matthias/mayan-edms
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Checking for access also checks for permission. Remove reduntant check.

Browse Source 
Signed-off-by: Michael Price <loneviking72@gmail.com>
This commit is contained in:
Michael Price
2018-03-14 15:31:49 -04:00
committed by Roberto Rosario
parent 0c4a52558b
commit c69147bdc5
4 changed files with 38 additions and 72 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
mayan/apps/acls/api_views.py
View File

@@ -1,13 +1,10 @@
from __future__ import absolute_import, unicode_literals from __future__ import absolute_import, unicode_literals
from django.contrib.contenttypes.models import ContentType from django.contrib.contenttypes.models import ContentType
from django.core.exceptions import PermissionDenied
from django.shortcuts import get_object_or_404 from django.shortcuts import get_object_or_404
from rest_framework import generics from rest_framework import generics
from permissions import Permission
from .models import AccessControlList from .models import AccessControlList
from .permissions import permission_acl_edit, permission_acl_view from .permissions import permission_acl_edit, permission_acl_view
from .serializers import ( from .serializers import (
@@ -37,13 +34,9 @@ class APIObjectACLListView(generics.ListCreateAPIView):
else: else:
permission_required = permission_acl_edit permission_required = permission_acl_edit
try:
Permission.check_permissions(
self.request.user, permissions=(permission_required,)
)
except PermissionDenied:
AccessControlList.objects.check_access( AccessControlList.objects.check_access(
permission_required, self.request.user, content_object permissions=permission_required, user=self.request.user,
obj=content_object
) )
return content_object return content_object
@@ -100,13 +93,9 @@ class APIObjectACLView(generics.RetrieveDestroyAPIView):
content_type.model_class(), pk=self.kwargs['object_pk'] content_type.model_class(), pk=self.kwargs['object_pk']
) )
try:
Permission.check_permissions(
self.request.user, permissions=(permission_required,)
)
except PermissionDenied:
AccessControlList.objects.check_access( AccessControlList.objects.check_access(
permission_required, self.request.user, content_object permissions=permission_required, user=self.request.user,
obj=content_object
) )
return content_object return content_object
@@ -135,13 +124,9 @@ class APIObjectACLPermissionListView(generics.ListCreateAPIView):
content_type.model_class(), pk=self.kwargs['object_pk'] content_type.model_class(), pk=self.kwargs['object_pk']
) )
try:
Permission.check_permissions(
self.request.user, permissions=(permission_acl_view,)
)
except PermissionDenied:
AccessControlList.objects.check_access( AccessControlList.objects.check_access(
permission_acl_view, self.request.user, content_object permissions=permission_acl_view, user=self.request.user,
obj=content_object
) )
return content_object return content_object
@@ -196,13 +181,9 @@ class APIObjectACLPermissionView(generics.RetrieveDestroyAPIView):
content_type.model_class(), pk=self.kwargs['object_pk'] content_type.model_class(), pk=self.kwargs['object_pk']
) )
try:
Permission.check_permissions(
self.request.user, permissions=(permission_acl_view,)
)
except PermissionDenied:
AccessControlList.objects.check_access( AccessControlList.objects.check_access(
permission_acl_view, self.request.user, content_object permissions=permission_acl_view, user=self.request.user,
obj=content_object
) )
return content_object return content_object

10
mayan/apps/document_comments/api_views.py
View File

@@ -1,13 +1,11 @@
from __future__ import absolute_import, unicode_literals from __future__ import absolute_import, unicode_literals
from django.core.exceptions import PermissionDenied
from django.shortcuts import get_object_or_404 from django.shortcuts import get_object_or_404
from rest_framework import generics from rest_framework import generics
from acls.models import AccessControlList from acls.models import AccessControlList
from documents.models import Document from documents.models import Document
from permissions import Permission
from .permissions import ( from .permissions import (
permission_comment_create, permission_comment_delete, permission_comment_create, permission_comment_delete,
@@ -82,13 +80,9 @@ class APICommentView(generics.RetrieveDestroyAPIView):
document = get_object_or_404(Document, pk=self.kwargs['document_pk']) document = get_object_or_404(Document, pk=self.kwargs['document_pk'])
try:
Permission.check_permissions(
self.request.user, (permission_required,)
)
except PermissionDenied:
AccessControlList.objects.check_access( AccessControlList.objects.check_access(
permission_required, self.request.user, document permissions=permission_required, user=self.request.user,
obj=document
) )
return document return document

11
mayan/apps/document_states/models.py
View File

@@ -18,7 +18,6 @@ from acls.models import AccessControlList
from common.validators import validate_internal_name from common.validators import validate_internal_name
from documents.models import Document, DocumentType from documents.models import Document, DocumentType
from events.models import StoredEventType from events.models import StoredEventType
from permissions import Permission
from .error_logs import error_log_state_actions from .error_logs import error_log_state_actions
from .literals import ( from .literals import (
@@ -388,19 +387,11 @@ class WorkflowInstance(models.Model):
queryset = current_state.origin_transitions.all() queryset = current_state.origin_transitions.all()
if _user: if _user:
try:
Permission.check_permissions(
requester=_user, permissions=(
permission_workflow_transition,
)
)
except PermissionDenied:
try: try:
""" """
Check for ACL access to the workflow, if true, allow Check for ACL access to the workflow, if true, allow
all transition options. all transition options.
""" """
AccessControlList.objects.check_access( AccessControlList.objects.check_access(
permissions=permission_workflow_transition, permissions=permission_workflow_transition,
user=_user, obj=self.workflow user=_user, obj=self.workflow
@@ -410,7 +401,6 @@ class WorkflowInstance(models.Model):
If not ACL access to the workflow, filter transition If not ACL access to the workflow, filter transition
options by each transition ACL access options by each transition ACL access
""" """
queryset = AccessControlList.objects.filter_by_access( queryset = AccessControlList.objects.filter_by_access(
permission=permission_workflow_transition, permission=permission_workflow_transition,
user=_user, queryset=queryset user=_user, queryset=queryset
@@ -422,7 +412,6 @@ class WorkflowInstance(models.Model):
whose document type has this workflow is created. We return an whose document type has this workflow is created. We return an
empty transition queryset. empty transition queryset.
""" """
return WorkflowTransition.objects.none() return WorkflowTransition.objects.none()

4
mayan/apps/rest_api/permissions.py
View File

@@ -18,7 +18,9 @@ class MayanPermission(BasePermission):
if required_permission: if required_permission:
try: try:
Permission.check_permissions(request.user, required_permission) Permission.check_permissions(
requester=request.user, permissions=required_permission
)
except PermissionDenied: except PermissionDenied:
return False return False
else: else: