diff options
| author | Étienne Loks <etienne.loks@iggdrasil.net> | 2024-11-07 17:31:57 +0100 |
|---|---|---|
| committer | Étienne Loks <etienne.loks@iggdrasil.net> | 2025-02-19 14:43:49 +0100 |
| commit | ce7d642318f4e4c57dd552915b12eef360d33d70 (patch) | |
| tree | 64e499aec7087f8cca3159251c4bd107bedc416d /ishtar_common/utils.py | |
| parent | 89ff92664ff06a974e37c15ab663394271ac4a10 (diff) | |
| download | Ishtar-ce7d642318f4e4c57dd552915b12eef360d33d70.tar.bz2 Ishtar-ce7d642318f4e4c57dd552915b12eef360d33d70.zip | |
✨ permissions refactoring: settings for upstream items management
Diffstat (limited to 'ishtar_common/utils.py')
| -rw-r--r-- | ishtar_common/utils.py | 83 |
1 files changed, 83 insertions, 0 deletions
diff --git a/ishtar_common/utils.py b/ishtar_common/utils.py index bbed4e8a4..5536bc84b 100644 --- a/ishtar_common/utils.py +++ b/ishtar_common/utils.py @@ -414,6 +414,89 @@ class OwnPerms: """ Manage special permissions for object's owner """ + UPPER_PERMISSIONS = [] + + @classmethod + def _has_permission_query_for_upper_permissions( + cls, base_permissions, model, user_id): + ProfileType = apps.get_model("ishtar_common", "ProfileType") + permissions = list(set([ + "_".join(permission.codename.split("_")[:-1]) + + f"_{model._meta.model_name}" + for permission in base_permissions + ])) + q = ProfileType.objects.filter( + user_profiles__person__ishtaruser=user_id, + groups__permissions__codename__in=permissions + ) + return q, permissions + + @classmethod + def get_ids_from_upper_permissions(cls, user_id, base_permissions): + if not cls.UPPER_PERMISSIONS: + return [] + UserObjectPermission = apps.get_model("guardian", "UserObjectPermission") + item_ids = [] + full_permissions = [] + for base_permission in base_permissions: + if "_own_" not in base_permission.codename: + full_permissions.append(base_permission) + continue + codename = base_permission.codename.replace("_own", "") + try: + full_permissions.append( + Permission.objects.get( + codename=codename, + content_type=base_permission.content_type + ) + ) + except Permission.DoesNotExist: + continue + for model, attr in cls.UPPER_PERMISSIONS: + if isinstance(model, tuple): + app_label, model_name = model + model = apps.get_model(app_label, model_name) + + # check if has full permission + q_full, __ = cls._has_permission_query_for_upper_permissions( + full_permissions, model, user_id + ) + has_full_permission = bool(q_full.count()) + if has_full_permission: + item_ids += cls.objects.filter( + **{f"{attr}__isnull": False} + ).values_list("pk", flat=True) + continue + + q, permissions = cls._has_permission_query_for_upper_permissions( + base_permissions, model, user_id + ) + lst = [] + if not q.count(): + # no permissions associated for upstream model get direct attachement + lst = model.objects.filter( + ishtar_users__pk=user_id + ).values_list("pk", flat=True) + else: + perms = [] + for codename in permissions: + perms += [ + perm + for perm in Permission.objects.filter( + codename=codename).all() + ] + lst = [] + for permission in perms: + lst += list( + UserObjectPermission.objects.filter( + permission=permission, + user_id=user_id + ).values_list("object_pk", flat=True) + ) + item_ids += cls.objects.filter( + **{f"{attr}__in": lst} + ).values_list("pk", flat=True) + return list(set(item_ids)) @classmethod def get_query_owns(cls, ishtaruser): |