🐛 simplify and fix upper permission management

1 files changed, 36 insertions, 25 deletions

diff --git a/ishtar_common/utils.py b/ishtar_common/utils.py
index afde0a9b9..152b78c9c 100644
--- a/ishtar_common/utils.py
+++ b/ishtar_common/utils.py
@@ -437,26 +437,27 @@ class OwnPerms:
         return q, permissions
 
     @classmethod
-    def get_ids_from_upper_permissions(cls, user_id, base_permissions):
+    def get_ids_from_upper_permissions(cls, user_id, content_type):
         if not cls.UPPER_PERMISSIONS:
             return []
-        UserObjectPermission = apps.get_model("guardian", "UserObjectPermission")
+        UserObjectPermission = apps.get_model(
+            "guardian", "UserObjectPermission"
+        )
         item_ids = []
-        full_permissions = []
-        for base_permission in base_permissions:
-            if "_own_" not in base_permission.codename:
-                full_permissions.append(base_permission)
-                continue
-            codename = base_permission.codename.replace("_own", "")
-            try:
-                full_permissions.append(
-                    Permission.objects.get(
-                        codename=codename,
-                        content_type=base_permission.content_type
-                    )
-                )
-            except Permission.DoesNotExist:
-                continue
+        try:
+            full_permission = Permission.objects.get(
+                codename=f"view_{content_type.model}",
+                content_type=content_type
+            )
+        except Permission.DoesNotExist:
+            full_permission = None
+        try:
+            base_permission = Permission.objects.get(
+                codename=f"view_own_{content_type.model}",
+                content_type=content_type
+            )
+        except Permission.DoesNotExist:
+            base_permission = None
         for model, attr in cls.UPPER_PERMISSIONS:
             if isinstance(model, tuple):
                 app_label, model_name = model
@@ -464,17 +465,22 @@ class OwnPerms:
 
             # check if has full permission
             q_full, __ = cls._has_permission_query_for_upper_permissions(
-                full_permissions, model, user_id
+                [full_permission], model, user_id
             )
             has_full_permission = bool(q_full.count())
             if has_full_permission:
-                item_ids += cls.objects.filter(
-                    **{f"{attr}__isnull": False}
-                ).values_list("pk", flat=True)
+                if attr.startswith("q_"):  # use a property
+                    item_ids += getattr(cls, f"has_{attr}")().values_list(
+                        "pk", flat=True
+                    )
+                else:
+                    item_ids += cls.objects.filter(
+                        **{f"{attr}__isnull": False}
+                    ).values_list("pk", flat=True)
                 continue
 
             q, permissions = cls._has_permission_query_for_upper_permissions(
-                base_permissions, model, user_id
+                [base_permission], model, user_id
             )
             lst = []
             if not q.count():
@@ -498,9 +504,14 @@ class OwnPerms:
                             user_id=user_id
                         ).values_list("object_pk", flat=True)
                     )
-            item_ids += cls.objects.filter(
-                **{f"{attr}__in": lst}
-            ).values_list("pk", flat=True)
+            if attr.startswith("q_"):  # use a property
+                item_ids += getattr(cls, attr)(lst).values_list(
+                    "pk", flat=True
+                )
+            else:
+                item_ids += cls.objects.filter(
+                    **{f"{attr}__in": lst}
+                ).values_list("pk", flat=True)
         return list(set(item_ids))
 
     @classmethod