Checking for access also checks for permission. Remove reduntant check.

Signed-off-by: Michael Price <loneviking72@gmail.com>

mayan/apps/acls/api_views.py

@@ -1,13 +1,10 @@
 from __future__ import absolute_import, unicode_literals
 
 from django.contrib.contenttypes.models import ContentType
-from django.core.exceptions import PermissionDenied
 from django.shortcuts import get_object_or_404
 
 from rest_framework import generics
 
-from permissions import Permission
-
 from .models import AccessControlList
 from .permissions import permission_acl_edit, permission_acl_view
 from .serializers import (
@@ -37,14 +34,10 @@ class APIObjectACLListView(generics.ListCreateAPIView):
         else:
             permission_required = permission_acl_edit
 
-        try:
+        AccessControlList.objects.check_access(
-            Permission.check_permissions(
+            permissions=permission_required, user=self.request.user,
-                self.request.user, permissions=(permission_required,)
+            obj=content_object
-            )
+        )
-        except PermissionDenied:
-            AccessControlList.objects.check_access(
-                permission_required, self.request.user, content_object
-            )
 
         return content_object
 
@@ -100,14 +93,10 @@ class APIObjectACLView(generics.RetrieveDestroyAPIView):
             content_type.model_class(), pk=self.kwargs['object_pk']
         )
 
-        try:
+        AccessControlList.objects.check_access(
-            Permission.check_permissions(
+            permissions=permission_required, user=self.request.user,
-                self.request.user, permissions=(permission_required,)
+            obj=content_object
-            )
+        )
-        except PermissionDenied:
-            AccessControlList.objects.check_access(
-                permission_required, self.request.user, content_object
-            )
 
         return content_object
 
@@ -135,14 +124,10 @@ class APIObjectACLPermissionListView(generics.ListCreateAPIView):
             content_type.model_class(), pk=self.kwargs['object_pk']
         )
 
-        try:
+        AccessControlList.objects.check_access(
-            Permission.check_permissions(
+            permissions=permission_acl_view, user=self.request.user,
-                self.request.user, permissions=(permission_acl_view,)
+            obj=content_object
-            )
+        )
-        except PermissionDenied:
-            AccessControlList.objects.check_access(
-                permission_acl_view, self.request.user, content_object
-            )
 
         return content_object
 
@@ -196,14 +181,10 @@ class APIObjectACLPermissionView(generics.RetrieveDestroyAPIView):
             content_type.model_class(), pk=self.kwargs['object_pk']
         )
 
-        try:
+        AccessControlList.objects.check_access(
-            Permission.check_permissions(
+            permissions=permission_acl_view, user=self.request.user,
-                self.request.user, permissions=(permission_acl_view,)
+            obj=content_object
-            )
+        )
-        except PermissionDenied:
-            AccessControlList.objects.check_access(
-                permission_acl_view, self.request.user, content_object
-            )
 
         return content_object
 

mayan/apps/document_comments/api_views.py

@@ -1,13 +1,11 @@
 from __future__ import absolute_import, unicode_literals
 
-from django.core.exceptions import PermissionDenied
 from django.shortcuts import get_object_or_404
 
 from rest_framework import generics
 
 from acls.models import AccessControlList
 from documents.models import Document
-from permissions import Permission
 
 from .permissions import (
     permission_comment_create, permission_comment_delete,
@@ -82,14 +80,10 @@ class APICommentView(generics.RetrieveDestroyAPIView):
 
         document = get_object_or_404(Document, pk=self.kwargs['document_pk'])
 
-        try:
+        AccessControlList.objects.check_access(
-            Permission.check_permissions(
+            permissions=permission_required, user=self.request.user,
-                self.request.user, (permission_required,)
+            obj=document
-            )
+        )
-        except PermissionDenied:
-            AccessControlList.objects.check_access(
-                permission_required, self.request.user, document
-            )
 
         return document
 

mayan/apps/document_states/models.py

@@ -18,7 +18,6 @@ from acls.models import AccessControlList
 from common.validators import validate_internal_name
 from documents.models import Document, DocumentType
 from events.models import StoredEventType
-from permissions import Permission
 
 from .error_logs import error_log_state_actions
 from .literals import (
@@ -389,32 +388,23 @@ class WorkflowInstance(models.Model):
 
             if _user:
                 try:
-                    Permission.check_permissions(
+                    """
-                        requester=_user, permissions=(
+                    Check for ACL access to the workflow, if true, allow
-                            permission_workflow_transition,
+                    all transition options.
-                        )
+                    """
+                    AccessControlList.objects.check_access(
+                        permissions=permission_workflow_transition,
+                        user=_user, obj=self.workflow
                     )
                 except PermissionDenied:
-                    try:
+                    """
-                        """
+                    If not ACL access to the workflow, filter transition
-                        Check for ACL access to the workflow, if true, allow
+                    options by each transition ACL access
-                        all transition options.
+                    """
-                        """
+                    queryset = AccessControlList.objects.filter_by_access(
-
+                        permission=permission_workflow_transition,
-                        AccessControlList.objects.check_access(
+                        user=_user, queryset=queryset
-                            permissions=permission_workflow_transition,
+                    )
-                            user=_user, obj=self.workflow
-                        )
-                    except PermissionDenied:
-                        """
-                        If not ACL access to the workflow, filter transition
-                        options by each transition ACL access
-                        """
-
-                        queryset = AccessControlList.objects.filter_by_access(
-                            permission=permission_workflow_transition,
-                            user=_user, queryset=queryset
-                        )
             return queryset
         else:
             """
@@ -422,7 +412,6 @@ class WorkflowInstance(models.Model):
             whose document type has this workflow is created. We return an
             empty transition queryset.
             """
-
             return WorkflowTransition.objects.none()
 
 

mayan/apps/rest_api/permissions.py

@@ -18,7 +18,9 @@ class MayanPermission(BasePermission):
 
         if required_permission:
             try:
-                Permission.check_permissions(request.user, required_permission)
+                Permission.check_permissions(
+                    requester=request.user, permissions=required_permission
+                )
             except PermissionDenied:
                 return False
             else: