quick patch to fix snex2 permissions

TOMToolkit · Jul 31, 2024 · 4a33c0f · 4a33c0f
1 parent d95f77f
commit 4a33c0f
Show file tree

Hide file tree

Showing 3 changed files with 5 additions and 5 deletions.
diff --git a/tom_common/templatetags/tom_common_extras.py b/tom_common/templatetags/tom_common_extras.py
@@ -67,7 +67,7 @@ def recent_comments(context, limit=10):
     Comments will only be displayed for targets which the logged-in user has permission to view.
     """
     user = context['request'].user
-    targets_for_user = get_objects_for_user(user, f'{Target._meta.app_label}.view_target')
+    targets_for_user = get_objects_for_user(user, 'tom_targets.view_target')
 
     # In django-contrib-comments, the Comment model has a field ``object_pk`` which refers to the primary key
     # of the object it is related to, i.e., a comment on a ``Target`` has an ``object_pk`` corresponding with the

diff --git a/tom_targets/api_views.py b/tom_targets/api_views.py
@@ -54,7 +54,7 @@ class TargetViewSet(ModelViewSet, PermissionListMixin):
 
     def get_queryset(self):
         permission_required = permissions_map.get(self.request.method)
-        return get_objects_for_user(self.request.user, f'{Target._meta.app_label}.{permission_required}')
+        return get_objects_for_user(self.request.user, f'tom_targets.{permission_required}')
 
     def create(self, request, *args, **kwargs):
         response = super().create(request, *args, **kwargs)
@@ -93,7 +93,7 @@ class TargetNameViewSet(DestroyModelMixin, PermissionListMixin, RetrieveModelMix
     def get_queryset(self):
         permission_required = permissions_map.get(self.request.method)
         return TargetName.objects.filter(
-            target__in=get_objects_for_user(self.request.user, f'{Target._meta.app_label}.{permission_required}')
+            target__in=get_objects_for_user(self.request.user, f'tom_targets.{permission_required}')
         )
 
 

diff --git a/tom_targets/views.py b/tom_targets/views.py
@@ -60,7 +60,7 @@ class TargetListView(PermissionListMixin, FilterView):
     model = Target
     filterset_class = TargetFilter
     # Set app_name for Django-Guardian Permissions in case of Custom Target Model
-    permission_required = f'{Target._meta.app_label}.view_target'
+    permission_required = 'tom_targets.view_target'
     ordering = ['-created']
 
     def get_context_data(self, *args, **kwargs):
@@ -92,7 +92,7 @@ def get(self, request, *args, **kwargs):
         # Tests fail without distinct but it works in practice, it is unclear as to why
         # The Django query planner shows different results between in practice and unit tests
         # django-guardian related querying is present in the test planner, but not in practice
-        targets = get_objects_for_user(request.user, f'{Target._meta.app_label}.view_target').filter(
+        targets = get_objects_for_user(request.user, 'tom_targets.view_target').filter(
             Q(name__icontains=target_name) | Q(aliases__name__icontains=target_name)
         ).distinct()
         if targets.count() == 1: