Merge branch 'master' into 405-support-s3-storage-for-media

88b51582 · Tom Teichler · a37df9b2 · fa3126b7 · 88b51582 · 88b51582
Verified Commit 88b51582 authored 4 years ago by Tom Teichler
--- a/aleksis/core/mixins.py
+++ b/aleksis/core/mixins.py
@@ -21,6 +21,7 @@ from django.views.generic.edit import DeleteView, ModelFormMixin

 import reversion
 from guardian.admin import GuardedModelAdmin
+from guardian.core import ObjectPermissionChecker
 from jsonstore.fields import IntegerField, JSONFieldMixin
 from material.base import Layout, LayoutNode
 from rules.contrib.admin import ObjectPermissionsModelAdmin
@@ -332,6 +333,10 @@ class ExtensibleModel(models.Model, metaclass=_ExtensibleModelBase):
        """Dynamically add a new permission to a model."""
        cls.extra_permissions.append((name, verbose_name))

+    def set_object_permission_checker(self, checker: ObjectPermissionChecker):
+        """Annotate a ``ObjectPermissionChecker`` for use with permission system."""
+        self._permission_checker = checker
+
    def save(self, *args, **kwargs):
        """Ensure all functionality of our extensions that needs saving gets it."""
        # For auto-created remote syncable fields

--- a/aleksis/core/settings.py
+++ b/aleksis/core/settings.py
@@ -152,14 +152,14 @@ MIDDLEWARE = [
    "django_prometheus.middleware.PrometheusBeforeMiddleware",
    "django.middleware.security.SecurityMiddleware",
    "django.contrib.sessions.middleware.SessionMiddleware",
+    "django.contrib.auth.middleware.AuthenticationMiddleware",
+    "debug_toolbar.middleware.DebugToolbarMiddleware",
    "django.middleware.locale.LocaleMiddleware",
    "django.middleware.http.ConditionalGetMiddleware",
    "django_global_request.middleware.GlobalRequestMiddleware",
    "django.contrib.sites.middleware.CurrentSiteMiddleware",
    "django.middleware.common.CommonMiddleware",
    "django.middleware.csrf.CsrfViewMiddleware",
-    "django.contrib.auth.middleware.AuthenticationMiddleware",
-    "debug_toolbar.middleware.DebugToolbarMiddleware",
    "django_otp.middleware.OTPMiddleware",
    "impersonate.middleware.ImpersonateMiddleware",
    "django.contrib.messages.middleware.MessageMiddleware",
@@ -789,9 +789,7 @@ if _settings.get("storage.s3.enabled", False):
    DEFAULT_FILE_STORAGE = "storages.backends.s3boto.S3BotoStorage"
    STATICFILES_STORAGE = "storages.backends.s3boto3.S3StaticStorage"

-    if _settings.get("storage.s3.use_aws", False):
-        AWS_REGION = _settings.get("storage.s3.region", "")
-
+    AWS_REGION = _settings.get("storage.s3.region", "")
    AWS_ACCESS_KEY_ID = _settings.get("storage.s3.access_key_id", "")
    AWS_SECRET_ACCESS_KEY = _settings.get("storage.s3.secret_key", "")
    AWS_SESSION_TOKEN = _settings.get("storage.s3.session_token", "")

--- a/aleksis/core/util/predicates.py
+++ b/aleksis/core/util/predicates.py
+from typing import Optional
+
 from django.contrib.auth.backends import ModelBackend
 from django.contrib.auth.models import User
 from django.db.models import Model
@@ -7,6 +9,7 @@ from guardian.backends import ObjectPermissionBackend
 from guardian.shortcuts import get_objects_for_user
 from rules import predicate

+from ..mixins import ExtensibleModel
 from ..models import Group
 from .core_helpers import get_content_type_by_perm, get_site_preferences
 from .core_helpers import has_person as has_person_helper
@@ -25,8 +28,20 @@ def check_global_permission(user: User, perm: str) -> bool:
    return ModelBackend().has_perm(user, perm)


-def check_object_permission(user: User, perm: str, obj: Model) -> bool:
-    """Check whether a user has a permission on a object."""
+def check_object_permission(
+    user: User, perm: str, obj: Model, checker_obj: Optional[ExtensibleModel] = None
+) -> bool:
+    """Check whether a user has a permission on an object.
+
+    You can provide a custom ``ObjectPermissionChecker`` for prefetching object permissions
+    by annotating an extensible model with ``set_object_permission_checker``.
+    This can be the provided object (``obj``)  or a special object
+    which is only used to get the checker class (``checker_obj``).
+    """
+    if not checker_obj:
+        checker_obj = obj
+    if hasattr(checker_obj, "_permission_checker"):
+        return checker_obj._permission_checker.has_perm(perm, obj)
    return ObjectPermissionBackend().has_perm(user, perm, obj)



--- a/poetry.lock
+++ b/poetry.lock
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -36,7 +36,7 @@ secondary = true
 python = "^3.7"
 Django = "^3.1.7"
 django-any-js = "^1.0"
-django-debug-toolbar = "^2.0"
+django-debug-toolbar = "^3.2"
 django-middleware-global-request = "^0.1.2"
 django-menu-generator-ng = "^1.2.0"
 django-tables2 = "^2.1"