From 63cd1dcac69bb6f660b8e1f85d2b3ab21f152170 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jes=C3=BAs=20Espino?= Date: Thu, 20 Nov 2014 14:59:00 +0100 Subject: [PATCH] Refactoring the filtering by permissions with django-1.7 djorm-pgarray features --- taiga/base/filters.py | 37 +++++++------------------------------ 1 file changed, 7 insertions(+), 30 deletions(-) diff --git a/taiga/base/filters.py b/taiga/base/filters.py index 986a0192..a4822a12 100644 --- a/taiga/base/filters.py +++ b/taiga/base/filters.py @@ -103,28 +103,13 @@ class PermissionBasedFilterBackend(FilterBackend): memberships_qs = Membership.objects.filter(user=request.user) if project_id: memberships_qs = memberships_qs.filter(project_id=project_id) - - # Force users_role table inclusion - memberships_qs = memberships_qs.exclude(role__slug="not valid slug") - where_sql = ["users_role.permissions @> ARRAY['{}']".format(self.permission)] - memberships_qs = memberships_qs.extra(where=where_sql) + memberships_qs = memberships_qs.filter(role__permissions__contains=[self.permission]) projects_list = [membership.project_id for membership in memberships_qs] - if len(projects_list) == 0: - qs = qs.filter(Q(project__owner=request.user)) - elif len(projects_list) == 1: - qs = qs.filter(Q(project__owner=request.user) | Q(project=projects_list[0])) - else: - qs = qs.filter(Q(project__owner=request.user) | Q(project__in=projects_list)) - extra_where = ExtraWhere(["projects_project.public_permissions @> ARRAY['{}']".format( - self.permission)], []) - qs.query.where.add(extra_where, OR) + qs = qs.filter(Q(project_id__in=projects_list) | Q(project__public_permissions__contains=[self.permission])) else: - qs = qs.exclude(project__owner=-1) - extra_where = ExtraWhere(["projects_project.anon_permissions @> ARRAY['{}']".format( - self.permission)], []) - qs.query.where.add(extra_where, AND) + qs = qs.filter(project__anon_permissions__contains=[self.permission]) return super().filter_queryset(request, qs.distinct(), view) @@ -197,19 +182,12 @@ class CanViewProjectObjFilterBackend(FilterBackend): memberships_qs = Membership.objects.filter(user=request.user) if project_id: memberships_qs = memberships_qs.filter(project_id=project_id) - memberships_qs = memberships_qs.exclude(role__slug="not valid slug") # Force users_role table inclusion - memberships_qs = memberships_qs.extra(where=["users_role.permissions @> ARRAY['view_project']"]) + memberships_qs = memberships_qs.filter(role__permissions__contains=['view_project']) projects_list = [membership.project_id for membership in memberships_qs] - if len(projects_list) == 0: - qs = qs.filter(Q(owner=request.user)) - elif len(projects_list) == 1: - qs = qs.filter(Q(owner=request.user) | Q(id=projects_list[0])) - else: - qs = qs.filter(Q(owner=request.user) | Q(id__in=projects_list)) - qs.query.where.add(ExtraWhere(["projects_project.public_permissions @> ARRAY['view_project']"], []), OR) + qs = qs.filter(Q(id__in=projects_list) | Q(public_permissions__contains=["view_project"])) else: - qs.query.where.add(ExtraWhere(["projects_project.anon_permissions @> ARRAY['view_project']"], []), AND) + qs = qs.filter(public_permissions__contains=["view_project"]) return super().filter_queryset(request, qs.distinct(), view) @@ -219,8 +197,7 @@ class IsProjectMemberFilterBackend(FilterBackend): if request.user.is_authenticated() and request.user.is_superuser: queryset = queryset elif request.user.is_authenticated(): - queryset = queryset.filter(Q(project__members=request.user) | - Q(project__owner=request.user)) + queryset = queryset.filter(project__members=request.user) else: queryset = queryset.none()