Add BasePermissionTester
interface and generic ModelPermissionTester
#11956
+1,055
−85
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
A fresh take on #10578.
Instead of making
PagePermissionTester
a subclass ofModelPermissionTester
(and making sure the latter could allow the former to retain its logic), I tried to start offModelPermissionTester
from scratch, so I can better see where the difference lies between the two.From what I've seen, it's looking a lot like we can delegate most things to
ModelPermissionPolicy.user_has_permission{_for_instance}
. The only exceptions seem to becan_lock
andcan_unlock
, which saw a conspicuous change in #6156 that went against the documented behaviour ofuser_can_lock
anduser_can_unlock
. I added more details in the code comments.This isn't its final form, as
ModelPermissionTester.get_permission_policy()
is still unimplemented, but I can't see how it can be implemented without subclassing it. The subclass is probably something we generate at runtime when you try to get a tester/policy of a model that hasn't been registered in the registry (the registry is still to be implemented).