ynerant
/
nk20
mirror of https://gitlab.crans.org/bde/nk20
1
0
Fork 0
Code Issues Releases Wiki Activity

🐛 Calculating permissions faster

This commit is contained in:
Yohann D'ANELLO 2020-07-28 15:25:08 +02:00
parent 09027ea35e
commit 84e8b02594
3 changed files with 21 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
apps/activity/views.py
View File

@ -38,6 +38,9 @@ class ActivityListView(ProtectQuerysetMixin, LoginRequiredMixin, SingleTableView
table_class = ActivityTable table_class = ActivityTable
ordering = ('-date_start',) ordering = ('-date_start',)
def get_queryset(self):
return super().get_queryset().distinct()
def get_context_data(self, **kwargs): def get_context_data(self, **kwargs):
context = super().get_context_data(**kwargs) context = super().get_context_data(**kwargs)

2
apps/member/views.py
View File

@ -642,7 +642,7 @@ class ClubManageRolesView(ProtectQuerysetMixin, LoginRequiredMixin, UpdateView):
del form.fields['bank'] del form.fields['bank']
club = self.object.club club = self.object.club
form.fields['roles'].queryset = Role.objects.filter(Q(weirole__isnull=isinstance(club, WEIClub)) form.fields['roles'].queryset = Role.objects.filter(Q(weirole__isnull=not isinstance(club, WEIClub))
& (Q(for_club__isnull=True) | Q(for_club=club))).all() & (Q(for_club__isnull=True) | Q(for_club=club))).all()
return form return form

50
apps/permission/backends.py
View File

@ -36,27 +36,20 @@ class PermissionBackend(ModelBackend):
# Unauthenticated users have no permissions # Unauthenticated users have no permissions
return Permission.objects.none() return Permission.objects.none()
qs = Permission.objects.annotate( memberships = Membership.objects.filter(user=user).all()
club=F("role__membership__club"),
membership=F("role__membership"), perms = []
).filter(
( for membership in memberships:
Q( for role in membership.roles.all():
role__membership__date_start__lte=timezone.now().today(), for perm in role.permissions.filter(type=t, mask__rank__lte=get_current_session().get("permission_mask", 42)).all():
role__membership__date_end__gte=timezone.now().today(), if not perm.permanent:
) if membership.date_start > timezone.now().date() or membership.date_end < timezone.now().date():
| Q(permanent=True) continue
) perm.membership = membership
& Q(role__membership__user=user) perms.append(perm)
& Q(type=t) return perms
& Q(mask__rank__lte=get_current_session().get("permission_mask", 0))
)
if settings.DATABASES[qs.db]["ENGINE"] == 'django.db.backends.postgresql_psycopg2':
qs = qs.distinct('pk', 'club')
else: # SQLite doesn't support distinct fields.
qs = qs.distinct()
return qs
@staticmethod @staticmethod
def permissions(user, model, type): def permissions(user, model, type):
@ -67,22 +60,13 @@ class PermissionBackend(ModelBackend):
:param type: The type of the permissions: view, change, add or delete :param type: The type of the permissions: view, change, add or delete
:return: A generator of the requested permissions :return: A generator of the requested permissions
""" """
clubs = {}
memberships = {}
for permission in PermissionBackend.get_raw_permissions(user, type): for permission in PermissionBackend.get_raw_permissions(user, type):
if not isinstance(model.model_class()(), permission.model.model_class()) or not permission.club: if not isinstance(model.model_class()(), permission.model.model_class()) or not permission.membership:
continue continue
if permission.club not in clubs: membership = permission.membership
clubs[permission.club] = club = Club.objects.get(pk=permission.club) club = membership.club
else:
club = clubs[permission.club]
if permission.membership not in memberships:
memberships[permission.membership] = membership = Membership.objects.get(pk=permission.membership)
else:
membership = memberships[permission.membership]
permission = permission.about( permission = permission.about(
user=user, user=user,
@ -113,7 +97,6 @@ class PermissionBackend(ModelBackend):
:param field: The field of the model to test, if concerned :param field: The field of the model to test, if concerned
:return: A query that corresponds to the filter to give to a queryset :return: A query that corresponds to the filter to give to a queryset
""" """
if user is None or isinstance(user, AnonymousUser): if user is None or isinstance(user, AnonymousUser):
# Anonymous users can't do anything # Anonymous users can't do anything
return Q(pk=-1) return Q(pk=-1)
@ -163,6 +146,7 @@ class PermissionBackend(ModelBackend):
perm = perm.split('.')[-1].split('_', 2) perm = perm.split('.')[-1].split('_', 2)
perm_type = perm[0] perm_type = perm[0]
perm_field = perm[2] if len(perm) == 3 else None perm_field = perm[2] if len(perm) == 3 else None
ct = ContentType.objects.get_for_model(obj) ct = ContentType.objects.get_for_model(obj)
if any(permission.applies(obj, perm_type, perm_field) if any(permission.applies(obj, perm_type, perm_field)
for permission in PermissionBackend.permissions(user_obj, ct, perm_type)): for permission in PermissionBackend.permissions(user_obj, ct, perm_type)):