Add BasePermissionTester interface and generic ModelPermissionTester
#11956
+1,055
−85
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Use the permission policies user_has_permission_for_instance under the hood as much as possible, making sure that we implement the basic checks in there whenever possible. This is different to PagePermissionTester that only uses the policy to query the GroupPagePermission objects, but still does all of the actual permission checks by itself. This was because it precedes the policy, and we wanted to avoid making too much breakage.
… message for snippets
…ng ModelPermissionTester
Manage this branch in SquashTest this branch here: https://laymonagemodel-permission-test-9e4tv.squash.io |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
A fresh take on #10578.
Instead of making
PagePermissionTestera subclass ofModelPermissionTester(and making sure the latter could allow the former to retain its logic), I tried to start offModelPermissionTesterfrom scratch, so I can better see where the difference lies between the two.From what I've seen, it's looking a lot like we can delegate most things to
ModelPermissionPolicy.user_has_permission{_for_instance}. The only exceptions seem to becan_lockandcan_unlock, which saw a conspicuous change in #6156 that went against the documented behaviour ofuser_can_lockanduser_can_unlock. I added more details in the code comments.This isn't its final form, as
ModelPermissionTester.get_permission_policy()is still unimplemented, but I can't see how it can be implemented without subclassing it. The subclass is probably something we generate at runtime when you try to get a tester/policy of a model that hasn't been registered in the registry (the registry is still to be implemented).