0002-django_rbac-annotate-roles-with-actual-auth-level-gi.patch
src/django_rbac/managers.py | ||
---|---|---|
2 | 2 |
import threading |
3 | 3 | |
4 | 4 |
from django.db import models |
5 |
from django.db.models import query |
|
5 |
from django.db.models import query, Min, Case, When
|
|
6 | 6 |
from django.contrib.contenttypes.models import ContentType |
7 | 7 |
from django.db.models.query import Q, Prefetch |
8 | 8 |
from django.contrib.auth import get_user_model |
... | ... | |
103 | 103 | |
104 | 104 | |
105 | 105 |
class RoleQuerySet(query.QuerySet): |
106 |
def for_user(self, user, max_auth_level=None): |
|
106 |
def for_user(self, user, max_auth_level=None, annotate=False):
|
|
107 | 107 |
qs = self.filter(members=user) |
108 | 108 |
if max_auth_level: |
109 | 109 |
qs = qs.filter(auth_level__lte=max_auth_level) |
110 | 110 |
qs = qs.parents() |
111 | 111 |
if max_auth_level: |
112 | 112 |
qs = qs.filter(auth_level__lte=max_auth_level) |
113 |
return qs.distinct() |
|
113 |
qs = qs.distinct() |
|
114 |
if annotate: |
|
115 |
qs = qs.set_needed_auth_levels(user) |
|
116 |
return qs |
|
114 | 117 | |
115 | 118 |
def parents(self, include_self=True, annotate=False): |
116 | 119 |
qs = self.model.objects.filter(child_relation__child__in=self) |
... | ... | |
121 | 124 |
qs = qs.annotate(direct=models.Max(IntCast('child_relation__direct'))) |
122 | 125 |
return qs |
123 | 126 | |
127 |
def set_needed_auth_levels(self, user): |
|
128 |
return self.annotate(needed_auth_level=Case( |
|
129 |
When(~Q(members=user), then=Min('child_relation__child__auth_level')), |
|
130 |
default='auth_level' |
|
131 |
)) |
|
132 | ||
124 | 133 |
def children(self, include_self=True, annotate=False): |
125 | 134 |
qs = self.model.objects.filter(parent_relation__parent__in=self) |
126 | 135 |
if include_self: |
127 |
- |