Delete restricted data cache on permission changes (closes #3396)

This commit is contained in:
FinnStutzenstein 2018-05-16 07:51:40 +02:00
parent a7af01b507
commit 2989024cca
2 changed files with 15 additions and 1 deletions

View File

@ -20,6 +20,7 @@ from ..utils.autoupdate import (
inform_changed_data, inform_changed_data,
inform_data_collection_element_list, inform_data_collection_element_list,
) )
from ..utils.cache import restricted_data_cache
from ..utils.collection import CollectionElement from ..utils.collection import CollectionElement
from ..utils.rest_api import ( from ..utils.rest_api import (
ModelViewSet, ModelViewSet,
@ -79,12 +80,13 @@ class UserViewSet(ModelViewSet):
self.check_view_permissions()). Also it is evaluated whether he self.check_view_permissions()). Also it is evaluated whether he
wants to update himself or is manager. wants to update himself or is manager.
""" """
user = self.get_object()
# Check permissions. # Check permissions.
if (has_perm(self.request.user, 'users.can_see_name') and if (has_perm(self.request.user, 'users.can_see_name') and
has_perm(request.user, 'users.can_see_extra_data') and has_perm(request.user, 'users.can_see_extra_data') and
has_perm(request.user, 'users.can_manage')): has_perm(request.user, 'users.can_manage')):
# The user has all permissions so he may update every user. # The user has all permissions so he may update every user.
if request.data.get('is_active') is False and self.get_object() == request.user: if request.data.get('is_active') is False and user == request.user:
# But a user can not deactivate himself. # But a user can not deactivate himself.
raise ValidationError({'detail': _('You can not deactivate yourself.')}) raise ValidationError({'detail': _('You can not deactivate yourself.')})
else: else:
@ -97,6 +99,8 @@ class UserViewSet(ModelViewSet):
if key not in ('username', 'about_me'): if key not in ('username', 'about_me'):
del request.data[key] del request.data[key]
response = super().update(request, *args, **kwargs) response = super().update(request, *args, **kwargs)
# Maybe some group assignments have changed. Better delete the restricted user cache
restricted_data_cache.del_user(user.id)
return response return response
def destroy(self, request, *args, **kwargs): def destroy(self, request, *args, **kwargs):
@ -294,6 +298,10 @@ class GroupViewSet(ModelViewSet):
# Check status code and send 'permission_change' signal. # Check status code and send 'permission_change' signal.
if response.status_code == 200: if response.status_code == 200:
# Delete the user chaches of all affected users
for user in group.user_set.all():
restricted_data_cache.del_user(user.id)
def diff(full, part): def diff(full, part):
""" """
This helper function calculates the difference of two lists: This helper function calculates the difference of two lists:

View File

@ -461,6 +461,12 @@ class DummyRestrictedDataCache:
def del_element(self, user_id: int, collection_string: str, id: int) -> None: def del_element(self, user_id: int, collection_string: str, id: int) -> None:
pass pass
def del_user(self, user_id: int) -> None:
pass
def del_all(self) -> None:
pass
def exists_for_user(self, user_id: int) -> bool: def exists_for_user(self, user_id: int) -> bool:
return False return False