Fix #572 Import parent permissions #585
Conversation
rdmo/projects/views/project.py
Outdated
| @@ -126,14 +126,16 @@ def get_context_data(self, **kwargs): | |||
| .filter_catalog(self.object.catalog) \ | |||
| .filter_group(self.request.user) \ | |||
| .filter_availability(self.request.user).exists() | |||
| context['ancestors_import'] = ancestors.filter_user(user=self.request.user) \ | |||
There was a problem hiding this comment.
I've changed the query to filter_user instead of filter.
I thought that sometimes the projects that should be in the import were filtered out by filter?
There was a problem hiding this comment.
filter_user takes admins and site_managers into account, so this makes sense here.
There was a problem hiding this comment.
On the second thought, I don't think this aproach is correct, since it will not account for "role inheritance". If you are the owner of a parent project, you are automatically owner of all descendants. I think it would be better to use the rules in the templates to filter the projects.
There was a problem hiding this comment.
Alternatively we can use something like:
queryset = Project.objects.filter(user=self.request.user)
for instance in queryset:
queryset |= instance.get_descendants()
queryset = queryset.distinct()
which is the query for /projects/.
| {{ node.title }} | ||
| {% endif %} | ||
| </a> | ||
| {% if node.id in user_project_family_ids %} |
There was a problem hiding this comment.
with this condition, only the projects that a user has permission for are also clickable in the hierarchy tree.
Thought it was closely related to this PR, but it can also be left out ;)
There was a problem hiding this comment.
Nice extension. Looks good to me.
There was a problem hiding this comment.
I think
{% has_perm 'projects.view_project_object' request.user project as can_view_project %}
{% if can_view_project %}
would be better.
rdmo/projects/views/project.py
Outdated
| @@ -126,14 +126,16 @@ def get_context_data(self, **kwargs): | |||
| .filter_catalog(self.object.catalog) \ | |||
| .filter_group(self.request.user) \ | |||
| .filter_availability(self.request.user).exists() | |||
| context['ancestors_import'] = ancestors.filter_user(user=self.request.user) \ | |||
There was a problem hiding this comment.
On the second thought, I don't think this aproach is correct, since it will not account for "role inheritance". If you are the owner of a parent project, you are automatically owner of all descendants. I think it would be better to use the rules in the templates to filter the projects.
| {{ node.title }} | ||
| {% endif %} | ||
| </a> | ||
| {% if node.id in user_project_family_ids %} |
There was a problem hiding this comment.
I think
{% has_perm 'projects.view_project_object' request.user project as can_view_project %}
{% if can_view_project %}
would be better.
| @@ -6,7 +6,7 @@ | |||
| <input type="hidden" name="method" value="import_project"> | |||
|
|
|||
| <select class="form-control" name="source"> | |||
| {% for project in project.get_ancestors %} | |||
| {% for project in ancestors_import %} | |||
There was a problem hiding this comment.
{% has_perm 'projects.view_project_object' request.user project as can_view_project %}
{% if can_view_project %}
same as above. We probably need to add some prefetch_related/select_related to the database query.
rdmo/projects/views/project.py
Outdated
| @@ -126,14 +126,16 @@ def get_context_data(self, **kwargs): | |||
| .filter_catalog(self.object.catalog) \ | |||
| .filter_group(self.request.user) \ | |||
| .filter_availability(self.request.user).exists() | |||
| context['ancestors_import'] = ancestors.filter_user(user=self.request.user) \ | |||
There was a problem hiding this comment.
Alternatively we can use something like:
queryset = Project.objects.filter(user=self.request.user)
for instance in queryset:
queryset |= instance.get_descendants()
queryset = queryset.distinct()
which is the query for /projects/.
|
Hi @MyPyDavid and @jochenklar, thanks for your reviews and suggestions. I tried to address them.
Towards the use of prefetch_related/select_related I don't have an idea how to integrate this into the logic at the moment. |
|
Would it be a performance boost if the prefetch related is used as follows? ancestors_import = []
for instance in ancestors.exclude(id=project.id).prefetch_related('user'):
if self.request.user.has_perm('projects.view_project_object', instance):
ancestors_import.append(instance) |
…mport-parent-permissions Fix rdmorganiser#572 Import parent permissions
This PR aims at fixing issue #572