From 263d2c672ab58c530ef516febafc19d5206327c8 Mon Sep 17 00:00:00 2001 From: Kara Engelhardt Date: Tue, 19 Nov 2024 17:19:12 +0100 Subject: [PATCH] =?UTF-8?q?=F0=9F=A7=91=E2=80=8D=F0=9F=92=BB=20Add=20is=5F?= =?UTF-8?q?crew=20helper?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- froide/document/filters.py | 4 ++-- froide/foirequest/views/attachment.py | 3 ++- froide/helper/auth.py | 14 +++++++++++--- 3 files changed, 15 insertions(+), 6 deletions(-) diff --git a/froide/document/filters.py b/froide/document/filters.py index e20d15711..c78dfcb3d 100644 --- a/froide/document/filters.py +++ b/froide/document/filters.py @@ -11,7 +11,7 @@ from froide.account.models import User from froide.campaign.models import Campaign from froide.foirequest.auth import get_read_foirequest_queryset -from froide.helper.auth import get_read_queryset +from froide.helper.auth import get_read_queryset, is_crew from froide.helper.search.filters import BaseSearchFilterSet from froide.helper.widgets import BootstrapSelect, DateRangeWidget from froide.publicbody.models import Jurisdiction, PublicBody @@ -58,7 +58,7 @@ def filter_foirequest(self, qs, name, value): def get_portal_queryset(request): - if not request.user.is_authenticated or not request.user.is_crew: + if is_crew(request.user): return DocumentPortal.objects.filter(public=True) return DocumentPortal.objects.all() diff --git a/froide/foirequest/views/attachment.py b/froide/foirequest/views/attachment.py index c4d46d150..f8c9f2ad0 100644 --- a/froide/foirequest/views/attachment.py +++ b/froide/foirequest/views/attachment.py @@ -14,6 +14,7 @@ from crossdomainmedia import CrossDomainMediaMixin +from froide.helper.auth import is_crew from froide.helper.utils import is_ajax, render_400, render_403 from ..auth import ( @@ -70,7 +71,7 @@ def approve_attachment(request, foirequest, attachment_id): att = get_object_or_404( FoiAttachment, id=attachment_id, belongs_to__request=foirequest ) - if not att.can_approve and not request.user.is_crew: + if not att.can_approve and not is_crew(request.user): return render_403(request) # hard guard against publishing of non publishable requests diff --git a/froide/helper/auth.py b/froide/helper/auth.py index f02fcac6c..54bc63cd3 100644 --- a/froide/helper/auth.py +++ b/froide/helper/auth.py @@ -2,9 +2,11 @@ from operator import or_ from django.contrib.auth import get_permission_codename +from django.contrib.auth.models import AnonymousUser from django.core.exceptions import PermissionDenied from django.db.models import Q +from froide.account.models import User from froide.team.models import Team AUTH_MAPPING = { @@ -148,7 +150,7 @@ def get_read_queryset( codename = get_permission_codename("view", opts) if ( token is None - and user.is_crew + and is_crew(user) and user.has_perm("%s.%s" % (opts.app_label, codename)) ): return qs @@ -188,7 +190,7 @@ def get_write_queryset( codename = get_permission_codename("change", opts) if ( token is None - and user.is_crew + and is_crew(user) and user.has_perm("%s.%s" % (opts.app_label, codename)) ): return qs @@ -227,7 +229,7 @@ def get_user_filter(request, teams=None, fk_path=None): def require_crew(view_func): def decorator(request, *args, **kwargs): - if not request.user.is_authenticated or not request.user.is_crew: + if not is_crew(request.user): raise PermissionDenied return view_func(request, *args, **kwargs) @@ -237,3 +239,9 @@ def decorator(request, *args, **kwargs): def clear_lru_caches(): for f in ACCESS_MAPPING.values(): f.cache_clear() + + +def is_crew(user: User | AnonymousUser) -> bool: + if user.is_authenticated: + return user.is_crew + return False