Fix mediafiles for non superadmins
This commit is contained in:
parent
19f47e1bef
commit
b4e9b28397
@ -1,7 +1,7 @@
|
|||||||
from typing import Any, Dict, List, cast
|
from typing import Any, Dict, List
|
||||||
|
|
||||||
from ..utils.access_permissions import BaseAccessPermissions
|
from ..utils.access_permissions import BaseAccessPermissions
|
||||||
from ..utils.auth import async_has_perm, async_in_some_groups
|
from ..utils.auth import async_has_perm, async_in_some_groups, async_is_superadmin
|
||||||
|
|
||||||
|
|
||||||
class MediafileAccessPermissions(BaseAccessPermissions):
|
class MediafileAccessPermissions(BaseAccessPermissions):
|
||||||
@ -21,12 +21,17 @@ class MediafileAccessPermissions(BaseAccessPermissions):
|
|||||||
if not await async_has_perm(user_id, "mediafiles.can_see"):
|
if not await async_has_perm(user_id, "mediafiles.can_see"):
|
||||||
return []
|
return []
|
||||||
|
|
||||||
|
# This allows to see everything, which is important for inherited_access_groups=False.
|
||||||
|
if await async_is_superadmin(user_id):
|
||||||
|
return full_data
|
||||||
|
|
||||||
data = []
|
data = []
|
||||||
for full in full_data:
|
for full in full_data:
|
||||||
access_groups = full["inherited_access_groups_id"]
|
access_groups = full["inherited_access_groups_id"]
|
||||||
if (
|
if (isinstance(access_groups, bool) and access_groups) or (
|
||||||
isinstance(access_groups, bool) and access_groups
|
isinstance(access_groups, list)
|
||||||
) or await async_in_some_groups(user_id, cast(List[int], access_groups)):
|
and await async_in_some_groups(user_id, access_groups)
|
||||||
|
):
|
||||||
data.append(full)
|
data.append(full)
|
||||||
|
|
||||||
return data
|
return data
|
||||||
|
@ -1,5 +1,3 @@
|
|||||||
from typing import Any, Dict, Set
|
|
||||||
|
|
||||||
from django.apps import AppConfig
|
from django.apps import AppConfig
|
||||||
from django.conf import settings
|
from django.conf import settings
|
||||||
from django.core.exceptions import ImproperlyConfigured
|
from django.core.exceptions import ImproperlyConfigured
|
||||||
@ -17,7 +15,6 @@ class MediafilesAppConfig(AppConfig):
|
|||||||
from .signals import get_permission_change_data
|
from .signals import get_permission_change_data
|
||||||
from .views import MediafileViewSet
|
from .views import MediafileViewSet
|
||||||
from . import serializers # noqa
|
from . import serializers # noqa
|
||||||
from ..utils.access_permissions import required_user
|
|
||||||
|
|
||||||
# Validate, that the media_url is correct formatted:
|
# Validate, that the media_url is correct formatted:
|
||||||
# Must begin and end with a slash. It has to be at least "/".
|
# Must begin and end with a slash. It has to be at least "/".
|
||||||
@ -41,23 +38,9 @@ class MediafilesAppConfig(AppConfig):
|
|||||||
self.get_model("Mediafile").get_collection_string(), MediafileViewSet
|
self.get_model("Mediafile").get_collection_string(), MediafileViewSet
|
||||||
)
|
)
|
||||||
|
|
||||||
# register required_users
|
|
||||||
required_user.add_collection_string(
|
|
||||||
self.get_model("Mediafile").get_collection_string(), required_users
|
|
||||||
)
|
|
||||||
|
|
||||||
def get_startup_elements(self):
|
def get_startup_elements(self):
|
||||||
"""
|
"""
|
||||||
Yields all Cachables required on startup i. e. opening the websocket
|
Yields all Cachables required on startup i. e. opening the websocket
|
||||||
connection.
|
connection.
|
||||||
"""
|
"""
|
||||||
yield self.get_model("Mediafile")
|
yield self.get_model("Mediafile")
|
||||||
|
|
||||||
|
|
||||||
def required_users(element: Dict[str, Any]) -> Set[int]:
|
|
||||||
"""
|
|
||||||
Returns all user ids that are displayed as uploaders in any mediafile
|
|
||||||
if request_user can see mediafiles. This function may return an empty
|
|
||||||
set.
|
|
||||||
"""
|
|
||||||
return set((element["uploader_id"],))
|
|
||||||
|
@ -35,6 +35,16 @@ def get_group_model() -> Model:
|
|||||||
)
|
)
|
||||||
|
|
||||||
|
|
||||||
|
async def async_is_superadmin(user_id: int) -> bool:
|
||||||
|
"""
|
||||||
|
Checks, if the user is a superadmin (in the admin group).
|
||||||
|
|
||||||
|
This is done by querying a non existing permission, becuase has_perm
|
||||||
|
should always return true, if the user is in the admin group.
|
||||||
|
"""
|
||||||
|
return await async_has_perm(user_id, "superadmin")
|
||||||
|
|
||||||
|
|
||||||
def has_perm(user_id: int, perm: str) -> bool:
|
def has_perm(user_id: int, perm: str) -> bool:
|
||||||
"""
|
"""
|
||||||
Checks that user has a specific permission.
|
Checks that user has a specific permission.
|
||||||
|
Loading…
Reference in New Issue
Block a user