From 38534d4e014dc777a525375f3339fc243da257fa Mon Sep 17 00:00:00 2001 From: Finn Stutzenstein Date: Wed, 18 Nov 2020 08:14:33 +0100 Subject: [PATCH] Include vote_delegated_from_users_id in required users (#5706) * Include vote_delegated_from_users_id in required users * Fix restrictors if users do not have base perms * Fix from username building in the projector --- .gitignore | 1 + server/openslides/motions/access_permissions.py | 10 +++++++--- server/openslides/poll/access_permissions.py | 12 +++++++++--- server/openslides/users/access_permissions.py | 14 +++++++++++--- server/openslides/users/projector.py | 2 +- 5 files changed, 29 insertions(+), 10 deletions(-) diff --git a/.gitignore b/.gitignore index ab93184bc..81d7463bb 100644 --- a/.gitignore +++ b/.gitignore @@ -27,6 +27,7 @@ server/.venv /openslides-*/ /haproxy/ /docker/keys/ +/docs/ # Plugin development openslides_* # Old OS3 stuff diff --git a/server/openslides/motions/access_permissions.py b/server/openslides/motions/access_permissions.py index dcfde0d6c..436bb5b60 100644 --- a/server/openslides/motions/access_permissions.py +++ b/server/openslides/motions/access_permissions.py @@ -99,7 +99,7 @@ class MotionChangeRecommendationAccessPermissions(BaseAccessPermissions): the can_see permission. """ # Parse data. - if await async_has_perm(user_id, "motions.can_see"): + if await async_has_perm(user_id, self.base_permission): has_manage_perms = await async_has_perm(user_id, "motions.can_manage") data = [] for full in full_data: @@ -128,11 +128,13 @@ class MotionCommentSectionAccessPermissions(BaseAccessPermissions): data: List[Dict[str, Any]] = [] if await async_has_perm(user_id, "motions.can_manage"): data = full_data - else: + elif await async_has_perm(user_id, self.base_permission): for full in full_data: read_groups = full.get("read_groups_id", []) if await async_in_some_groups(user_id, read_groups): data.append(full) + else: + data = [] return data @@ -168,8 +170,10 @@ class MotionBlockAccessPermissions(BaseAccessPermissions): data: List[Dict[str, Any]] = [] if await async_has_perm(user_id, "motions.can_manage"): data = full_data - else: + elif await async_has_perm(user_id, self.base_permission): data = [full for full in full_data if not full["internal"]] + else: + data = [] return data diff --git a/server/openslides/poll/access_permissions.py b/server/openslides/poll/access_permissions.py index f9b1f124e..f9cd83a20 100644 --- a/server/openslides/poll/access_permissions.py +++ b/server/openslides/poll/access_permissions.py @@ -25,7 +25,7 @@ class BaseVoteAccessPermissions(BaseAccessPermissions): if await async_has_perm(user_id, self.manage_permission): data = full_data - else: + elif await async_has_perm(user_id, self.base_permission): data = [ vote for vote in full_data @@ -33,6 +33,8 @@ class BaseVoteAccessPermissions(BaseAccessPermissions): or vote["user_id"] == user_id or vote["delegated_user_id"] == user_id ] + else: + data = [] return data @@ -45,7 +47,7 @@ class BaseOptionAccessPermissions(BaseAccessPermissions): if await async_has_perm(user_id, self.manage_permission): data = full_data - else: + elif await async_has_perm(user_id, self.base_permission): data = [] for option in full_data: if option["pollstate"] != BasePoll.STATE_PUBLISHED: @@ -56,6 +58,8 @@ class BaseOptionAccessPermissions(BaseAccessPermissions): del option["no"] del option["abstain"] data.append(option) + else: + data = [] return data @@ -98,7 +102,7 @@ class BasePollAccessPermissions(BaseAccessPermissions): if await async_has_perm(user_id, self.manage_permission): data = full_data - else: + elif await async_has_perm(user_id, self.base_permission): data = [] for poll in full_data: if poll["state"] != BasePoll.STATE_PUBLISHED: @@ -112,4 +116,6 @@ class BasePollAccessPermissions(BaseAccessPermissions): for field in self.additional_fields: del poll[field] data.append(poll) + else: + data = [] return data diff --git a/server/openslides/users/access_permissions.py b/server/openslides/users/access_permissions.py index a299a2ab2..1720b17fc 100644 --- a/server/openslides/users/access_permissions.py +++ b/server/openslides/users/access_permissions.py @@ -90,19 +90,27 @@ class UserAccessPermissions(BaseAccessPermissions): ): can_see_collection_strings.add(collection_string) - user_ids = await required_user.get_required_users( + required_user_ids = await required_user.get_required_users( can_see_collection_strings ) # Add oneself. if user_id: - user_ids.add(user_id) + required_user_ids.add(user_id) + + # add vote delegations + # Find our model in full_data and get vote_delegated_from_users_id from it. + for user in full_data: + if user["id"] == user_id: + if len(user["vote_delegated_from_users_id"]) > 0: + required_user_ids.add(*user["vote_delegated_from_users_id"]) + break # Parse data. data = [ filtered_data(full, little_data_fields, own_data_fields) for full in full_data - if full["id"] in user_ids + if full["id"] in required_user_ids ] return data diff --git a/server/openslides/users/projector.py b/server/openslides/users/projector.py index 902a19a59..f5c27e4c6 100644 --- a/server/openslides/users/projector.py +++ b/server/openslides/users/projector.py @@ -33,7 +33,7 @@ async def get_user_name( for name_part in ("title", "first_name", "last_name"): if user[name_part]: name_parts.append(user[name_part]) - if not name_part: + if not name_parts: name_parts.append(user["username"]) if user["structure_level"]: name_parts.append(f"({user['structure_level']})")