feat!: Rename HasScopedPermissionMixin → ScopedPermissionHolder

Ur-Solutions · Dec 30, 2020 · 219edac · 219edac
1 parent 7da7730
commit 219edac
Show file tree

Hide file tree

Showing 4 changed files with 40 additions and 15 deletions.
diff --git a/django_scoped_permissions/backends.py b/django_scoped_permissions/backends.py
@@ -1,7 +1,7 @@
 from django.contrib.auth.backends import ModelBackend
 from django.contrib.auth.models import AbstractUser
 
-from django_scoped_permissions.models import HasScopedPermissionsMixin, ScopedModelMixin
+from django_scoped_permissions.models import ScopedPermissionHolder, ScopedModelMixin
 
 
 class ScopedAuthenticationBackend(ModelBackend):
@@ -12,7 +12,7 @@ def has_perm(self, user_obj: AbstractUser, perm: str, obj=None):
         if user_obj.is_superuser:
             return True
 
-        if not isinstance(user_obj, HasScopedPermissionsMixin):
+        if not isinstance(user_obj, ScopedPermissionHolder):
             return None
 
         if not obj:

diff --git a/django_scoped_permissions/graphql.py b/django_scoped_permissions/graphql.py
@@ -19,7 +19,7 @@
     create_resolver_from_method,
     create_resolver_from_scopes,
 )
-from django_scoped_permissions.models import HasScopedPermissionsMixin, ScopedModelMixin
+from django_scoped_permissions.models import ScopedPermissionHolder, ScopedModelMixin
 
 
 class ScopedDjangoNodeOptions(DjangoObjectTypeOptions):
@@ -124,7 +124,7 @@ def check_permissions(cls, root, info, input) -> None:
 
         expanded_permissions = expand_scopes_from_context(permissions, context)
 
-        if not isinstance(info.context.user, HasScopedPermissionsMixin):
+        if not isinstance(info.context.user, ScopedPermissionHolder):
             raise GraphQLError("You are not permitted to view this.")
 
         if not info.context.user.has_scoped_permissions(*expanded_permissions):
@@ -145,7 +145,7 @@ def check_permissions(cls, root, info, input) -> None:
 
         expanded_permissions = expand_scopes_from_context(permissions, context)
 
-        if not isinstance(info.context.user, HasScopedPermissionsMixin):
+        if not isinstance(info.context.user, ScopedPermissionHolder):
             raise GraphQLError("You are not permitted to view this.")
 
         if not info.context.user.has_scoped_permissions(*expanded_permissions):
@@ -192,7 +192,7 @@ def check_permissions(cls, root, info, input, id, obj) -> None:
 
         expanded_permissions = expand_scopes_from_context(permissions, context)
 
-        if not isinstance(info.context.user, HasScopedPermissionsMixin):
+        if not isinstance(info.context.user, ScopedPermissionHolder):
             raise GraphQLError("You are not permitted to view this.")
 
         if not info.context.user.has_scoped_permissions(*expanded_permissions):
@@ -250,7 +250,7 @@ def check_permissions(cls, root, info, input, id, obj) -> None:
 
         expanded_permissions = expand_scopes_from_context(permissions, context)
 
-        if not isinstance(info.context.user, HasScopedPermissionsMixin):
+        if not isinstance(info.context.user, ScopedPermissionHolder):
             raise GraphQLError("You are not permitted to view this.")
 
         if not info.context.user.has_scoped_permissions(*expanded_permissions):
@@ -308,7 +308,7 @@ def check_permissions(cls, root, info, id, obj) -> None:
 
         expanded_permissions = expand_scopes_from_context(permissions, context)
 
-        if not isinstance(info.context.user, HasScopedPermissionsMixin):
+        if not isinstance(info.context.user, ScopedPermissionHolder):
             raise GraphQLError("You are not permitted to view this.")
 
         if not info.context.user.has_scoped_permissions(*expanded_permissions):
@@ -341,7 +341,7 @@ def check_permissions(cls, root, info, input) -> None:
 
         expanded_permissions = expand_scopes_from_context(permissions, context)
 
-        if not isinstance(info.context.user, HasScopedPermissionsMixin):
+        if not isinstance(info.context.user, ScopedPermissionHolder):
             raise GraphQLError("You are not permitted to view this.")
 
         if not info.context.user.has_scoped_permissions(*expanded_permissions):
@@ -363,7 +363,7 @@ def check_permissions(cls, root, info, input) -> None:
 
         expanded_permissions = expand_scopes_from_context(permissions, context)
 
-        if not isinstance(info.context.user, HasScopedPermissionsMixin):
+        if not isinstance(info.context.user, ScopedPermissionHolder):
             raise GraphQLError("You are not permitted to view this.")
 
         if not info.context.user.has_scoped_permissions(*expanded_permissions):

diff --git a/django_scoped_permissions/models.py b/django_scoped_permissions/models.py
@@ -40,7 +40,29 @@ def __str__(self):
         return self.name
 
 
-class HasScopedPermissionsMixin(models.Model):
+class ScopedPermissionHolderMixin(object):
+
+    def get_granting_scopes(self):
+        return []
+
+    def has_scoped_permissions(self, *required_scopes):
+        return self.has_any_scoped_permissions(*required_scopes)
+
+    def has_any_scoped_permissions(self, *required_scopes):
+        scopes = self.get_granting_scopes()
+
+        return scopes_grant_permissions(required_scopes, scopes)
+
+    def has_all_scoped_permissions(self, *required_scopes):
+        scopes = self.get_granting_scopes()
+
+        for scope in required_scopes:
+            if not any_scope_matches([scope], scopes):
+                return False
+
+        return True
+
+class ScopedPermissionHolder(models.Model, ScopedPermissionHolderMixin):
     class Meta:
         abstract = True
 
@@ -138,6 +160,9 @@ def add_or_create_permission(
         self.scoped_permissions.add(scope)
 
 
+# DEPRECATED: Use ScopedPermissionHolder
+HasScopedPermissionMixin = ScopedPermissionHolder
+
 class ScopedModelMixin:
     def get_base_scopes(self):
         """
@@ -149,7 +174,7 @@ def get_required_scopes(self):
         return []
 
     def has_permission(
-        self, user: HasScopedPermissionsMixin, action: Optional[str] = None
+        self, user: ScopedPermissionHolderMixin, action: Optional[str] = None
     ):
         if getattr(user, "is_superuser", False):
             return True

diff --git a/django_scoped_permissions/tests/models.py b/django_scoped_permissions/tests/models.py
@@ -2,10 +2,10 @@
 from django.db import models
 
 from django_scoped_permissions.core import create_scope
-from django_scoped_permissions.models import HasScopedPermissionsMixin, ScopedModelMixin
+from django_scoped_permissions.models import ScopedPermissionHolder, ScopedModelMixin
 
 
-class User(HasScopedPermissionsMixin, AbstractUser):
+class User(ScopedPermissionHolder, AbstractUser):
     class Meta:
         indexes = (models.Index(fields=("email",)),)
 
@@ -54,7 +54,7 @@ def __str__(self):
         return self.name
 
 
-class UserType(HasScopedPermissionsMixin, ScopedModelMixin, models.Model):
+class UserType(ScopedPermissionHolder, ScopedModelMixin, models.Model):
     class Meta:
         pass