Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[RFC] Added accept_request method to PageViewRestriction #3182

Closed
wants to merge 2 commits into from
Closed

[RFC] Added accept_request method to PageViewRestriction #3182

wants to merge 2 commits into from

Conversation

kaedroho
Copy link
Contributor

This allows custom code to check whether a PageViewRestriction will pass
a request or not without needing to depend on any implementation
details.

@kaedroho
Added accept_request method to PageViewRestriction
54c59aa 
This allows custom code to check whether a PageViewRestriction will pass
a request or not without needing to depend on any implementation
details.
@kaedroho
Update check_view_restrictions hook to use new accept_request method
e7acc71
@tomdyson
Copy link
Contributor

@kaedroho could you please give an example of when this would be useful?

@kaedroho
Copy link
Contributor Author

kaedroho commented Nov 28, 2016
edited

Yep, I currently have this bit of code in a client site. It works out whether a page is visible to the user or not, which I think is a common use-case:

@register.assignment_tag(takes_context=True)
def user_can_see_page(context, page):
    request = context['request']
    restrictions = page.get_view_restrictions()

    if restrictions:
        passed_restrictions = request.session.get('passed_page_view_restrictions', [])
        for restriction in restrictions:
            if restriction.restriction_type == PageViewRestriction.PASSWORD:
                if restriction.id not in passed_restrictions:
                    return False
            elif restriction.restriction_type == PageViewRestriction.LOGIN:
                if not user_is_authenticated(request.user):
                    return False
            elif restriction.restriction_type == PageViewRestriction.GROUPS:
                if not request.user.is_superuser:
                    current_user_groups = request.user.groups.all()

                    if not any(group in current_user_groups for group in restriction.groups.all()):
                        return False

    return True

But I think this logic really belongs in the PageViewRestriction model itself. This means that any future changes will automatically work with this site (currently, using an unsupported restriction type will cause this tag to pass).

Here's an example of this template tag written with the accept_request method:

@register.assignment_tag(takes_context=True)
def user_can_see_page(context, page):
    request = context['request']

    for restriction in page.get_view_restrictions():
        if not restriction.accept_request(request):
            return False

    return True

All the custom logic has now been removed, which is great for forwards compatibility.

@gasman
Copy link
Collaborator

gasman commented Nov 29, 2016

Looks good to me!

The 'respond with an access-denied response' code that's been left behind in wagtail_hooks would also be a good candidate for turning a method on PageViewRestriction... but that's something for another time.

@gasman
Copy link
Collaborator

gasman commented Nov 29, 2016

Merged in ba4119b.

@gasman gasman closed this Nov 29, 2016
@tomdyson
Copy link
Contributor

Thanks for the explanation @kaedroho. Shouldn't we document the accept_request method, for future template tag authors?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@kaedroho @tomdyson @gasman