matthias/mayan-edms
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Remove last usage of .filter_by_access()

Browse Source 
Signed-off-by: Roberto Rosario <Roberto.Rosario@mayan-edms.com>
This commit is contained in:
Roberto Rosario
2019-01-29 04:12:44 -04:00
parent fbb3a64bce
commit ef5e0c2d86
18 changed files with 27 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
docs/mercs/merging-roles-and-groups.rst
View File

@@ -63,5 +63,5 @@ Changes needed:
the Role model's permissions many to many field.
4. Update the ``AccessControlList`` models roles field to point to the group
models.
5. Update the role checks in the ``check_access`` and ``filter_by_access``
5. Update the role checks in the ``check_access`` and ``restrict_queryset``
``AccessControlList`` model manager methods.

9
mayan/apps/acls/managers.py
View File

@@ -201,15 +201,6 @@ class AccessControlListManager(models.Manager):
return acl
def filter_by_access(self, permission, queryset, user):
warnings.warn(
'filter_by_access() is deprecated, use restrict_queryset().',
InterfaceWarning
)
return self.restrict_queryset(
permission=permission, queryset=queryset, user=user
)
def restrict_queryset(self, permission, queryset, user):
# Check directly granted permission via a role
try:

8
mayan/apps/acls/tests/test_models.py
View File

@@ -44,7 +44,7 @@ class PermissionTestCase(DocumentTestMixin, BaseTestCase):
def test_filtering_without_permissions(self):
self.assertEqual(
AccessControlList.objects.filter_by_access(
AccessControlList.objects.restrict_queryset(
permission=permission_document_view,
queryset=Document.objects.all(), user=self._test_case_user,
).count(), 0
@@ -71,7 +71,7 @@ class PermissionTestCase(DocumentTestMixin, BaseTestCase):
acl.permissions.add(permission_document_view.stored_permission)
self.assertQuerysetEqual(
AccessControlList.objects.filter_by_access(
AccessControlList.objects.restrict_queryset(
permission=permission_document_view,
queryset=Document.objects.all(), user=self._test_case_user
), (repr(self.test_document_1),)
@@ -116,7 +116,7 @@ class PermissionTestCase(DocumentTestMixin, BaseTestCase):
)
acl.permissions.add(permission_document_view.stored_permission)
result = AccessControlList.objects.filter_by_access(
result = AccessControlList.objects.restrict_queryset(
permission=permission_document_view, queryset=Document.objects.all(),
user=self._test_case_user
)
@@ -143,7 +143,7 @@ class PermissionTestCase(DocumentTestMixin, BaseTestCase):
)
acl.permissions.add(permission_document_view.stored_permission)
result = AccessControlList.objects.filter_by_access(
result = AccessControlList.objects.restrict_queryset(
permission=permission_document_view, queryset=Document.objects.all(),
user=self._test_case_user,
)

2
mayan/apps/cabinets/api_views.py
View File

@@ -140,7 +140,7 @@ class APICabinetDocumentListView(generics.ListCreateAPIView):
def get_queryset(self):
cabinet = self.get_cabinet()
return AccessControlList.objects.filter_by_access(
return AccessControlList.objects.restrict_queryset(
permission_document_view, self.request.user,
queryset=cabinet.documents.all()
)

2
mayan/apps/cabinets/models.py
View File

@@ -73,7 +73,7 @@ class Cabinet(MPTTModel):
Provide a queryset of the documents in a cabinet. The queryset is
filtered by access.
"""
return AccessControlList.objects.filter_by_access(
return AccessControlList.objects.restrict_queryset(
permission=permission_document_view, queryset=self.documents,
user=user
)

2
mayan/apps/cabinets/views.py
View File

@@ -96,7 +96,7 @@ class CabinetDetailView(DocumentListView):
template_name = 'cabinets/cabinet_details.html'
def get_document_queryset(self):
queryset = AccessControlList.objects.filter_by_access(
queryset = AccessControlList.objects.restrict_queryset(
permission=permission_document_view,
queryset=self.get_object().documents.all(),
user=self.request.user

5
mayan/apps/cabinets/widgets.py
View File

@@ -42,8 +42,9 @@ def widget_document_cabinets(document, user):
app_label='acls', model_name='AccessControlList'
)
cabinets = AccessControlList.objects.filter_by_access(
permission_cabinet_view, user, queryset=document.get_cabinets().all()
cabinets = AccessControlList.objects.restrict_queryset(
queryset=document.get_cabinets().all(),
permission=permission_cabinet_view, user=user
)
return format_html_join(

8
mayan/apps/checkouts/api_views.py
View File

@@ -33,11 +33,11 @@ class APICheckedoutDocumentListView(generics.ListCreateAPIView):
return DocumentCheckoutSerializer
def get_queryset(self):
filtered_documents = AccessControlList.objects.filter_by_access(
filtered_documents = AccessControlList.objects.restrict_queryset(
permission=permission_document_view, user=self.request.user,
queryset=DocumentCheckout.objects.checked_out_documents()
)
filtered_documents = AccessControlList.objects.filter_by_access(
filtered_documents = AccessControlList.objects.restrict_queryset(
permission=permission_document_checkout_detail_view, user=self.request.user,
queryset=filtered_documents
)
@@ -56,11 +56,11 @@ class APICheckedoutDocumentView(generics.RetrieveDestroyAPIView):
def get_queryset(self):
if self.request.method == 'GET':
filtered_documents = AccessControlList.objects.filter_by_access(
filtered_documents = AccessControlList.objects.restrict_queryset(
permission=permission_document_view, user=self.request.user,
queryset=DocumentCheckout.objects.checked_out_documents()
)
filtered_documents = AccessControlList.objects.filter_by_access(
filtered_documents = AccessControlList.objects.restrict_queryset(
permission=permission_document_checkout_detail_view, user=self.request.user,
queryset=filtered_documents
)

4
mayan/apps/checkouts/dashboard_widgets.py
View File

@@ -23,12 +23,12 @@ class DashboardWidgetTotalCheckouts(DashboardWidgetNumeric):
DocumentCheckout = apps.get_model(
app_label='checkouts', model_name='DocumentCheckout'
)
queryset = AccessControlList.objects.filter_by_access(
queryset = AccessControlList.objects.restrict_queryset(
permission=permission_document_checkout_detail_view,
queryset=DocumentCheckout.objects.checked_out_documents(),
user=request.user,
)
queryset = AccessControlList.objects.filter_by_access(
queryset = AccessControlList.objects.restrict_queryset(
permission=permission_document_view, queryset=queryset,
user=request.user
)

2
mayan/apps/checkouts/views.py
View File

@@ -82,7 +82,7 @@ class CheckoutDocumentView(SingleObjectCreateView):
class CheckoutListView(DocumentListView):
def get_document_queryset(self):
return AccessControlList.objects.filter_by_access(
return AccessControlList.objects.restrict_queryset(
permission=permission_document_checkout_detail_view,
queryset=DocumentCheckout.objects.checked_out_documents(),
user=self.request.user

2
mayan/apps/common/forms.py
View File

@@ -248,7 +248,7 @@ class FilteredSelectionForm(forms.Form):
widget_class = opts.widget_class
if opts.permission:
queryset = AccessControlList.objects.filter_by_access(
queryset = AccessControlList.objects.restrict_queryset(
permission=opts.permission, queryset=queryset,
user=opts.user
)

2
mayan/apps/document_indexing/forms.py
View File

@@ -22,7 +22,7 @@ class IndexListForm(forms.Form):
def __init__(self, *args, **kwargs):
user = kwargs.pop('user')
super(IndexListForm, self).__init__(*args, **kwargs)
queryset = AccessControlList.objects.filter_by_access(
queryset = AccessControlList.objects.restrict_queryset(
permission=permission_document_indexing_rebuild,
queryset=Index.objects.filter(enabled=True),
user=user

4
mayan/apps/document_indexing/models.py
View File

@@ -366,7 +366,7 @@ class IndexInstanceNode(MPTTModel):
return self.get_descendants().count()
def get_descendants_document_count(self, user):
return AccessControlList.objects.filter_by_access(
return AccessControlList.objects.restrict_queryset(
permission=permission_document_view,
queryset=Document.objects.filter(
index_instance_nodes__in=self.get_descendants(
@@ -387,7 +387,7 @@ class IndexInstanceNode(MPTTModel):
def get_item_count(self, user):
if self.index_template_node.link_documents:
queryset = AccessControlList.objects.filter_by_access(
queryset = AccessControlList.objects.restrict_queryset(
permission=permission_document_view, queryset=self.documents,
user=user
)

2
mayan/apps/document_indexing/views.py
View File

@@ -102,7 +102,7 @@ class SetupIndexDocumentTypesView(AssignRemoveView):
self.get_object().document_types.add(item)
def get_document_queryset(self):
return AccessControlList.objects.filter_by_access(
return AccessControlList.objects.restrict_queryset(
permission_document_view, queryset=DocumentType.objects.all(),
user=self.request.user
)

2
mayan/apps/document_states/models.py
View File

@@ -493,7 +493,7 @@ class WorkflowInstance(models.Model):
If not ACL access to the workflow, filter transition
options by each transition ACL access
"""
queryset = AccessControlList.objects.filter_by_access(
queryset = AccessControlList.objects.restrict_queryset(
permission=permission_workflow_transition,
user=_user, queryset=queryset
)

2
mayan/apps/mailer/forms.py
View File

@@ -46,7 +46,7 @@ class DocumentMailForm(forms.Form):
'project_website': setting_project_url.value
}
queryset = AccessControlList.objects.filter_by_access(
queryset = AccessControlList.objects.restrict_queryset(
permission=permission_user_mailer_use,
queryset=UserMailer.objects.filter(enabled=True), user=user
)

2
mayan/apps/mailer/views.py
View File

@@ -287,7 +287,7 @@ class UserMailerTestView(FormView):
)
def get_queryset(self):
return AccessControlList.objects.filter_by_access(
return AccessControlList.objects.restrict_queryset(
permission=permission_user_mailer_use,
queryset=UserMailer.objects.all(), user=self.request.user
)

2
mayan/apps/metadata/views.py
View File

@@ -733,7 +733,7 @@ class SetupDocumentTypeMetadataTypes(FormView):
def get_queryset(self):
queryset = self.submodel.objects.all()
return AccessControlList.objects.filter_by_access(
return AccessControlList.objects.restrict_queryset(
permission=permission_document_type_edit,
user=self.request.user, queryset=queryset
)