assign custom managers based on user permissions

acdh-oeaw · Nov 21, 2024 · 809a46d · 809a46d
1 parent 5c43201
commit 809a46d
Show file tree

Hide file tree

Showing 2 changed files with 28 additions and 20 deletions.
diff --git a/apis_ontology/models.py b/apis_ontology/models.py
@@ -13,7 +13,7 @@
 from django.db.models import OuterRef, QuerySet, Subquery
 from django.urls import reverse
 from django.utils.translation import gettext_lazy as _
-
+from crum import get_current_user
 
 logger = logging.getLogger(__name__)
 
@@ -68,6 +68,15 @@ def uri(self):
         return uri
 
 
+class TibScholEntityManager(models.Manager):
+    def get_queryset(self):
+        user = get_current_user()
+        if user and user.is_authenticated:
+            return super().get_queryset()
+
+        return super().get_queryset().filter(review=True)
+
+
 class Person(
     VersionMixin, LegacyStuffMixin, LegacyDateMixin, TibScholEntityMixin, AbstractEntity
 ):
@@ -98,6 +107,8 @@ class Person(
         max_length=10, choices=NATIONALITY, blank=True, null=True
     )
 
+    objects = TibScholEntityManager()
+
     class Meta:
         verbose_name = _("person")
         verbose_name_plural = _("Persons")
@@ -134,6 +145,8 @@ class Meta:
     def __str__(self):
         return f"{self.label} ({self.pk})"
 
+    objects = TibScholEntityManager()
+
 
 class WorkQuerySet(QuerySet):
     def with_author(self):
@@ -151,9 +164,13 @@ def with_author(self):
         )
 
 
-class WorkManager(models.Manager):
+class WorkManager(TibScholEntityManager):
     def get_queryset(self):
-        return WorkQuerySet(self.model, using=self._db).with_author()
+        return (
+            WorkQuerySet(self.model, using=self._db)
+            .filter(id__in=super().get_queryset().values_list("id", flat=True))
+            .with_author()
+        )
 
 
 class Work(
@@ -221,9 +238,13 @@ def with_author(self):
         )
 
 
-class InstanceManager(models.Manager):
+class InstanceManager(TibScholEntityManager):
     def get_queryset(self):
-        return InstanceQuerySet(self.model, using=self._db).with_author()
+        return (
+            InstanceQuerySet(self.model, using=self._db)
+            .filter(id__in=super().get_queryset().values_list("id", flat=True))
+            .with_author()
+        )
 
 
 class Instance(

diff --git a/apis_ontology/settings/server_settings.py b/apis_ontology/settings/server_settings.py
@@ -69,24 +69,11 @@
 
 
 def apis_view_passes_test(view) -> bool:
-    if view.request.user.is_authenticated:
-        return True
-    if view.permission_action_required == "view":
-        # this is set when APIS_DETAIL_VIEWS_ALLOWED is True
-        obj = view.get_object()
-        return obj.review
-    return False
-
-
-def apis_list_view_object_filter(view, queryset):
-    if view.request.user.is_authenticated:
-        return queryset
-
-    return queryset.filter(review=True)
+    # Temporary hack
+    return True
 
 
 APIS_LIST_VIEWS_ALLOWED = True
-APIS_LIST_VIEW_OBJECT_FILTER = apis_list_view_object_filter
 
 APIS_DETAIL_VIEWS_ALLOWED = True
 APIS_VIEW_PASSES_TEST = apis_view_passes_test