taiga
/
taiga-back
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Refactoring the filtering by permissions with django-1.7 djorm-pgarray features

remotes/origin/enhancement/email-actions
Jesús Espino 2014-11-20 14:59:00 +01:00
parent c285857844
commit 63cd1dcac6
1 changed files with 7 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
taiga/base/filters.py
View File

@ -103,28 +103,13 @@ class PermissionBasedFilterBackend(FilterBackend):
memberships_qs = Membership.objects.filter(user=request.user)
if project_id:
memberships_qs = memberships_qs.filter(project_id=project_id)
# Force users_role table inclusion
memberships_qs = memberships_qs.exclude(role__slug="not valid slug")
where_sql = ["users_role.permissions @> ARRAY['{}']".format(self.permission)]
memberships_qs = memberships_qs.extra(where=where_sql)
memberships_qs = memberships_qs.filter(role__permissions__contains=[self.permission])
projects_list = [membership.project_id for membership in memberships_qs]
if len(projects_list) == 0:
qs = qs.filter(Q(project__owner=request.user))
elif len(projects_list) == 1:
qs = qs.filter(Q(project__owner=request.user) | Q(project=projects_list[0]))
qs = qs.filter(Q(project_id__in=projects_list) | Q(project__public_permissions__contains=[self.permission]))
else:
qs = qs.filter(Q(project__owner=request.user) | Q(project__in=projects_list))
extra_where = ExtraWhere(["projects_project.public_permissions @> ARRAY['{}']".format(
self.permission)], [])
qs.query.where.add(extra_where, OR)
else:
qs = qs.exclude(project__owner=-1)
extra_where = ExtraWhere(["projects_project.anon_permissions @> ARRAY['{}']".format(
self.permission)], [])
qs.query.where.add(extra_where, AND)
qs = qs.filter(project__anon_permissions__contains=[self.permission])
return super().filter_queryset(request, qs.distinct(), view)
@ -197,19 +182,12 @@ class CanViewProjectObjFilterBackend(FilterBackend):
memberships_qs = Membership.objects.filter(user=request.user)
if project_id:
memberships_qs = memberships_qs.filter(project_id=project_id)
memberships_qs = memberships_qs.exclude(role__slug="not valid slug") # Force users_role table inclusion
memberships_qs = memberships_qs.extra(where=["users_role.permissions @> ARRAY['view_project']"])
memberships_qs = memberships_qs.filter(role__permissions__contains=['view_project'])
projects_list = [membership.project_id for membership in memberships_qs]
if len(projects_list) == 0:
qs = qs.filter(Q(owner=request.user))
elif len(projects_list) == 1:
qs = qs.filter(Q(owner=request.user) | Q(id=projects_list[0]))
qs = qs.filter(Q(id__in=projects_list) | Q(public_permissions__contains=["view_project"]))
else:
qs = qs.filter(Q(owner=request.user) | Q(id__in=projects_list))
qs.query.where.add(ExtraWhere(["projects_project.public_permissions @> ARRAY['view_project']"], []), OR)
else:
qs.query.where.add(ExtraWhere(["projects_project.anon_permissions @> ARRAY['view_project']"], []), AND)
qs = qs.filter(public_permissions__contains=["view_project"])
return super().filter_queryset(request, qs.distinct(), view)
@ -219,8 +197,7 @@ class IsProjectMemberFilterBackend(FilterBackend):
if request.user.is_authenticated() and request.user.is_superuser:
queryset = queryset
elif request.user.is_authenticated():
queryset = queryset.filter(Q(project__members=request.user) |
Q(project__owner=request.user))
queryset = queryset.filter(project__members=request.user)
else:
queryset = queryset.none()