Fix mediafiles for non superadmins
This commit is contained in:
parent
19f47e1bef
commit
b4e9b28397
@ -1,7 +1,7 @@
|
||||
from typing import Any, Dict, List, cast
|
||||
from typing import Any, Dict, List
|
||||
|
||||
from ..utils.access_permissions import BaseAccessPermissions
|
||||
from ..utils.auth import async_has_perm, async_in_some_groups
|
||||
from ..utils.auth import async_has_perm, async_in_some_groups, async_is_superadmin
|
||||
|
||||
|
||||
class MediafileAccessPermissions(BaseAccessPermissions):
|
||||
@ -21,12 +21,17 @@ class MediafileAccessPermissions(BaseAccessPermissions):
|
||||
if not await async_has_perm(user_id, "mediafiles.can_see"):
|
||||
return []
|
||||
|
||||
# This allows to see everything, which is important for inherited_access_groups=False.
|
||||
if await async_is_superadmin(user_id):
|
||||
return full_data
|
||||
|
||||
data = []
|
||||
for full in full_data:
|
||||
access_groups = full["inherited_access_groups_id"]
|
||||
if (
|
||||
isinstance(access_groups, bool) and access_groups
|
||||
) or await async_in_some_groups(user_id, cast(List[int], access_groups)):
|
||||
if (isinstance(access_groups, bool) and access_groups) or (
|
||||
isinstance(access_groups, list)
|
||||
and await async_in_some_groups(user_id, access_groups)
|
||||
):
|
||||
data.append(full)
|
||||
|
||||
return data
|
||||
|
@ -1,5 +1,3 @@
|
||||
from typing import Any, Dict, Set
|
||||
|
||||
from django.apps import AppConfig
|
||||
from django.conf import settings
|
||||
from django.core.exceptions import ImproperlyConfigured
|
||||
@ -17,7 +15,6 @@ class MediafilesAppConfig(AppConfig):
|
||||
from .signals import get_permission_change_data
|
||||
from .views import MediafileViewSet
|
||||
from . import serializers # noqa
|
||||
from ..utils.access_permissions import required_user
|
||||
|
||||
# Validate, that the media_url is correct formatted:
|
||||
# Must begin and end with a slash. It has to be at least "/".
|
||||
@ -41,23 +38,9 @@ class MediafilesAppConfig(AppConfig):
|
||||
self.get_model("Mediafile").get_collection_string(), MediafileViewSet
|
||||
)
|
||||
|
||||
# register required_users
|
||||
required_user.add_collection_string(
|
||||
self.get_model("Mediafile").get_collection_string(), required_users
|
||||
)
|
||||
|
||||
def get_startup_elements(self):
|
||||
"""
|
||||
Yields all Cachables required on startup i. e. opening the websocket
|
||||
connection.
|
||||
"""
|
||||
yield self.get_model("Mediafile")
|
||||
|
||||
|
||||
def required_users(element: Dict[str, Any]) -> Set[int]:
|
||||
"""
|
||||
Returns all user ids that are displayed as uploaders in any mediafile
|
||||
if request_user can see mediafiles. This function may return an empty
|
||||
set.
|
||||
"""
|
||||
return set((element["uploader_id"],))
|
||||
|
@ -35,6 +35,16 @@ def get_group_model() -> Model:
|
||||
)
|
||||
|
||||
|
||||
async def async_is_superadmin(user_id: int) -> bool:
|
||||
"""
|
||||
Checks, if the user is a superadmin (in the admin group).
|
||||
|
||||
This is done by querying a non existing permission, becuase has_perm
|
||||
should always return true, if the user is in the admin group.
|
||||
"""
|
||||
return await async_has_perm(user_id, "superadmin")
|
||||
|
||||
|
||||
def has_perm(user_id: int, perm: str) -> bool:
|
||||
"""
|
||||
Checks that user has a specific permission.
|
||||
|
Loading…
Reference in New Issue
Block a user