fixes

amyasnikov · Sep 20, 2024 · 91e00eb · 91e00eb
1 parent 4344c48
commit 91e00eb
Show file tree

Hide file tree

Showing 4 changed files with 13 additions and 12 deletions.
diff --git a/validity/views/base.py b/validity/views/base.py
@@ -13,7 +13,7 @@
 from validity import filtersets, forms, models, tables
 
 
-class PermissionRequiredMixin(_ObjectPermissionRequiredMixin):
+class ObjectPermissionRequiredMixin(_ObjectPermissionRequiredMixin):
     permission_required: str
 
     def get_required_permission(self):
@@ -48,7 +48,7 @@ def get_extra_context(self, request, instance):
         return {"table": table, "search_value": request.GET.get("q", "")}
 
 
-class FilterViewWithForm(PermissionRequiredMixin, FilterView):
+class FilterViewWithForm(FilterView):
     filterform_class: type[Form]
     exclude_form_fields: tuple[str, ...] = ()
 
@@ -74,14 +74,15 @@ def get_context_data(self, **kwargs: Any) -> Dict[str, Any]:
         return super().get_context_data(**kwargs) | {"filterset_form": self.get_filterform()}
 
 
-class TestResultBaseView(SingleTableMixin, FilterViewWithForm):
+class TestResultBaseView(ObjectPermissionRequiredMixin, SingleTableMixin, FilterViewWithForm):
     template_name = "validity/compliance_results.html"
     tab = ViewTab("Test Results", badge=lambda obj: obj.results.count())
     model = models.ComplianceTestResult
     filterset_class = filtersets.ComplianceTestResultFilterSet
     filterform_class = partial(forms.TestResultFilterForm, add_m2m_placeholder=True)
     table_class = tables.ComplianceResultTable
     permission_required = "validity.view_compliancetestresult"
+    queryset = models.ComplianceTestResult.objects.select_related("test", "device")
 
     parent_model: type[Model]
     result_relation: str
@@ -96,9 +97,7 @@ def get_table(self, **kwargs):
         return table
 
     def get_queryset(self):
-        return models.ComplianceTestResult.objects.select_related("test", "device").filter(
-            **{self.result_relation: self.kwargs["pk"]}
-        )
+        return self.queryset.filter(**{self.result_relation: self.kwargs["pk"]})
 
     def get_object(self):
         return get_object_or_404(self.parent_model, pk=self.kwargs["pk"])

diff --git a/validity/views/data_source.py b/validity/views/data_source.py
@@ -3,6 +3,7 @@
 from core.models import DataSource
 from dcim.filtersets import DeviceFilterSet
 from dcim.tables import DeviceTable
+from django.contrib.auth.mixins import PermissionRequiredMixin
 from django.shortcuts import get_object_or_404
 from django_tables2 import SingleTableMixin
 from utilities.views import ViewTab, register_model_view
@@ -14,7 +15,7 @@
 
 
 @register_model_view(DataSource, "devices")
-class DataSourceBoundDevicesView(SingleTableMixin, FilterViewWithForm):
+class DataSourceBoundDevicesView(PermissionRequiredMixin, SingleTableMixin, FilterViewWithForm):
     template_name = "validity/aux_tab_table.html"
     tab = ViewTab("Bound Devices", badge=lambda obj: model_to_proxy(obj, VDataSource).bound_devices.count())
     model = DataSource
@@ -24,7 +25,7 @@ class DataSourceBoundDevicesView(SingleTableMixin, FilterViewWithForm):
     permission_required = "dcim.view_device"
 
     def get_queryset(self):
-        return model_to_proxy(self.object, VDataSource).bound_devices
+        return model_to_proxy(self.object, VDataSource).bound_devices.restrict(self.request.user, "view")
 
     @cached_property
     def object(self):

diff --git a/validity/views/report.py b/validity/views/report.py
@@ -10,7 +10,7 @@
 
 from validity import filtersets, forms, models, tables
 from validity.choices import DeviceGroupByChoices, SeverityChoices
-from .base import FilterViewWithForm, TestResultBaseView
+from .base import FilterViewWithForm, ObjectPermissionRequiredMixin, TestResultBaseView
 
 
 class ComplianceReportListView(generic.ObjectListView):
@@ -66,7 +66,7 @@ def get_extra_context(self, request, instance):
 
 
 @register_model_view(models.ComplianceReport, "devices")
-class ReportDeviceView(SingleTableMixin, FilterViewWithForm):
+class ReportDeviceView(ObjectPermissionRequiredMixin, SingleTableMixin, FilterViewWithForm):
     table_class = tables.ComplianceReportDeviceTable
     tab = ViewTab(
         "Devices",
@@ -79,6 +79,7 @@ class ReportDeviceView(SingleTableMixin, FilterViewWithForm):
     permission_required = "validity.view_compliancereport"
     template_name = "validity/report_devices.html"
     filterform_class = forms.DeviceReportFilterForm
+    queryset = models.VDevice.objects.all()
 
     @functools.cached_property
     def object(self):
@@ -87,7 +88,7 @@ def object(self):
     def get_queryset(self) -> QuerySet[models.VDevice]:
         severity_ge = SeverityChoices.from_request(self.request)
         return (
-            models.VDevice.objects.filter(results__report=self.object)
+            self.queryset.filter(results__report=self.object)
             .annotate_result_stats(self.object.pk, severity_ge)
             .prefetch_results(self.object.pk, severity_ge)
         )

diff --git a/validity/views/script.py b/validity/views/script.py
@@ -2,6 +2,7 @@
 
 from core.models import Job
 from django.contrib import messages
+from django.contrib.auth.mixins import PermissionRequiredMixin
 from django.forms import Form
 from django.http import HttpResponse, HttpResponseRedirect
 from django.shortcuts import render
@@ -17,7 +18,6 @@
 from validity.scripts.data_models import RunTestsParams, ScriptParams
 from validity.scripts.launch import Launcher
 from validity.tables import ScriptResultTable
-from .base import PermissionRequiredMixin
 
 
 class RunScriptView(PermissionRequiredMixin, FormView):