Skip to content

Commit

Permalink
Merge pull request #1282 from Signbank/api_perm_check_1281
Browse files Browse the repository at this point in the history 
Api perm check 1281
  • Loading branch information
@susanodd
susanodd authored Sep 2, 2024
2 parents 6b4f249 + ef02bf5 commit 6c277dc
Show file tree
Hide file tree
Showing 10 changed files with 108 additions and 53 deletions.
2 changes: 1 addition & 1 deletion signbank/context_processors.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ def url(request):
viewable_datasets.append(dataset)
continue
permissions_for_dataset = get_user_perms(request.user, dataset)
if 'view_dataset' in permissions_for_dataset or 'can_view_dataset' in permissions_for_dataset:
if 'view_dataset' in permissions_for_dataset:
viewable_datasets.append(dataset)

if 'dark_mode' not in request.session.keys():
Expand Down
35 changes: 17 additions & 18 deletions signbank/dictionary/adminviews.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -851,7 +851,7 @@ def get(self, request, *args, **kwargs):
return HttpResponseRedirect(reverse('registration:login'))

dataset_of_requested_gloss = self.object.lemma.dataset
datasets_user_can_view = get_objects_for_user(request.user, ['view_dataset', 'can_view_dataset'],
datasets_user_can_view = get_objects_for_user(request.user, ['view_dataset'],
Dataset, accept_global_perms=True, any_perm=True)

if dataset_of_requested_gloss not in selected_datasets:
Expand Down Expand Up @@ -1292,7 +1292,7 @@ def get_context_data(self, **kwargs):
context['dataset_choices'] = {}
user = self.request.user
if user.is_authenticated:
qs = get_objects_for_user(user, ['view_dataset', 'can_view_dataset'], Dataset, accept_global_perms=True, any_perm=True)
qs = get_objects_for_user(user, ['view_dataset'], Dataset, accept_global_perms=True, any_perm=True)
dataset_choices = {}
for dataset in qs:
dataset_choices[dataset.acronym] = dataset.acronym
Expand Down Expand Up @@ -1477,7 +1477,7 @@ def get(self, request, *args, **kwargs):
return HttpResponseRedirect(reverse('registration:login'))

dataset_of_requested_gloss = self.object.lemma.dataset
datasets_user_can_view = get_objects_for_user(request.user, ['view_dataset', 'can_view_dataset'],
datasets_user_can_view = get_objects_for_user(request.user, ['view_dataset'],
Dataset, accept_global_perms=True, any_perm=True)

if dataset_of_requested_gloss not in selected_datasets:
Expand Down Expand Up @@ -1586,7 +1586,7 @@ def get(self, request, *args, **kwargs):
return HttpResponseRedirect(reverse('registration:login'))

dataset_of_requested_gloss = self.object.lemma.dataset
datasets_user_can_view = get_objects_for_user(request.user, ['view_dataset', 'can_view_dataset'],
datasets_user_can_view = get_objects_for_user(request.user, ['view_dataset'],
Dataset, accept_global_perms=True, any_perm=True)

if dataset_of_requested_gloss not in selected_datasets:
Expand Down Expand Up @@ -2876,7 +2876,7 @@ def get_queryset(self):
checker.prefetch_perms(qs)

for dataset in qs:
checker.has_perm('can_view_dataset', dataset) or checker.has_perm('view_dataset', dataset)
checker.has_perm('view_dataset', dataset)

return qs
else:
Expand Down Expand Up @@ -2916,7 +2916,7 @@ def get(self, request, *args, **kwargs):
return HttpResponseRedirect(reverse('registration:login'))

dataset_of_requested_gloss = self.object.lemma.dataset
datasets_user_can_view = get_objects_for_user(request.user, ['view_dataset', 'can_view_dataset'],
datasets_user_can_view = get_objects_for_user(request.user, ['view_dataset'],
Dataset, accept_global_perms=True, any_perm=True)

if dataset_of_requested_gloss not in selected_datasets:
Expand Down Expand Up @@ -2982,7 +2982,7 @@ def get_context_data(self, **kwargs):
context['dataset_choices'] = {}
user = self.request.user
if user.is_authenticated:
qs = get_objects_for_user(user, ['view_dataset', 'can_view_dataset'],
qs = get_objects_for_user(user, ['view_dataset'],
Dataset, accept_global_perms=True, any_perm=True)
dataset_choices = {}
for dataset in qs:
Expand Down Expand Up @@ -3128,7 +3128,7 @@ def get_context_data(self, **kwargs):
context['dataset_choices'] = {}
user = self.request.user
if user.is_authenticated:
qs = get_objects_for_user(user, ['view_dataset', 'can_view_dataset'],
qs = get_objects_for_user(user, ['view_dataset'],
Dataset, accept_global_perms=True, any_perm=True)
dataset_choices = {}
for dataset in qs:
Expand Down Expand Up @@ -3553,14 +3553,14 @@ def render_to_request_response(self, context):

# make sure the user can write to this dataset
from guardian.shortcuts import get_objects_for_user, assign_perm
user_view_datasets = get_objects_for_user(self.request.user, ['view_dataset', 'can_view_dataset'],
user_view_datasets = get_objects_for_user(self.request.user, ['view_dataset'],
Dataset, accept_global_perms=True, any_perm=True)
may_request_dataset = True
if dataset_object.is_public and not dataset_object in user_view_datasets:
# the user currently has no view permission for the requested dataset
# Give permission to access dataset
may_request_dataset = True
assign_perm('can_view_dataset', self.request.user, dataset_object)
assign_perm('view_dataset', self.request.user, dataset_object)
messages.add_message(self.request, messages.INFO,
_('View permission for user successfully granted.'))
elif not dataset_object.is_public and not dataset_object in user_view_datasets:
Expand Down Expand Up @@ -3716,7 +3716,7 @@ def get_queryset(self):
checker.prefetch_perms(qs)

for dataset in qs:
checker.has_perm('can_view_dataset', dataset) or checker.has_perm('view_dataset', dataset)
checker.has_perm('view_dataset', dataset)

qs = qs.annotate(Count('lemmaidgloss__gloss')).order_by('acronym')

Expand Down Expand Up @@ -3913,7 +3913,7 @@ def render_to_add_user_response(self, context):

from guardian.shortcuts import assign_perm, remove_perm
datasets_user_can_change = get_objects_for_user(user_object, 'change_dataset', Dataset, accept_global_perms=False)
datasets_user_can_view = get_objects_for_user(user_object, ['view_dataset', 'can_view_dataset'],
datasets_user_can_view = get_objects_for_user(user_object, ['view_dataset'],
Dataset, accept_global_perms=False, any_perm=True)
groups_user_is_in = Group.objects.filter(user=user_object)

Expand All @@ -3929,7 +3929,7 @@ def render_to_add_user_response(self, context):
return HttpResponseRedirect(reverse('admin_dataset_manager')+'?'+manage_identifier)

try:
assign_perm('can_view_dataset', user_object, dataset_object)
assign_perm('view_dataset', user_object, dataset_object)
messages.add_message(self.request, messages.INFO,
_('View permission for user successfully granted.'))

Expand Down Expand Up @@ -4016,7 +4016,6 @@ def render_to_add_user_response(self, context):
try:
# also need to remove change_dataset perm in this case
from guardian.shortcuts import remove_perm
remove_perm('can_view_dataset', user_object, dataset_object)
remove_perm('change_dataset', user_object, dataset_object)
messages.add_message(self.request, messages.INFO,
_('View (and change) permission for user successfully revoked.'))
Expand Down Expand Up @@ -4615,7 +4614,7 @@ def get(self, request, *args, **kwargs):
return HttpResponseRedirect(reverse('registration:login'))

dataset = self.object
datasets_user_can_view = get_objects_for_user(request.user, ['view_dataset', 'can_view_dataset'],
datasets_user_can_view = get_objects_for_user(request.user, ['view_dataset'],
Dataset, accept_global_perms=True, any_perm=True)

if dataset not in datasets_user_can_view:
Expand Down Expand Up @@ -4956,7 +4955,7 @@ def get(self, request, *args, **kwargs):
return HttpResponseRedirect(reverse('registration:login'))

dataset_of_requested_morpheme = self.object.lemma.dataset
datasets_user_can_view = get_objects_for_user(request.user, ['view_dataset', 'can_view_dataset'],
datasets_user_can_view = get_objects_for_user(request.user, ['view_dataset'],
Dataset, accept_global_perms=False, any_perm=True)

if dataset_of_requested_morpheme not in selected_datasets:
Expand Down Expand Up @@ -5201,7 +5200,7 @@ def get_context_data(self, **kwargs):
context['dataset_choices'] = {}
user = self.request.user
if user.is_authenticated:
qs = get_objects_for_user(user, ['view_dataset', 'can_view_dataset'],
qs = get_objects_for_user(user, ['view_dataset'],
Dataset, accept_global_perms=False, any_perm=True)
dataset_choices = dict()
for dataset in qs:
Expand Down Expand Up @@ -6355,7 +6354,7 @@ def get(self, request, *args, **kwargs):
return HttpResponseRedirect(reverse('registration:login'))

dataset_of_requested_lemma = self.object.dataset
datasets_user_can_view = get_objects_for_user(request.user, ['view_dataset', 'can_view_dataset'],
datasets_user_can_view = get_objects_for_user(request.user, ['view_dataset'],
Dataset, accept_global_perms=False, any_perm=True)

if dataset_of_requested_lemma not in selected_datasets:
Expand Down
58 changes: 58 additions & 0 deletions signbank/dictionary/migrations/0085_auto_20240829_1021.py
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,58 @@
# Generated by Django 4.2.11 on 2024-08-29 08:21

from django.db import migrations
from django.contrib.auth.models import User, Group, Permission
from guardian.models import UserObjectPermission, GroupObjectPermission


def remove_can_view_dataset(apps, schema_editor):
view_dataset_perm = Permission.objects.get(codename='view_dataset')
can_view_dataset_perm = Permission.objects.get(codename='can_view_dataset')

# User - Permission
for user in User.objects.filter(user_permissions=can_view_dataset_perm)\
.exclude(user_permissions=view_dataset_perm):
user.user_permissions.add(view_dataset_perm)
print(f'Added {view_dataset_perm} to {user}')

# Group - Permission
for group in Group.objects.filter(permissions=can_view_dataset_perm)\
.exclude(permissions=view_dataset_perm):
group.group_permissions.add(view_dataset_perm)
print(f'Added {view_dataset_perm} to {group}')

# User - Object - Permission (Guardian)
for user_obj_perm in UserObjectPermission.objects.filter(permission=can_view_dataset_perm)\
.exclude(permission=view_dataset_perm).values():
del user_obj_perm['id']
user_obj_perm['permission_id'] = view_dataset_perm.id
new_user_obj_perm, created = UserObjectPermission.objects.get_or_create(**user_obj_perm)
if created:
print(f'UserObjectPermission created: {new_user_obj_perm}')

# Group - Object - Permission (Guardian)
for group_obj_perm in GroupObjectPermission.objects.filter(permission=can_view_dataset_perm)\
.exclude(permission=view_dataset_perm).values():
del group_obj_perm['id']
group_obj_perm['permission_id'] = view_dataset_perm.id
new_group_obj_perm, created = GroupObjectPermission.objects.get_or_create(**group_obj_perm)
if created:
print(f'GroupObjectPermission created: {new_group_obj_perm}')

# Remove the can_view_datset permission
can_view_dataset_perm.delete()

# Rename the view_dataset permission
view_dataset_perm.name = 'Can view dataset'
view_dataset_perm.save()


class Migration(migrations.Migration):

dependencies = [
('dictionary', '0084_gloss_archived'),
]

operations = [
migrations.RunPython(remove_can_view_dataset),
]
7 changes: 1 addition & 6 deletions signbank/dictionary/models.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3104,11 +3104,6 @@ class Dataset(models.Model):

exclude_choices = models.ManyToManyField('FieldChoice', help_text="Exclude these field choices", blank=True)

class Meta:
permissions = (
('can_view_dataset', _('View dataset')),
)

def __init__(self, *args, **kwargs):
super().__init__(*args, **kwargs)

Expand Down Expand Up @@ -3193,7 +3188,7 @@ def get_users_who_can_view_dataset(self):
with_group_users=False)
for user in all_users:
if user in users_who_can_access_me.keys():
if 'can_view_dataset' in users_who_can_access_me[user] or 'view_dataset' in users_who_can_access_me[user]:
if 'view_dataset' in users_who_can_access_me[user]:
users_who_can_view_dataset.append(user)

return users_who_can_view_dataset
Expand Down
4 changes: 2 additions & 2 deletions signbank/dictionary/templates/dictionary/admin_dataset_list.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -55,7 +55,7 @@ <h3>{% trans "Available Datasets" %}</h3>
{% if not user.is_anonymous %}
<td>
{% get_obj_perms request.user for dataset as "dataset_perms" %}
{% if "view_dataset" in dataset_perms or "can_view_dataset" in dataset_perms %}
{% if "view_dataset" in dataset_perms %}
{% trans "Yes" %}
{% else %}
{% trans "No" %}
Expand All @@ -72,7 +72,7 @@ <h3>{% trans "Available Datasets" %}</h3>
<td>
{% if dataset.is_public %}
{% get_obj_perms request.user for dataset as "dataset_perms" %}
{% if not "view_dataset" in dataset_perms or not "can_view_dataset" in dataset_perms %}
{% if not "view_dataset" in dataset_perms %}

<div data-toggle="collapse" href="#dataset_{{dataset.name|cut:' '}}_request_view"><button>{% trans "Request View Access" %}</button></div>
<div id='dataset_{{dataset.name|cut:" "}}_request_view' class='collapse'>
Expand Down
2 changes: 1 addition & 1 deletion signbank/dictionary/templates/dictionary/admin_dataset_select_list.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,7 @@ <h3>{% trans "Select Datasets" %}</h3>
<tbody class="tbody tbody-light">
{% for dataset in object_list %}
{% get_obj_perms request.user for dataset as "dataset_perms" %}
{% if "view_dataset" in dataset_perms or "can_view_dataset" in dataset_perms %}
{% if "view_dataset" in dataset_perms %}
<tr>
<td class='td td-light'><input type="checkbox" name="dataset_{{ dataset.acronym }}" value="true" {% if dataset.user.0.user %}checked{% endif %}/></td>
<td class='td td-light'>
Expand Down
Loading

0 comments on commit 6c277dc

Please sign in to comment.