refactor: rename User read/write/permissions attributes

canaille/app/flask.py

@@ -78,7 +78,7 @@ def permissions_needed(*args):
         @wraps(view_function)
         def decorator(*args, **kwargs):
             user = current_user()
-            if not user or not permissions.issubset(user.permissions):
+            if not user or not permissions.issubset(user._permissions):
                 abort(403)
             return view_function(*args, user=user, **kwargs)
 

canaille/backends/ldap/models.py

@@ -170,18 +170,18 @@ class User(canaille.core.models.User, LDAPObject):
 
     def load_permissions(self):
         conn = Backend.get().connection
-        self.permissions = set()
-        self.read = set()
-        self.write = set()
+        self._permissions = set()
+        self._readable_fields = set()
+        self._writable_fields = set()
 
         for access_group_name, details in current_app.config["CANAILLE"]["ACL"].items():
             filter_ = self.acl_filter_to_ldap_filter(details["FILTER"])
             if not filter_ or (
                 self.id and conn.search_s(self.id, ldap.SCOPE_SUBTREE, filter_)
             ):
-                self.permissions |= set(details["PERMISSIONS"])
-                self.read |= set(details["READ"])
-                self.write |= set(details["WRITE"])
+                self._permissions |= set(details["PERMISSIONS"])
+                self._readable_fields |= set(details["READ"])
+                self._writable_fields |= set(details["WRITE"])
 
 
 class Group(canaille.core.models.Group, LDAPObject):

canaille/backends/memory/models.py

@@ -243,14 +243,14 @@ class User(canaille.core.models.User, MemoryModel):
         self.load_permissions()
 
     def load_permissions(self):
-        self.permissions = set()
-        self.read = set()
-        self.write = set()
+        self._permissions = set()
+        self._readable_fields = set()
+        self._writable_fields = set()
         for access_group_name, details in current_app.config["CANAILLE"]["ACL"].items():
             if self.match_filter(details["FILTER"]):
-                self.permissions |= set(details["PERMISSIONS"])
-                self.read |= set(details["READ"])
-                self.write |= set(details["WRITE"])
+                self._permissions |= set(details["PERMISSIONS"])
+                self._readable_fields |= set(details["READ"])
+                self._writable_fields |= set(details["WRITE"])
 
     def match_filter(self, filter):
         if filter is None:

canaille/backends/sql/models.py

@@ -180,14 +180,14 @@ class User(canaille.core.models.User, Base, SqlAlchemyModel):
 
     @reconstructor
     def load_permissions(self):
-        self.permissions = set()
-        self.read = set()
-        self.write = set()
+        self._permissions = set()
+        self._readable_fields = set()
+        self._writable_fields = set()
         for access_group_name, details in current_app.config["CANAILLE"]["ACL"].items():
             if self.match_filter(details["FILTER"]):
-                self.permissions |= set(details["PERMISSIONS"])
-                self.read |= set(details["READ"])
-                self.write |= set(details["WRITE"])
+                self._permissions |= set(details["PERMISSIONS"])
+                self._readable_fields |= set(details["READ"])
+                self._writable_fields |= set(details["WRITE"])
 
     def normalize_filter_value(self, attribute, value):
         # not super generic, but we can improve this when we have

canaille/core/endpoints/account.py

@@ -142,7 +142,9 @@ def about():
 @permissions_needed("manage_users")
 def users(user):
     table_form = TableForm(
-        models.User, fields=user.read | user.write, formdata=request.form
+        models.User,
+        fields=user._readable_fields | user._writable_fields,
+        formdata=request.form,
     )
     if request.form and not table_form.validate():
         abort(404)
@@ -402,7 +404,7 @@ def email_confirmation(data, hash):
 @bp.route("/profile", methods=("GET", "POST"))
 @permissions_needed("manage_users")
 def profile_creation(user):
-    form = build_profile_form(user.write, user.read)
+    form = build_profile_form(user._writable_fields, user._readable_fields)
     form.process(CombinedMultiDict((request.files, request.form)) or None)
 
     for field in form:
@@ -486,8 +488,8 @@ def profile_edition_main_form(user, edited_user, emails_readonly):
     if emails_readonly:
         available_fields.remove("emails")
 
-    readable_fields = user.read & available_fields
-    writable_fields = user.write & available_fields
+    readable_fields = user._readable_fields & available_fields
+    writable_fields = user._writable_fields & available_fields
     data = {
         field: getattr(edited_user, field)
         for field in writable_fields | readable_fields
@@ -507,7 +509,7 @@ def profile_edition_main_form(user, edited_user, emails_readonly):
 
 def profile_edition_main_form_validation(user, edited_user, profile_form):
     for field in profile_form:
-        if field.name in edited_user.attributes and field.name in user.write:
+        if field.name in edited_user.attributes and field.name in user._writable_fields:
             if isinstance(field, wtforms.FieldList):
                 # too bad wtforms cannot sanitize the list itself
                 data = [value for value in field.data if value] or None
@@ -742,7 +744,7 @@ def profile_settings(user, edited_user):
 
 def profile_settings_edit(editor, edited_user):
     menuitem = "profile" if editor.id == editor.id else "users"
-    fields = editor.read | editor.write
+    fields = editor._readable_fields | editor._writable_fields
 
     available_fields = {"password", "groups", "user_name", "lock_date"}
     data = {
@@ -756,7 +758,9 @@ def profile_settings_edit(editor, edited_user):
     data["groups"] = [g.id for g in edited_user.groups]
 
     form = build_profile_form(
-        editor.write & available_fields, editor.read & available_fields, edited_user
+        editor._writable_fields & available_fields,
+        editor._readable_fields & available_fields,
+        edited_user,
     )
     form.process(CombinedMultiDict((request.files, request.form)) or None, data=data)
 
@@ -770,7 +774,7 @@ def profile_settings_edit(editor, edited_user):
 
         else:
             for attribute in form:
-                if attribute.name in available_fields & editor.write:
+                if attribute.name in available_fields & editor._writable_fields:
                     setattr(edited_user, attribute.name, attribute.data)
 
             if (

canaille/core/models.py

@@ -255,9 +255,9 @@ class User(Model):
     """A DateTime indicating when the resource was locked."""
 
     def __init__(self, *args, **kwargs):
-        self.read = set()
-        self.write = set()
-        self.permissions = set()
+        self._readable_fields = set()
+        self._writable_fields = set()
+        self._permissions = set()
         super().__init__(*args, **kwargs)
 
     @classmethod
@@ -277,7 +277,7 @@ class User(Model):
         raise NotImplementedError()
 
     def can_read(self, field: str):
-        return field in self.read | self.write
+        return field in self._readable_fields | self._writable_fields
 
     @property
     def preferred_email(self):
@@ -286,7 +286,7 @@ class User(Model):
     def __getattr__(self, name):
         if name.startswith("can_") and name != "can_read":
             permission = name[4:]
-            return permission in self.permissions
+            return permission in self._permissions
 
         return super().__getattr__(name)
 

canaille/core/templates/partial/profile_field.html

@@ -16,14 +16,14 @@
         render_func=render_field,
         **kwargs
         ) }}
-    {% elif field.name in edited_user.write %}
+    {% elif field.name in edited_user._writable_fields %}
         {{ fui.render_field(
         field,
         user=user,
         render_func=render_field,
         **kwargs
         ) }}
-    {% elif field.name in edited_user.read %}
+    {% elif field.name in edited_user._readable_fields %}
         {{ fui.render_field(
         field,
         user=user,

canaille/core/templates/profile_settings.html

@@ -24,9 +24,9 @@
     {% set lock_indicator = field.render_kw and ("readonly" in field.render_kw or "disabled" in field.render_kw) %}
     {% if edited_user.user_name == user.user_name or lock_indicator or noindicator %}
         {{ fui.render_field(field, **kwargs) }}
-    {% elif field.name in edited_user.write %}
+    {% elif field.name in edited_user._writable_fields %}
         {{ fui.render_field(field, **kwargs) }}
-    {% elif field.name in edited_user.read %}
+    {% elif field.name in edited_user._readable_fields %}
         {{ fui.render_field(field, indicator_icon="eye", indicator_text=_("This user cannot edit this field"), **kwargs) }}
     {% else %}
         {{ fui.render_field(field, indicator_icon="eye slash", indicator_text=_("This user cannot see this field"), **kwargs) }}
@@ -140,7 +140,7 @@
 
             <div class="ui right aligned container">
                 <div class="ui stackable buttons">
-                    {% if has_account_lockability and "lock_date" in user.write and not edited_user.locked %}
+                    {% if has_account_lockability and "lock_date" in user._writable_fields and not edited_user.locked %}
                         <button type="submit" class="ui right floated basic negative button confirm" name="action" value="confirm-lock" id="lock" formnovalidate>
                             {% trans %}Lock the account{% endtrans %}
                         </button>