Assign correct target permissions when using a custom target model

tom_alerts/views.py

@@ -1,3 +1,4 @@
+from tom_targets.base_models import get_target_model_app_label
 from copy import deepcopy
 import logging
 from requests import HTTPError
@@ -315,10 +316,11 @@ def post(self, request, *args, **kwargs):
                 # and all associated data products
                 target.give_user_access(self.request.user)
                 broker_class().process_reduced_data(target, cached_alert)
+                target_app_label = get_target_model_app_label()
                 for group in request.user.groups.all():
-                    assign_perm('tom_targets.view_target', group, target)
-                    assign_perm('tom_targets.change_target', group, target)
-                    assign_perm('tom_targets.delete_target', group, target)
+                    assign_perm(f'{target_app_label}.view_target', group, target)
+                    assign_perm(f'{target_app_label}.change_target', group, target)
+                    assign_perm(f'{target_app_label}.delete_target', group, target)
                     assign_perm('tom_dataproducts.view_reduceddatum', group, target.reduceddatum_set.all())
                     assign_perm('tom_dataproducts.change_reduceddatum', group, target.reduceddatum_set.all())
                     assign_perm('tom_dataproducts.delete_reduceddatum', group, target.reduceddatum_set.all())

tom_dataproducts/tests/test_api.py

@@ -1,3 +1,4 @@
+from tom_targets.base_models import get_target_model_app_label
 from django.contrib.auth.models import Group, User
 from django.core.files.uploadedfile import SimpleUploadedFile
 from django.urls import reverse
@@ -22,11 +23,11 @@ def setUp(self):
             'target': self.st.id,
             'data_product_type': 'photometry'
         }
-
+        target_app_label = get_target_model_app_label()
         assign_perm('tom_dataproducts.add_dataproduct', self.user)
-        assign_perm('tom_targets.add_target', self.user, self.st)
-        assign_perm('tom_targets.view_target', self.user, self.st)
-        assign_perm('tom_targets.change_target', self.user, self.st)
+        assign_perm(f'{target_app_label}.add_target', self.user, self.st)
+        assign_perm(f'{target_app_label}.view_target', self.user, self.st)
+        assign_perm(f'{target_app_label}.change_target', self.user, self.st)
 
     def test_data_product_upload_for_target(self):
         collaborator = User.objects.create(username='test collaborator')
@@ -120,11 +121,11 @@ def setUp(self):
             'target': self.st.id,
             'timestamp': '2012-02-12T01:40:47Z'
         }
-
+        target_app_label = get_target_model_app_label()
         assign_perm('tom_dataproducts.add_reduceddatum', self.user)
-        assign_perm('tom_targets.add_target', self.user, self.st)
-        assign_perm('tom_targets.view_target', self.user, self.st)
-        assign_perm('tom_targets.change_target', self.user, self.st)
+        assign_perm(f'{target_app_label}.add_target', self.user, self.st)
+        assign_perm(f'{target_app_label}.view_target', self.user, self.st)
+        assign_perm(f'{target_app_label}.change_target', self.user, self.st)
 
     def test_upload_reduced_datum(self):
         response = self.client.post(reverse('api:reduceddatums-list'), self.rd_data, format='json')

tom_dataproducts/tests/tests.py

@@ -1,3 +1,4 @@
+from tom_targets.base_models import get_target_model_app_label
 import datetime
 from http import HTTPStatus
 import os
@@ -65,7 +66,8 @@ def setUp(self):
             data=SimpleUploadedFile('afile.fits', b'somedata')
         )
         user = User.objects.create_user(username='test', email='test@example.com')
-        assign_perm('tom_targets.view_target', user, self.target)
+        target_app_label = get_target_model_app_label()
+        assign_perm(f'{target_app_label}.view_target', user, self.target)
         self.client.force_login(user)
 
     def test_dataproduct_list_on_target(self, dp_mock):
@@ -207,8 +209,9 @@ def setUp(self):
         )
         self.user = User.objects.create_user(username='aaronrodgers', email='aaron.rodgers@packers.com')
         self.user2 = User.objects.create_user(username='timboyle', email='tim.boyle@packers.com')
-        assign_perm('tom_targets.view_target', self.user, self.target)
-        assign_perm('tom_targets.view_target', self.user2, self.target)
+        target_app_label = get_target_model_app_label()
+        assign_perm(f'{target_app_label}.view_target', self.user, self.target)
+        assign_perm(f'{target_app_label}.view_target', self.user2, self.target)
         assign_perm('tom_targets.view_dataproduct', self.user, self.data_product)
         self.client.force_login(self.user)
 
@@ -265,7 +268,8 @@ def setUp(self):
             data=SimpleUploadedFile('afile.fits', b'somedata')
         )
         user = User.objects.create_user(username='test', email='test@example.com')
-        assign_perm('tom_targets.view_target', user, self.target)
+        target_app_label = get_target_model_app_label()
+        assign_perm(f'{target_app_label}.view_target', user, self.target)
         self.client.force_login(user)
 
     @patch('tom_dataproducts.models.DataProduct.get_preview', return_value='/no-image.jpg')
@@ -300,7 +304,8 @@ def setUp(self):
             data=SimpleUploadedFile('afile.fits', b'somedata')
         )
         self.user = User.objects.create_user(username='test', email='test@example.com')
-        assign_perm('tom_targets.view_target', self.user, self.target)
+        target_app_label = get_target_model_app_label()
+        assign_perm(f'{target_app_label}.view_target', self.user, self.target)
         self.client.force_login(self.user)
 
     def test_upload_data_for_target(self, run_data_processor_mock):
@@ -350,8 +355,9 @@ def setUp(self):
         )
         self.user = User.objects.create_user(username='aaronrodgers', email='aaron.rodgers@packers.com')
         self.user2 = User.objects.create_user(username='timboyle', email='tim.boyle@packers.com')
-        assign_perm('tom_targets.view_target', self.user, self.target)
-        assign_perm('tom_targets.view_target', self.user2, self.target)
+        target_app_label = get_target_model_app_label()
+        assign_perm(f'{target_app_label}.view_target', self.user, self.target)
+        assign_perm(f'{target_app_label}.view_target', self.user2, self.target)
         assign_perm('tom_targets.view_dataproduct', self.user, self.data_product)
         assign_perm('tom_targets.view_dataproduct', self.user2, self.data_product)
         assign_perm('tom_targets.delete_dataproduct', self.user, self.data_product)
@@ -636,7 +642,8 @@ def setUp(self):
             data=SimpleUploadedFile('afile.fits', b'somedata')
         )
         self.user = User.objects.create_user(username='test', email='test@example.com')
-        assign_perm('tom_targets.view_target', self.user, self.target)
+        target_app_label = get_target_model_app_label()
+        assign_perm(f'{target_app_label}.view_target', self.user, self.target)
         self.client.force_login(self.user)
 
         self.rd1 = ReducedDatum.objects.create(

tom_dataservices/views.py

@@ -1,3 +1,4 @@
+from tom_targets.base_models import get_target_model_app_label
 import logging
 from requests import HTTPError
 
@@ -351,10 +352,11 @@ def post(self, request, *args, **kwargs):
                     target.save(extras=extras, names=aliases)
                     # Give the user access to the target they created
                     target.give_user_access(self.request.user)
+                    target_app_label = get_target_model_app_label()
                     for group in request.user.groups.all():
-                        assign_perm('tom_targets.view_target', group, target)
-                        assign_perm('tom_targets.change_target', group, target)
-                        assign_perm('tom_targets.delete_target', group, target)
+                        assign_perm(f'{target_app_label}.view_target', group, target)
+                        assign_perm(f'{target_app_label}.change_target', group, target)
+                        assign_perm(f'{target_app_label}.delete_target', group, target)
                 except IntegrityError:
                     messages.warning(request,
                                      mark_safe(

tom_observations/tests/test_api.py

@@ -1,3 +1,4 @@
+from tom_targets.base_models import get_target_model_app_label
 from copy import deepcopy
 from unittest.mock import patch
 
@@ -30,7 +31,8 @@ def setUp(self):
         self.obsr2 = ObservingRecordFactory.create(target_id=self.st2.id)
         self.obsr3 = ObservingRecordFactory.create(target_id=self.st3.id)
 
-        assign_perm('tom_targets.view_target', self.user, self.st2)
+        target_app_label = get_target_model_app_label()
+        assign_perm(f'{target_app_label}.view_target', self.user, self.st2)
 
         self.client.force_login(self.user)
 

tom_observations/tests/tests.py

@@ -1,3 +1,4 @@
+from tom_targets.base_models import get_target_model_app_label
 from datetime import datetime, timedelta
 from http import HTTPStatus
 from unittest import mock
@@ -35,7 +36,8 @@ def setUp(self):
         )
         self.user = User.objects.create_user(username='vincent_adultman', password='important')
         self.user2 = User.objects.create_user(username='peon', password='plebian')
-        assign_perm('tom_targets.view_target', self.user, self.target)
+        target_app_label = get_target_model_app_label()
+        assign_perm(f'{target_app_label}.view_target', self.user, self.target)
         self.client.force_login(self.user)
 
     def test_observation_list(self):
@@ -136,7 +138,8 @@ def setUp(self):
         )
         self.user = User.objects.create_user(username='vincent_adultman', password='important')
         self.user2 = User.objects.create_user(username='peon', password='plebian')
-        assign_perm('tom_targets.view_target', self.user, self.target)
+        target_app_label = get_target_model_app_label()
+        assign_perm(f'{target_app_label}.view_target', self.user, self.target)
         self.client.force_login(self.user)
 
     def test_submit_observation_robotic(self):
@@ -338,8 +341,9 @@ def setUp(self):
         )
         user = User.objects.create_user(username='vincent_adultman', password='important')
         self.user2 = User.objects.create_user(username='peon', password='plebian')
-        assign_perm('tom_targets.view_target', user, self.target)
-        assign_perm('tom_targets.view_target', self.user2, self.target)
+        target_app_label = get_target_model_app_label()
+        assign_perm(f'{target_app_label}.view_target', user, self.target)
+        assign_perm(f'{target_app_label}.view_target', self.user2, self.target)
         assign_perm('tom_observations.view_observationrecord', user, self.observation_record)
         self.client.force_login(user)
 

tom_targets/base_models.py

@@ -200,6 +200,19 @@ def get_default_target_permission():
         return BaseTarget.Permissions.PRIVATE
 
 
+def get_target_model_app_label():
+    """Function to retrieve the app label of the target model class from settings.py.
+    If not found, returns the default 'tom_targets'."""
+    try:
+        TARGET_MODEL_CLASS = settings.TARGET_MODEL_CLASS
+        clazz = import_string(TARGET_MODEL_CLASS)
+        return clazz._meta.app_label
+    except AttributeError:
+        return 'tom_targets'
+    except ImportError:
+        return 'tom_targets'
+
+
 class BaseTarget(models.Model):
     """
     Class representing a target in a TOM
@@ -603,6 +616,7 @@ def give_user_access(self, user):
         :param user:
         :return:
         """
-        assign_perm('tom_targets.view_target', user, self)
-        assign_perm('tom_targets.change_target', user, self)
-        assign_perm('tom_targets.delete_target', user, self)
+        target_app_label = get_target_model_app_label()
+        assign_perm(f'{target_app_label}.view_target', user, self)
+        assign_perm(f'{target_app_label}.change_target', user, self)
+        assign_perm(f'{target_app_label}.delete_target', user, self)

tom_targets/fields.py

@@ -1,3 +1,4 @@
+from tom_targets.base_models import get_target_model_app_label
 from guardian.shortcuts import get_objects_for_user
 from rest_framework import serializers
 
@@ -11,4 +12,5 @@ def get_queryset(self):
         queryset = super().get_queryset()
         if not (request and queryset):
             return None
-        return get_objects_for_user(request.user, 'tom_targets.change_target')
+        target_app_label = get_target_model_app_label()
+        return get_objects_for_user(request.user, f'{target_app_label}.change_target')

tom_targets/forms.py

@@ -14,6 +14,7 @@
 from tom_observations.utils import get_facilities
 from tom_dataproducts.sharing import get_sharing_destination_options
 from .models import Target, TargetExtra, TargetName, TargetList, PersistentShare
+from .base_models import get_target_model_app_label
 from tom_targets.base_models import (SIDEREAL_FIELDS, NON_SIDEREAL_FIELDS, REQUIRED_SIDEREAL_FIELDS,
                                      REQUIRED_NON_SIDEREAL_FIELDS, REQUIRED_NON_SIDEREAL_FIELDS_PER_SCHEME,
                                      IGNORE_FIELDS)
@@ -97,15 +98,16 @@ def save(self, commit=True):
                     )
                     updated_target_extra.save()
             # Save groups for this target
+            target_app_label = get_target_model_app_label()
             for group in self.cleaned_data['groups']:
-                assign_perm('tom_targets.view_target', group, instance)
-                assign_perm('tom_targets.change_target', group, instance)
-                assign_perm('tom_targets.delete_target', group, instance)
+                assign_perm(f'{target_app_label}.view_target', group, instance)
+                assign_perm(f'{target_app_label}.change_target', group, instance)
+                assign_perm(f'{target_app_label}.delete_target', group, instance)
             for group in get_groups_with_perms(instance):
                 if group not in self.cleaned_data['groups']:
-                    remove_perm('tom_targets.view_target', group, instance)
-                    remove_perm('tom_targets.change_target', group, instance)
-                    remove_perm('tom_targets.delete_target', group, instance)
+                    remove_perm(f'{target_app_label}.view_target', group, instance)
+                    remove_perm(f'{target_app_label}.change_target', group, instance)
+                    remove_perm(f'{target_app_label}.delete_target', group, instance)
 
         return instance
 

tom_targets/groups.py

@@ -1,5 +1,6 @@
 from .filters import TargetFilterSet
 from .models import Target
+from .base_models import get_target_model_app_label
 from django.contrib import messages
 
 
@@ -28,7 +29,8 @@ def add_all_to_grouping(filter_data, grouping_object, request):
         return
     for target_object in target_queryset:
         try:
-            if not request.user.has_perm('tom_targets.change_target', target_object):
+            target_app_label = get_target_model_app_label()
+            if not request.user.has_perm(f'{target_app_label}.change_target', target_object):
                 failure_targets.append((target_object.name, 'Permission denied.',))
             elif grouping_object.targets.filter(pk=target_object.pk).exists():
                 warning_targets.append(target_object.name)
@@ -67,7 +69,8 @@ def add_selected_to_grouping(targets_ids, grouping_object, request):
     for target_id in targets_ids:
         try:
             target_object = Target.objects.get(pk=target_id)
-            if not request.user.has_perm('tom_targets.change_target', target_object):
+            target_app_label = get_target_model_app_label()
+            if not request.user.has_perm(f'{target_app_label}.change_target', target_object):
                 failure_targets.append((target_object.name, 'Permission denied.',))
             elif grouping_object.targets.filter(pk=target_object.pk).exists():
                 warning_targets.append(target_object.name)
@@ -111,7 +114,8 @@ def remove_all_from_grouping(filter_data, grouping_object, request):
         return
     for target_object in target_queryset:
         try:
-            if not request.user.has_perm('tom_targets.change_target', target_object):
+            target_app_label = get_target_model_app_label()
+            if not request.user.has_perm(f'{target_app_label}.change_target', target_object):
                 failure_targets.append((target_object.name, 'Permission denied.',))
             elif not grouping_object.targets.filter(pk=target_object.pk).exists():
                 warning_targets.append(target_object.name)
@@ -150,8 +154,9 @@ def remove_selected_from_grouping(targets_ids, grouping_object, request):
     failure_targets = []
     for target_id in targets_ids:
         try:
+            target_app_label = get_target_model_app_label()
             target_object = Target.objects.get(pk=target_id)
-            if not request.user.has_perm('tom_targets.change_target', target_object):
+            if not request.user.has_perm(f'{target_app_label}.change_target', target_object):
                 failure_targets.append((target_object.name, 'Permission denied.',))
             elif not grouping_object.targets.filter(pk=target_object.pk).exists():
                 warning_targets.append(target_object.name)
@@ -198,7 +203,8 @@ def move_all_to_grouping(filter_data, grouping_object, request):
         return
     for target_object in target_queryset:
         try:
-            if not request.user.has_perm('tom_targets.change_target', target_object):
+            target_app_label = get_target_model_app_label()
+            if not request.user.has_perm(f'{target_app_label}.change_target', target_object):
                 failure_targets.append((target_object.name, 'Permission denied.',))
             elif grouping_object.targets.filter(pk=target_object.pk).exists():
                 warning_targets.append(target_object.name)
@@ -239,8 +245,9 @@ def move_selected_to_grouping(targets_ids, grouping_object, request):
     failure_targets = []
     for target_id in targets_ids:
         try:
+            target_app_label = get_target_model_app_label()
             target_object = Target.objects.get(pk=target_id)
-            if not request.user.has_perm('tom_targets.change_target', target_object):
+            if not request.user.has_perm(f'{target_app_label}.change_target', target_object):
                 failure_targets.append((target_object.name, 'Permission denied.',))
             elif grouping_object.targets.filter(pk=target_object.pk).exists():
                 warning_targets.append(target_object.name)