minor permission framework bugfixes

flaxandteal · Sep 23, 2023 · 16a9271 · 16a9271
1 parent f0057cf
commit 16a9271
Show file tree

Hide file tree

Showing 7 changed files with 43 additions and 122 deletions.
diff --git a/arches/app/permissions/__init__.py b/arches/app/permissions/__init__.py
diff --git a/.../utils/permissions/arches_default_deny.py → ...es/app/permissions/arches_default_deny.py b/.../utils/permissions/arches_default_deny.py → ...es/app/permissions/arches_default_deny.py
@@ -1,4 +1,4 @@
-from arches.app.utils.permissions.arches_standard import ArchesStandardPermissionFramework
+from arches.app.permissions.arches_standard import ArchesStandardPermissionFramework
 
 class ArchesDefaultDenyPermissionFramework(ArchesStandardPermissionFramework):
  def check_resource_instance_permissions(self, user, resourceid, permission):

diff --git a/.../app/utils/permissions/arches_standard.py → arches/app/permissions/arches_standard.py b/.../app/utils/permissions/arches_standard.py → arches/app/permissions/arches_standard.py
@@ -35,15 +35,15 @@ def get_perms_for_model(self, cls):
 
  def assign_perm(self, perm, user_or_group, obj=None):
  try:
- return assign_perm(perm, user_or_group, obj=None)
+ return assign_perm(perm, user_or_group, obj=obj)
  except NotUserNorGroup:
  raise ArchesNotUserNorGroup()
 
  def get_permission_backend(self):
  return PermissionBackend()
 
  def remove_perm(self, perm, user_or_group=None, obj=None):
- return remove_perm(perm, user_or_group=None, obj=None)
+ return remove_perm(perm, user_or_group=user_or_group, obj=obj)
 
  def get_perms(self, user_or_group, obj):
  return get_perms(user_or_group, obj)
@@ -221,10 +221,10 @@ def check_resource_instance_permissions(self, user, resourceid, permission):
  return result
 
  def get_users_with_perms(self, obj, attach_perms=False, with_superusers=False, with_group_users=True, only_with_perms_in=None):
- return get_users_with_perms(obj, attach_perms=attach_perms, with_superusers=with_superuesrs, with_group_users=with_group_users, only_with_perms_in=only_with_perms_in)
+ return get_users_with_perms(obj, attach_perms=attach_perms, with_superusers=with_superusers, with_group_users=with_group_users, only_with_perms_in=only_with_perms_in)
 
- def get_groups_with_perms(self, obj, attach_perms=False, with_superusers=False, with_group_users=True, only_with_perms_in=None):
- return get_groups_with_perms(obj, attach_perms=attach_perms, with_superusers=with_superusers, with_group_users=with_group_users, only_with_perms_in=only_with_perms_in)
+ def get_groups_with_perms(self, obj, attach_perms=False):
+ return get_groups_with_perms(obj, attach_perms=attach_perms)
 
  def get_restricted_users(self, resource):
  """

diff --git a/arches/app/utils/permissions/casbin.py → arches/app/permissions/casbin.py b/arches/app/utils/permissions/casbin.py → arches/app/permissions/casbin.py
@@ -1,4 +1,4 @@
-from arches.app.utils.permissions.arches_standard import ArchesStandardPermissionFramework
+from arches.app.permissions.arches_standard import ArchesStandardPermissionFramework
 
 class ArchesDefaultDenyPermissionFramework(ArchesStandardPermissionFramework):
  def check_resource_instance_permissions(self, user, resourceid, permission):

diff --git a/arches/app/templates/base-manager.htm b/arches/app/templates/base-manager.htm
@@ -239,89 +239,17 @@ <h4 style="flex: 1" class="ep-form-alert-title" data-bind="text: alert().title">
  </a>
  </li>
  {% endif %}
- </div>
- </a>
- {% endif %}
-
- {% if show_language_swtich %}
- {% get_current_language as LANGUAGE_CODE %}
- <div class="lang-switch ep-tools ep-tools-right" style="max-width: none;"
- data-bind='component: {
- name: "views/components/language-switcher",
- params: {
- current_language: "{{LANGUAGE_CODE}}"
- }
- }'></div>
- {% endif %}
-
- <!-- Search Bar -->
- {% if nav.search %}
- <a href="{% url 'search_home' %}" class="ep-tools ep-tools-right" data-bind="click:function () { navigate('{% url 'search_home' %}') }">
- <div class="d-inline" data-placement="bottom" data-toggle="tooltip" style="width: 100px;"data-original-title='{% trans "Search" %}'>
- <i class="ion-search"></i>
- </div>
- <h5 class="d-inline" style="margin-left: -80px;">Search</h5>
- </a>
- {% endif %}
-
- <!-- Notifications -->
- {% if nav.notifs %}
- <a href="" class="ep-tools ep-notifs-toggle ep-tools-right" data-bind="click: function() {getNotifications();}">
- <div class="" data-placement="bottom" data-toggle="tooltip" aria-expanded="true" data-original-title="{% trans 'Notifications' %}">
- <div >
- <div data-bind="visible: unreadNotifs()" id="circle"></div>
- <div data-bind="visible: unreadNotifs()" id="circle-outline"></div>
- <i class="fa fa-bell"></i>
- </div>
- </div>
- </a>
- {% endif %}
-
-
- <!-- Prov edit history-->
- {% if user_is_reviewer == False and user_can_edit %}
- <a href="{% url 'search_home' %}" class="ep-edits-toggle ep-tools ep-tools-right" data-bind="click:function () { getProvisionalHistory(); }">
- <div class="" data-placement="bottom" data-toggle="tooltip" data-original-title='{% trans "My Recent Edits" %}'>
- <i class="ion-clock"></i>
- </div>
- </a>
- {% endif %}
-
- {% if nav.res_edit and user_can_edit %}
- <a href="{% url 'resource_editor' resourceid %}" class="ep-tools ep-tools-right" data-bind="click:function () { navigate('{% url 'resource_editor' resourceid %}') }">
- <div class="" data-placement="bottom" data-toggle="tooltip" data-original-title='{% trans "Edit Resource" %}'>
- <i class="ion-edit"></i>
- </div>
- </a>
- {% endif %}
-
- {% if nav.print %}
- <a href="" class="ep-tools ep-tools-right" data-bind="click: function() { window.print() }">
- <div class="" data-placement="bottom" data-toggle="tooltip" data-original-title='{% trans "Print" %}'>
- <i class="ion-printer"></i>
- </div>
- </a>
- {% endif %}
-
- {% if nav.help %}
- <a href="javascript:void(0)" class="ep-help-toggle ep-tools ep-tools-right" data-bind="click: function(){ getHelp('{{ nav.help.template }}'); helpOpen(true) }">
- <div class="" data-placement="bottom" data-toggle="tooltip" data-original-title='{% trans "Help" %}'>
- <i class="ion-help"></i>
- </div>
- </a>
- {% endif %}
- </div>
-
- <!-- Notifications Panel -->
- <div id="ep-notifs-panel" class="ep-notifs" style="display:none;">
- <div class="ep-edits-header">
- <div class="ep-help-title">
- <span>{% trans 'Notifications' %}</span>
- </div>
- <a href="javascript:void(0);" data-bind="click: function() {getNotifications();}" class="ep-notifs-toggle ep-notifs-close ep-tools ep-tools-right">
- <div class="" data-placement="bottom" data-toggle="tooltip" data-original-title='{% trans "Close" %}'>
- <i class="fa fa-times-circle fa-lg"></i>
- </div>
+ {% else %}
+ <li{% if main_script == "views/plugin" and plugin.pluginid == p.pluginid %} class="active-sub" {% endif %}>
+ {% if p.slug is not None %}
+ <a href="{% url 'plugins' p.slug %}" data-bind="click: navigate.bind(this, '{% url 'plugins' p.slug %}') ">
+ {% else %}
+ <a href="{% url 'plugins' p.pluginid %}" data-bind="click: navigate.bind(this, '{% url 'plugins' p.pluginid %}') ">
+ {% endif %}
+ <i class="{{p.icon}}"></i>
+ <span class="menu-title">
+ <strong>{{p.name}}</strong>
+ </span>
  </a>
  </li>
  {% endif %}
@@ -351,30 +279,18 @@ <h5 class="d-inline" style="margin-left: -80px;">Search</h5>
 
  <div class="col-xs-12 col-sm-8 flex">
 
- {% block graph_title %}
- <!-- Page Title and Icon -->
- <div class="ep-tools-title">
- <h1 class="page-header text-overflow ep-graph-title">
- <i class="fa {{graph.iconclass|default:nav.icon}} text-center icon-wrap bg-gray ep-graph-title-icon"></i>
- <span>{% trans nav.title %}</span>
- </h1>
+ <!-- Tools Menu -->
+ {% if nav.menu %}
+ <a id="menu-control" href="" class="ep-tools ep-tool-title"
+ data-bind="click:function() { menuActive(!menuActive()); }, clickBubble: false">
+ <div class="flex">{% trans "Manage" %}
+ <i class="ion-more" style="padding: 0px 5px;"></i>
  </div>
- {% endblock graph_title %}
-
- <!-- Login -->
- {% if nav.login %}
- <a
- href="{% if user.username != 'anonymous' %}{% url 'user_profile_manager' %}{% else %}{% url 'auth' %}?next={% url 'home' %}{% endif %}"
- class="ep-tools ep-tools-login"
- >
- <div
- class=""
- data-placement="bottom"
- data-toggle="tooltip"
- data-original-title="{% if user.username != 'anonymous' %}{% trans 'Profile' %}{% else %}{% trans 'Login' %}{% endif %}"
- >
- {% if user.username == 'anonymous' %}
- <h5 class="hidden-xs">{% trans "Login" %}</h5>
+ </a>
+ {% if main_script == 'views/resource/editor' %}
+ {% include 'navbar/resource-manage-menu.htm' %}
+ {% elif main_script == 'views/graph/function-manager' %}
+ {% include 'navbar/function-manage-menu.htm' %}
  {% else %}
  {% include 'navbar/graph-designer-menu.htm' %}
  {% endif %}

diff --git a/arches/app/utils/permission_backend.py b/arches/app/utils/permission_backend.py
@@ -1,5 +1,4 @@
 from abc import abstractmethod, ABCMeta
-import inspect
 
 from arches.app.models.models import *
 from arches.app.models.system_settings import settings
@@ -287,11 +286,14 @@ def process_new_user(self, instance, created):
 def _get_permission_framework():
  global _PERMISSION_FRAMEWORK
  if not _PERMISSION_FRAMEWORK:
- if settings.PERMISSION_FRAMEWORK == "arches_default_deny":
- from arches.app.utils.permissions.arches_standard import ArchesDefaultDenyPermissionFramework
- _PERMISSION_FRAMEWORK = ArchesDefaultDenyPermissionFramework()
+ if settings.PERMISSION_FRAMEWORK:
+ if "." not in settings.PERMISSION_FRAMEWORK:
+ raise RuntimeError("Permissions frameworks must be a dot-separated module and a class")
+ modulename, classname = settings.PERMISSION_FRAMEWORK.split(".", -1)
+ PermissionFramework = get_class_from_modulename(modulename, classname, settings.PERMISSION_FRAMEWORK_LOCATIONS)
+ _PERMISSION_FRAMEWORK = PermissionFramework()
  else:
- from arches.app.utils.permissions.arches_standard import ArchesStandardPermissionFramework
+ from arches.app.permissions.arches_standard import ArchesStandardPermissionFramework
  _PERMISSION_FRAMEWORK = ArchesStandardPermissionFramework()
  return _PERMISSION_FRAMEWORK
 
@@ -332,10 +334,10 @@ def user_can_write_map_layers(user):
  return _get_permission_framework().user_can_write_map_layers(user)
 
 def get_users_with_perms(obj, attach_perms=False, with_superusers=False, with_group_users=True, only_with_perms_in=None):
- return _get_permission_framework().get_users_with_perms(obj, attach_perms=attach_perms, with_superusers=with_superuesrs, with_group_users=with_group_users, only_with_perms_in=only_with_perms_in)
+ return _get_permission_framework().get_users_with_perms(obj, attach_perms=attach_perms, with_superusers=with_superusers, with_group_users=with_group_users, only_with_perms_in=only_with_perms_in)
 
-def get_groups_with_perms(obj, attach_perms=False, with_superusers=False, with_group_users=True, only_with_perms_in=None):
- return _get_permission_framework().get_groups_with_perms(obj, attach_perms=attach_perms, with_superusers=with_superusers, with_group_users=with_group_users, only_with_perms_in=only_with_perms_in)
+def get_groups_with_perms(obj, attach_perms=False):
+ return _get_permission_framework().get_groups_with_perms(obj, attach_perms=attach_perms)
 
 def get_user_perms(user, obj):
  return _get_permission_framework().get_user_perms(user, obj)

diff --git a/arches/settings.py b/arches/settings.py
@@ -598,6 +598,9 @@
  # Don't forget to use absolute paths, not relative paths.
 )
 
+PERMISSION_FRAMEWORK_LOCATIONS = [
+ "arches.app.permissions",
+]
 DATATYPE_LOCATIONS = [
  "arches.app.datatypes",
 ]
@@ -755,7 +758,7 @@
 def JSON_LD_FIX_DATA_FUNCTION(data, jsdata, model):
  return jsdata
 
-PERMISSION_FRAMEWORK = "arches_standard"
+PERMISSION_FRAMEWORK = "arches_standard.ArchesStandardPermissionFramework"
 
 ##########################################
 ### END RUN TIME CONFIGURABLE SETTINGS ###