From 09f60e48dd2290b774295e6a9dfd1b6147181371 Mon Sep 17 00:00:00 2001
From: Jean-Baptiste Pasquier <contact@jbpasquier.eu>
Date: Tue, 13 Oct 2020 12:02:42 +0200
Subject: [PATCH 1/2] fix: add request to filter_user_perms

---
 djangoldp/models.py      |  4 ++--
 djangoldp/permissions.py |  2 +-
 djangoldp/serializers.py | 12 +++++++-----
 3 files changed, 10 insertions(+), 8 deletions(-)

diff --git a/djangoldp/models.py b/djangoldp/models.py
index 261518f5..37ad240d 100644
--- a/djangoldp/models.py
+++ b/djangoldp/models.py
@@ -257,10 +257,10 @@ class Model(models.Model):
         return getattr(model_class._meta, meta_name, meta)
 
     @staticmethod
-    def get_permissions(obj_or_model, user_or_group, filter):
+    def get_permissions(obj_or_model, user_or_group, filter, request):
         permissions = filter
         for permission_class in Model.get_permission_classes(obj_or_model, [LDPPermissions]):
-            permissions = permission_class().filter_user_perms(user_or_group, obj_or_model, permissions)
+            permissions = permission_class().filter_user_perms(user_or_group, obj_or_model, permissions, request)
         return [{'mode': {'@type': name.split('_')[0]}} for name in permissions]
 
     @classmethod
diff --git a/djangoldp/permissions.py b/djangoldp/permissions.py
index 682ed354..ac613b93 100644
--- a/djangoldp/permissions.py
+++ b/djangoldp/permissions.py
@@ -97,7 +97,7 @@ class LDPPermissions(DjangoObjectPermissions):
         return self.perms_cache[perms_cache_key]
         # return list(perms)
 
-    def filter_user_perms(self, user, obj_or_model, permissions):
+    def filter_user_perms(self, user, obj_or_model, permissions, request):
         # Only used on Model.get_permissions to translate permissions to LDP
         return [perm for perm in permissions if perm in self.user_permissions(user, obj_or_model)]
 
diff --git a/djangoldp/serializers.py b/djangoldp/serializers.py
index 6fc13ee3..b80aec30 100644
--- a/djangoldp/serializers.py
+++ b/djangoldp/serializers.py
@@ -107,7 +107,7 @@ class LDListMixin:
                 return self.to_representation_cache.get(cache_key)
 
             filtered_values = value
-            container_permissions = Model.get_permissions(child_model, self.context['request'].user, ['view', 'add'])
+            container_permissions = Model.get_permissions(child_model, self.context['request'].user, ['view', 'add'], self.context['request'])
 
         else:
             # this is a container. Parent model is the containing object, child the model contained
@@ -127,10 +127,10 @@ class LDListMixin:
             filtered_values = list(
                 filter(lambda v: Model.get_permission_classes(v, [LDPPermissions])[0]().has_object_permission(
                     self.context['request'], self.context['view'], v), value))
-            container_permissions = Model.get_permissions(child_model, self.context['request'].user, ['add'])
+            container_permissions = Model.get_permissions(child_model, self.context['request'].user, ['add'], self.context['request'])
             container_permissions.extend(
                 Model.get_permissions(parent_model, self.context['request'].user,
-                                      ['view']))
+                                      ['view'], self.context['request']))
 
         self.to_representation_cache.set(self.id, {'@id': self.id,
                 '@type': 'ldp:Container',
@@ -346,7 +346,8 @@ class LDPSerializer(HyperlinkedModelSerializer):
         if rdf_context is not None:
             data['@context'] = rdf_context
         data['permissions'] = Model.get_permissions(obj, self.context['request'].user,
-                                                    ['view', 'change', 'control', 'delete'])
+                                                    ['view', 'change', 'control', 'delete'],
+                                                    self.context['request'])
 
         return data
 
@@ -383,7 +384,8 @@ class LDPSerializer(HyperlinkedModelSerializer):
                                                  in data],
                                 'permissions': Model.get_permissions(self.parent.Meta.model,
                                                                      self.context['request'].user,
-                                                                     ['view', 'add'])
+                                                                     ['view', 'add'],
+                                                                     self.context['request'])
                                 }
                     else:
                         return serializer.to_representation(instance)
-- 
GitLab


From 5413ef736c5783a962d7818c25e60ee536a00102 Mon Sep 17 00:00:00 2001
From: Jean-Baptiste Pasquier <contact@jbpasquier.eu>
Date: Tue, 13 Oct 2020 12:25:59 +0200
Subject: [PATCH 2/2] feature: include the whole context on filter_user_perms

---
 djangoldp/models.py      |  4 ++--
 djangoldp/permissions.py |  4 ++--
 djangoldp/serializers.py | 17 +++++++----------
 3 files changed, 11 insertions(+), 14 deletions(-)

diff --git a/djangoldp/models.py b/djangoldp/models.py
index 37ad240d..4bd5b10e 100644
--- a/djangoldp/models.py
+++ b/djangoldp/models.py
@@ -257,10 +257,10 @@ class Model(models.Model):
         return getattr(model_class._meta, meta_name, meta)
 
     @staticmethod
-    def get_permissions(obj_or_model, user_or_group, filter, request):
+    def get_permissions(obj_or_model, context, filter):
         permissions = filter
         for permission_class in Model.get_permission_classes(obj_or_model, [LDPPermissions]):
-            permissions = permission_class().filter_user_perms(user_or_group, obj_or_model, permissions, request)
+            permissions = permission_class().filter_user_perms(context, obj_or_model, permissions)
         return [{'mode': {'@type': name.split('_')[0]}} for name in permissions]
 
     @classmethod
diff --git a/djangoldp/permissions.py b/djangoldp/permissions.py
index ac613b93..c8f71aa8 100644
--- a/djangoldp/permissions.py
+++ b/djangoldp/permissions.py
@@ -97,9 +97,9 @@ class LDPPermissions(DjangoObjectPermissions):
         return self.perms_cache[perms_cache_key]
         # return list(perms)
 
-    def filter_user_perms(self, user, obj_or_model, permissions, request):
+    def filter_user_perms(self, context, obj_or_model, permissions):
         # Only used on Model.get_permissions to translate permissions to LDP
-        return [perm for perm in permissions if perm in self.user_permissions(user, obj_or_model)]
+        return [perm for perm in permissions if perm in self.user_permissions(context['request'].user, obj_or_model)]
 
     # perms_map defines the permissions required for different methods
     perms_map = {
diff --git a/djangoldp/serializers.py b/djangoldp/serializers.py
index b80aec30..e45a55a7 100644
--- a/djangoldp/serializers.py
+++ b/djangoldp/serializers.py
@@ -107,7 +107,7 @@ class LDListMixin:
                 return self.to_representation_cache.get(cache_key)
 
             filtered_values = value
-            container_permissions = Model.get_permissions(child_model, self.context['request'].user, ['view', 'add'], self.context['request'])
+            container_permissions = Model.get_permissions(child_model, self.context, ['view', 'add'])
 
         else:
             # this is a container. Parent model is the containing object, child the model contained
@@ -127,10 +127,9 @@ class LDListMixin:
             filtered_values = list(
                 filter(lambda v: Model.get_permission_classes(v, [LDPPermissions])[0]().has_object_permission(
                     self.context['request'], self.context['view'], v), value))
-            container_permissions = Model.get_permissions(child_model, self.context['request'].user, ['add'], self.context['request'])
+            container_permissions = Model.get_permissions(child_model, self.context, ['add'])
             container_permissions.extend(
-                Model.get_permissions(parent_model, self.context['request'].user,
-                                      ['view'], self.context['request']))
+                Model.get_permissions(parent_model, self.context, ['view']))
 
         self.to_representation_cache.set(self.id, {'@id': self.id,
                 '@type': 'ldp:Container',
@@ -345,9 +344,8 @@ class LDPSerializer(HyperlinkedModelSerializer):
             data['@type'] = rdf_type
         if rdf_context is not None:
             data['@context'] = rdf_context
-        data['permissions'] = Model.get_permissions(obj, self.context['request'].user,
-                                                    ['view', 'change', 'control', 'delete'],
-                                                    self.context['request'])
+        data['permissions'] = Model.get_permissions(obj, self.context,
+                                                    ['view', 'change', 'control', 'delete'])
 
         return data
 
@@ -383,9 +381,8 @@ class LDPSerializer(HyperlinkedModelSerializer):
                                                  item
                                                  in data],
                                 'permissions': Model.get_permissions(self.parent.Meta.model,
-                                                                     self.context['request'].user,
-                                                                     ['view', 'add'],
-                                                                     self.context['request'])
+                                                                     self.context,
+                                                                     ['view', 'add'])
                                 }
                     else:
                         return serializer.to_representation(instance)
-- 
GitLab