Checking for access also checks for permission. Remove reduntant check.
Signed-off-by: Michael Price <loneviking72@gmail.com>
This commit is contained in:
Michael Price
committed by
Roberto Rosario
Roberto Rosario
parent
0c4a52558b
commit
c69147bdc5
@@ -1,13 +1,10 @@
|
||||
from __future__ import absolute_import, unicode_literals
|
||||
|
||||
from django.contrib.contenttypes.models import ContentType
|
||||
from django.core.exceptions import PermissionDenied
|
||||
from django.shortcuts import get_object_or_404
|
||||
|
||||
from rest_framework import generics
|
||||
|
||||
from permissions import Permission
|
||||
|
||||
from .models import AccessControlList
|
||||
from .permissions import permission_acl_edit, permission_acl_view
|
||||
from .serializers import (
|
||||
@@ -37,14 +34,10 @@ class APIObjectACLListView(generics.ListCreateAPIView):
|
||||
else:
|
||||
permission_required = permission_acl_edit
|
||||
|
||||
try:
|
||||
Permission.check_permissions(
|
||||
self.request.user, permissions=(permission_required,)
|
||||
)
|
||||
except PermissionDenied:
|
||||
AccessControlList.objects.check_access(
|
||||
permission_required, self.request.user, content_object
|
||||
)
|
||||
AccessControlList.objects.check_access(
|
||||
permissions=permission_required, user=self.request.user,
|
||||
obj=content_object
|
||||
)
|
||||
|
||||
return content_object
|
||||
|
||||
@@ -100,14 +93,10 @@ class APIObjectACLView(generics.RetrieveDestroyAPIView):
|
||||
content_type.model_class(), pk=self.kwargs['object_pk']
|
||||
)
|
||||
|
||||
try:
|
||||
Permission.check_permissions(
|
||||
self.request.user, permissions=(permission_required,)
|
||||
)
|
||||
except PermissionDenied:
|
||||
AccessControlList.objects.check_access(
|
||||
permission_required, self.request.user, content_object
|
||||
)
|
||||
AccessControlList.objects.check_access(
|
||||
permissions=permission_required, user=self.request.user,
|
||||
obj=content_object
|
||||
)
|
||||
|
||||
return content_object
|
||||
|
||||
@@ -135,14 +124,10 @@ class APIObjectACLPermissionListView(generics.ListCreateAPIView):
|
||||
content_type.model_class(), pk=self.kwargs['object_pk']
|
||||
)
|
||||
|
||||
try:
|
||||
Permission.check_permissions(
|
||||
self.request.user, permissions=(permission_acl_view,)
|
||||
)
|
||||
except PermissionDenied:
|
||||
AccessControlList.objects.check_access(
|
||||
permission_acl_view, self.request.user, content_object
|
||||
)
|
||||
AccessControlList.objects.check_access(
|
||||
permissions=permission_acl_view, user=self.request.user,
|
||||
obj=content_object
|
||||
)
|
||||
|
||||
return content_object
|
||||
|
||||
@@ -196,14 +181,10 @@ class APIObjectACLPermissionView(generics.RetrieveDestroyAPIView):
|
||||
content_type.model_class(), pk=self.kwargs['object_pk']
|
||||
)
|
||||
|
||||
try:
|
||||
Permission.check_permissions(
|
||||
self.request.user, permissions=(permission_acl_view,)
|
||||
)
|
||||
except PermissionDenied:
|
||||
AccessControlList.objects.check_access(
|
||||
permission_acl_view, self.request.user, content_object
|
||||
)
|
||||
AccessControlList.objects.check_access(
|
||||
permissions=permission_acl_view, user=self.request.user,
|
||||
obj=content_object
|
||||
)
|
||||
|
||||
return content_object
|
||||
|
||||
|
||||
@@ -1,13 +1,11 @@
|
||||
from __future__ import absolute_import, unicode_literals
|
||||
|
||||
from django.core.exceptions import PermissionDenied
|
||||
from django.shortcuts import get_object_or_404
|
||||
|
||||
from rest_framework import generics
|
||||
|
||||
from acls.models import AccessControlList
|
||||
from documents.models import Document
|
||||
from permissions import Permission
|
||||
|
||||
from .permissions import (
|
||||
permission_comment_create, permission_comment_delete,
|
||||
@@ -82,14 +80,10 @@ class APICommentView(generics.RetrieveDestroyAPIView):
|
||||
|
||||
document = get_object_or_404(Document, pk=self.kwargs['document_pk'])
|
||||
|
||||
try:
|
||||
Permission.check_permissions(
|
||||
self.request.user, (permission_required,)
|
||||
)
|
||||
except PermissionDenied:
|
||||
AccessControlList.objects.check_access(
|
||||
permission_required, self.request.user, document
|
||||
)
|
||||
AccessControlList.objects.check_access(
|
||||
permissions=permission_required, user=self.request.user,
|
||||
obj=document
|
||||
)
|
||||
|
||||
return document
|
||||
|
||||
|
||||
@@ -18,7 +18,6 @@ from acls.models import AccessControlList
|
||||
from common.validators import validate_internal_name
|
||||
from documents.models import Document, DocumentType
|
||||
from events.models import StoredEventType
|
||||
from permissions import Permission
|
||||
|
||||
from .error_logs import error_log_state_actions
|
||||
from .literals import (
|
||||
@@ -389,32 +388,23 @@ class WorkflowInstance(models.Model):
|
||||
|
||||
if _user:
|
||||
try:
|
||||
Permission.check_permissions(
|
||||
requester=_user, permissions=(
|
||||
permission_workflow_transition,
|
||||
)
|
||||
"""
|
||||
Check for ACL access to the workflow, if true, allow
|
||||
all transition options.
|
||||
"""
|
||||
AccessControlList.objects.check_access(
|
||||
permissions=permission_workflow_transition,
|
||||
user=_user, obj=self.workflow
|
||||
)
|
||||
except PermissionDenied:
|
||||
try:
|
||||
"""
|
||||
Check for ACL access to the workflow, if true, allow
|
||||
all transition options.
|
||||
"""
|
||||
|
||||
AccessControlList.objects.check_access(
|
||||
permissions=permission_workflow_transition,
|
||||
user=_user, obj=self.workflow
|
||||
)
|
||||
except PermissionDenied:
|
||||
"""
|
||||
If not ACL access to the workflow, filter transition
|
||||
options by each transition ACL access
|
||||
"""
|
||||
|
||||
queryset = AccessControlList.objects.filter_by_access(
|
||||
permission=permission_workflow_transition,
|
||||
user=_user, queryset=queryset
|
||||
)
|
||||
"""
|
||||
If not ACL access to the workflow, filter transition
|
||||
options by each transition ACL access
|
||||
"""
|
||||
queryset = AccessControlList.objects.filter_by_access(
|
||||
permission=permission_workflow_transition,
|
||||
user=_user, queryset=queryset
|
||||
)
|
||||
return queryset
|
||||
else:
|
||||
"""
|
||||
@@ -422,7 +412,6 @@ class WorkflowInstance(models.Model):
|
||||
whose document type has this workflow is created. We return an
|
||||
empty transition queryset.
|
||||
"""
|
||||
|
||||
return WorkflowTransition.objects.none()
|
||||
|
||||
|
||||
|
||||
@@ -18,7 +18,9 @@ class MayanPermission(BasePermission):
|
||||
|
||||
if required_permission:
|
||||
try:
|
||||
Permission.check_permissions(request.user, required_permission)
|
||||
Permission.check_permissions(
|
||||
requester=request.user, permissions=required_permission
|
||||
)
|
||||
except PermissionDenied:
|
||||
return False
|
||||
else:
|
||||
|
||||
Reference in New Issue
Block a user