forked from Github-Mirrors/canaille
refactor: separate the loading of User permissions
This commit is contained in:
Éloi Rivard
parent
b55b42787f
commit
b14cc2b5ad
2 changed files with 18 additions and 35 deletions
|
|
@ -270,7 +270,11 @@ class User(Model):
|
|||
:class:`~canaille.core.configuration.Permission` according to the
|
||||
:class:`configuration <canaille.core.configuration.ACLSettings>`."""
|
||||
if self._permissions is None:
|
||||
self.load_permissions()
|
||||
self._permissions = set()
|
||||
acls = current_app.config["CANAILLE"]["ACL"].values()
|
||||
for details in acls:
|
||||
if self.match_filter(details["FILTER"]):
|
||||
self._permissions |= set(details["PERMISSIONS"])
|
||||
|
||||
return set(permissions).issubset(self._permissions)
|
||||
|
||||
|
|
@ -281,17 +285,6 @@ class User(Model):
|
|||
datetime.timezone.utc
|
||||
)
|
||||
|
||||
def load_permissions(self):
|
||||
self._permissions = set()
|
||||
self._readable_fields = set()
|
||||
self._writable_fields = set()
|
||||
acls = current_app.config["CANAILLE"]["ACL"].values()
|
||||
for details in acls:
|
||||
if self.match_filter(details["FILTER"]):
|
||||
self._permissions |= set(details["PERMISSIONS"])
|
||||
self._readable_fields |= set(details["READ"])
|
||||
self._writable_fields |= set(details["WRITE"])
|
||||
|
||||
def reload(self):
|
||||
self._readable = None
|
||||
self._writable = None
|
||||
|
|
@ -307,7 +300,11 @@ class User(Model):
|
|||
<canaille.core.models.User.writable_fields>` fields.
|
||||
"""
|
||||
if self._readable_fields is None:
|
||||
self.load_permissions()
|
||||
self._readable_fields = set()
|
||||
acls = current_app.config["CANAILLE"]["ACL"].values()
|
||||
for details in acls:
|
||||
if self.match_filter(details["FILTER"]):
|
||||
self._readable_fields |= set(details["READ"])
|
||||
|
||||
return self._readable_fields
|
||||
|
||||
|
|
@ -316,8 +313,11 @@ class User(Model):
|
|||
"""The fields the user can write according to the :class:`configuration
|
||||
<canaille.core.configuration.ACLSettings>`."""
|
||||
if self._writable_fields is None:
|
||||
self.load_permissions()
|
||||
|
||||
self._writable_fields = set()
|
||||
acls = current_app.config["CANAILLE"]["ACL"].values()
|
||||
for details in acls:
|
||||
if self.match_filter(details["FILTER"]):
|
||||
self._writable_fields |= set(details["WRITE"])
|
||||
return self._writable_fields
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -73,23 +73,10 @@ def test_user_list_search(testclient, logged_admin, user, moderator):
|
|||
def test_user_list_search_only_allowed_fields(
|
||||
testclient, logged_admin, user, moderator, backend
|
||||
):
|
||||
res = testclient.get("/users")
|
||||
res.mustcontain("3 items")
|
||||
res.mustcontain(moderator.formatted_name)
|
||||
res.mustcontain(user.formatted_name)
|
||||
|
||||
form = res.forms["search"]
|
||||
form["query"] = "user"
|
||||
res = form.submit()
|
||||
|
||||
res.mustcontain("1 item")
|
||||
res.mustcontain(user.formatted_name)
|
||||
res.mustcontain(no=moderator.formatted_name)
|
||||
|
||||
testclient.app.config["CANAILLE"]["ACL"]["DEFAULT"]["READ"].remove("user_name")
|
||||
testclient.app.config["CANAILLE"]["ACL"]["ADMIN"]["READ"].remove("user_name")
|
||||
backend.reload(g.user)
|
||||
|
||||
res = testclient.get("/users")
|
||||
form = res.forms["search"]
|
||||
form["query"] = "user"
|
||||
res = form.submit()
|
||||
|
|
@ -202,7 +189,6 @@ def test_edition_remove_fields(
|
|||
|
||||
|
||||
def test_field_permissions_none(testclient, logged_user, backend):
|
||||
testclient.get("/profile/user", status=200)
|
||||
logged_user.phone_numbers = ["555-666-777"]
|
||||
backend.save(logged_user)
|
||||
|
||||
|
|
@ -213,7 +199,6 @@ def test_field_permissions_none(testclient, logged_user, backend):
|
|||
"FILTER": None,
|
||||
}
|
||||
|
||||
backend.reload(g.user)
|
||||
res = testclient.get("/profile/user", status=200)
|
||||
form = res.forms["baseform"]
|
||||
assert "phone_numbers-0" not in form.fields
|
||||
|
|
@ -233,7 +218,6 @@ def test_field_permissions_none(testclient, logged_user, backend):
|
|||
|
||||
|
||||
def test_field_permissions_read(testclient, logged_user, backend):
|
||||
testclient.get("/profile/user", status=200)
|
||||
logged_user.phone_numbers = ["555-666-777"]
|
||||
backend.save(logged_user)
|
||||
|
||||
|
|
@ -243,7 +227,7 @@ def test_field_permissions_read(testclient, logged_user, backend):
|
|||
"PERMISSIONS": ["edit_self"],
|
||||
"FILTER": None,
|
||||
}
|
||||
backend.reload(g.user)
|
||||
|
||||
res = testclient.get("/profile/user", status=200)
|
||||
form = res.forms["baseform"]
|
||||
assert "phone_numbers-0" in form.fields
|
||||
|
|
@ -263,7 +247,6 @@ def test_field_permissions_read(testclient, logged_user, backend):
|
|||
|
||||
|
||||
def test_field_permissions_write(testclient, logged_user, backend):
|
||||
testclient.get("/profile/user", status=200)
|
||||
logged_user.phone_numbers = ["555-666-777"]
|
||||
backend.save(logged_user)
|
||||
|
||||
|
|
@ -273,7 +256,7 @@ def test_field_permissions_write(testclient, logged_user, backend):
|
|||
"PERMISSIONS": ["edit_self"],
|
||||
"FILTER": None,
|
||||
}
|
||||
backend.reload(g.user)
|
||||
|
||||
res = testclient.get("/profile/user", status=200)
|
||||
form = res.forms["baseform"]
|
||||
assert "phone_numbers-0" in form.fields
|
||||
|
|
|
|||
Loading…
Reference in a new issue