Skip to content

Latest commit

 

History

History
127 lines (78 loc) · 2.88 KB

check-access-post-permission-hook.md

File metadata and controls

127 lines (78 loc) · 2.88 KB

check_access_post_permission_hook

This hook wraps a standard Misago function used to check if a user has permission to access a post of any type (threads, private threads, or plugin-defined). Raises Django's Http404 or PermissionDenied if they don't.

Location

This hook can be imported from misago.permissions.hooks:

from misago.permissions.hooks import check_access_post_permission_hook

Filter

def custom_check_access_post_permission_filter(
    action: CheckAccessPostPermissionHookAction,
    permissions: 'UserPermissionsProxy',
    category: Category,
    thread: Thread,
    post: Post,
) -> None:
    ...

A function implemented by a plugin that can be registered in this hook.

Arguments

action: CheckAccessPostPermissionHookAction

Next function registered in this hook, either a custom function or Misago's standard one.

See the action section for details.

user_permissions: UserPermissionsProxy

A proxy object with the current user's permissions.

category: Category

A category to check permissions for.

thread: Thread

A thread to check permissions for.

post: Post

A post to check permissions for.

Action

def check_access_post_permission_action(
    permissions: 'UserPermissionsProxy',
    category: Category,
    thread: Thread,
    post: Post,
) -> None:
    ...

Misago function used to check if a user has permission to access a post of any type (threads, private threads, or plugin-defined). Raises Django's Http404 or PermissionDenied if they don't.

Arguments

user_permissions: UserPermissionsProxy

A proxy object with the current user's permissions.

category: Category

A category to check permissions for.

thread: Thread

A thread to check permissions for.

post: Post

A post to check permissions for.

Example

The code below implements a custom filter function that blocks a user from seeing a specified post if there is a custom flag set on their account.

from django.core.exceptions import PermissionDenied
from django.utils.translation import pgettext
from misago.categories.models import Category
from misago.permissions.hooks import check_access_post_permission_hook
from misago.permissions.proxy import UserPermissionsProxy
from misago.threads.models import Post, Thread

@check_access_post_permission_hook.append_filter
def check_user_can_access_post(
    action,
    permissions: UserPermissionsProxy,
    category: Category,
    thread: Thread,
    post: Post,
) -> None:
    # Run standard permission checks
    action(permissions, category, thread, post)

    if post.id in permissions.user.plugin_data.get("hidden_posts", []):
        raise PermissionDenied(
            pgettext(
                "post permission error",
                "Site admin has removed your access to this post."
            )
        )