Optimize permissions, full support add perms, more fixtures

2025-06-22 02:18:21 +02:00 · 2020-03-20 00:06:28 +01:00
parent c653e0986e
commit f80cb635d3
4 changed files with 329 additions and 72 deletions
--- a/apps/permission/signals.py
+++ b/apps/permission/signals.py
@ -2,7 +2,9 @@
 # SPDX-License-Identifier: GPL-3.0-or-later

 from django.core.exceptions import PermissionDenied
+from django.db.models.signals import pre_save, pre_delete, post_save, post_delete

+from logs import signals as logs_signals
 from member.backends import PermissionBackend
 from note_kfet.middlewares import get_current_authenticated_user

@ -39,20 +41,46 @@ def pre_save_object(sender, instance, **kwargs):
    model_name = model_name_full[1]

    if qs.exists():
+        # We check if the user can change the model
+
+        # If the user has all right on a model, then OK
        if PermissionBackend().has_perm(user, app_label + ".change_" + model_name, instance):
            return

+        # In the other case, we check if he/she has the right to change one field
        previous = qs.get()
        for field in instance._meta.fields:
            field_name = field.name
            old_value = getattr(previous, field.name)
            new_value = getattr(instance, field.name)
+            # If the field wasn't modified, no need to check the permissions
            if old_value == new_value:
                continue
            if not PermissionBackend().has_perm(user, app_label + ".change_" + model_name + "_" + field_name, instance):
                raise PermissionDenied
    else:
-        if not PermissionBackend().has_perm(user, app_label + ".add_" + model_name, instance):
+        # We check if the user can add the model
+
+        # While checking permissions, the object will be inserted in the DB, then removed.
+        # We disable temporary the connectors
+        pre_save.disconnect(pre_save_object)
+        pre_delete.disconnect(pre_delete_object)
+        # We disable also logs connectors
+        pre_save.disconnect(logs_signals.pre_save_object)
+        post_save.disconnect(logs_signals.save_object)
+        post_delete.disconnect(logs_signals.delete_object)
+
+        # We check if the user has right to add the object
+        has_perm = PermissionBackend().has_perm(user, app_label + ".add_" + model_name, instance)
+
+        # Then we reconnect all
+        pre_save.connect(pre_save_object)
+        pre_delete.connect(pre_delete_object)
+        pre_save.connect(logs_signals.pre_save_object)
+        post_save.connect(logs_signals.save_object)
+        post_delete.connect(logs_signals.delete_object)
+
+        if not has_perm:
            raise PermissionDenied


@ -73,5 +101,6 @@ def pre_delete_object(sender, instance, **kwargs):
    app_label = model_name_full[0]
    model_name = model_name_full[1]

+    # We check if the user has rights to delete the object
    if not PermissionBackend().has_perm(user, app_label + ".delete_" + model_name, instance):
        raise PermissionDenied