diff --git a/docs/mercs/merging-roles-and-groups.rst b/docs/mercs/merging-roles-and-groups.rst index 34bb4aea72..edc5e2e9e5 100644 --- a/docs/mercs/merging-roles-and-groups.rst +++ b/docs/mercs/merging-roles-and-groups.rst @@ -63,5 +63,5 @@ Changes needed: the Role model's permissions many to many field. 4. Update the ``AccessControlList`` models roles field to point to the group models. -5. Update the role checks in the ``check_access`` and ``filter_by_access`` +5. Update the role checks in the ``check_access`` and ``restrict_queryset`` ``AccessControlList`` model manager methods. diff --git a/mayan/apps/acls/managers.py b/mayan/apps/acls/managers.py index 54e6b2ace9..9a3f378450 100644 --- a/mayan/apps/acls/managers.py +++ b/mayan/apps/acls/managers.py @@ -201,15 +201,6 @@ class AccessControlListManager(models.Manager): return acl - def filter_by_access(self, permission, queryset, user): - warnings.warn( - 'filter_by_access() is deprecated, use restrict_queryset().', - InterfaceWarning - ) - return self.restrict_queryset( - permission=permission, queryset=queryset, user=user - ) - def restrict_queryset(self, permission, queryset, user): # Check directly granted permission via a role try: diff --git a/mayan/apps/acls/tests/test_models.py b/mayan/apps/acls/tests/test_models.py index ec0c600925..e7657094a1 100644 --- a/mayan/apps/acls/tests/test_models.py +++ b/mayan/apps/acls/tests/test_models.py @@ -44,7 +44,7 @@ class PermissionTestCase(DocumentTestMixin, BaseTestCase): def test_filtering_without_permissions(self): self.assertEqual( - AccessControlList.objects.filter_by_access( + AccessControlList.objects.restrict_queryset( permission=permission_document_view, queryset=Document.objects.all(), user=self._test_case_user, ).count(), 0 @@ -71,7 +71,7 @@ class PermissionTestCase(DocumentTestMixin, BaseTestCase): acl.permissions.add(permission_document_view.stored_permission) self.assertQuerysetEqual( - AccessControlList.objects.filter_by_access( + AccessControlList.objects.restrict_queryset( permission=permission_document_view, queryset=Document.objects.all(), user=self._test_case_user ), (repr(self.test_document_1),) @@ -116,7 +116,7 @@ class PermissionTestCase(DocumentTestMixin, BaseTestCase): ) acl.permissions.add(permission_document_view.stored_permission) - result = AccessControlList.objects.filter_by_access( + result = AccessControlList.objects.restrict_queryset( permission=permission_document_view, queryset=Document.objects.all(), user=self._test_case_user ) @@ -143,7 +143,7 @@ class PermissionTestCase(DocumentTestMixin, BaseTestCase): ) acl.permissions.add(permission_document_view.stored_permission) - result = AccessControlList.objects.filter_by_access( + result = AccessControlList.objects.restrict_queryset( permission=permission_document_view, queryset=Document.objects.all(), user=self._test_case_user, ) diff --git a/mayan/apps/cabinets/api_views.py b/mayan/apps/cabinets/api_views.py index 8811607090..78fd0ff34b 100644 --- a/mayan/apps/cabinets/api_views.py +++ b/mayan/apps/cabinets/api_views.py @@ -140,7 +140,7 @@ class APICabinetDocumentListView(generics.ListCreateAPIView): def get_queryset(self): cabinet = self.get_cabinet() - return AccessControlList.objects.filter_by_access( + return AccessControlList.objects.restrict_queryset( permission_document_view, self.request.user, queryset=cabinet.documents.all() ) diff --git a/mayan/apps/cabinets/models.py b/mayan/apps/cabinets/models.py index 7129e63b8a..0ca6a02f93 100644 --- a/mayan/apps/cabinets/models.py +++ b/mayan/apps/cabinets/models.py @@ -73,7 +73,7 @@ class Cabinet(MPTTModel): Provide a queryset of the documents in a cabinet. The queryset is filtered by access. """ - return AccessControlList.objects.filter_by_access( + return AccessControlList.objects.restrict_queryset( permission=permission_document_view, queryset=self.documents, user=user ) diff --git a/mayan/apps/cabinets/views.py b/mayan/apps/cabinets/views.py index c244dd70ff..c61febaf0f 100644 --- a/mayan/apps/cabinets/views.py +++ b/mayan/apps/cabinets/views.py @@ -96,7 +96,7 @@ class CabinetDetailView(DocumentListView): template_name = 'cabinets/cabinet_details.html' def get_document_queryset(self): - queryset = AccessControlList.objects.filter_by_access( + queryset = AccessControlList.objects.restrict_queryset( permission=permission_document_view, queryset=self.get_object().documents.all(), user=self.request.user diff --git a/mayan/apps/cabinets/widgets.py b/mayan/apps/cabinets/widgets.py index 3e3f9f862a..aedf9b40df 100644 --- a/mayan/apps/cabinets/widgets.py +++ b/mayan/apps/cabinets/widgets.py @@ -42,8 +42,9 @@ def widget_document_cabinets(document, user): app_label='acls', model_name='AccessControlList' ) - cabinets = AccessControlList.objects.filter_by_access( - permission_cabinet_view, user, queryset=document.get_cabinets().all() + cabinets = AccessControlList.objects.restrict_queryset( + queryset=document.get_cabinets().all(), + permission=permission_cabinet_view, user=user ) return format_html_join( diff --git a/mayan/apps/checkouts/api_views.py b/mayan/apps/checkouts/api_views.py index d48dd2c669..ef8fc61d1b 100644 --- a/mayan/apps/checkouts/api_views.py +++ b/mayan/apps/checkouts/api_views.py @@ -33,11 +33,11 @@ class APICheckedoutDocumentListView(generics.ListCreateAPIView): return DocumentCheckoutSerializer def get_queryset(self): - filtered_documents = AccessControlList.objects.filter_by_access( + filtered_documents = AccessControlList.objects.restrict_queryset( permission=permission_document_view, user=self.request.user, queryset=DocumentCheckout.objects.checked_out_documents() ) - filtered_documents = AccessControlList.objects.filter_by_access( + filtered_documents = AccessControlList.objects.restrict_queryset( permission=permission_document_checkout_detail_view, user=self.request.user, queryset=filtered_documents ) @@ -56,11 +56,11 @@ class APICheckedoutDocumentView(generics.RetrieveDestroyAPIView): def get_queryset(self): if self.request.method == 'GET': - filtered_documents = AccessControlList.objects.filter_by_access( + filtered_documents = AccessControlList.objects.restrict_queryset( permission=permission_document_view, user=self.request.user, queryset=DocumentCheckout.objects.checked_out_documents() ) - filtered_documents = AccessControlList.objects.filter_by_access( + filtered_documents = AccessControlList.objects.restrict_queryset( permission=permission_document_checkout_detail_view, user=self.request.user, queryset=filtered_documents ) diff --git a/mayan/apps/checkouts/dashboard_widgets.py b/mayan/apps/checkouts/dashboard_widgets.py index 27a85d752d..334e133054 100644 --- a/mayan/apps/checkouts/dashboard_widgets.py +++ b/mayan/apps/checkouts/dashboard_widgets.py @@ -23,12 +23,12 @@ class DashboardWidgetTotalCheckouts(DashboardWidgetNumeric): DocumentCheckout = apps.get_model( app_label='checkouts', model_name='DocumentCheckout' ) - queryset = AccessControlList.objects.filter_by_access( + queryset = AccessControlList.objects.restrict_queryset( permission=permission_document_checkout_detail_view, queryset=DocumentCheckout.objects.checked_out_documents(), user=request.user, ) - queryset = AccessControlList.objects.filter_by_access( + queryset = AccessControlList.objects.restrict_queryset( permission=permission_document_view, queryset=queryset, user=request.user ) diff --git a/mayan/apps/checkouts/views.py b/mayan/apps/checkouts/views.py index a9e00d5e6d..a3f2ffc475 100644 --- a/mayan/apps/checkouts/views.py +++ b/mayan/apps/checkouts/views.py @@ -82,7 +82,7 @@ class CheckoutDocumentView(SingleObjectCreateView): class CheckoutListView(DocumentListView): def get_document_queryset(self): - return AccessControlList.objects.filter_by_access( + return AccessControlList.objects.restrict_queryset( permission=permission_document_checkout_detail_view, queryset=DocumentCheckout.objects.checked_out_documents(), user=self.request.user diff --git a/mayan/apps/common/forms.py b/mayan/apps/common/forms.py index 51a9ba685b..4d1c1828a6 100644 --- a/mayan/apps/common/forms.py +++ b/mayan/apps/common/forms.py @@ -248,7 +248,7 @@ class FilteredSelectionForm(forms.Form): widget_class = opts.widget_class if opts.permission: - queryset = AccessControlList.objects.filter_by_access( + queryset = AccessControlList.objects.restrict_queryset( permission=opts.permission, queryset=queryset, user=opts.user ) diff --git a/mayan/apps/document_indexing/forms.py b/mayan/apps/document_indexing/forms.py index acf6953c69..c9e2455d7f 100644 --- a/mayan/apps/document_indexing/forms.py +++ b/mayan/apps/document_indexing/forms.py @@ -22,7 +22,7 @@ class IndexListForm(forms.Form): def __init__(self, *args, **kwargs): user = kwargs.pop('user') super(IndexListForm, self).__init__(*args, **kwargs) - queryset = AccessControlList.objects.filter_by_access( + queryset = AccessControlList.objects.restrict_queryset( permission=permission_document_indexing_rebuild, queryset=Index.objects.filter(enabled=True), user=user diff --git a/mayan/apps/document_indexing/models.py b/mayan/apps/document_indexing/models.py index ba85ce8107..ee339d71a1 100644 --- a/mayan/apps/document_indexing/models.py +++ b/mayan/apps/document_indexing/models.py @@ -366,7 +366,7 @@ class IndexInstanceNode(MPTTModel): return self.get_descendants().count() def get_descendants_document_count(self, user): - return AccessControlList.objects.filter_by_access( + return AccessControlList.objects.restrict_queryset( permission=permission_document_view, queryset=Document.objects.filter( index_instance_nodes__in=self.get_descendants( @@ -387,7 +387,7 @@ class IndexInstanceNode(MPTTModel): def get_item_count(self, user): if self.index_template_node.link_documents: - queryset = AccessControlList.objects.filter_by_access( + queryset = AccessControlList.objects.restrict_queryset( permission=permission_document_view, queryset=self.documents, user=user ) diff --git a/mayan/apps/document_indexing/views.py b/mayan/apps/document_indexing/views.py index 5b974d6cd1..3729798e6d 100644 --- a/mayan/apps/document_indexing/views.py +++ b/mayan/apps/document_indexing/views.py @@ -102,7 +102,7 @@ class SetupIndexDocumentTypesView(AssignRemoveView): self.get_object().document_types.add(item) def get_document_queryset(self): - return AccessControlList.objects.filter_by_access( + return AccessControlList.objects.restrict_queryset( permission_document_view, queryset=DocumentType.objects.all(), user=self.request.user ) diff --git a/mayan/apps/document_states/models.py b/mayan/apps/document_states/models.py index c131c2a02b..039f2591bf 100644 --- a/mayan/apps/document_states/models.py +++ b/mayan/apps/document_states/models.py @@ -493,7 +493,7 @@ class WorkflowInstance(models.Model): If not ACL access to the workflow, filter transition options by each transition ACL access """ - queryset = AccessControlList.objects.filter_by_access( + queryset = AccessControlList.objects.restrict_queryset( permission=permission_workflow_transition, user=_user, queryset=queryset ) diff --git a/mayan/apps/mailer/forms.py b/mayan/apps/mailer/forms.py index 6c99ceeb5f..40d7a7de38 100644 --- a/mayan/apps/mailer/forms.py +++ b/mayan/apps/mailer/forms.py @@ -46,7 +46,7 @@ class DocumentMailForm(forms.Form): 'project_website': setting_project_url.value } - queryset = AccessControlList.objects.filter_by_access( + queryset = AccessControlList.objects.restrict_queryset( permission=permission_user_mailer_use, queryset=UserMailer.objects.filter(enabled=True), user=user ) diff --git a/mayan/apps/mailer/views.py b/mayan/apps/mailer/views.py index b57da3eef4..d4e12ef807 100644 --- a/mayan/apps/mailer/views.py +++ b/mayan/apps/mailer/views.py @@ -287,7 +287,7 @@ class UserMailerTestView(FormView): ) def get_queryset(self): - return AccessControlList.objects.filter_by_access( + return AccessControlList.objects.restrict_queryset( permission=permission_user_mailer_use, queryset=UserMailer.objects.all(), user=self.request.user ) diff --git a/mayan/apps/metadata/views.py b/mayan/apps/metadata/views.py index 8bf89b90a6..ca7846a875 100644 --- a/mayan/apps/metadata/views.py +++ b/mayan/apps/metadata/views.py @@ -733,7 +733,7 @@ class SetupDocumentTypeMetadataTypes(FormView): def get_queryset(self): queryset = self.submodel.objects.all() - return AccessControlList.objects.filter_by_access( + return AccessControlList.objects.restrict_queryset( permission=permission_document_type_edit, user=self.request.user, queryset=queryset )