refactor(access): Move user perm logic to request.tenancy object

ref: #473 #474
2025-01-18 17:57:17 +09:30
parent 6bf40e469c
commit e5d23cc1fa
6 changed files with 189 additions and 207 deletions
--- a/app/access/mixins/organization.py
+++ b/app/access/mixins/organization.py
@ -137,7 +137,7 @@ class OrganizationMixin:

        _permission_organizations: list = []

-        for team in self.get_user_teams( self.request.user ):
+        for team in self.request.tenancy._user_teams:

            for team_permission in team.permissions.all():

@ -258,154 +258,3 @@ class OrganizationMixin:

    This value is used to define the kwarg that is used as the parent objects primary key (pk).
    """
-
-
-    _user_organizations: list = []
-    """Cached User Organizations"""
-
-
-    _user_teams: list = []
-    """Cached User Teams"""
-
-
-    _user_permissions: list = []
-    """Cached User User Permissions"""
-
-
-    def get_user_organizations(self, user: User) -> list([int]):
-        """Get the Organization the user is a part of
-
-        Args:
-            user (User): User Making the request
-
-        Returns:
-            list(int()): List containing the organizations the user is a part of.
-        """
-
-        if self._user_organizations and self._user_teams and self._user_permissions:
-
-            return self._user_organizations
-
-
-        teams = Team.objects.all()
-
-        _user_organizations: list([ int ]) = []
-
-        _user_teams: list([ Team ]) = []
-
-        _user_permissions: list([ str ]) = []
-
-        for group in user.groups.all().prefetch_related('team__permissions__content_type').prefetch_related('team__organization'):
-
-            team = group.team
-
-
-            if team not in _user_teams:
-
-                _user_teams += [ team ]
-
-                for permission in group.team.permissions.all():
-
-                    permission_value = str( permission.content_type.app_label + '.' + permission.codename )
-
-                    if permission_value not in _user_permissions:
-
-                        _user_permissions += [ permission_value ]
-
-
-            if team.organization.id not in _user_organizations:
-
-                _user_organizations += [ team.organization.id ]
-
-
-        if len(_user_organizations) > 0:
-
-            self._user_organizations = _user_organizations
-
-        if len(_user_teams) > 0:
-
-            self._user_teams = _user_teams
-
-        if len(_user_permissions) > 0:
-
-            self._user_permissions = _user_permissions
-
-
-        return self._user_organizations
-
-
-
-    def get_user_teams(self, user: User) -> list([ Team ]):
-
-        if not self._user_teams:
-
-            self.get_user_organizations( user = user )
-
-        return self._user_teams
-
-
-
-    def has_organization_permission(self, organization: int, permissions_required: list) -> bool:
-        """ Check if user has permission within organization.
-
-        Args:
-            organization (int): Organization to check.
-            permissions_required (list): if doing object level permissions, pass in required permission.
-
-        Returns:
-            bool: True for yes.
-        """
-
-        has_permission: bool = False
-
-        if not organization:
-
-            return has_permission
-
-        from settings.models.app_settings import AppSettings
-
-
-        app_settings = AppSettings.objects.get(
-            owner_organization = None
-        )
-
-        for team in self.get_user_teams( user = self.request.user ):
-
-            if(
-                team.organization.id == int(organization)
-                or getattr(app_settings.global_organization, 'id', 0) == int(organization)
-            ):
-
-                for permission in team.permissions.all():
-
-                    assembled_permission = str(permission.content_type.app_label) + '.' + str( permission.codename )
-
-                    if assembled_permission in permissions_required:
-
-                        has_permission = True
-
-
-        return has_permission
-
-
-
-    def is_member(self, organization: int) -> bool:
-        """Returns true if the current user is a member of the organization
-
-        iterates over the user_organizations list and returns true if the user is a member
-
-        Returns:
-            bool: _description_
-        """
-
-        is_member: bool = False
-
-        if organization is None:
-
-            return False
-
-        if int(organization) in self.get_user_organizations(self.request.user):
-
-            is_member = True
-
-        return is_member
--- a/app/access/mixins/permissions.py
+++ b/app/access/mixins/permissions.py
@ -116,15 +116,12 @@ class OrganizationPermissionMixin(
        try:


-            view.get_user_organizations( request.user )
-
            has_permission_required: bool = False

-            user_permissions = getattr(view, '_user_permissions', None)
+            user_permissions = request.tenancy._user_permissions

            permission_required = view.get_permission_required()

-
            if permission_required and user_permissions:
                # No permission_required couldnt get permissions
                # No user_permissions, user missing the required permission
@ -224,9 +221,9 @@ class OrganizationPermissionMixin(

            elif obj_organization is not None:

-                if view.has_organization_permission(
-                    organization = obj_organization.id,
-                    permissions_required = [ view.get_permission_required() ]
+                if request.tenancy.has_organization_permission(
+                    organization = obj_organization,
+                    permissions_required = view.get_permission_required()
                ):

                        return True