Skip to content
Snippets Groups Projects
Commit 2e8e20f2 authored by Valentin Rigal's avatar Valentin Rigal
Browse files

Correctly handle public option

parent b160893b
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
arkindex/project/mixins.py
+ 20
11
View file @ 2e8e20f2
......@@ -34,21 +34,30 @@ class ACLMixin(object):
"""
if self.user.is_admin or self.user.is_internal:
return model.objects.all()
filters = Q(max_level__gte=level)
if (public):
# Allow access to public instances if the public parameter is set
filters = filters | Q(public=True)
return model.objects \
queryset = model.objects \
.filter(
# Filter instances with direct and groups rights for this user (They may be duplicated)
Q(memberships__user=self.user)
| Q(memberships__group__memberships__user=self.user)
) \
.annotate(max_level=functions.Least(
'memberships__level',
'memberships__group__memberships__level'
)) \
.filter(filters) \
.distinct()
.annotate(
# Keep only the lowest level for each right via group
max_level=functions.Least(
# In case of direct right, group level will be skipped (Null value)
'memberships__level',
'memberships__group__memberships__level'
)
) \
.filter(
# Ensure one of the right has an adequate level
max_level__gte=level
)
if (public):
# Allow access to public instances if the public parameter is set
queryset = queryset | model.objects.filter(public=True)
return queryset.distinct()
def has_access(self, instance, level):
if self.user.is_admin or self.user.is_internal:
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment