matthias/mayan-edms
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

AccessControlList.objects.check_access was updated to do a

Browse Source 
Permission.check_permissions too. Remove duplicity.

Signed-off-by: Roberto Rosario <roberto.rosario.gonzalez@gmail.com>
This commit is contained in:
Roberto Rosario
2017-02-22 16:47:42 -04:00
parent c8e9a625da
commit 958ce912a0
7 changed files with 83 additions and 199 deletions
Download Patch File Download Diff File Expand all files Collapse all files

74
mayan/apps/document_states/api_views.py
View File

@@ -1,6 +1,5 @@
from __future__ import absolute_import, unicode_literals
from django.core.exceptions import PermissionDenied
from django.shortcuts import get_object_or_404
from rest_framework import generics
@@ -8,7 +7,6 @@ from rest_framework import generics
from acls.models import AccessControlList
from documents.models import Document
from documents.permissions import permission_document_type_view
from permissions import Permission
from rest_api.filters import MayanObjectPermissionsFilter
from rest_api.permissions import MayanPermission
@@ -80,13 +78,9 @@ class APIWorkflowDocumentTypeList(generics.ListCreateAPIView):
workflow = get_object_or_404(Workflow, pk=self.kwargs['pk'])
try:
Permission.check_permissions(
self.request.user, (permission_required,)
)
except PermissionDenied:
AccessControlList.objects.check_access(
permission_required, self.request.user, workflow
permissions=permission_required, user=self.request.user,
obj=workflow
)
return workflow
@@ -156,13 +150,9 @@ class APIWorkflowDocumentTypeView(generics.RetrieveDestroyAPIView):
workflow = get_object_or_404(Workflow, pk=self.kwargs['pk'])
try:
Permission.check_permissions(
self.request.user, (permission_required,)
)
except PermissionDenied:
AccessControlList.objects.check_access(
permission_required, self.request.user, workflow
permissions=permission_required, user=self.request.user,
obj=workflow
)
return workflow
@@ -283,13 +273,9 @@ class APIWorkflowStateListView(generics.ListCreateAPIView):
workflow = get_object_or_404(Workflow, pk=self.kwargs['pk'])
try:
Permission.check_permissions(
self.request.user, (permission_required,)
)
except PermissionDenied:
AccessControlList.objects.check_access(
permission_required, self.request.user, workflow
permissions=permission_required, user=self.request.user,
obj=workflow
)
return workflow
@@ -341,13 +327,9 @@ class APIWorkflowStateView(generics.RetrieveUpdateDestroyAPIView):
workflow = get_object_or_404(Workflow, pk=self.kwargs['pk'])
try:
Permission.check_permissions(
self.request.user, (permission_required,)
)
except PermissionDenied:
AccessControlList.objects.check_access(
permission_required, self.request.user, workflow
permissions=permission_required, user=self.request.user,
obj=workflow
)
return workflow
@@ -405,13 +387,9 @@ class APIWorkflowTransitionListView(generics.ListCreateAPIView):
workflow = get_object_or_404(Workflow, pk=self.kwargs['pk'])
try:
Permission.check_permissions(
self.request.user, (permission_required,)
)
except PermissionDenied:
AccessControlList.objects.check_access(
permission_required, self.request.user, workflow
permissions=permission_required, user=self.request.user,
obj=workflow
)
return workflow
@@ -468,13 +446,9 @@ class APIWorkflowTransitionView(generics.RetrieveUpdateDestroyAPIView):
workflow = get_object_or_404(Workflow, pk=self.kwargs['pk'])
try:
Permission.check_permissions(
self.request.user, (permission_required,)
)
except PermissionDenied:
AccessControlList.objects.check_access(
permission_required, self.request.user, workflow
permissions=permission_required, user=self.request.user,
obj=workflow
)
return workflow
@@ -509,13 +483,9 @@ class APIWorkflowInstanceListView(generics.ListAPIView):
def get_document(self):
document = get_object_or_404(Document, pk=self.kwargs['pk'])
try:
Permission.check_permissions(
self.request.user, (permission_workflow_view,)
)
except PermissionDenied:
AccessControlList.objects.check_access(
permission_workflow_view, self.request.user, document
permissions=permission_workflow_view, user=self.request.user,
obj=document
)
return document
@@ -538,13 +508,9 @@ class APIWorkflowInstanceView(generics.RetrieveAPIView):
def get_document(self):
document = get_object_or_404(Document, pk=self.kwargs['pk'])
try:
Permission.check_permissions(
self.request.user, (permission_workflow_view,)
)
except PermissionDenied:
AccessControlList.objects.check_access(
permission_workflow_view, self.request.user, document
permissions=permission_workflow_view, user=self.request.user,
obj=document
)
return document
@@ -570,13 +536,9 @@ class APIWorkflowInstanceLogEntryListView(generics.ListCreateAPIView):
document = get_object_or_404(Document, pk=self.kwargs['pk'])
try:
Permission.check_permissions(
self.request.user, (permission_required,)
)
except PermissionDenied:
AccessControlList.objects.check_access(
permission_required, self.request.user, document
permissions=permission_required, user=self.request.user,
obj=document
)
return document

14
mayan/apps/events/api_views.py
View File

@@ -1,7 +1,6 @@
from __future__ import absolute_import, unicode_literals
from django.contrib.contenttypes.models import ContentType
from django.core.exceptions import PermissionDenied
from django.http import Http404
from django.shortcuts import get_object_or_404
@@ -9,7 +8,6 @@ from actstream.models import Action, any_stream
from rest_framework import generics
from acls.models import AccessControlList
from permissions import Permission
from rest_api.permissions import MayanPermission
from .classes import Event
@@ -38,18 +36,14 @@ class APIObjectEventListView(generics.ListAPIView):
raise Http404
def get_queryset(self):
object = self.get_object()
obj = self.get_object()
try:
Permission.check_permissions(
self.request.user, permissions=(permission_events_view,)
)
except PermissionDenied:
AccessControlList.objects.check_access(
permission_events_view, self.request.user, object
permissions=permission_events_view, user=self.request.user,
obj=obj
)
return any_stream(object)
return any_stream(obj)
class APIEventTypeListView(generics.ListAPIView):

50
mayan/apps/linking/api_views.py
View File

@@ -1,6 +1,5 @@
from __future__ import absolute_import, unicode_literals
from django.core.exceptions import PermissionDenied
from django.shortcuts import get_object_or_404
from rest_framework import generics
@@ -8,7 +7,6 @@ from rest_framework import generics
from acls.models import AccessControlList
from documents.models import Document
from documents.permissions import permission_document_view
from permissions import Permission
from rest_api.filters import MayanObjectPermissionsFilter
from rest_api.permissions import MayanPermission
@@ -41,13 +39,9 @@ class APIResolvedSmartLinkDocumentListView(generics.ListAPIView):
def get_document(self):
document = get_object_or_404(Document, pk=self.kwargs['pk'])
try:
Permission.check_permissions(
self.request.user, (permission_document_view,)
)
except PermissionDenied:
AccessControlList.objects.check_access(
permission_document_view, self.request.user, document
permissions=permission_document_view, user=self.request.user,
obj=document
)
return document
@@ -58,13 +52,9 @@ class APIResolvedSmartLinkDocumentListView(generics.ListAPIView):
pk=self.kwargs['smart_link_pk']
)
try:
Permission.check_permissions(
self.request.user, (permission_smart_link_view,)
)
except PermissionDenied:
AccessControlList.objects.check_access(
permission_smart_link_view, self.request.user, smart_link
permissions=permission_smart_link_view, user=self.request.user,
obj=smart_link
)
return smart_link
@@ -103,13 +93,9 @@ class APIResolvedSmartLinkView(generics.RetrieveAPIView):
def get_document(self):
document = get_object_or_404(Document, pk=self.kwargs['pk'])
try:
Permission.check_permissions(
self.request.user, (permission_document_view,)
)
except PermissionDenied:
AccessControlList.objects.check_access(
permission_document_view, self.request.user, document
permissions=permission_document_view, user=self.request.user,
obj=document
)
return document
@@ -144,13 +130,9 @@ class APIResolvedSmartLinkListView(generics.ListAPIView):
def get_document(self):
document = get_object_or_404(Document, pk=self.kwargs['pk'])
try:
Permission.check_permissions(
self.request.user, (permission_document_view,)
)
except PermissionDenied:
AccessControlList.objects.check_access(
permission_document_view, self.request.user, document
permissions=permission_document_view, user=self.request.user,
obj=document
)
return document
@@ -203,13 +185,9 @@ class APISmartLinkConditionListView(generics.ListCreateAPIView):
smart_link = get_object_or_404(SmartLink, pk=self.kwargs['pk'])
try:
Permission.check_permissions(
self.request.user, (permission_required,)
)
except PermissionDenied:
AccessControlList.objects.check_access(
permission_required, self.request.user, smart_link
permissions=permission_required, user=self.request.user,
obj=smart_link
)
return smart_link
@@ -261,13 +239,9 @@ class APISmartLinkConditionView(generics.RetrieveUpdateDestroyAPIView):
smart_link = get_object_or_404(SmartLink, pk=self.kwargs['pk'])
try:
Permission.check_permissions(
self.request.user, (permission_required,)
)
except PermissionDenied:
AccessControlList.objects.check_access(
permission_required, self.request.user, smart_link
permissions=permission_required, user=self.request.user,
obj=smart_link
)
return smart_link

24
mayan/apps/metadata/tests/test_api.py
View File

@@ -60,8 +60,10 @@ class MetadataTypeAPITestCase(BaseAPITestCase):
self._create_metadata_type()
response = self.client.delete(
reverse('rest_api:metadatatype-detail',
args=(self.metadata_type.pk,))
reverse(
'rest_api:metadatatype-detail',
args=(self.metadata_type.pk,)
)
)
self.assertEqual(response.status_code, 204)
@@ -72,8 +74,10 @@ class MetadataTypeAPITestCase(BaseAPITestCase):
self._create_metadata_type()
response = self.client.get(
reverse('rest_api:metadatatype-detail',
args=(self.metadata_type.pk,))
reverse(
'rest_api:metadatatype-detail',
args=(self.metadata_type.pk,)
)
)
self.assertEqual(response.status_code, 200)
self.assertEqual(
@@ -84,8 +88,10 @@ class MetadataTypeAPITestCase(BaseAPITestCase):
self._create_metadata_type()
response = self.client.patch(
reverse('rest_api:metadatatype-detail',
args=(self.metadata_type.pk,)), data={
reverse(
'rest_api:metadatatype-detail',
args=(self.metadata_type.pk,)
), data={
'label': TEST_METADATA_TYPE_LABEL_2,
'name': TEST_METADATA_TYPE_NAME_2
}
@@ -102,8 +108,10 @@ class MetadataTypeAPITestCase(BaseAPITestCase):
self._create_metadata_type()
response = self.client.put(
reverse('rest_api:metadatatype-detail',
args=(self.metadata_type.pk,)), data={
reverse(
'rest_api:metadatatype-detail',
args=(self.metadata_type.pk,)
), data={
'label': TEST_METADATA_TYPE_LABEL_2,
'name': TEST_METADATA_TYPE_NAME_2
}

2
mayan/apps/navigation/classes.py
View File

@@ -273,7 +273,7 @@ class Link(object):
except VariableDoesNotExist:
pass
# If this link has a required permission check that the user have it
# If this link has a required permission check that the user has it
# too
if self.permissions:
if resolved_object:

53
mayan/apps/permissions/api_views.py
View File

@@ -1,14 +1,9 @@
from __future__ import unicode_literals
from django.shortcuts import get_object_or_404
from rest_framework import generics
from acls.models import AccessControlList
from rest_api.filters import MayanObjectPermissionsFilter
from rest_api.permissions import MayanPermission
from user_management.permissions import permission_group_view
from user_management.serializers import GroupSerializer
from .classes import Permission
from .models import Role
@@ -61,54 +56,6 @@ class APIRoleListView(generics.ListCreateAPIView):
return super(APIRoleListView, self).post(*args, **kwargs)
class APIRolePermissionList(generics.ListCreateAPIView):
"""
Returns a list of all the permissions of a role.
"""
mayan_object_permissions = {
'GET': (permission_role_view,),
'POST': (permission_role_edit,)
}
permission_classes = (MayanPermission,)
def get_serializer_class(self):
if self.request.method == 'GET':
return PermissionSerializer
elif self.request.method == 'POST':
return RoleNewPermissionSerializer
def get_serializer_context(self):
"""
Extra context provided to the serializer class.
"""
return {
'format': self.format_kwarg,
'request': self.request,
'role': self.get_role(),
'view': self
}
def get_queryset(self):
return [
permission.volatile_permission for permission in self.get_role().permissions.all()
]
def get_role(self):
return get_object_or_404(Role, pk=self.kwargs['pk'])
def perform_create(self, serializer):
serializer.save(role=self.get_role())
def post(self, request, *args, **kwargs):
"""
Add a list of permissions to a role.
"""
return super(APIRolePermissionList, self).post(
request, *args, **kwargs
)
class APIRoleView(generics.RetrieveUpdateDestroyAPIView):
mayan_object_permissions = {
'GET': (permission_role_view,),

1
mayan/apps/tags/serializers.py
View File

@@ -8,7 +8,6 @@ from rest_framework.reverse import reverse
from acls.models import AccessControlList
from documents.models import Document
from permissions import Permission
from .models import Tag
from .permissions import permission_tag_attach