access_registry made simple dict with auto registration

2026-03-17 08:57:33 -02:30 · 2017-06-24 12:35:11 -04:00
parent 112230081e
commit ad4a7fe033
4 changed files with 40 additions and 91 deletions
--- a/awx/main/access.py
+++ b/awx/main/access.py
@@ -31,7 +31,7 @@ __all__ = ['get_user_queryset', 'check_user_access', 'check_user_access_with_err
 logger = logging.getLogger('awx.main.access')

 access_registry = {
-    # <model_class>: [<access_class>, ...],
+    # <model_class>: <access_class>,
    # ...
 }

@@ -41,8 +41,7 @@ class StateConflict(ValidationError):


 def register_access(model_class, access_class):
-    access_classes = access_registry.setdefault(model_class, [])
-    access_classes.append(access_class)
+    access_registry[model_class] = access_class


@property
@@ -66,19 +65,9 @@ def get_user_queryset(user, model_class):
    Return a queryset for the given model_class containing only the instances
    that should be visible to the given user.
    '''
-    querysets = []
-    for access_class in access_registry.get(model_class, []):
-        access_instance = access_class(user)
-        querysets.append(access_instance.get_queryset())
-    if not querysets:
-        return model_class.objects.none()
-    elif len(querysets) == 1:
-        return querysets[0]
-    else:
-        queryset = model_class.objects.all()
-        for qs in querysets:
-            queryset = queryset.filter(pk__in=qs.values_list('pk', flat=True))
-        return queryset
+    access_class = access_registry[model_class]
+    access_instance = access_class(user)
+    return access_instance.get_queryset()


 def check_user_access(user, model_class, action, *args, **kwargs):
@@ -86,33 +75,26 @@ def check_user_access(user, model_class, action, *args, **kwargs):
    Return True if user can perform action against model_class with the
    provided parameters.
    '''
-    for access_class in access_registry.get(model_class, []):
-        access_instance = access_class(user)
-        access_method = getattr(access_instance, 'can_%s' % action, None)
-        if not access_method:
-            logger.debug('%s.%s not found', access_instance.__class__.__name__,
-                         'can_%s' % action)
-            continue
-        result = access_method(*args, **kwargs)
-        logger.debug('%s.%s %r returned %r', access_instance.__class__.__name__,
-                     getattr(access_method, '__name__', 'unknown'), args, result)
-        if result:
-            return result
-    return False
+    access_class = access_registry[model_class]
+    access_instance = access_class(user)
+    access_method = getattr(access_instance, 'can_%s' % action)
+    result = access_method(*args, **kwargs)
+    logger.debug('%s.%s %r returned %r', access_instance.__class__.__name__,
+                 getattr(access_method, '__name__', 'unknown'), args, result)
+    return result


 def check_user_access_with_errors(user, model_class, action, *args, **kwargs):
    '''
    Return T/F permission and summary of problems with the action.
    '''
-    for access_class in access_registry.get(model_class, []):
-        access_instance = access_class(user, save_messages=True)
-        access_method = getattr(access_instance, 'can_%s' % action, None)
-        result = access_method(*args, **kwargs)
-        logger.debug('%s.%s %r returned %r', access_instance.__class__.__name__,
-                     access_method.__name__, args, result)
-        return (result, access_instance.messages)
-    return (False, '')
+    access_class = access_registry[model_class]
+    access_instance = access_class(user, save_messages=True)
+    access_method = getattr(access_instance, 'can_%s' % action, None)
+    result = access_method(*args, **kwargs)
+    logger.debug('%s.%s %r returned %r', access_instance.__class__.__name__,
+                 access_method.__name__, args, result)
+    return (result, access_instance.messages)


 def get_user_capabilities(user, instance, **kwargs):
@@ -123,9 +105,8 @@ def get_user_capabilities(user, instance, **kwargs):
    convenient for the user interface to consume and hide or show various
    actions in the interface.
    '''
-    for access_class in access_registry.get(type(instance), []):
-        return access_class(user).get_user_capabilities(instance, **kwargs)
-    return None
+    access_class = access_registry[instance.__class__]
+    return access_class(user).get_user_capabilities(instance, **kwargs)


 def check_superuser(func):
@@ -2008,7 +1989,7 @@ class UnifiedJobTemplateAccess(BaseAccess):
        return qs.all()

    def can_start(self, obj, validate_license=True):
-        access_class = access_registry.get(obj.__class__, [])[0]
+        access_class = access_registry[obj.__class__]
        access_instance = access_class(self.user)
        return access_instance.can_start(obj, validate_license=validate_license)

@@ -2376,38 +2357,5 @@ class RoleAccess(BaseAccess):
        return False


-register_access(User, UserAccess)
-register_access(Organization, OrganizationAccess)
-register_access(Inventory, InventoryAccess)
-register_access(Host, HostAccess)
-register_access(Group, GroupAccess)
-register_access(InventorySource, InventorySourceAccess)
-register_access(InventoryUpdate, InventoryUpdateAccess)
-register_access(Credential, CredentialAccess)
-register_access(CredentialType, CredentialTypeAccess)
-register_access(Team, TeamAccess)
-register_access(Project, ProjectAccess)
-register_access(ProjectUpdate, ProjectUpdateAccess)
-register_access(JobTemplate, JobTemplateAccess)
-register_access(Job, JobAccess)
-register_access(JobHostSummary, JobHostSummaryAccess)
-register_access(JobEvent, JobEventAccess)
-register_access(SystemJobTemplate, SystemJobTemplateAccess)
-register_access(SystemJob, SystemJobAccess)
-register_access(AdHocCommand, AdHocCommandAccess)
-register_access(AdHocCommandEvent, AdHocCommandEventAccess)
-register_access(Schedule, ScheduleAccess)
-register_access(UnifiedJobTemplate, UnifiedJobTemplateAccess)
-register_access(UnifiedJob, UnifiedJobAccess)
-register_access(ActivityStream, ActivityStreamAccess)
-register_access(CustomInventoryScript, CustomInventoryScriptAccess)
-register_access(Role, RoleAccess)
-register_access(NotificationTemplate, NotificationTemplateAccess)
-register_access(Notification, NotificationAccess)
-register_access(Label, LabelAccess)
-register_access(WorkflowJobTemplateNode, WorkflowJobTemplateNodeAccess)
-register_access(WorkflowJobNode, WorkflowJobNodeAccess)
-register_access(WorkflowJobTemplate, WorkflowJobTemplateAccess)
-register_access(WorkflowJob, WorkflowJobAccess)
-register_access(Instance, InstanceAccess)
-register_access(InstanceGroup, InstanceGroupAccess)
+for cls in BaseAccess.__subclasses__():
+    access_registry[cls.model] = cls