From 09f60e48dd2290b774295e6a9dfd1b6147181371 Mon Sep 17 00:00:00 2001 From: Jean-Baptiste Pasquier <contact@jbpasquier.eu> Date: Tue, 13 Oct 2020 12:02:42 +0200 Subject: [PATCH 1/2] fix: add request to filter_user_perms --- djangoldp/models.py | 4 ++-- djangoldp/permissions.py | 2 +- djangoldp/serializers.py | 12 +++++++----- 3 files changed, 10 insertions(+), 8 deletions(-) diff --git a/djangoldp/models.py b/djangoldp/models.py index 261518f5..37ad240d 100644 --- a/djangoldp/models.py +++ b/djangoldp/models.py @@ -257,10 +257,10 @@ class Model(models.Model): return getattr(model_class._meta, meta_name, meta) @staticmethod - def get_permissions(obj_or_model, user_or_group, filter): + def get_permissions(obj_or_model, user_or_group, filter, request): permissions = filter for permission_class in Model.get_permission_classes(obj_or_model, [LDPPermissions]): - permissions = permission_class().filter_user_perms(user_or_group, obj_or_model, permissions) + permissions = permission_class().filter_user_perms(user_or_group, obj_or_model, permissions, request) return [{'mode': {'@type': name.split('_')[0]}} for name in permissions] @classmethod diff --git a/djangoldp/permissions.py b/djangoldp/permissions.py index 682ed354..ac613b93 100644 --- a/djangoldp/permissions.py +++ b/djangoldp/permissions.py @@ -97,7 +97,7 @@ class LDPPermissions(DjangoObjectPermissions): return self.perms_cache[perms_cache_key] # return list(perms) - def filter_user_perms(self, user, obj_or_model, permissions): + def filter_user_perms(self, user, obj_or_model, permissions, request): # Only used on Model.get_permissions to translate permissions to LDP return [perm for perm in permissions if perm in self.user_permissions(user, obj_or_model)] diff --git a/djangoldp/serializers.py b/djangoldp/serializers.py index 6fc13ee3..b80aec30 100644 --- a/djangoldp/serializers.py +++ b/djangoldp/serializers.py @@ -107,7 +107,7 @@ class LDListMixin: return self.to_representation_cache.get(cache_key) filtered_values = value - container_permissions = Model.get_permissions(child_model, self.context['request'].user, ['view', 'add']) + container_permissions = Model.get_permissions(child_model, self.context['request'].user, ['view', 'add'], self.context['request']) else: # this is a container. Parent model is the containing object, child the model contained @@ -127,10 +127,10 @@ class LDListMixin: filtered_values = list( filter(lambda v: Model.get_permission_classes(v, [LDPPermissions])[0]().has_object_permission( self.context['request'], self.context['view'], v), value)) - container_permissions = Model.get_permissions(child_model, self.context['request'].user, ['add']) + container_permissions = Model.get_permissions(child_model, self.context['request'].user, ['add'], self.context['request']) container_permissions.extend( Model.get_permissions(parent_model, self.context['request'].user, - ['view'])) + ['view'], self.context['request'])) self.to_representation_cache.set(self.id, {'@id': self.id, '@type': 'ldp:Container', @@ -346,7 +346,8 @@ class LDPSerializer(HyperlinkedModelSerializer): if rdf_context is not None: data['@context'] = rdf_context data['permissions'] = Model.get_permissions(obj, self.context['request'].user, - ['view', 'change', 'control', 'delete']) + ['view', 'change', 'control', 'delete'], + self.context['request']) return data @@ -383,7 +384,8 @@ class LDPSerializer(HyperlinkedModelSerializer): in data], 'permissions': Model.get_permissions(self.parent.Meta.model, self.context['request'].user, - ['view', 'add']) + ['view', 'add'], + self.context['request']) } else: return serializer.to_representation(instance) -- GitLab From 5413ef736c5783a962d7818c25e60ee536a00102 Mon Sep 17 00:00:00 2001 From: Jean-Baptiste Pasquier <contact@jbpasquier.eu> Date: Tue, 13 Oct 2020 12:25:59 +0200 Subject: [PATCH 2/2] feature: include the whole context on filter_user_perms --- djangoldp/models.py | 4 ++-- djangoldp/permissions.py | 4 ++-- djangoldp/serializers.py | 17 +++++++---------- 3 files changed, 11 insertions(+), 14 deletions(-) diff --git a/djangoldp/models.py b/djangoldp/models.py index 37ad240d..4bd5b10e 100644 --- a/djangoldp/models.py +++ b/djangoldp/models.py @@ -257,10 +257,10 @@ class Model(models.Model): return getattr(model_class._meta, meta_name, meta) @staticmethod - def get_permissions(obj_or_model, user_or_group, filter, request): + def get_permissions(obj_or_model, context, filter): permissions = filter for permission_class in Model.get_permission_classes(obj_or_model, [LDPPermissions]): - permissions = permission_class().filter_user_perms(user_or_group, obj_or_model, permissions, request) + permissions = permission_class().filter_user_perms(context, obj_or_model, permissions) return [{'mode': {'@type': name.split('_')[0]}} for name in permissions] @classmethod diff --git a/djangoldp/permissions.py b/djangoldp/permissions.py index ac613b93..c8f71aa8 100644 --- a/djangoldp/permissions.py +++ b/djangoldp/permissions.py @@ -97,9 +97,9 @@ class LDPPermissions(DjangoObjectPermissions): return self.perms_cache[perms_cache_key] # return list(perms) - def filter_user_perms(self, user, obj_or_model, permissions, request): + def filter_user_perms(self, context, obj_or_model, permissions): # Only used on Model.get_permissions to translate permissions to LDP - return [perm for perm in permissions if perm in self.user_permissions(user, obj_or_model)] + return [perm for perm in permissions if perm in self.user_permissions(context['request'].user, obj_or_model)] # perms_map defines the permissions required for different methods perms_map = { diff --git a/djangoldp/serializers.py b/djangoldp/serializers.py index b80aec30..e45a55a7 100644 --- a/djangoldp/serializers.py +++ b/djangoldp/serializers.py @@ -107,7 +107,7 @@ class LDListMixin: return self.to_representation_cache.get(cache_key) filtered_values = value - container_permissions = Model.get_permissions(child_model, self.context['request'].user, ['view', 'add'], self.context['request']) + container_permissions = Model.get_permissions(child_model, self.context, ['view', 'add']) else: # this is a container. Parent model is the containing object, child the model contained @@ -127,10 +127,9 @@ class LDListMixin: filtered_values = list( filter(lambda v: Model.get_permission_classes(v, [LDPPermissions])[0]().has_object_permission( self.context['request'], self.context['view'], v), value)) - container_permissions = Model.get_permissions(child_model, self.context['request'].user, ['add'], self.context['request']) + container_permissions = Model.get_permissions(child_model, self.context, ['add']) container_permissions.extend( - Model.get_permissions(parent_model, self.context['request'].user, - ['view'], self.context['request'])) + Model.get_permissions(parent_model, self.context, ['view'])) self.to_representation_cache.set(self.id, {'@id': self.id, '@type': 'ldp:Container', @@ -345,9 +344,8 @@ class LDPSerializer(HyperlinkedModelSerializer): data['@type'] = rdf_type if rdf_context is not None: data['@context'] = rdf_context - data['permissions'] = Model.get_permissions(obj, self.context['request'].user, - ['view', 'change', 'control', 'delete'], - self.context['request']) + data['permissions'] = Model.get_permissions(obj, self.context, + ['view', 'change', 'control', 'delete']) return data @@ -383,9 +381,8 @@ class LDPSerializer(HyperlinkedModelSerializer): item in data], 'permissions': Model.get_permissions(self.parent.Meta.model, - self.context['request'].user, - ['view', 'add'], - self.context['request']) + self.context, + ['view', 'add']) } else: return serializer.to_representation(instance) -- GitLab