Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Or conditionals shortcutting prematurely

See original GitHub issue

I’ve defined a fairly standard set of permissions, and am using rest_condition to generate a set of conditional permissions.

I’m also trying to use these w/ the IsAuthenticated permission class, but have omitted it here for brevity.

In a simple ViewSet that uses the rest_condition permission class defined below, it appears as though the only permission that is being run in many circumstances is the IsSuperuser class.

I’ve found that by reordering things, I can get the others to run, but I feel as though this is unintended behaviour. Is it because one of the permission classes is an object-specific permission, while the others aren’t?

class IsListView(permissions.BasePermission):
    def has_permission(self, request, view):
        return bool(view.action == 'list')


class IsSuperuser(permissions.BasePermission):
    def has_permission(self, request, view):
        return request.user.is_superuser


class IsFilteringOwnResources(permissions.BasePermission):
    def has_permission(self, request, view):
        return bool(request.QUERY_PARAMS.get('user') == str(request.user.id))


class IsResourceOwner(permissions.BasePermission):
    def has_object_permission(self, request, view, obj):
        return bool(obj.user == request.user)


IsSuperuserOrResourceOwner = Or(Or(IsSuperuser, IsResourceOwner), And(IsListView, IsFilteringOwnResources))

In my tests, I have added debugging statements in each permission class.

Issue Analytics

  • State:open
  • Created 9 years ago
  • Comments:6

github_iconTop GitHub Comments

2reactions
glynjacksoncommented, Nov 11, 2014

@ryanisnan @DavidJFelix I got this to work with both has_object_permission and has_permission unless I’m missing something here…

i.e. Don’t do this…

    permission_classes = [And(Or(TokenHasReadWriteScope, SecretKeyToken, permissions.IsAdminUser), IsOwnerOrReadOnly)]

Where IsOwnerOrReadOnly uses has_object_permission

Do…

    permission_classes = [ConditionalPermission, IsOwnerOrReadOnly]
    permission_condition = (C(SecretKeyToken) | C(TokenHasReadWriteScope) | C(permissions.IsAdminUser))
1reaction
lucasdavidcommented, Apr 6, 2015

I’m having a similar problem: non-authorized users are being able to access protected resources, even when I defined the permissions as suggested by @glynjackson:

permission_classes = [ConditionalPermission, TokenHasReadWriteScope]
permission_condition = (C(UserRetrievingTheirOwnClient) | C(IsAdminUser))

I believe what is happening is that IsAdminUser does not implement has_object_permission, because it assumes that has_permission would already eliminate non-admin users, but as we’re using an Or here with UserRetrievingTheirOwnClient, this step succeeds. Then, when the view actually calls has_object_permission, IsAdminUser always returns True (the return defined in BasePermission), even when the user is not an admin or if they are not authenticated.

Is the development of this repository stalled? I’d be willing to help to solve this problem, these conditions are awesome.

Read more comments on GitHub >

github_iconTop Results From Across the Web

Conditional looping and early exit? : r/shortcuts - Reddit
So I want to either implement a “do while” loop that continues to loop until the user selects “no” and sets some condition...
Read more >
Programming - Shortcut Evaluation - CS @ Utah
Short Cut evaluation means that as soon as the program can determine that the expression is false No Further Evaluation takes place. The...
Read more >
Shortcut completion on iPhone or iPad - Apple Support
When a shortcut completes its chain of actions in the shortcut editor, an output is produced.
Read more >
Logical AND with short-circuiting - MathWorks
With logical short-circuiting, the evaluation of logical expressions can terminate early once the result becomes fully determined. Due to the properties of ...
Read more >
Shortcutting Conditionals - Embedded.fm
Conditionals are evaluated from left to right, but C stops evaluating as soon as the result is guaranteed, this is known as shortcutting...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Do you think it's possible to get this working in the browser?

Next page

coin-hive installs non ARM puppeteer build on ARM system