Project

Profile

Help

Story #9613

closed

As a developer, I can make permission object filtering chainable

Added by bmbouter about 3 years ago. Updated almost 3 years ago.

Status:
CLOSED - DUPLICATE
Priority:
Normal
Assignee:
-
Category:
-
Sprint/Milestone:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Platform Release:
Groomed:
No
Sprint Candidate:
No
Tags:
Sprint:
Quarter:

Description

Ticket moved to GitHub: "pulp/pulpcore/2066":https://github.com/pulp/pulpcore/issues/2066


Motivation

As a developer with the new Roles facilities in pulpcore==3.17, you likely will want to filter by permissions with something like this example taken from this PR.

current_user = get_current_authenticated_user()
qs = Task.objects.filter(finished_at__lt=finished_before, state__in=states)
units_deleted, details = get_objects_for_user(current_user, "core.delete_task", qs=qs).delete()

As you can see, this needs to determine who the current user is, and you can't build the queryset in one go by using chaining.

Proposal

Introduce a with_perm chainable call on all querysets for Pulp objects. It could be used like this:

  • qs.with_perm("core.task_delete")
  • qs.with_perm("core.task_delete", "core.task_view")
  • qs.with_perms(["core.task_delete", "core.task_view"])
  • qs.with_perm("core.task_delete").with_perm( "core.task_view")

Related issues

Blocks Pulp - Story #9614: As a developer, I can mark a Model as RBAC enabled and have exceptions raised for any quersets that don't use `with_perm`CLOSED - DUPLICATE

Actions

Also available in: Atom PDF