Hacky fix for access policy.

No-Issue Signed-off-by: James Tanner <[email protected]>
ansible · Nov 14, 2023 · 1fec74c · 1fec74c
1 parent 506f417
commit 1fec74c
Show file tree

Hide file tree

Showing 2 changed files with 49 additions and 5 deletions.
diff --git a/galaxy_ng/app/access_control/access_policy.py b/galaxy_ng/app/access_control/access_policy.py
@@ -828,5 +828,41 @@ def is_namespace_owner(self, request, viewset, action):
 class SurveyAccessPolicy(AccessPolicyBase):
     NAME = "SurveyAccessPolicy"
 
+    @classmethod
+    def get_access_policy(cls, view):
+
+        # statements = GALAXY_STATEMENTS
+
+        '''
+        # If this is a galaxy access policy, load from the statement file
+        if cls.NAME:
+            return statements.get_pulp_access_policy(cls.NAME, default=[])
+        '''
+
+        # Check if the view has a url pattern. If it does, check for customized
+        # policies from statements/pulp.py
+        try:
+            viewname = get_view_urlpattern(view)
+
+            override_ap = PULP_VIEWSETS.get(viewname, None)
+            if override_ap:
+                return MockPulpAccessPolicy(override_ap)
+
+        except AttributeError:
+            pass
+
+        # If no customized policies exist, try to load the one defined on the view itself
+        try:
+            return MockPulpAccessPolicy(view.DEFAULT_ACCESS_POLICY)
+        except AttributeError:
+            pass
+
+        # As a last resort, require admin rights
+        return MockPulpAccessPolicy(
+            {
+                "statements": [{"action": "*", "principal": "admin", "effect": "allow"}],
+            }
+        )
+
     def is_survey_user(self, request, viewset, action):
         return True
diff --git a/galaxy_ng/app/api/v3/viewsets/survey.py b/galaxy_ng/app/api/v3/viewsets/survey.py
@@ -2,7 +2,7 @@
 from django_filters import rest_framework as filters
 from rest_framework import viewsets
 
-# from galaxy_ng.app.access_control.access_policy import SurveyAccessPolicy
+from galaxy_ng.app.access_control.access_policy import SurveyAccessPolicy
 
 from rest_framework.settings import perform_import
 from rest_framework.permissions import IsAuthenticatedOrReadOnly
@@ -53,19 +53,27 @@ class CollectionSurveyList(viewsets.ModelViewSet):
     queryset = CollectionSurvey.objects.all()
     serializer_class = CollectionSurveySerializer
 
-    # access_policy.py is lame.
-    permission_classes = [IsAuthenticatedOrReadOnly]
+    permission_classes = [SurveyAccessPolicy]
 
     filter_backends = [filters.DjangoFilterBackend]
     filterset_class = CollectionSurveyFilter
 
+    def get_queryset(self):
+        return CollectionSurvey.objects.filter(
+            user=self.request.user
+        )
+
 
 class LegacyRoleSurveyList(viewsets.ModelViewSet):
     queryset = LegacyRoleSurvey.objects.all()
     serializer_class = LegacyRoleSurveySerializer
 
-    # access_policy.py is lame.
-    permission_classes = [IsAuthenticatedOrReadOnly]
+    permission_classes = [SurveyAccessPolicy]
 
     filter_backends = [filters.DjangoFilterBackend]
     filterset_class = LegacyRoleSurveyFilter
+
+    def get_queryset(self):
+        return LegacyRoleSurvey.objects.filter(
+            user=self.request.user
+        )