Merge pull request #1022 from TOMToolkit/fix/extended_target_model_pe…

…rmissions

update permission references

docs/targets/target_fields.rst

@@ -172,6 +172,8 @@ Create a new file in your custom app called ``management/commands/convert_target
 
     from django.core.management.base import BaseCommand
 
+    from guardian.models import GroupObjectPermission, UserObjectPermission
+
     from tom_targets.base_models import BaseTarget
     from tom_targets.models import Target
 
@@ -198,6 +200,13 @@ Create a new file in your custom app called ``management/commands/convert_target
                         target = Target(basetarget_ptr_id=base_target.pk)  # Create a new target with the base_target PK
                         target.__dict__.update(base_target.__dict__)  # add base_target fields to target dictionary
                         target.save()
+                        # re-add permissions for existing users and groups
+                        group_set = set(gop.group for gop in GroupObjectPermission.objects.filter(object_pk=target.pk))
+                        user_set = set(uop.user for uop in UserObjectPermission.objects.filter(object_pk=target.pk))
+                        for group in group_set:
+                            target.give_user_access(group)
+                        for user in user_set:
+                            target.give_user_access(user)
                 self.stdout.write(f'{Target.objects.count()} Targets updated.')
 
             return

tom_dataproducts/api_views.py

@@ -13,6 +13,7 @@
 from tom_dataproducts.filters import DataProductFilter
 from tom_dataproducts.models import DataProduct, ReducedDatum
 from tom_dataproducts.serializers import DataProductSerializer, ReducedDatumSerializer
+from tom_targets.models import Target
 
 
 class DataProductViewSet(CreateModelMixin, DestroyModelMixin, ListModelMixin, GenericViewSet, PermissionListMixin):
@@ -65,7 +66,7 @@ def get_queryset(self):
         """
         if settings.TARGET_PERMISSIONS_ONLY:
             return super().get_queryset().filter(
-                target__in=get_objects_for_user(self.request.user, 'tom_targets.view_target')
+                target__in=get_objects_for_user(self.request.user, f'{Target._meta.app_label}.view_target')
             )
         else:
             return get_objects_for_user(self.request.user, 'tom_dataproducts.view_dataproduct')

tom_dataproducts/views.py

@@ -329,7 +329,7 @@ def get_queryset(self):
         """
         if settings.TARGET_PERMISSIONS_ONLY:
             return super().get_queryset().filter(
-                target__in=get_objects_for_user(self.request.user, 'tom_targets.view_target')
+                target__in=get_objects_for_user(self.request.user, f'{Target._meta.app_label}.view_target')
             )
         else:
             return get_objects_for_user(self.request.user, 'tom_dataproducts.view_dataproduct')

tom_observations/api_views.py

@@ -62,7 +62,7 @@ def get_queryset(self):
             # Though it's next to impossible for a user to observe a target they don't have permission to view, this
             # queryset ensures that such an edge case is covered.
             return super().get_queryset().filter(
-                Q(target__in=get_objects_for_user(self.request.user, 'tom_targets.view_target')) |
+                Q(target__in=get_objects_for_user(self.request.user, f'{Target._meta.app_label}.view_target')) |
                 Q(user=self.request.user.id)
             )
         else:

tom_observations/views.py

@@ -75,7 +75,7 @@ def get_queryset(self, *args, **kwargs):
         """
         if settings.TARGET_PERMISSIONS_ONLY:
             return ObservationRecord.objects.filter(
-                target__in=get_objects_for_user(self.request.user, 'tom_targets.view_target')
+                target__in=get_objects_for_user(self.request.user, f'{Target._meta.app_label}.view_target')
             )
         else:
             return get_objects_for_user(self.request.user, 'tom_observations.view_observationrecord')
@@ -493,7 +493,7 @@ def get_queryset(self, *args, **kwargs):
         """
         if settings.TARGET_PERMISSIONS_ONLY:
             return ObservationRecord.objects.filter(
-                target__in=get_objects_for_user(self.request.user, 'tom_targets.view_target')
+                target__in=get_objects_for_user(self.request.user, f'{Target._meta.app_label}.view_target')
             )
         else:
             return get_objects_for_user(self.request.user, 'tom_observations.view_observationrecord')

tom_targets/templatetags/targets_extras.py

@@ -30,7 +30,7 @@ def recent_targets(context, limit=10):
     Displays a list of the most recently created targets in the TOM up to the given limit, or 10 if not specified.
     """
     user = context['request'].user
-    return {'targets': get_objects_for_user(user, 'tom_targets.view_target').order_by('-created')[:limit]}
+    return {'targets': get_objects_for_user(user, f'{Target._meta.app_label}.view_target').order_by('-created')[:limit]}
 
 
 @register.inclusion_tag('tom_targets/partials/recently_updated_targets.html', takes_context=True)
@@ -39,7 +39,8 @@ def recently_updated_targets(context, limit=10):
     Displays a list of the most recently updated targets in the TOM up to the given limit, or 10 if not specified.
     """
     user = context['request'].user
-    return {'targets': get_objects_for_user(user, 'tom_targets.view_target').order_by('-modified')[:limit]}
+    return {'targets': get_objects_for_user(user,
+                                            f'{Target._meta.app_label}.view_target').order_by('-modified')[:limit]}
 
 
 @register.inclusion_tag('tom_targets/partials/target_feature.html')