From 544b3dae2e7d214d6097b9fdd8db40d5800f805f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Laura=20Kl=C3=BCnder?= <laura@codingcatgirl.de>
Date: Wed, 20 Dec 2017 21:06:26 +0100
Subject: [PATCH] those who can grant all permissions should have all of them

---
 src/c3nav/mapdata/models/access.py | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/src/c3nav/mapdata/models/access.py b/src/c3nav/mapdata/models/access.py
index ad25cfa9..3141e7bd 100644
--- a/src/c3nav/mapdata/models/access.py
+++ b/src/c3nav/mapdata/models/access.py
@@ -34,8 +34,6 @@ class AccessRestriction(TitledMixin, models.Model):
 
     @classmethod
     def q_for_request(cls, request):
-        if request.user.is_authenticated and request.user.is_superuser:
-            return Q()
         return Q(pk__in=AccessPermission.get_for_request(request))
 
 
@@ -158,6 +156,14 @@ class AccessPermission(models.Model):
         if not request.user.is_authenticated:
             return set()
 
+        if request.user_permissions.grant_all_access:
+            cache_key = 'all_access_restrictions:%s' % MapUpdate.current_cache_key()
+            access_restriction_ids = cache.get(cache_key, None)
+            if access_restriction_ids is None:
+                access_restriction_ids = set(AccessRestriction.objects.values_list('pk', flat=True))
+                cache.set(cache_key, access_restriction_ids, 300)
+            return access_restriction_ids
+
         cache_key = cls.user_access_permission_key(request.user.pk)
         access_restriction_ids = cache.get(cache_key, None)
         if access_restriction_ids is None: