From 7c9057f060dc75aedb2190cf2c3ae68c83563ef2 Mon Sep 17 00:00:00 2001 From: Matteo Parrucci Date: Sat, 12 Dec 2020 01:19:13 +0100 Subject: [PATCH 1/4] added request to the permission check in the PermissionRequiredMixin --- rules/contrib/views.py | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/rules/contrib/views.py b/rules/contrib/views.py index f2e13f8..ac970e7 100644 --- a/rules/contrib/views.py +++ b/rules/contrib/views.py @@ -1,19 +1,16 @@ from functools import wraps from django.conf import settings -from django.contrib.auth import REDIRECT_FIELD_NAME -from django.contrib.auth import mixins +from django.contrib.auth import REDIRECT_FIELD_NAME, mixins from django.contrib.auth.views import redirect_to_login -from django.core.exceptions import PermissionDenied, ImproperlyConfigured, FieldError +from django.core.exceptions import (FieldError, ImproperlyConfigured, + PermissionDenied) from django.shortcuts import get_object_or_404 from django.utils.encoding import force_text from django.views.generic import CreateView, DeleteView, DetailView, UpdateView - - # These are made available for convenience, as well as for use in Django # versions before 1.9. For usage help see Django's docs for 1.9 or later. from django.views.generic.edit import BaseCreateView - from rules.compat.six import string_types, wraps LoginRequiredMixin = mixins.LoginRequiredMixin @@ -47,7 +44,7 @@ def get_permission_object(self): def has_permission(self): obj = self.get_permission_object() perms = self.get_permission_required() - return self.request.user.has_perms(perms, obj) + return self.request.user.has_perms(perms, obj, request=self.request) class AutoPermissionRequiredMixin(PermissionRequiredMixin): From 8465237698adbf8a213fc5581e8c256b5e2c0eb9 Mon Sep 17 00:00:00 2001 From: Matteo Parrucci Date: Sat, 12 Dec 2020 01:20:21 +0100 Subject: [PATCH 2/4] added 1 parameter in predicate check --- rules/predicates.py | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/rules/predicates.py b/rules/predicates.py index 3784348..16dd08c 100644 --- a/rules/predicates.py +++ b/rules/predicates.py @@ -5,7 +5,6 @@ from .compat import inspect - logger = logging.getLogger('rules') @@ -83,7 +82,7 @@ def __init__(self, fn, name=None, bind=False): if bind: num_args -= 1 assert_has_kwonlydefaults(innerfn, 'The given predicate is missing defaults for keyword-only arguments') - assert num_args <= 2, 'Incompatible predicate.' + assert num_args <= 3, 'Incompatible predicate.' self.fn = fn self.num_args = num_args self.var_args = var_args From 5b372dbe9fbb61d7109c834f37ec6b15dcae7b53 Mon Sep 17 00:00:00 2001 From: Matteo Parrucci Date: Mon, 14 Dec 2020 13:29:35 +0100 Subject: [PATCH 3/4] added request to context --- rules/predicates.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/rules/predicates.py b/rules/predicates.py index 16dd08c..661189a 100644 --- a/rules/predicates.py +++ b/rules/predicates.py @@ -142,11 +142,11 @@ def context(self): except IndexError: return None - def test(self, obj=NO_VALUE, target=NO_VALUE): + def test(self, obj=NO_VALUE, target=NO_VALUE, request=NO_VALUE): """ The canonical method to invoke predicates. """ - args = tuple(arg for arg in (obj, target) if arg is not NO_VALUE) + args = tuple(arg for arg in (obj, target, request) if arg is not NO_VALUE) _context.stack.append(Context(args)) logger.debug('Testing %s', self) try: From c55d9ad52e095780645d03e1cca0191a2529ac6d Mon Sep 17 00:00:00 2001 From: Matteo Parrucci Date: Mon, 14 Dec 2020 18:11:45 +0100 Subject: [PATCH 4/4] made it work also for django.contrib admin --- rules/contrib/admin.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/rules/contrib/admin.py b/rules/contrib/admin.py index a3c27bb..3a40122 100644 --- a/rules/contrib/admin.py +++ b/rules/contrib/admin.py @@ -9,19 +9,19 @@ def has_view_permission(self, request, obj=None): codename = get_permission_codename('view', opts) perm = '%s.%s' % (opts.app_label, codename) if perm_exists(perm): - return request.user.has_perm(perm, obj) + return request.user.has_perm(perm, obj, request=request) else: return self.has_change_permission(request, obj) def has_change_permission(self, request, obj=None): opts = self.opts codename = get_permission_codename('change', opts) - return request.user.has_perm('%s.%s' % (opts.app_label, codename), obj) + return request.user.has_perm('%s.%s' % (opts.app_label, codename), obj, request=request) def has_delete_permission(self, request, obj=None): opts = self.opts codename = get_permission_codename('delete', opts) - return request.user.has_perm('%s.%s' % (opts.app_label, codename), obj) + return request.user.has_perm('%s.%s' % (opts.app_label, codename), obj, request=request) class ObjectPermissionsInlineModelAdminMixin(ObjectPermissionsModelAdminMixin): @@ -33,7 +33,7 @@ def has_change_permission(self, request, obj=None): # pragma: no cover opts = field.rel.to._meta break codename = get_permission_codename('change', opts) - return request.user.has_perm('%s.%s' % (opts.app_label, codename), obj) + return request.user.has_perm('%s.%s' % (opts.app_label, codename), obj, request=request) def has_delete_permission(self, request, obj=None): # pragma: no cover if self.opts.auto_created: