diff options
| author | Étienne Loks <etienne.loks@iggdrasil.net> | 2024-10-16 17:57:13 +0200 |
|---|---|---|
| committer | Étienne Loks <etienne.loks@iggdrasil.net> | 2025-02-19 14:43:48 +0100 |
| commit | c93dd3812c53d21ab8517dc7af72e1d4b70a1b04 (patch) | |
| tree | 2153d8fd121f7ecd08a31e4867d58a2eb3c9aab7 /ishtar_common/views.py | |
| parent | b8eef9b6aaed7ee097f8ea86174067f9ca42abd8 (diff) | |
| download | Ishtar-c93dd3812c53d21ab8517dc7af72e1d4b70a1b04.tar.bz2 Ishtar-c93dd3812c53d21ab8517dc7af72e1d4b70a1b04.zip | |
♻ permissions refactoring: refactor has_permission methods
Diffstat (limited to 'ishtar_common/views.py')
| -rw-r--r-- | ishtar_common/views.py | 190 |
1 files changed, 123 insertions, 67 deletions
diff --git a/ishtar_common/views.py b/ishtar_common/views.py index 780a2253b..6c209a848 100644 --- a/ishtar_common/views.py +++ b/ishtar_common/views.py @@ -863,7 +863,10 @@ def autocomplete_person_permissive( def autocomplete_user(request): - if not request.user.has_perm("ishtar_common.view_person", models.Person): + ishtaruser = getattr(request.user, "ishtaruser", None) + if not ishtaruser: + return HttpResponse("[]", content_type="text/plain") + if not ishtaruser.has_permission("ishtar_common.view_person"): return HttpResponse("[]", content_type="text/plain") q = request.GET.get("term") limit = request.GET.get("limit", 20) @@ -893,7 +896,10 @@ def autocomplete_user(request): def autocomplete_ishtaruser(request): - if not request.user.has_perm("ishtar_common.view_person", models.Person): + ishtaruser = getattr(request.user, "ishtaruser", None) + if not ishtaruser: + return HttpResponse("[]", content_type="text/plain") + if not ishtaruser.has_permission("ishtar_common.view_person"): return HttpResponse("[]", content_type="text/plain") q = request.GET.get("term", "") limit = request.GET.get("limit", 20) @@ -917,12 +923,13 @@ def autocomplete_ishtaruser(request): def autocomplete_person( request, person_types=None, attached_to=None, is_ishtar_user=None, permissive=False ): - all_items = request.user.has_perm("ishtar_common.view_person", models.Person) + ishtaruser = getattr(request.user, "ishtaruser", None) + if not ishtaruser: + return HttpResponse("[]", content_type="text/plain") + all_items = ishtaruser.has_permission("ishtar_common.view_person") own_items = False if not all_items: - own_items = request.user.has_perm( - "ishtar_common.view_own_person", models.Person - ) + own_items = ishtaruser.has_permission("ishtar_common.view_own_person") if not all_items and not own_items or not request.GET.get("term"): return HttpResponse("[]", content_type="text/plain") q = request.GET.get("term") @@ -966,12 +973,13 @@ def autocomplete_person( def autocomplete_import(request): - all_items = request.user.has_perm("ishtar_common.view_import", models.Import) + ishtaruser = getattr(request.user, "ishtaruser", None) + if not ishtaruser: + return HttpResponse("[]", content_type="text/plain") + all_items = ishtaruser.has_permission("ishtar_common.view_import") own_items = False if not all_items: - own_items = request.user.has_perm( - "ishtar_common.view_own_import", models.Import - ) + own_items = ishtaruser.has_permission("ishtar_common.view_own_import") if not all_items and not own_items or not request.GET.get("term"): return HttpResponse("[]", content_type="text/plain") q = request.GET.get("term") @@ -982,7 +990,8 @@ def autocomplete_import(request): return HttpResponseBadRequest() query = Q() for q in q.split(" "): - query = query & (Q(name__unaccent__icontains=q) | Q(group__name__unaccent__icontains=q)) + query = query & (Q(name__unaccent__icontains=q) | + Q(group__name__unaccent__icontains=q)) if own_items: if not hasattr(request.user, "ishtaruser"): return HttpResponse(json.dumps([]), content_type="text/plain") @@ -1116,16 +1125,12 @@ def department_by_state(request, state_id=""): def autocomplete_organization(request, orga_type=None): + ishtaruser = getattr(request.user, "ishtaruser", None) + if not ishtaruser: + return HttpResponse("[]", content_type="text/plain") if ( - not request.user.has_perm( - "ishtar_common.view_organization", models.Organization - ) - and not request.user.has_perm( - "ishtar_common.view_own_organization", models.Organization - ) - and not request.user.ishtaruser.has_right( - "person_search", session=request.session - ) + not ishtaruser.has_permission("ishtar_common.view_organization") + and not ishtaruser.has_permission("ishtar_common.view_own_organization") ): return HttpResponse("[]", content_type="text/plain") if not request.GET.get("term"): @@ -1149,9 +1154,13 @@ def autocomplete_organization(request, orga_type=None): def autocomplete_author(request): - if not request.user.has_perm( - "ishtar_common.view_author", models.Author - ) and not request.user.has_perm("ishtar_common.view_own_author", models.Author): + ishtaruser = getattr(request.user, "ishtaruser", None) + if not ishtaruser: + return HttpResponse("[]", content_type="text/plain") + if not ishtaruser.has_permission( + "ishtar_common.view_author" + ) and not ishtaruser.has_permission( + "ishtar_common.view_own_author"): return HttpResponse("[]", content_type="text/plain") if not request.GET.get("term"): return HttpResponse("[]", content_type="text/plain") @@ -1172,7 +1181,10 @@ def autocomplete_author(request): def autocomplete_biographical_note(request): - if not request.user.has_perm("ishtar_common.view_person", models.Person): + ishtaruser = getattr(request.user, "ishtaruser", None) + if not ishtaruser: + return HttpResponse("[]", content_type="text/plain") + if not ishtaruser.has_permission("ishtar_common.view_person"): return HttpResponse("[]", content_type="text/plain") q = request.GET.get("term", "") limit = request.GET.get("limit", 20) @@ -1637,18 +1649,20 @@ class NewImportView(BaseImportView, CreateView): class ImportPermissionMixin: - permission_full = "change_import" - permission_own = "change_own_import" + permission_full = "ishtar_common.change_import" + permission_own = "ishtar_common.change_own_import" def dispatch(self, request, *args, **kwargs): import_pk = self.kwargs["pk"] user = request.user if not user or not user.ishtaruser: return redirect("/") + ishtaruser = user.ishtaruser model = models.ImportGroup if self.kwargs.get("group", None) else models.Import q = model.query_can_access(user, perm=self.permission_full).filter(pk=import_pk) - if not user.is_superuser and not user.ishtaruser.has_right(self.permission_full): - if not user.ishtaruser.has_right(self.permission_own): + if not ishtaruser.has_permission("ishtaradmin") and \ + not ishtaruser.has_permission(self.permission_full): + if not ishtaruser.has_permission(self.permission_own): return redirect("/") q = q.filter(Q(importer_type__users__pk=user.ishtaruser.pk)) if not q.count(): @@ -1711,7 +1725,8 @@ class ImportPreFormView(IshtarMixin, LoginRequiredMixin, FormView): return HttpResponseRedirect(self.get_success_url()) -def get_permissions_for_actions(user, imprt, owns, can_edit_all, can_delete_all, can_edit_own, can_delete_own): +def get_permissions_for_actions( + user, imprt, owns, can_edit_all, can_delete_all, can_edit_own, can_delete_own): can_edit, can_delete = False, False is_own = None if can_edit_own or can_delete_own: # need to check owner @@ -1741,21 +1756,38 @@ class ImportListView(IshtarMixin, LoginRequiredMixin, ListView): user = self.request.user if not user.pk or not user.ishtaruser: raise Http404() - q1 = self._queryset_filter(self.model.query_can_access(user, ["view_import", "change_import"])) + q1 = self._queryset_filter( + self.model.query_can_access( + user, + ["ishtar_common.view_import", "ishtar_common.change_import"] + ) + ) q1 = q1.filter(group__isnull=True).order_by("-end_date", "-creation_date", "-pk") - q2 = self._queryset_filter(models.ImportGroup.query_can_access(user, ["view_import", "change_import"])) - q2 = q2.order_by("-end_date", "-creation_date", "-pk") - values = list(reversed(sorted(list(q1) + list(q2), key=lambda x: (x.end_date or x.creation_date)))) - can_edit_all, can_delete_all, can_edit_own, can_delete_own = models.Import.get_permissions_for_actions( - user, self.request.session + q2 = self._queryset_filter( + models.ImportGroup.query_can_access( + user, + ["ishtar_common.view_import", "ishtar_common.change_import"] + ) ) + q2 = q2.order_by("-end_date", "-creation_date", "-pk") + values = list(reversed( + sorted( + list(q1) + list(q2), + key=lambda x: (x.end_date or x.creation_date) + ) + )) + can_edit_all, can_delete_all, can_edit_own, can_delete_own = \ + models.Import.get_permissions_for_actions(user) imports = [] owns = {} for imprt in values: can_edit, can_delete = get_permissions_for_actions( - user, imprt, owns, can_edit_all, can_delete_all, can_edit_own, can_delete_own + user, imprt, owns, can_edit_all, + can_delete_all, can_edit_own, can_delete_own + ) + imprt.action_list = imprt.get_actions( + can_edit=can_edit, can_delete=can_delete ) - imprt.action_list = imprt.get_actions(can_edit=can_edit, can_delete=can_delete) imports.append(imprt) self.imports_len = len(imports) self.current_page = 0 @@ -1768,9 +1800,8 @@ class ImportListView(IshtarMixin, LoginRequiredMixin, ListView): return imports def post(self, request, *args, **kwargs): - can_edit_all, can_delete_all, can_edit_own, can_delete_own = models.Import.get_permissions_for_actions( - request.user, request.session - ) + can_edit_all, can_delete_all, can_edit_own, can_delete_own = \ + models.Import.get_permissions_for_actions(request.user) owns = {} for field in request.POST: if not field.startswith("import-action-") or not request.POST[field]: @@ -1785,7 +1816,8 @@ class ImportListView(IshtarMixin, LoginRequiredMixin, ListView): except (models.Import.DoesNotExist, ValueError): continue can_edit, can_delete = get_permissions_for_actions( - request.user, imprt, owns, can_edit_all, can_delete_all, can_edit_own, can_delete_own + request.user, imprt, owns, can_edit_all, + can_delete_all, can_edit_own, can_delete_own ) action = request.POST[field] if can_delete and action == "D": @@ -1843,15 +1875,28 @@ class ImportListView(IshtarMixin, LoginRequiredMixin, ListView): if self.imports_len > self.page_step and self.pagination: dct["current_page"] = self.current_page dct["page_range"] = (n + 1 for n in range(self.page_number)) - add_import_perm = self.request.user.ishtaruser.has_right("add_import", session=self.request.session) - import_type_table = models.ImporterType.objects.filter(available=True, is_import=True, type='tab') - import_type_gis = models.ImporterType.objects.filter(available=True, is_import=True, type='gis') + add_import_perm = self.request.user.ishtaruser.has_permission( + "ishtar_common.add_import" + ) + import_type_table = models.ImporterType.objects.filter( + available=True, is_import=True, type='tab' + ) + import_type_gis = models.ImporterType.objects.filter( + available=True, is_import=True, type='gis' + ) import_type_group = models.ImporterGroup.objects.filter(available=True) - if not add_import_perm and self.request.user.ishtaruser.has_right("add_own_import", - session=self.request.session): - import_type_table = import_type_table.filter(users__pk=self.request.user.ishtaruser.pk) - import_type_gis = import_type_gis.filter(users__pk=self.request.user.ishtaruser.pk) - import_type_group = import_type_group.filter(users__pk=self.request.user.ishtaruser.pk) + ishtaruser = self.request.user.ishtaruser + if not add_import_perm and ishtaruser.has_permission( + "ishtar_common.add_own_import"): + import_type_table = import_type_table.filter( + users__pk=self.request.user.ishtaruser.pk + ) + import_type_gis = import_type_gis.filter( + users__pk=self.request.user.ishtaruser.pk + ) + import_type_group = import_type_group.filter( + users__pk=self.request.user.ishtaruser.pk + ) add_import_perm = True has_import_table, has_import_gis, has_import_group = False, False, False if add_import_perm: @@ -2313,11 +2358,11 @@ def import_get_status(request, current_right=None): "number_of_line": item.number_of_line, "progress_percent": item.progress_percent, }) - can_edit_all, can_delete_all, can_edit_own, can_delete_own = models.Import.get_permissions_for_actions( - request.user, request.session - ) + can_edit_all, can_delete_all, can_edit_own, can_delete_own = \ + models.Import.get_permissions_for_actions(request.user) can_edit, can_delete = get_permissions_for_actions( - request.user, item, {}, can_edit_all, can_delete_all, can_edit_own, can_delete_own + request.user, item, {}, can_edit_all, + can_delete_all, can_edit_own, can_delete_own ) item_dct["actions"] = [ (key, str(lbl)) @@ -2404,11 +2449,11 @@ class ImportCSVView(ImportPermissionMixin, IshtarMixin, LoginRequiredMixin, Temp TITLES = { "source": ("fa fa-file-text-o", _("Source")), "error": ("text-danger fa fa-exclamation-triangle", _("Error")), - "result": ("fa fa-th", _("Result")) , + "result": ("fa fa-th", _("Result")), "match": ("fa fa-arrows-h", _("Match")), } - permission_full = "view_import" - permission_own = "view_own_import" + permission_full = "ishtar_common.view_import" + permission_own = "ishtar_common.view_own_import" def get(self, request, *args, **kwargs): user = self.request.user @@ -2416,7 +2461,9 @@ class ImportCSVView(ImportPermissionMixin, IshtarMixin, LoginRequiredMixin, Temp raise Http404() self.is_group = kwargs.get("group", None) model = models.ImportGroup if self.is_group else models.Import - q = model.query_can_access(self.request.user, perm=self.permission_full).filter(pk=kwargs.get("pk", -1)) + q = model.query_can_access( + self.request.user, perm=self.permission_full + ).filter(pk=kwargs.get("pk", -1)) if not q.count(): raise Http404() self.import_item = q.all()[0] @@ -2491,7 +2538,9 @@ def line_error(request, line_id, current_right=None): if not q.count(): return line = q.all()[0] - q = models.Import.query_can_access(request.user, perm="change_import").filter(pk=line.import_item_id) + q = models.Import.query_can_access( + request.user, perm="ishtar_common.change_import" + ).filter(pk=line.import_item_id) if not q.count(): raise Http404() line.ignored = not line.ignored @@ -2853,7 +2902,12 @@ def get_bookmark(request, pk): def gen_generate_doc(model): def func(request, pk, template_pk=None): - if not request.user.has_perm("view_" + model.SLUG, model): + ishtaruser = getattr(request.user, "ishtaruser", None) + if not ishtaruser: + return HttpResponse(content_type="text/plain") + meta = model._meta + perm = f"{meta.app_label}.view_{meta.model_name}" + if not ishtaruser.has_permission(perm): return HttpResponse(content_type="text/plain") try: item = model.objects.get(pk=pk) @@ -3075,10 +3129,10 @@ class QAItemForm(IshtarMixin, LoginRequiredMixin, FormView): quick_action = self.get_quick_action() if not quick_action: raise Http404() - if not quick_action.is_available(user=request.user, session=request.session): + if not quick_action.is_available(user=request.user): for item in self.items: if not quick_action.is_available( - user=request.user, session=request.session, obj=item + user=request.user, obj=item ): raise Http404() @@ -3431,13 +3485,15 @@ class GeoCreateView(GeoFormMixin, CreateView): obj = model.objects.get(pk=self.kwargs.get("source_pk")) except model.DoesNotExist: raise Http404() - if not ishtaruser.has_perm("add_geovectordata"): # -> add_own_geovectordata + if not ishtaruser.has_permission( + "ishtar_common.add_geovectordata"): + # -> add_own_geovectordata # check permission to view attached item - if not getattr(model, "SLUG", None): - raise Http404() - if not ishtaruser.has_right(f"view_{model.SLUG}") \ - or not ishtaruser.has_right(f"view_own_{model.SLUG}") \ - or not obj.is_own(ishtaruser): + meta = model._meta + perm = f"{meta.app_label}.view_{meta.model_name}" + perm_own = f"{meta.app_label}.view_own_{meta.model_name}" + if not ishtaruser.has_permission(perm) \ + and not ishtaruser.has_permission(perm_own, obj=obj): # check permission to view own attached item raise Http404() kwargs["main_items_fields"] = {} |