Browse Source

Refactor Group and User ACLs

These ones are very simple, just a small update to make them match the
style of the others as well.
merge-requests/25/head
Deimos 6 years ago
parent
commit
83298c36e6
  1. 23
      tildes/tildes/models/group/group.py
  2. 11
      tildes/tildes/models/user/user.py

23
tildes/tildes/models/group/group.py

@ -3,7 +3,7 @@
from datetime import datetime from datetime import datetime
from typing import Any, Optional, Sequence, Tuple from typing import Any, Optional, Sequence, Tuple
from pyramid.security import Allow, Authenticated, DENY_ALL, Everyone
from pyramid.security import Allow, Authenticated, Deny, DENY_ALL, Everyone
from sqlalchemy import ( from sqlalchemy import (
Boolean, Boolean,
CheckConstraint, CheckConstraint,
@ -79,15 +79,24 @@ class Group(DatabaseModel):
def __acl__(self) -> Sequence[Tuple[str, Any, str]]: def __acl__(self) -> Sequence[Tuple[str, Any, str]]:
"""Pyramid security ACL.""" """Pyramid security ACL."""
acl = [
(Allow, Everyone, 'view'),
(Allow, Authenticated, 'subscribe'),
]
acl = []
# view:
# - all groups can be viewed by everyone
acl.append((Allow, Everyone, 'view'))
# subscribe:
# - all groups can be subscribed to by logged-in users
acl.append((Allow, Authenticated, 'subscribe'))
# post_topic:
# - only admins can post in admin-posting-only groups
# - otherwise, all logged-in users can post
if self.is_admin_posting_only: if self.is_admin_posting_only:
acl.append((Allow, 'admin', 'post_topic')) acl.append((Allow, 'admin', 'post_topic'))
else:
acl.append((Allow, Authenticated, 'post_topic'))
acl.append((Deny, Everyone, 'post_topic'))
acl.append((Allow, Authenticated, 'post_topic'))
acl.append(DENY_ALL) acl.append(DENY_ALL)

11
tildes/tildes/models/user/user.py

@ -127,11 +127,14 @@ class User(DatabaseModel):
def __acl__(self) -> Sequence[Tuple[str, Any, str]]: def __acl__(self) -> Sequence[Tuple[str, Any, str]]:
"""Pyramid security ACL.""" """Pyramid security ACL."""
acl = [
(Allow, Everyone, 'view'),
]
acl = []
# view:
# - everyone can view all users
acl.append((Allow, Everyone, 'view'))
# anyone can message a user except themself
# message:
# - anyone can message a user except themself
acl.append((Deny, self.user_id, 'message')) acl.append((Deny, self.user_id, 'message'))
acl.append((Allow, Authenticated, 'message')) acl.append((Allow, Authenticated, 'message'))

Loading…
Cancel
Save