allow rules and permissioning override

NINAnor · Jan 8, 2024 · 2b7e671 · 2b7e671
1 parent 044cf69
commit 2b7e671
Show file tree

Hide file tree

Showing 4 changed files with 22 additions and 19 deletions.
diff --git a/metadata_catalogue/maps/api.py b/metadata_catalogue/maps/api.py
@@ -1,12 +1,10 @@
 import uuid
 from typing import List
 
-from django.db.models import Q
 from ninja import Router
 from ninja.responses import codes_4xx
 
 from . import models, schema
-from .enums import Visibility
 
 maps_router = Router()
 
@@ -77,13 +75,6 @@ def get_portal_maps(request, portal_uuid: uuid.UUID):
         portal = models.Portal.objects.get(uuid=portal_uuid)
         if not request.user.has_perm("maps.portal_view", portal):
             return 404, {"message": "Not found"}
-
-        expression = Q()
-        if request.user.is_authenticated:
-            if not request.user.is_staff:
-                expression = Q(map__visibility=Visibility.PUBLIC) | Q(map__owner=request.user)
-        else:
-            expression = Q(map__visibility=Visibility.PUBLIC)
-        return 200, portal.maps.filter(expression).select_related("map")
+        return 200, portal.get_visible_maps(request=request)
     except models.Portal.DoesNotExist:
         return 404, {"message": "Not found"}
diff --git a/metadata_catalogue/maps/conf.py b/metadata_catalogue/maps/conf.py
@@ -4,3 +4,4 @@
 
 class MapsConf(AppConf):
     API_PREFIX = "api-1.0.0"
+    CUSTOM_RULES = False
diff --git a/metadata_catalogue/maps/models.py b/metadata_catalogue/maps/models.py
@@ -2,6 +2,7 @@
 
 from django.conf import settings
 from django.db import models
+from django.http import HttpRequest
 from django.urls import reverse
 from polymorphic.models import PolymorphicModel
 from slugify import slugify
@@ -252,6 +253,15 @@ class Meta:
     def __str__(self) -> str:
         return self.title
 
+    def get_visible_maps(self, request: HttpRequest):
+        expression = models.Q()
+        if request.user.is_authenticated:
+            if not request.user.is_staff:
+                expression = models.Q(map__visibility=Visibility.PUBLIC) | models.Q(map__owner=request.user)
+        else:
+            expression = models.Q(map__visibility=Visibility.PUBLIC)
+        return self.maps.filter(expression).select_related("map")
+
 
 class PortalMap(models.Model):
     map = models.ForeignKey("maps.Map", on_delete=models.CASCADE, related_name="portals")

diff --git a/metadata_catalogue/maps/rules.py b/metadata_catalogue/maps/rules.py
@@ -1,6 +1,7 @@
 import rules
 
 from . import enums
+from .conf import settings
 
 
 @rules.predicate
@@ -13,13 +14,13 @@ def is_public(user, object):
     return object.visibility == enums.Visibility.PUBLIC
 
 
-rules.add_perm("maps.map_view", is_public | is_owner | rules.is_staff)
-rules.add_perm("maps.map_edit", is_owner | rules.is_staff)
-rules.add_perm("maps.map_add", is_owner | rules.is_staff)
-rules.add_perm("maps.map_delete", is_owner | rules.is_staff)
+if not settings.MAPS_CUSTOM_RULES:
+    rules.add_perm("maps.map_view", is_public | is_owner | rules.is_staff)
+    rules.add_perm("maps.map_edit", is_owner | rules.is_staff)
+    rules.add_perm("maps.map_add", is_owner | rules.is_staff)
+    rules.add_perm("maps.map_delete", is_owner | rules.is_staff)
 
-
-rules.add_perm("maps.portal_view", is_public | is_owner | rules.is_staff)
-rules.add_perm("maps.portal_edit", is_owner | rules.is_staff)
-rules.add_perm("maps.portal_add", is_owner | rules.is_staff)
-rules.add_perm("maps.portal_delete", is_owner | rules.is_staff)
+    rules.add_perm("maps.portal_view", is_public | is_owner | rules.is_staff)
+    rules.add_perm("maps.portal_edit", is_owner | rules.is_staff)
+    rules.add_perm("maps.portal_add", is_owner | rules.is_staff)
+    rules.add_perm("maps.portal_delete", is_owner | rules.is_staff)
Original file line number	Diff line number	Diff line change
Expand Up		@@ -4,3 +4,4 @@

		class MapsConf(AppConf):
		API_PREFIX = "api-1.0.0"
		CUSTOM_RULES = False