From 2b7e671223d8bca7be9faa7d49dbb51f0f9ee980 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Niccol=C3=B2=20Cant=C3=B9?= Date: Mon, 8 Jan 2024 10:24:05 +0100 Subject: [PATCH] allow rules and permissioning override --- metadata_catalogue/maps/api.py | 11 +---------- metadata_catalogue/maps/conf.py | 1 + metadata_catalogue/maps/models.py | 10 ++++++++++ metadata_catalogue/maps/rules.py | 19 ++++++++++--------- 4 files changed, 22 insertions(+), 19 deletions(-) diff --git a/metadata_catalogue/maps/api.py b/metadata_catalogue/maps/api.py index 84a456b..5b0f3ca 100644 --- a/metadata_catalogue/maps/api.py +++ b/metadata_catalogue/maps/api.py @@ -1,12 +1,10 @@ import uuid from typing import List -from django.db.models import Q from ninja import Router from ninja.responses import codes_4xx from . import models, schema -from .enums import Visibility maps_router = Router() @@ -77,13 +75,6 @@ def get_portal_maps(request, portal_uuid: uuid.UUID): portal = models.Portal.objects.get(uuid=portal_uuid) if not request.user.has_perm("maps.portal_view", portal): return 404, {"message": "Not found"} - - expression = Q() - if request.user.is_authenticated: - if not request.user.is_staff: - expression = Q(map__visibility=Visibility.PUBLIC) | Q(map__owner=request.user) - else: - expression = Q(map__visibility=Visibility.PUBLIC) - return 200, portal.maps.filter(expression).select_related("map") + return 200, portal.get_visible_maps(request=request) except models.Portal.DoesNotExist: return 404, {"message": "Not found"} diff --git a/metadata_catalogue/maps/conf.py b/metadata_catalogue/maps/conf.py index 79a8365..a603454 100644 --- a/metadata_catalogue/maps/conf.py +++ b/metadata_catalogue/maps/conf.py @@ -4,3 +4,4 @@ class MapsConf(AppConf): API_PREFIX = "api-1.0.0" + CUSTOM_RULES = False diff --git a/metadata_catalogue/maps/models.py b/metadata_catalogue/maps/models.py index 792062c..83919f0 100644 --- a/metadata_catalogue/maps/models.py +++ b/metadata_catalogue/maps/models.py @@ -2,6 +2,7 @@ from django.conf import settings from django.db import models +from django.http import HttpRequest from django.urls import reverse from polymorphic.models import PolymorphicModel from slugify import slugify @@ -252,6 +253,15 @@ class Meta: def __str__(self) -> str: return self.title + def get_visible_maps(self, request: HttpRequest): + expression = models.Q() + if request.user.is_authenticated: + if not request.user.is_staff: + expression = models.Q(map__visibility=Visibility.PUBLIC) | models.Q(map__owner=request.user) + else: + expression = models.Q(map__visibility=Visibility.PUBLIC) + return self.maps.filter(expression).select_related("map") + class PortalMap(models.Model): map = models.ForeignKey("maps.Map", on_delete=models.CASCADE, related_name="portals") diff --git a/metadata_catalogue/maps/rules.py b/metadata_catalogue/maps/rules.py index 965a66f..ca81647 100644 --- a/metadata_catalogue/maps/rules.py +++ b/metadata_catalogue/maps/rules.py @@ -1,6 +1,7 @@ import rules from . import enums +from .conf import settings @rules.predicate @@ -13,13 +14,13 @@ def is_public(user, object): return object.visibility == enums.Visibility.PUBLIC -rules.add_perm("maps.map_view", is_public | is_owner | rules.is_staff) -rules.add_perm("maps.map_edit", is_owner | rules.is_staff) -rules.add_perm("maps.map_add", is_owner | rules.is_staff) -rules.add_perm("maps.map_delete", is_owner | rules.is_staff) +if not settings.MAPS_CUSTOM_RULES: + rules.add_perm("maps.map_view", is_public | is_owner | rules.is_staff) + rules.add_perm("maps.map_edit", is_owner | rules.is_staff) + rules.add_perm("maps.map_add", is_owner | rules.is_staff) + rules.add_perm("maps.map_delete", is_owner | rules.is_staff) - -rules.add_perm("maps.portal_view", is_public | is_owner | rules.is_staff) -rules.add_perm("maps.portal_edit", is_owner | rules.is_staff) -rules.add_perm("maps.portal_add", is_owner | rules.is_staff) -rules.add_perm("maps.portal_delete", is_owner | rules.is_staff) + rules.add_perm("maps.portal_view", is_public | is_owner | rules.is_staff) + rules.add_perm("maps.portal_edit", is_owner | rules.is_staff) + rules.add_perm("maps.portal_add", is_owner | rules.is_staff) + rules.add_perm("maps.portal_delete", is_owner | rules.is_staff)