diff options
| author | Étienne Loks <etienne.loks@iggdrasil.net> | 2024-11-25 17:33:05 +0100 |
|---|---|---|
| committer | Étienne Loks <etienne.loks@iggdrasil.net> | 2025-02-19 14:45:55 +0100 |
| commit | 06e77579a8de5e5d0a35744944f83bb0f83ff92a (patch) | |
| tree | 49fefd1577ba2223be1735ab31ace2316638f2d8 | |
| parent | d4d41fdc11cce0ecd7f7c8696185fcb983702297 (diff) | |
| download | Ishtar-06e77579a8de5e5d0a35744944f83bb0f83ff92a.tar.bz2 Ishtar-06e77579a8de5e5d0a35744944f83bb0f83ff92a.zip | |
🐛 simplify and fix upper permission management
| -rw-r--r-- | ishtar_common/models.py | 2 | ||||
| -rw-r--r-- | ishtar_common/utils.py | 61 |
2 files changed, 37 insertions, 26 deletions
diff --git a/ishtar_common/models.py b/ishtar_common/models.py index 916a89ff5..1eeffc65d 100644 --- a/ishtar_common/models.py +++ b/ishtar_common/models.py @@ -3649,7 +3649,7 @@ class UserProfile(models.Model): # print("ishtar_common/models.py - 3578", item_ids, ishtar_user, content_type, permission_type) if permission_query.include_upstream_items: item_ids += model_class.get_ids_from_upper_permissions( - ishtar_user.user_ptr.pk, permissions + ishtar_user.user_ptr.pk, content_type ) # DEBUG # print("ishtar_common/models.py - 3584", item_ids, ishtar_user, content_type, permission_type) diff --git a/ishtar_common/utils.py b/ishtar_common/utils.py index afde0a9b9..152b78c9c 100644 --- a/ishtar_common/utils.py +++ b/ishtar_common/utils.py @@ -437,26 +437,27 @@ class OwnPerms: return q, permissions @classmethod - def get_ids_from_upper_permissions(cls, user_id, base_permissions): + def get_ids_from_upper_permissions(cls, user_id, content_type): if not cls.UPPER_PERMISSIONS: return [] - UserObjectPermission = apps.get_model("guardian", "UserObjectPermission") + UserObjectPermission = apps.get_model( + "guardian", "UserObjectPermission" + ) item_ids = [] - full_permissions = [] - for base_permission in base_permissions: - if "_own_" not in base_permission.codename: - full_permissions.append(base_permission) - continue - codename = base_permission.codename.replace("_own", "") - try: - full_permissions.append( - Permission.objects.get( - codename=codename, - content_type=base_permission.content_type - ) - ) - except Permission.DoesNotExist: - continue + try: + full_permission = Permission.objects.get( + codename=f"view_{content_type.model}", + content_type=content_type + ) + except Permission.DoesNotExist: + full_permission = None + try: + base_permission = Permission.objects.get( + codename=f"view_own_{content_type.model}", + content_type=content_type + ) + except Permission.DoesNotExist: + base_permission = None for model, attr in cls.UPPER_PERMISSIONS: if isinstance(model, tuple): app_label, model_name = model @@ -464,17 +465,22 @@ class OwnPerms: # check if has full permission q_full, __ = cls._has_permission_query_for_upper_permissions( - full_permissions, model, user_id + [full_permission], model, user_id ) has_full_permission = bool(q_full.count()) if has_full_permission: - item_ids += cls.objects.filter( - **{f"{attr}__isnull": False} - ).values_list("pk", flat=True) + if attr.startswith("q_"): # use a property + item_ids += getattr(cls, f"has_{attr}")().values_list( + "pk", flat=True + ) + else: + item_ids += cls.objects.filter( + **{f"{attr}__isnull": False} + ).values_list("pk", flat=True) continue q, permissions = cls._has_permission_query_for_upper_permissions( - base_permissions, model, user_id + [base_permission], model, user_id ) lst = [] if not q.count(): @@ -498,9 +504,14 @@ class OwnPerms: user_id=user_id ).values_list("object_pk", flat=True) ) - item_ids += cls.objects.filter( - **{f"{attr}__in": lst} - ).values_list("pk", flat=True) + if attr.startswith("q_"): # use a property + item_ids += getattr(cls, attr)(lst).values_list( + "pk", flat=True + ) + else: + item_ids += cls.objects.filter( + **{f"{attr}__in": lst} + ).values_list("pk", flat=True) return list(set(item_ids)) @classmethod |