Skip to content
Snippets Groups Projects
Select Git revision
  • 3729a583b1c2ccfd067640ff5535ba7b6e7bdeb3
  • master default protected
  • 1182-migration-to-vue-3-and-vuetify-3
  • migrate-crud-to-vue-3-and-generalize
  • 1336-server-search-on-personfield-doesn-t-work-with-single-items
  • effective-person
  • renovate/graphene-django-3.x
  • 1345-introduce-annotate-methods-for-more-person-related-rules
  • check/update-pyproject-toml
  • check/update-merge-request-template
  • check/update-builddeps-package-json
  • check/update-tox-ini
  • 1297-freebusy-calendar-does-not-work-over-caldav
  • 1268-add-specific-availability-planning-frontend
  • renovate/ipython-9.x
  • renovate/django-guardian-3.x
  • 1343-fix-person-related-permissions
  • newer-and-rebased-migrate-crud-to-vue-3-and-generalize
  • stable/4.0.0
  • db-init
  • 1314-fix-handling-of-end-datetime-in-calendar-events-query
  • 4.0.4 protected
  • 4.1.0.dev1 protected
  • 4.1.0.dev0 protected
  • 4.0.3 protected
  • 4.0.2 protected
  • 4.0.1 protected
  • 4.0.0 protected
  • 4.0.0.dev16 protected
  • 3.2.2 protected
  • 3.1.7 protected
  • 4.0.0.dev15 protected
  • 4.0.0.dev14 protected
  • 4.0.0.dev13 protected
  • 4.0.0.dev12 protected
  • 4.0.0.dev11 protected
  • 3.2.1 protected
  • 3.1.6 protected
  • 4.0.0.dev10 protected
  • 4.0.0.dev9 protected
  • 4.0.0.dev8 protected
41 results

checks.py

Blame
  • checks.py 3.80 KiB
    from collections.abc import Iterable
    from typing import Optional
    
    import django.apps
    from django.core.checks import Error, Tags, Warning, register  # noqa
    
    from .mixins import ExtensibleModel, GlobalPermissionModel, PureDjangoModel
    from .schema.base import BaseBatchCreateMutation, BaseBatchDeleteMutation, BaseBatchPatchMutation
    from .util.apps import AppConfig
    
    
    @register(Tags.compatibility)
    def check_app_configs_base_class(
        app_configs: Optional[django.apps.registry.Apps] = None, **kwargs
    ) -> list:
        """Check whether all apps derive from AlekSIS's base app config."""
        results = []
    
        if app_configs is None:
            app_configs = django.apps.apps.get_app_configs()
    
        for app_config in filter(lambda c: c.name.startswith("aleksis."), app_configs):
            if not isinstance(app_config, AppConfig):
                results.append(
                    Warning(
                        f"App config {app_config.name} does not derive"
                        "from aleksis.core.util.apps.AppConfig.",
                        hint=(
                            "Ensure the app uses the correct base class for all"
                            "registry functionality to work."
                        ),
                        obj=app_config,
                        id="aleksis.core.W001",
                    )
                )
    
        return results
    
    
    @register(Tags.compatibility)
    def check_app_models_base_class(
        app_configs: Optional[django.apps.registry.Apps] = None, **kwargs
    ) -> list:
        """Check whether all app models derive from AlekSIS's allowed base models.
    
        Does only allow ExtensibleModel, GlobalPermissionModel and PureDjangoModel.
        """
        results = []
    
        if app_configs is None:
            app_configs = django.apps.apps.get_app_configs()
    
        for app_config in filter(lambda c: c.name.startswith("aleksis."), app_configs):
            for model in app_config.get_models():
                if not (
                    set(model.__mro__) & set((ExtensibleModel, PureDjangoModel, GlobalPermissionModel))
                ):
                    results.append(
                        Warning(
                            f"Model {model._meta.object_name} in app config {app_config.name} does "
                            "not derive from aleksis.core.mixins.ExtensibleModel "
                            "or aleksis.core.mixins.GlobalPermissionModel.",
                            hint=(
                                "Ensure all models in AlekSIS use ExtensibleModel (or "
                                "GlobalPermissionModel, if you want to define global permissions) "
                                "as base. "
                                "If your deviation is intentional, you can add the PureDjangoModel "
                                "mixin instead to silence this warning."
                            ),
                            obj=model,
                            id="aleksis.core.W002",
                        )
                    )
    
        return results
    
    
    @register(Tags.security)
    def check_all_mutations_with_permissions(
        app_configs: Optional[django.apps.registry.Apps] = None, **kwargs
    ) -> list:
        results = []
        for base_class in [BaseBatchCreateMutation, BaseBatchPatchMutation, BaseBatchDeleteMutation]:
            for subclass in base_class.__subclasses__():
                if (
                    not isinstance(subclass._meta.permissions, Iterable)
                    or not subclass._meta.permissions
                ):
                    results.append(
                        Error(
                            f"Mutation {subclass.__name__} doesn't set required permission",
                            hint=(
                                "Ensure that the mutation is protected by setting the "
                                "permissions attribute in the mutation's Meta class."
                            ),
                            obj=subclass,
                            id="aleksis.core.E001",
                        )
                    )
        return results