
except PermissionDenied:
|
|
||||||
queryset = AccessControlList.objects.filter_by_access(
|
|
||||||
permission_folder_add_document, request.user, queryset
|
|
||||||
)
|
|
||||||
|
|
||||||
post_action_redirect = None
|
post_action_redirect = None
|
||||||
if document_id:
|
if document_id:
|
||||||
@@ -227,14 +222,9 @@ def folder_document_remove(request, folder_id, document_id=None, document_id_lis
|
|||||||
messages.error(request, _('Must provide at least one folder document.'))
|
messages.error(request, _('Must provide at least one folder document.'))
|
||||||
return HttpResponseRedirect(request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL)))
|
return HttpResponseRedirect(request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL)))
|
||||||
|
|
||||||
try:
|
queryset = AccessControlList.objects.filter_by_access(
|
||||||
Permission.check_permissions(
|
permission_folder_remove_document, request.user, queryset=queryset
|
||||||
request.user, (permission_folder_remove_document,)
|
)
|
||||||
)
|
|
||||||
except PermissionDenied:
|
|
||||||
queryset = AccessControlList.objects.filter_by_access(
|
|
||||||
permission_folder_remove_document, request.user, queryset
|
|
||||||
)
|
|
||||||
|
|
||||||
previous = request.POST.get('previous', request.GET.get('previous', request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL))))
|
previous = request.POST.get('previous', request.GET.get('previous', request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL))))
|
||||||
next = request.POST.get('next', request.GET.get('next', post_action_redirect if post_action_redirect else request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL))))
|
next = request.POST.get('next', request.GET.get('next', post_action_redirect if post_action_redirect else request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL))))
|
||||||
|
|||||||
@@ -3,7 +3,6 @@ from __future__ import absolute_import, unicode_literals
|
|||||||
from django.conf import settings
|
from django.conf import settings
|
||||||
from django.contrib import messages
|
from django.contrib import messages
|
||||||
from django.contrib.sites.models import Site
|
from django.contrib.sites.models import Site
|
||||||
from django.core.exceptions import PermissionDenied
|
|
||||||
from django.core.urlresolvers import reverse
|
from django.core.urlresolvers import reverse
|
||||||
from django.http import HttpResponseRedirect
|
from django.http import HttpResponseRedirect
|
||||||
from django.shortcuts import render_to_response
|
from django.shortcuts import render_to_response
|
||||||
@@ -14,7 +13,6 @@ from django.utils.translation import ugettext_lazy as _
|
|||||||
from acls.models import AccessControlList
|
from acls.models import AccessControlList
|
||||||
from common.generics import SingleObjectListView
|
from common.generics import SingleObjectListView
|
||||||
from documents.models import Document
|
from documents.models import Document
|
||||||
from permissions import Permission
|
|
||||||
|
|
||||||
from .forms import DocumentMailForm
|
from .forms import DocumentMailForm
|
||||||
from .models import LogEntry
|
from .models import LogEntry
|
||||||
@@ -45,12 +43,9 @@ def send_document_link(request, document_id=None, document_id_list=None, as_atta
|
|||||||
else:
|
else:
|
||||||
permission = permission_mailing_link
|
permission = permission_mailing_link
|
||||||
|
|
||||||
try:
|
documents = AccessControlList.objects.filter_by_access(
|
||||||
Permission.check_permissions(request.user, (permission,))
|
permission, request.user, queryset=documents
|
||||||
except PermissionDenied:
|
)
|
||||||
documents = AccessControlList.objects.filter_by_access(
|
|
||||||
permission, request.user, documents
|
|
||||||
)
|
|
||||||
|
|
||||||
if not documents:
|
if not documents:
|
||||||
messages.error(request, _('Must provide at least one document.'))
|
messages.error(request, _('Must provide at least one document.'))
|
||||||
|
|||||||
@@ -42,14 +42,9 @@ def metadata_edit(request, document_id=None, document_id_list=None):
|
|||||||
elif document_id_list:
|
elif document_id_list:
|
||||||
documents = Document.objects.filter(pk__in=document_id_list)
|
documents = Document.objects.filter(pk__in=document_id_list)
|
||||||
|
|
||||||
try:
|
documents = AccessControlList.objects.filter_by_access(
|
||||||
Permission.check_permissions(
|
permission_metadata_document_edit, request.user, queryset=documents
|
||||||
request.user, (permission_metadata_document_edit,)
|
)
|
||||||
)
|
|
||||||
except PermissionDenied:
|
|
||||||
documents = AccessControlList.objects.filter_by_access(
|
|
||||||
permission_metadata_document_edit, request.user, documents
|
|
||||||
)
|
|
||||||
|
|
||||||
if not documents:
|
if not documents:
|
||||||
if document_id:
|
if document_id:
|
||||||
@@ -201,14 +196,9 @@ def metadata_add(request, document_id=None, document_id_list=None):
|
|||||||
)
|
)
|
||||||
)
|
)
|
||||||
|
|
||||||
try:
|
documents = AccessControlList.objects.filter_by_access(
|
||||||
Permission.check_permissions(
|
permission_metadata_document_add, request.user, queryset=documents
|
||||||
request.user, (permission_metadata_document_add,)
|
)
|
||||||
)
|
|
||||||
except PermissionDenied:
|
|
||||||
documents = AccessControlList.objects.filter_by_access(
|
|
||||||
permission_metadata_document_add, request.user, documents
|
|
||||||
)
|
|
||||||
|
|
||||||
if not documents:
|
if not documents:
|
||||||
if document_id:
|
if document_id:
|
||||||
@@ -337,14 +327,9 @@ def metadata_remove(request, document_id=None, document_id_list=None):
|
|||||||
elif document_id_list:
|
elif document_id_list:
|
||||||
documents = Document.objects.filter(pk__in=document_id_list)
|
documents = Document.objects.filter(pk__in=document_id_list)
|
||||||
|
|
||||||
try:
|
documents = AccessControlList.objects.filter_by_access(
|
||||||
Permission.check_permissions(
|
permission_metadata_document_remove, request.user, queryset=documents
|
||||||
request.user, (permission_metadata_document_remove,)
|
)
|
||||||
)
|
|
||||||
except PermissionDenied:
|
|
||||||
documents = AccessControlList.objects.filter_by_access(
|
|
||||||
permission_metadata_document_remove, request.user, documents
|
|
||||||
)
|
|
||||||
|
|
||||||
if not documents:
|
if not documents:
|
||||||
if document_id:
|
if document_id:
|
||||||
|
|||||||
@@ -358,9 +358,11 @@ class SourceColumn(object):
|
|||||||
return cls._registry[source]
|
return cls._registry[source]
|
||||||
except KeyError:
|
except KeyError:
|
||||||
try:
|
try:
|
||||||
|
# Try it as a queryset
|
||||||
return cls._registry[source.model]
|
return cls._registry[source.model]
|
||||||
except AttributeError:
|
except AttributeError:
|
||||||
try:
|
try:
|
||||||
|
# It seems to be an instance, try its class
|
||||||
return cls._registry[source.__class__]
|
return cls._registry[source.__class__]
|
||||||
except KeyError:
|
except KeyError:
|
||||||
try:
|
try:
|
||||||
|
|||||||
@@ -48,7 +48,7 @@ def get_source_columns(source):
|
|||||||
# Is iterable?
|
# Is iterable?
|
||||||
source = source[0]
|
source = source[0]
|
||||||
except TypeError:
|
except TypeError:
|
||||||
# It is not
|
# It is not an iterable
|
||||||
pass
|
pass
|
||||||
except IndexError:
|
except IndexError:
|
||||||
# It a list and it's empty
|
# It a list and it's empty
|
||||||
|
|||||||
@@ -1,27 +1,22 @@
|
|||||||
from __future__ import absolute_import, unicode_literals
|
from __future__ import absolute_import, unicode_literals
|
||||||
|
|
||||||
from django.core.exceptions import PermissionDenied
|
|
||||||
|
|
||||||
from rest_framework.filters import BaseFilterBackend
|
from rest_framework.filters import BaseFilterBackend
|
||||||
|
|
||||||
from acls.models import AccessControlList
|
from acls.models import AccessControlList
|
||||||
from permissions import Permission
|
|
||||||
|
|
||||||
|
|
||||||
class MayanObjectPermissionsFilter(BaseFilterBackend):
|
class MayanObjectPermissionsFilter(BaseFilterBackend):
|
||||||
def filter_queryset(self, request, queryset, view):
|
def filter_queryset(self, request, queryset, view):
|
||||||
required_permission = getattr(
|
# TODO: fix variable name to make it clear it should be a single
|
||||||
|
# permission
|
||||||
|
|
||||||
|
required_permissions = getattr(
|
||||||
view, 'mayan_object_permissions', {}
|
view, 'mayan_object_permissions', {}
|
||||||
).get(request.method, None)
|
).get(request.method, None)
|
||||||
|
|
||||||
if required_permission:
|
if required_permissions:
|
||||||
try:
|
return AccessControlList.objects.filter_by_access(
|
||||||
Permission.check_permissions(request.user, required_permission)
|
required_permissions[0], request.user, queryset=queryset
|
||||||
except PermissionDenied:
|
)
|
||||||
return AccessControlList.objects.filter_by_access(
|
|
||||||
required_permission[0], request.user, queryset
|
|
||||||
)
|
|
||||||
else:
|
|
||||||
return queryset
|
|
||||||
else:
|
else:
|
||||||
return queryset
|
return queryset
|
||||||
|
|||||||
@@ -3,11 +3,9 @@ from __future__ import absolute_import, unicode_literals
|
|||||||
import logging
|
import logging
|
||||||
|
|
||||||
from django import forms
|
from django import forms
|
||||||
from django.core.exceptions import PermissionDenied
|
|
||||||
from django.utils.translation import ugettext_lazy as _
|
from django.utils.translation import ugettext_lazy as _
|
||||||
|
|
||||||
from acls.models import AccessControlList
|
from acls.models import AccessControlList
|
||||||
from permissions import Permission
|
|
||||||
|
|
||||||
from .models import Tag
|
from .models import Tag
|
||||||
from .permissions import permission_tag_view
|
from .permissions import permission_tag_view
|
||||||
@@ -21,17 +19,13 @@ class TagListForm(forms.Form):
|
|||||||
logger.debug('user: %s', user)
|
logger.debug('user: %s', user)
|
||||||
super(TagListForm, self).__init__(*args, **kwargs)
|
super(TagListForm, self).__init__(*args, **kwargs)
|
||||||
|
|
||||||
queryset = Tag.objects.all()
|
queryset = AccessControlList.objects.filter_by_access(
|
||||||
try:
|
permission_tag_view, user, queryset=Tag.objects.all()
|
||||||
Permission.check_permissions(user, (permission_tag_view,))
|
)
|
||||||
except PermissionDenied:
|
|
||||||
queryset = AccessControlList.objects.filter_by_access(
|
|
||||||
permission_tag_view, user, queryset
|
|
||||||
)
|
|
||||||
|
|
||||||
self.fields['tag'] = forms.ModelChoiceField(
|
self.fields['tag'] = forms.ModelChoiceField(
|
||||||
queryset=queryset,
|
queryset=queryset, label=_('Tags')
|
||||||
label=_('Tags'))
|
)
|
||||||
|
|
||||||
|
|
||||||
class TagMultipleSelectionForm(forms.Form):
|
class TagMultipleSelectionForm(forms.Form):
|
||||||
@@ -40,13 +34,9 @@ class TagMultipleSelectionForm(forms.Form):
|
|||||||
logger.debug('user: %s', user)
|
logger.debug('user: %s', user)
|
||||||
super(TagMultipleSelectionForm, self).__init__(*args, **kwargs)
|
super(TagMultipleSelectionForm, self).__init__(*args, **kwargs)
|
||||||
|
|
||||||
queryset = Tag.objects.all()
|
queryset = AccessControlList.objects.filter_by_access(
|
||||||
try:
|
permission_tag_view, user, queryset=Tag.objects.all()
|
||||||
Permission.check_permissions(user, (permission_tag_view,))
|
)
|
||||||
except PermissionDenied:
|
|
||||||
queryset = AccessControlList.objects.filter_by_access(
|
|
||||||
permission_tag_view, user, queryset
|
|
||||||
)
|
|
||||||
|
|
||||||
self.fields['tags'] = forms.MultipleChoiceField(
|
self.fields['tags'] = forms.MultipleChoiceField(
|
||||||
label=_('Tags'), choices=queryset.values_list('id', 'label'),
|
label=_('Tags'), choices=queryset.values_list('id', 'label'),
|
||||||
|
|||||||
@@ -2,7 +2,6 @@ from __future__ import absolute_import, unicode_literals
|
|||||||
|
|
||||||
from django.core.urlresolvers import reverse
|
from django.core.urlresolvers import reverse
|
||||||
from django.db import models
|
from django.db import models
|
||||||
from django.core.exceptions import PermissionDenied
|
|
||||||
from django.utils.encoding import python_2_unicode_compatible
|
from django.utils.encoding import python_2_unicode_compatible
|
||||||
from django.utils.translation import ugettext_lazy as _
|
from django.utils.translation import ugettext_lazy as _
|
||||||
|
|
||||||
@@ -11,7 +10,6 @@ from colorful.fields import RGBColorField
|
|||||||
from acls.models import AccessControlList
|
from acls.models import AccessControlList
|
||||||
from documents.models import Document
|
from documents.models import Document
|
||||||
from documents.permissions import permission_document_view
|
from documents.permissions import permission_document_view
|
||||||
from permissions import Permission
|
|
||||||
|
|
||||||
|
|
||||||
@python_2_unicode_compatible
|
@python_2_unicode_compatible
|
||||||
@@ -35,14 +33,9 @@ class Tag(models.Model):
|
|||||||
verbose_name_plural = _('Tags')
|
verbose_name_plural = _('Tags')
|
||||||
|
|
||||||
def get_document_count(self, user):
|
def get_document_count(self, user):
|
||||||
queryset = self.documents
|
queryset = AccessControlList.objects.filter_by_access(
|
||||||
|
permission_document_view, user, queryset=self.documents
|
||||||
try:
|
)
|
||||||
Permission.check_permissions(user, (permission_document_view,))
|
|
||||||
except PermissionDenied:
|
|
||||||
queryset = AccessControlList.objects.filter_by_access(
|
|
||||||
permission_document_view, user, queryset
|
|
||||||
)
|
|
||||||
|
|
||||||
return queryset.count()
|
return queryset.count()
|
||||||
|
|
||||||
|
|||||||
@@ -45,12 +45,9 @@ def tag_attach(request, document_id=None, document_id_list=None):
|
|||||||
elif document_id_list:
|
elif document_id_list:
|
||||||
queryset = Document.objects.filter(pk__in=document_id_list)
|
queryset = Document.objects.filter(pk__in=document_id_list)
|
||||||
|
|
||||||
try:
|
queryset = AccessControlList.objects.filter_by_access(
|
||||||
Permission.check_permissions(request.user, (permission_tag_attach,))
|
permission_tag_attach, request.user, queryset=queryset
|
||||||
except PermissionDenied:
|
)
|
||||||
queryset = AccessControlList.objects.filter_by_access(
|
|
||||||
permission_tag_attach, request.user, queryset
|
|
||||||
)
|
|
||||||
|
|
||||||
if not queryset:
|
if not queryset:
|
||||||
if document_id:
|
if document_id:
|
||||||
@@ -164,12 +161,9 @@ def tag_delete(request, tag_id=None, tag_id_list=None):
|
|||||||
)
|
)
|
||||||
)
|
)
|
||||||
|
|
||||||
try:
|
queryset = AccessControlList.objects.filter_by_access(
|
||||||
Permission.check_permissions(request.user, (permission_tag_delete,))
|
permission_tag_delete, request.user, queryset=queryset
|
||||||
except PermissionDenied:
|
)
|
||||||
queryset = AccessControlList.objects.filter_by_access(
|
|
||||||
permission_tag_delete, request.user, queryset
|
|
||||||
)
|
|
||||||
|
|
||||||
previous = request.POST.get('previous', request.GET.get('previous', request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL))))
|
previous = request.POST.get('previous', request.GET.get('previous', request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL))))
|
||||||
next = request.POST.get('next', request.GET.get('next', post_action_redirect if post_action_redirect else request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL))))
|
next = request.POST.get('next', request.GET.get('next', post_action_redirect if post_action_redirect else request.META.get('HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL))))
|
||||||
@@ -291,12 +285,9 @@ def tag_remove(request, document_id=None, document_id_list=None, tag_id=None, ta
|
|||||||
)
|
)
|
||||||
)
|
)
|
||||||
|
|
||||||
try:
|
documents = AccessControlList.objects.filter_by_access(
|
||||||
Permission.check_permissions(request.user, (permission_tag_remove,))
|
permission_tag_remove, request.user, documents
|
||||||
except PermissionDenied:
|
)
|
||||||
documents = AccessControlList.objects.filter_by_access(
|
|
||||||
permission_tag_remove, request.user, documents
|
|
||||||
)
|
|
||||||
|
|
||||||
post_action_redirect = None
|
post_action_redirect = None
|
||||||
|
|
||||||
|
|||||||
@@ -1,12 +1,9 @@
|
|||||||
from __future__ import absolute_import, unicode_literals
|
from __future__ import absolute_import, unicode_literals
|
||||||
|
|
||||||
from django.apps import apps
|
from django.apps import apps
|
||||||
from django.core.exceptions import PermissionDenied
|
|
||||||
from django.utils.html import escape
|
from django.utils.html import escape
|
||||||
from django.utils.safestring import mark_safe
|
from django.utils.safestring import mark_safe
|
||||||
|
|
||||||
from permissions import Permission
|
|
||||||
|
|
||||||
from .permissions import permission_tag_view
|
from .permissions import permission_tag_view
|
||||||
|
|
||||||
|
|
||||||
@@ -20,14 +17,9 @@ def widget_document_tags(document, user):
|
|||||||
|
|
||||||
tags_template = []
|
tags_template = []
|
||||||
|
|
||||||
tags = document.attached_tags().all()
|
tags = AccessControlList.objects.filter_by_access(
|
||||||
|
permission_tag_view, user, queryset=document.attached_tags().all()
|
||||||
try:
|
)
|
||||||
Permission.check_permissions(user, (permission_tag_view,))
|
|
||||||
except PermissionDenied:
|
|
||||||
tags = AccessControlList.objects.filter_by_access(
|
|
||||||
permission_tag_view, user, tags
|
|
||||||
)
|
|
||||||
|
|
||||||
for tag in tags:
|
for tag in tags:
|
||||||
tags_template.append(widget_single_tag(tag))
|
tags_template.append(widget_single_tag(tag))
|
||||||
|
|||||||
Reference in New Issue
Block a user