From ce7d642318f4e4c57dd552915b12eef360d33d70 Mon Sep 17 00:00:00 2001
From: Étienne Loks <etienne.loks@iggdrasil.net>
Date: Thu, 7 Nov 2024 17:31:57 +0100
Subject: ✨ permissions refactoring: settings for upstream items management
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 ishtar_common/models_common.py | 70 +++++++++++-------------------------------
 1 file changed, 18 insertions(+), 52 deletions(-)

(limited to 'ishtar_common/models_common.py')

diff --git a/ishtar_common/models_common.py b/ishtar_common/models_common.py
index dc48fa9e5..aa52d82c7 100644
--- a/ishtar_common/models_common.py
+++ b/ishtar_common/models_common.py
@@ -22,7 +22,7 @@ from unidecode import unidecode
 from django import forms
 from django.apps import apps
 from django.conf import settings
-from django.contrib.auth.models import Permission, User
+from django.contrib.auth.models import User
 from django.contrib.contenttypes.models import ContentType
 from django.contrib.contenttypes.fields import GenericForeignKey
 from django.contrib.gis.db import models
@@ -60,8 +60,6 @@ from simple_history.signals import (
     pre_create_historical_record,
 )
 
-from guardian.models import UserObjectPermission
-
 from ishtar_common.data_importer import post_importer_action, ImporterError
 from ishtar_common.model_managers import TypeManager
 from ishtar_common.model_merging import merge_model_objects
@@ -1528,7 +1526,7 @@ class BaseHistorizedItem(
     FullSearch,
     Imported,
     JsonData,
-    FixAssociated,
+    FixAssociated
 ):
     """
     Historized item with external ID management.
@@ -1541,7 +1539,6 @@ class BaseHistorizedItem(
     EXTERNAL_ID_KEY = ""
     EXTERNAL_ID_DEPENDENCIES = []
     HISTORICAL_M2M = []
-    UPPER_PERMISSIONS = []
 
     history_modifier = models.ForeignKey(
         User,
@@ -1614,52 +1611,6 @@ class BaseHistorizedItem(
     def get_verbose_name(cls):
         return cls._meta.verbose_name
 
-    @classmethod
-    def get_ids_from_upper_permissions(cls, user_id, base_permissions):
-        if not cls.UPPER_PERMISSIONS:
-            return []
-        ProfileType = apps.get_model("ishtar_common", "ProfileType")
-        item_ids = []
-        for model, attr in cls.UPPER_PERMISSIONS:
-            if isinstance(model, tuple):
-                app_label, model_name = model
-                model = apps.get_model(app_label, model_name)
-            permissions = list(set([
-                "_".join(permission.codename.split("_")[:-1])
-                + f"_{model._meta.model_name}"
-                for permission in base_permissions
-            ]))
-            q = ProfileType.objects.filter(
-                user_profiles__person__ishtaruser=user_id,
-                groups__permissions__codename__in=permissions
-            )
-            lst = []
-            if not q.count():
-                # no permissions associated for upstream model get direct attachement
-                lst = model.objects.filter(
-                    ishtar_users__pk=user_id
-                ).values_list("pk", flat=True)
-            else:
-                perms = []
-                for codename in permissions:
-                    perms += [
-                        perm
-                        for perm in Permission.objects.filter(
-                            codename=codename).all()
-                    ]
-                lst = []
-                for permission in perms:
-                    lst += list(
-                        UserObjectPermission.objects.filter(
-                            permission=permission,
-                            user_id=user_id
-                        ).values_list("object_pk", flat=True)
-                    )
-            item_ids += cls.objects.filter(
-                **{f"{attr}__in": lst}
-            ).values_list("pk", flat=True)
-        return list(set(item_ids))
-
     def is_locked(self, user=None):
         if not user:
             return self.locked
@@ -2317,6 +2268,21 @@ class GeoVectorData(Imported, OwnPerms):
         "related_items_archaeological_warehouse_container",
     ]
 
+    UPPER_PERMISSIONS = [
+        (("archaeological_operations", "operation"),
+         "related_items_archaeological_operations_operation__pk"),
+        (("archaeological_operations", "archaeologicalsite"),
+         "related_items_archaeological_operations_archaeologicalsite__pk"),
+        (("archaeological_context_records", "contextrecord"),
+         "related_items_archaeological_context_records_contextrecord__pk"),
+        (("archaeological_finds", "find"),
+         "related_items_archaeological_finds_basefind__find__pk"),
+        (("archaeological_warehouse", "warehouse"),
+         "related_items_archaeological_warehouse_warehouse__pk"),
+        (("archaeological_warehouse", "container"),
+         "related_items_archaeological_warehouse_container__pk"),
+    ]
+
     buffer = models.FloatField(
         _("Buffer"), blank=True, null=True
     )
@@ -3110,7 +3076,7 @@ class PermissionRequest(models.Model):
         help_text=_("All items associated items match the request")
     )
     include_upstream_items = models.BooleanField(
-        _("Include upstream items"), default=True,
+        _("Include upstream items"), default=False,
         help_text=_(
             "All items associated by upstream link math the request. "
             "For instance, match is done for all finds associated with own "
-- 
cgit v1.2.3