Fix mediafiles for non superadmins

This commit is contained in:
FinnStutzenstein 2019-07-12 17:48:16 +02:00
parent 19f47e1bef
commit b4e9b28397
3 changed files with 20 additions and 22 deletions

View File

@ -1,7 +1,7 @@
from typing import Any, Dict, List, cast from typing import Any, Dict, List
from ..utils.access_permissions import BaseAccessPermissions from ..utils.access_permissions import BaseAccessPermissions
from ..utils.auth import async_has_perm, async_in_some_groups from ..utils.auth import async_has_perm, async_in_some_groups, async_is_superadmin
class MediafileAccessPermissions(BaseAccessPermissions): class MediafileAccessPermissions(BaseAccessPermissions):
@ -21,12 +21,17 @@ class MediafileAccessPermissions(BaseAccessPermissions):
if not await async_has_perm(user_id, "mediafiles.can_see"): if not await async_has_perm(user_id, "mediafiles.can_see"):
return [] return []
# This allows to see everything, which is important for inherited_access_groups=False.
if await async_is_superadmin(user_id):
return full_data
data = [] data = []
for full in full_data: for full in full_data:
access_groups = full["inherited_access_groups_id"] access_groups = full["inherited_access_groups_id"]
if ( if (isinstance(access_groups, bool) and access_groups) or (
isinstance(access_groups, bool) and access_groups isinstance(access_groups, list)
) or await async_in_some_groups(user_id, cast(List[int], access_groups)): and await async_in_some_groups(user_id, access_groups)
):
data.append(full) data.append(full)
return data return data

View File

@ -1,5 +1,3 @@
from typing import Any, Dict, Set
from django.apps import AppConfig from django.apps import AppConfig
from django.conf import settings from django.conf import settings
from django.core.exceptions import ImproperlyConfigured from django.core.exceptions import ImproperlyConfigured
@ -17,7 +15,6 @@ class MediafilesAppConfig(AppConfig):
from .signals import get_permission_change_data from .signals import get_permission_change_data
from .views import MediafileViewSet from .views import MediafileViewSet
from . import serializers # noqa from . import serializers # noqa
from ..utils.access_permissions import required_user
# Validate, that the media_url is correct formatted: # Validate, that the media_url is correct formatted:
# Must begin and end with a slash. It has to be at least "/". # Must begin and end with a slash. It has to be at least "/".
@ -41,23 +38,9 @@ class MediafilesAppConfig(AppConfig):
self.get_model("Mediafile").get_collection_string(), MediafileViewSet self.get_model("Mediafile").get_collection_string(), MediafileViewSet
) )
# register required_users
required_user.add_collection_string(
self.get_model("Mediafile").get_collection_string(), required_users
)
def get_startup_elements(self): def get_startup_elements(self):
""" """
Yields all Cachables required on startup i. e. opening the websocket Yields all Cachables required on startup i. e. opening the websocket
connection. connection.
""" """
yield self.get_model("Mediafile") yield self.get_model("Mediafile")
def required_users(element: Dict[str, Any]) -> Set[int]:
"""
Returns all user ids that are displayed as uploaders in any mediafile
if request_user can see mediafiles. This function may return an empty
set.
"""
return set((element["uploader_id"],))

View File

@ -35,6 +35,16 @@ def get_group_model() -> Model:
) )
async def async_is_superadmin(user_id: int) -> bool:
"""
Checks, if the user is a superadmin (in the admin group).
This is done by querying a non existing permission, becuase has_perm
should always return true, if the user is in the admin group.
"""
return await async_has_perm(user_id, "superadmin")
def has_perm(user_id: int, perm: str) -> bool: def has_perm(user_id: int, perm: str) -> bool:
""" """
Checks that user has a specific permission. Checks that user has a specific permission.