refactor: assume ACL have default values

2024-03-30 17:15:45 +01:00 · 2024-03-30 17:15:45 +01:00 · efe3a3c4c4
commit efe3a3c4c4
parent f2dbda8c89
4 changed files with 15 additions and 12 deletions
--- a/canaille/backends/ldap/models.py
+++ b/canaille/backends/ldap/models.py
@ -175,13 +175,13 @@ class User(canaille.core.models.User, LDAPObject):
        self.write = set()

        for access_group_name, details in current_app.config["CANAILLE"]["ACL"].items():
-            filter_ = self.acl_filter_to_ldap_filter(details.get("FILTER"))
+            filter_ = self.acl_filter_to_ldap_filter(details["FILTER"])
            if not filter_ or (
                self.id and conn.search_s(self.id, ldap.SCOPE_SUBTREE, filter_)
            ):
-                self.permissions |= set(details.get("PERMISSIONS", []))
-                self.read |= set(details.get("READ", []))
-                self.write |= set(details.get("WRITE", []))
+                self.permissions |= set(details["PERMISSIONS"])
+                self.read |= set(details["READ"])
+                self.write |= set(details["WRITE"])


 class Group(canaille.core.models.Group, LDAPObject):
--- a/canaille/backends/memory/models.py
+++ b/canaille/backends/memory/models.py
@ -241,10 +241,10 @@ class User(canaille.core.models.User, MemoryModel):
        self.read = set()
        self.write = set()
        for access_group_name, details in current_app.config["CANAILLE"]["ACL"].items():
-            if self.match_filter(details.get("FILTER")):
-                self.permissions |= set(details.get("PERMISSIONS", []))
-                self.read |= set(details.get("READ", []))
-                self.write |= set(details.get("WRITE", []))
+            if self.match_filter(details["FILTER"]):
+                self.permissions |= set(details["PERMISSIONS"])
+                self.read |= set(details["READ"])
+                self.write |= set(details["WRITE"])

    def match_filter(self, filter):
        if filter is None:
--- a/canaille/backends/sql/models.py
+++ b/canaille/backends/sql/models.py
@ -180,10 +180,10 @@ class User(canaille.core.models.User, Base, SqlAlchemyModel):
        self.read = set()
        self.write = set()
        for access_group_name, details in current_app.config["CANAILLE"]["ACL"].items():
-            if self.match_filter(details.get("FILTER")):
-                self.permissions |= set(details.get("PERMISSIONS", []))
-                self.read |= set(details.get("READ", []))
-                self.write |= set(details.get("WRITE", []))
+            if self.match_filter(details["FILTER"]):
+                self.permissions |= set(details["PERMISSIONS"])
+                self.read |= set(details["READ"])
+                self.write |= set(details["WRITE"])

    def normalize_filter_value(self, attribute, value):
        # not super generic, but we can improve this when we have
--- a/tests/core/test_profile_edition.py
+++ b/tests/core/test_profile_edition.py
@ -207,6 +207,7 @@ def test_field_permissions_none(testclient, logged_user):
        "READ": ["user_name"],
        "WRITE": [],
        "PERMISSIONS": ["edit_self"],
+        "FILTER": None,
    }

    g.user.reload()
@ -235,6 +236,7 @@ def test_field_permissions_read(testclient, logged_user):
        "READ": ["user_name", "phone_numbers"],
        "WRITE": [],
        "PERMISSIONS": ["edit_self"],
+        "FILTER": None,
    }
    g.user.reload()
    res = testclient.get("/profile/user", status=200)
@ -262,6 +264,7 @@ def test_field_permissions_write(testclient, logged_user):
        "READ": ["user_name"],
        "WRITE": ["phone_numbers"],
        "PERMISSIONS": ["edit_self"],
+        "FILTER": None,
    }
    g.user.reload()
    res = testclient.get("/profile/user", status=200)