Skip to content

Commit

Permalink
use nodegroup pks rather than full object when permission-checking, i…
Browse files Browse the repository at this point in the history
…f possible
  • Loading branch information
philtweir committed May 30, 2024
1 parent 0f6a8b7 commit 3025687
Show file tree
Hide file tree
Showing 5 changed files with 13 additions and 11 deletions.
6 changes: 3 additions & 3 deletions arches/app/models/models.py
Original file line number Diff line number Diff line change
Expand Up @@ -1391,19 +1391,19 @@ def is_reviewer(self):
def viewable_nodegroups(self):
from arches.app.utils.permission_backend import get_nodegroups_by_perm

return set(str(nodegroup.pk) for nodegroup in get_nodegroups_by_perm(self.user, ["models.read_nodegroup"], any_perm=True))
return set(str(nodegroup_pk) for nodegroup_pk in get_nodegroups_by_perm(self.user, ["models.read_nodegroup"], any_perm=True))

@property
def editable_nodegroups(self):
from arches.app.utils.permission_backend import get_nodegroups_by_perm

return set(str(nodegroup.pk) for nodegroup in get_nodegroups_by_perm(self.user, ["models.write_nodegroup"], any_perm=True))
return set(str(nodegroup_pk) for nodegroup_pk in get_nodegroups_by_perm(self.user, ["models.write_nodegroup"], any_perm=True))

@property
def deletable_nodegroups(self):
from arches.app.utils.permission_backend import get_nodegroups_by_perm

return set(str(nodegroup.pk) for nodegroup in get_nodegroups_by_perm(self.user, ["models.delete_nodegroup"], any_perm=True))
return set(str(nodegroup_pk) for nodegroup_pk in get_nodegroups_by_perm(self.user, ["models.delete_nodegroup"], any_perm=True))

class Meta:
managed = True
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -263,7 +263,7 @@ def get_tiles(self, graph_id=None, resourceinstanceids=None, **kwargs):
user = kwargs.get("user", None)
permitted_nodegroups = []
if user:
permitted_nodegroups = [str(nodegroup.pk) for nodegroup in get_nodegroups_by_perm(user, "models.read_nodegroup")]
permitted_nodegroups = get_nodegroups_by_perm(user, "models.read_nodegroup")

if (graph_id is None or graph_id is False) and resourceinstanceids is None:
raise MissingGraphException(_("Must supply either a graph id or a list of resource instance ids to export"))
Expand Down
10 changes: 5 additions & 5 deletions arches/app/views/api.py
Original file line number Diff line number Diff line change
Expand Up @@ -1051,7 +1051,7 @@ def get(self, request):
canvas = request.GET.get("canvas", None)
resourceid = request.GET.get("resourceid", None)
nodeid = request.GET.get("nodeid", None)
permitted_nodegroups = [nodegroup for nodegroup in get_nodegroups_by_perm(request.user, "models.read_nodegroup")]
permitted_nodegroups = get_nodegroups_by_perm(request.user, "models.read_nodegroup")
annotations = models.VwAnnotation.objects.filter(nodegroup__in=permitted_nodegroups)
if canvas is not None:
annotations = annotations.filter(canvas=canvas)
Expand Down Expand Up @@ -1086,7 +1086,7 @@ def get(self, request):

class IIIFAnnotationNodes(APIBase):
def get(self, request, indent=None):
permitted_nodegroups = [nodegroup for nodegroup in get_nodegroups_by_perm(request.user, "models.read_nodegroup")]
permitted_nodegroups = get_nodegroups_by_perm(request.user, "models.read_nodegroup")
annotation_nodes = models.Node.objects.filter(nodegroup__in=permitted_nodegroups, datatype="annotation")
return JSONResponse(
[
Expand Down Expand Up @@ -1373,7 +1373,7 @@ def get(self, request, tileid):
return JSONResponse(str(e), status=404)

# filter tiles from attribute query based on user permissions
permitted_nodegroups = [str(nodegroup.pk) for nodegroup in get_nodegroups_by_perm(request.user, "models.read_nodegroup")]
permitted_nodegroups = get_nodegroups_by_perm(request.user, "models.read_nodegroup")
if str(tile.nodegroup_id) in permitted_nodegroups:
return JSONResponse(tile, status=200)
else:
Expand Down Expand Up @@ -1404,7 +1404,7 @@ def get(self, request, nodegroupid=None):

try:
nodegroup = models.NodeGroup.objects.get(pk=params["nodegroupid"])
permitted_nodegroups = [nodegroup.pk for nodegroup in get_nodegroups_by_perm(user, perms)]
permitted_nodegroups = get_nodegroups_by_perm(user, perms)
except Exception as e:
return JSONResponse(str(e), status=404)

Expand Down Expand Up @@ -1452,7 +1452,7 @@ def graphLookup(graphid):
# try to get nodes by attribute filter and then get nodes by passed in user perms
try:
nodes = models.Node.objects.filter(**dict(params)).values()
permitted_nodegroups = [str(nodegroup.pk) for nodegroup in get_nodegroups_by_perm(user, perms)]
permitted_nodegroups = get_nodegroups_by_perm(user, perms)
except Exception as e:
return JSONResponse(str(e), status=404)

Expand Down
4 changes: 3 additions & 1 deletion arches/app/views/base.py
Original file line number Diff line number Diff line change
Expand Up @@ -52,7 +52,9 @@ def get_context_data(self, **kwargs):
if self.request.user.has_perm("view_plugin", plugin):
context["plugins"].append(plugin)

createable = get_createable_resource_types(self.request.user)
createable = list(
models.GraphModel.objects.filter(pk__in=list(get_createable_resource_types(self.request.user))).all()
)
createable.sort(key=lambda x: x.name.lower())
context["createable_resources"] = JSONSerializer().serialize(
createable,
Expand Down
2 changes: 1 addition & 1 deletion arches/app/views/search.py
Original file line number Diff line number Diff line change
Expand Up @@ -443,7 +443,7 @@ def get_provisional_type(request):


def get_permitted_nodegroups(user):
return [str(nodegroup.pk) for nodegroup in get_nodegroups_by_perm(user, "models.read_nodegroup")]
return get_nodegroups_by_perm(user, "models.read_nodegroup")


def buffer(request):
Expand Down

0 comments on commit 3025687

Please sign in to comment.