2025-summer/team-3
12
Fork 0
Code Issues Pull requests Projects Releases Activity

respect space_accesses in editor review process (some users can reviews some changes)

Browse source
This commit is contained in:
Laura Klünder 2018-12-08 23:15:37 +01:00
parent 328fb1b215
commit 376709588e
2 changed files with 91 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

14
src/c3nav/control/middleware.py
View file

@ -1,6 +1,6 @@
from django.utils.functional import SimpleLazyObject from django.utils.functional import SimpleLazyObject, lazy
from c3nav.control.models import UserPermissions from c3nav.control.models import UserPermissions, UserSpaceAccess
class UserPermissionsMiddleware: class UserPermissionsMiddleware:
@ -19,6 +19,16 @@ class UserPermissionsMiddleware:
self._user_permissions_cache = result self._user_permissions_cache = result
return result return result
def get_user_space_accesses(self, request):
try:
return getattr(request, '_user_space_accesses_cache')
except AttributeError:
pass
result = UserSpaceAccess.get_for_user(request.user)
self._user_space_accesses_cache = result
return result
def __call__(self, request): def __call__(self, request):
request.user_permissions = SimpleLazyObject(lambda: self.get_user_permissions(request)) request.user_permissions = SimpleLazyObject(lambda: self.get_user_permissions(request))
request.user_space_accesses = lazy(self.get_user_space_accesses, dict)(request)
return self.get_response(request) return self.get_response(request)

80
src/c3nav/editor/models/changeset.py
View file

@ -500,8 +500,86 @@ class ChangeSet(models.Model):
def can_unpropose(self, request): def can_unpropose(self, request):
return self.author_id == request.user.pk and self.state in ('proposed', 'reproposed') return self.author_id == request.user.pk and self.state in ('proposed', 'reproposed')
def has_space_access_on_all_objects(self, request, force=False):
if not request.user.is_authenticated:
return False
try:
request._has_space_access_on_all_objects_cache
except AttributeError:
request._has_space_access_on_all_objects_cache = {}
can_edit_spaces = {space_id for space_id, can_edit in request.user_space_accesses.items() if can_edit}
if not can_edit_spaces:
return False
if not force:
try:
return request._has_space_access_on_all_objects_cache[self.pk]
except KeyError:
pass
self.fill_changes_cache()
for model in self.changed_objects.keys():
if issubclass(model, LocationRedirect):
continue
try:
model._meta.get_field('space')
except FieldDoesNotExist:
return False
result = True
for model, objects in self.get_objects(many=False).items():
if issubclass(model, (LocationRedirect, LocationSlug)):
continue
try:
model._meta.get_field('space')
except FieldDoesNotExist:
result = False
break
for obj in objects:
if obj.space_id not in can_edit_spaces:
result = False
break
if not result:
break
try:
model._meta.get_field('origin_space')
except FieldDoesNotExist:
pass
else:
for obj in objects:
if obj.origin_space_id not in can_edit_spaces:
result = False
break
if not result:
break
try:
model._meta.get_field('target_space')
except FieldDoesNotExist:
pass
else:
for obj in objects:
if obj.target_space_id not in can_edit_spaces:
result = False
break
if not result:
break
request._has_space_access_on_all_objects_cache[self.pk] = result
return result
def can_review(self, request): def can_review(self, request):
return request.user_permissions.review_changesets if not request.user.is_authenticated:
return False
if request.user_permissions.review_changesets:
return True
return self.has_space_access_on_all_objects(request)
@classmethod @classmethod
def can_direct_edit(cls, request): def can_direct_edit(cls, request):