more spaces work

2026-01-01 04:10:06 -05:00 · 2021-02-20 18:47:14 +01:00
parent ad163509b4
commit 96c963795e
6 changed files with 50 additions and 100 deletions
--- a/cookbook/helper/permission_helper.py
+++ b/cookbook/helper/permission_helper.py
@@ -43,8 +43,7 @@ def has_group_permission(user, groups):
        return False
    groups_allowed = get_allowed_groups(groups)
    if user.is_authenticated:
-        if (user.is_superuser
-                | bool(user.groups.filter(name__in=groups_allowed))):
+        if bool(user.groups.filter(name__in=groups_allowed)):
            return True
    return False

@@ -59,19 +58,12 @@ def is_object_owner(user, obj):
    :param obj any object that should be tested
    :return: true if user is owner of object, false otherwise
    """
-    # TODO this could be improved/cleaned up by adding
-    #      get_owner methods to all models that allow owner checks
    if not user.is_authenticated:
        return False
-    if user.is_superuser:
-        return True
-    if owner := getattr(obj, 'created_by', None):
-        return owner == user
-    if owner := getattr(obj, 'user', None):
-        return owner == user
-    if getattr(obj, 'get_owner', None):
+    try:
        return obj.get_owner() == user
-    return False
+    except:
+        return False


 def is_object_shared(user, obj):
@@ -87,8 +79,6 @@ def is_object_shared(user, obj):
    #      share checks for relevant objects
    if not user.is_authenticated:
        return False
-    if user.is_superuser:
-        return True
    return user in obj.shared.all()


@@ -100,11 +90,7 @@ def share_link_valid(recipe, share):
    :return: true if a share link with the given recipe and uuid exists
    """
    try:
-        return (
-            True
-            if ShareLink.objects.filter(recipe=recipe, uuid=share).exists()
-            else False
-        )
+        return True if ShareLink.objects.filter(recipe=recipe, uuid=share).exists() else False
    except ValidationError:
        return False

@@ -148,21 +134,11 @@ class OwnerRequiredMixin(object):

    def dispatch(self, request, *args, **kwargs):
        if not request.user.is_authenticated:
-            messages.add_message(
-                request,
-                messages.ERROR,
-                _('You are not logged in and therefore cannot view this page!')
-            )
-            return HttpResponseRedirect(
-                reverse_lazy('account_login') + '?next=' + request.path
-            )
+            messages.add_message(request, messages.ERROR, _('You are not logged in and therefore cannot view this page!'))
+            return HttpResponseRedirect(reverse_lazy('account_login') + '?next=' + request.path)
        else:
            if not is_object_owner(request.user, self.get_object()):
-                messages.add_message(
-                    request,
-                    messages.ERROR,
-                    _('You cannot interact with this object as it is not owned by you!')  # noqa: E501
-                )
+                messages.add_message(request, messages.ERROR, _('You cannot interact with this object as it is not owned by you!'))
                return HttpResponseRedirect(reverse('index'))

        if self.get_object().get_space() != request.space: