Skip to content

Commit

Permalink
feat: Simplify standard permissions (#20172)
Browse files Browse the repository at this point in the history
  • Loading branch information
@benjackwhite
benjackwhite authored Feb 12, 2024
1 parent 503ead7 commit aff0d63
Show file tree
Hide file tree
Showing 67 changed files with 448 additions and 499 deletions.
12 changes: 3 additions & 9 deletions ee/api/billing.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,6 @@
from django.http import HttpResponse
from django.shortcuts import redirect
from rest_framework import serializers, status, viewsets
from rest_framework.authentication import BasicAuthentication, SessionAuthentication
from rest_framework.decorators import action
from rest_framework.exceptions import NotFound, PermissionDenied, ValidationError
from rest_framework.request import Request
Expand All @@ -16,7 +15,7 @@
from ee.billing.billing_manager import BillingManager, build_billing_token
from ee.models import License
from ee.settings import BILLING_SERVICE_URL
from posthog.auth import PersonalAPIKeyAuthentication
from posthog.api.routing import TeamAndOrgViewSetMixin
from posthog.cloud_utils import get_cached_instance_license
from posthog.models import Organization

Expand All @@ -34,14 +33,9 @@ class LicenseKeySerializer(serializers.Serializer):
license = serializers.CharField()


class BillingViewset(viewsets.GenericViewSet):
class BillingViewset(TeamAndOrgViewSetMixin, viewsets.GenericViewSet):
serializer_class = BillingSerializer

authentication_classes = [
PersonalAPIKeyAuthentication,
SessionAuthentication,
BasicAuthentication,
]
derive_current_team_from_user_only = True

def list(self, request: Request, *args: Any, **kwargs: Any) -> Response:
license = get_cached_instance_license()
Expand Down
13 changes: 4 additions & 9 deletions ee/api/dashboard_collaborator.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,14 +2,13 @@

from django.db import IntegrityError
from rest_framework import exceptions, mixins, serializers, viewsets
from rest_framework.permissions import SAFE_METHODS, BasePermission, IsAuthenticated
from rest_framework.permissions import SAFE_METHODS, BasePermission
from rest_framework.request import Request

from ee.models.dashboard_privilege import DashboardPrivilege
from posthog.api.routing import StructuredViewSetMixin
from posthog.api.routing import TeamAndOrgViewSetMixin
from posthog.api.shared import UserBasicSerializer
from posthog.models import Dashboard, User
from posthog.permissions import TeamMemberAccessPermission
from posthog.user_permissions import UserPermissions, UserPermissionsSerializerMixin


Expand Down Expand Up @@ -83,17 +82,13 @@ def create(self, validated_data):


class DashboardCollaboratorViewSet(
StructuredViewSetMixin,
TeamAndOrgViewSetMixin,
mixins.ListModelMixin,
mixins.CreateModelMixin,
mixins.DestroyModelMixin,
viewsets.GenericViewSet,
):
permission_classes = [
IsAuthenticated,
TeamMemberAccessPermission,
CanEditDashboardCollaborator,
]
permission_classes = [CanEditDashboardCollaborator]
pagination_class = None
queryset = DashboardPrivilege.objects.select_related("dashboard").filter(user__is_active=True)
lookup_field = "user__uuid"
Expand Down
9 changes: 5 additions & 4 deletions ee/api/explicit_team_member.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@
from rest_framework.permissions import IsAuthenticated

from ee.models.explicit_team_membership import ExplicitTeamMembership
from posthog.api.routing import StructuredViewSetMixin
from posthog.api.routing import TeamAndOrgViewSetMixin
from posthog.api.shared import UserBasicSerializer
from posthog.models.organization import OrganizationMembership
from posthog.models.team import Team
Expand Down Expand Up @@ -101,8 +101,7 @@ def validate(self, attrs):
return attrs


class ExplicitTeamMemberViewSet(StructuredViewSetMixin, viewsets.ModelViewSet):
permission_classes = [IsAuthenticated, TeamMemberStrictManagementPermission]
class ExplicitTeamMemberViewSet(TeamAndOrgViewSetMixin, viewsets.ModelViewSet):
pagination_class = None
queryset = ExplicitTeamMembership.objects.filter(parent_membership__user__is_active=True).select_related(
"team", "parent_membership", "parent_membership__user"
Expand All @@ -112,6 +111,8 @@ class ExplicitTeamMemberViewSet(StructuredViewSetMixin, viewsets.ModelViewSet):
serializer_class = ExplicitTeamMemberSerializer
include_in_docs = True

permission_classes = [IsAuthenticated, TeamMemberStrictManagementPermission]

def get_permissions(self):
if (
self.action == "destroy"
Expand All @@ -120,7 +121,7 @@ def get_permissions(self):
):
# Special case: allow already authenticated users to leave projects
return []
return super().get_permissions()
return [permission() for permission in self.permission_classes]

def get_object(self) -> ExplicitTeamMembership:
queryset = self.filter_queryset(self.get_queryset())
Expand Down
8 changes: 4 additions & 4 deletions ee/api/feature_flag_role_access.py
View file
Original file line number Diff line number Diff line change
@@ -1,12 +1,12 @@
from rest_framework import exceptions, mixins, serializers, viewsets
from rest_framework.permissions import SAFE_METHODS, BasePermission, IsAuthenticated
from rest_framework.permissions import SAFE_METHODS, BasePermission

from ee.api.role import RoleSerializer
from ee.models.feature_flag_role_access import FeatureFlagRoleAccess
from ee.models.organization_resource_access import OrganizationResourceAccess
from ee.models.role import Role
from posthog.api.feature_flag import FeatureFlagSerializer
from posthog.api.routing import StructuredViewSetMixin
from posthog.api.routing import TeamAndOrgViewSetMixin
from posthog.models import FeatureFlag
from posthog.models.organization import OrganizationMembership

Expand Down Expand Up @@ -66,14 +66,14 @@ def create(self, validated_data):


class FeatureFlagRoleAccessViewSet(
StructuredViewSetMixin,
TeamAndOrgViewSetMixin,
mixins.ListModelMixin,
mixins.CreateModelMixin,
mixins.DestroyModelMixin,
mixins.RetrieveModelMixin,
viewsets.GenericViewSet,
):
permission_classes = [IsAuthenticated, FeatureFlagRoleAccessPermissions]
permission_classes = [FeatureFlagRoleAccessPermissions]
serializer_class = FeatureFlagRoleAccessSerializer
queryset = FeatureFlagRoleAccess.objects.select_related("feature_flag")
filter_rewrite_rules = {"team_id": "feature_flag__team_id"}
Expand Down
14 changes: 2 additions & 12 deletions ee/api/hooks.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,15 +3,10 @@

from django.conf import settings
from rest_framework import exceptions, serializers, viewsets
from rest_framework.permissions import IsAuthenticated

from ee.models.hook import Hook
from posthog.api.routing import StructuredViewSetMixin
from posthog.api.routing import TeamAndOrgViewSetMixin
from posthog.models.user import User
from posthog.permissions import (
OrganizationMemberPermissions,
TeamMemberAccessPermission,
)


class HookSerializer(serializers.ModelSerializer):
Expand All @@ -31,18 +26,13 @@ def validate_target(self, target):
return target


class HookViewSet(StructuredViewSetMixin, viewsets.ModelViewSet):
class HookViewSet(TeamAndOrgViewSetMixin, viewsets.ModelViewSet):
"""
Retrieve, create, update or destroy REST hooks.
"""

queryset = Hook.objects.all()
ordering = "-created_at"
permission_classes = [
IsAuthenticated,
OrganizationMemberPermissions,
TeamMemberAccessPermission,
]
serializer_class = HookSerializer

def perform_create(self, serializer):
Expand Down
12 changes: 3 additions & 9 deletions ee/api/organization_resource_access.py
View file
Original file line number Diff line number Diff line change
@@ -1,10 +1,8 @@
from rest_framework import mixins, serializers, viewsets
from rest_framework.permissions import IsAuthenticated

from ee.api.role import RolePermissions
from ee.models.organization_resource_access import OrganizationResourceAccess
from posthog.api.routing import StructuredViewSetMixin
from posthog.permissions import OrganizationMemberPermissions
from posthog.api.routing import TeamAndOrgViewSetMixin


class OrganizationResourceAccessSerializer(serializers.ModelSerializer):
Expand Down Expand Up @@ -35,18 +33,14 @@ def create(self, validated_data):


class OrganizationResourceAccessViewSet(
StructuredViewSetMixin,
TeamAndOrgViewSetMixin,
mixins.ListModelMixin,
mixins.RetrieveModelMixin,
mixins.CreateModelMixin,
mixins.UpdateModelMixin,
mixins.DestroyModelMixin,
viewsets.GenericViewSet,
):
permission_classes = [
IsAuthenticated,
OrganizationMemberPermissions,
RolePermissions,
]
permission_classes = [RolePermissions]
serializer_class = OrganizationResourceAccessSerializer
queryset = OrganizationResourceAccess.objects.all()
20 changes: 6 additions & 14 deletions ee/api/role.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,17 +2,16 @@

from django.db import IntegrityError
from rest_framework import mixins, serializers, viewsets
from rest_framework.permissions import SAFE_METHODS, BasePermission, IsAuthenticated
from rest_framework.permissions import SAFE_METHODS, BasePermission

from ee.models.feature_flag_role_access import FeatureFlagRoleAccess
from ee.models.organization_resource_access import OrganizationResourceAccess
from ee.models.role import Role, RoleMembership
from posthog.api.routing import StructuredViewSetMixin
from posthog.api.routing import TeamAndOrgViewSetMixin
from posthog.api.shared import UserBasicSerializer
from posthog.models import OrganizationMembership
from posthog.models.feature_flag import FeatureFlag
from posthog.models.user import User
from posthog.permissions import OrganizationMemberPermissions


class RolePermissions(BasePermission):
Expand Down Expand Up @@ -86,19 +85,15 @@ def get_associated_flags(self, role: Role):


class RoleViewSet(
StructuredViewSetMixin,
TeamAndOrgViewSetMixin,
mixins.ListModelMixin,
mixins.CreateModelMixin,
mixins.RetrieveModelMixin,
mixins.UpdateModelMixin,
mixins.DestroyModelMixin,
viewsets.GenericViewSet,
):
permission_classes = [
IsAuthenticated,
OrganizationMemberPermissions,
RolePermissions,
]
permission_classes = [RolePermissions]
serializer_class = RoleSerializer
queryset = Role.objects.all()

Expand Down Expand Up @@ -132,16 +127,13 @@ def create(self, validated_data):


class RoleMembershipViewSet(
StructuredViewSetMixin,
TeamAndOrgViewSetMixin,
mixins.ListModelMixin,
mixins.CreateModelMixin,
mixins.DestroyModelMixin,
viewsets.GenericViewSet,
):
permission_classes = [
IsAuthenticated,
RolePermissions,
]
permission_classes = [RolePermissions]
serializer_class = RoleMembershipSerializer
queryset = RoleMembership.objects.select_related("role")
filter_rewrite_rules = {"organization_id": "role__organization_id"}
24 changes: 4 additions & 20 deletions ee/api/subscription.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,21 +4,15 @@
from django.db.models import QuerySet
from django.http import HttpRequest, JsonResponse
from rest_framework import serializers, viewsets
from rest_framework.authentication import BasicAuthentication, SessionAuthentication
from rest_framework.exceptions import ValidationError
from rest_framework.permissions import IsAuthenticated

from ee.tasks import subscriptions
from posthog.api.forbid_destroy_model import ForbidDestroyModel
from posthog.api.routing import StructuredViewSetMixin
from posthog.api.routing import TeamAndOrgViewSetMixin
from posthog.api.shared import UserBasicSerializer
from posthog.auth import PersonalAPIKeyAuthentication
from posthog.constants import AvailableFeature
from posthog.models.subscription import Subscription, unsubscribe_using_token
from posthog.permissions import (
PremiumFeaturePermission,
TeamMemberAccessPermission,
)
from posthog.permissions import PremiumFeaturePermission
from posthog.utils import str_to_bool


Expand Down Expand Up @@ -95,20 +89,10 @@ def update(self, instance: Subscription, validated_data: dict, *args: Any, **kwa
return instance


class SubscriptionViewSet(StructuredViewSetMixin, ForbidDestroyModel, viewsets.ModelViewSet):
class SubscriptionViewSet(TeamAndOrgViewSetMixin, ForbidDestroyModel, viewsets.ModelViewSet):
queryset = Subscription.objects.all()
serializer_class = SubscriptionSerializer

authentication_classes = [
PersonalAPIKeyAuthentication,
SessionAuthentication,
BasicAuthentication,
]
permission_classes = [
IsAuthenticated,
PremiumFeaturePermission,
TeamMemberAccessPermission,
]
permission_classes = [PremiumFeaturePermission]
premium_feature = AvailableFeature.SUBSCRIPTIONS

def get_queryset(self) -> QuerySet:
Expand Down
16 changes: 4 additions & 12 deletions ee/clickhouse/views/experiments.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,6 @@
from rest_framework import serializers, viewsets
from rest_framework.decorators import action
from rest_framework.exceptions import ValidationError
from rest_framework.permissions import IsAuthenticated
from rest_framework.request import Request
from rest_framework.response import Response
from statshog.defaults.django import statsd
Expand All @@ -20,17 +19,14 @@
)
from ee.clickhouse.queries.experiments.utils import requires_flag_warning
from posthog.api.feature_flag import FeatureFlagSerializer, MinimalFeatureFlagSerializer
from posthog.api.routing import StructuredViewSetMixin
from posthog.api.routing import TeamAndOrgViewSetMixin
from posthog.api.shared import UserBasicSerializer
from posthog.caching.insight_cache import update_cached_state
from posthog.clickhouse.query_tagging import tag_queries
from posthog.constants import INSIGHT_TRENDS, AvailableFeature
from posthog.models.experiment import Experiment
from posthog.models.filters.filter import Filter
from posthog.permissions import (
PremiumFeaturePermission,
TeamMemberAccessPermission,
)
from posthog.permissions import PremiumFeaturePermission
from posthog.utils import generate_cache_key, get_safe_cache

EXPERIMENT_RESULTS_CACHE_DEFAULT_TTL = 60 * 30 # 30 minutes
Expand Down Expand Up @@ -285,14 +281,10 @@ def update(self, instance: Experiment, validated_data: dict, *args: Any, **kwarg
return super().update(instance, validated_data)


class ClickhouseExperimentsViewSet(StructuredViewSetMixin, viewsets.ModelViewSet):
class ClickhouseExperimentsViewSet(TeamAndOrgViewSetMixin, viewsets.ModelViewSet):
serializer_class = ExperimentSerializer
queryset = Experiment.objects.all()
permission_classes = [
IsAuthenticated,
PremiumFeaturePermission,
TeamMemberAccessPermission,
]
permission_classes = [PremiumFeaturePermission]
premium_feature = AvailableFeature.EXPERIMENTATION
ordering = "-created_at"

Expand Down
Loading

0 comments on commit aff0d63

Please sign in to comment.