[1/6] View level permissions - Plumbing (baserow#4069)

Author: bram2w

backend/src/baserow/api/serializers.py

@@ -85,7 +85,7 @@ def to_internal_value(self, data):
 
         natural_key = super().to_internal_value(data)
         try:
-            return self._model.objects.get_by_natural_key(*natural_key)
+            return self.get_queryset().get_by_natural_key(*natural_key)
         except self._model.DoesNotExist as e:
             if self._custom_does_not_exist_exception_class:
                 raise self._custom_does_not_exist_exception_class(
@@ -94,6 +94,9 @@ def to_internal_value(self, data):
             else:
                 raise e
 
+    def get_queryset(self):
+        return self._model.objects
+
 
 class CommaSeparatedIntegerValuesField(serializers.Field):
     """A serializer field that accepts a CSV string containing a list of integers."""

backend/src/baserow/contrib/database/airtable/import_report.py

@@ -12,6 +12,7 @@
 from baserow.contrib.database.views.models import GridView
 from baserow.contrib.database.views.registries import view_type_registry
 from baserow.core.constants import BASEROW_COLORS
+from baserow.core.registries import ImportExportConfig
 
 REPORT_TABLE_ID = "report"
 REPORT_TABLE_NAME = "Airtable import report"
@@ -99,7 +100,11 @@ def get_baserow_export_table(self, order: int) -> dict:
         grid_view.get_field_options = lambda *args, **kwargs: []
         grid_view_type = view_type_registry.get_by_model(grid_view)
         empty_serialized_grid_view = grid_view_type.export_serialized(
-            grid_view, None, None, None
+            grid_view,
+            ImportExportConfig(include_permission_data=False),
+            None,
+            None,
+            None,
         )
         empty_serialized_grid_view["id"] = 0
         exported_views = [empty_serialized_grid_view]

backend/src/baserow/contrib/database/airtable/registry.py

@@ -811,7 +811,7 @@ def to_serialized_baserow_view(
             config,
             import_report,
         )
-        serialized = view_type.export_serialized(view)
+        serialized = view_type.export_serialized(view, config)
 
         return serialized
 

backend/src/baserow/contrib/database/application_types.py

@@ -135,7 +135,9 @@ def export_tables_serialized(
                 view = v.specific
                 view_type = view_type_registry.get_by_model(view)
                 serialized_views.append(
-                    view_type.export_serialized(view, table_cache, files_zip, storage)
+                    view_type.export_serialized(
+                        view, import_export_config, table_cache, files_zip, storage
+                    )
                 )
 
             serialized_rows = []
@@ -564,7 +566,9 @@ def import_tables_serialized(
         # Now that the all tables and fields exist, we can create the views and create
         # the table schema in the database.
         for serialized_table in serialized_tables:
-            self._import_table_views(serialized_table, id_mapping, files_zip, progress)
+            self._import_table_views(
+                serialized_table, import_export_config, id_mapping, files_zip, progress
+            )
             self._create_table_schema(
                 serialized_table, already_created_through_table_names
             )
@@ -910,6 +914,7 @@ def _create_table_schema(
     def _import_table_views(
         self,
         serialized_table: Dict[str, Any],
+        import_export_config: ImportExportConfig,
         id_mapping: Dict[str, Any],
         files_zip: Optional[ZipFile] = None,
         progress: Optional[ChildProgressBuilder] = None,
@@ -929,7 +934,9 @@ def _import_table_views(
         table_name = serialized_table["name"]
         for serialized_view in serialized_table["views"]:
             view_type = view_type_registry.get(serialized_view["type"])
-            view_type.import_serialized(table, serialized_view, id_mapping, files_zip)
+            view_type.import_serialized(
+                table, serialized_view, import_export_config, id_mapping, files_zip
+            )
             progress.increment(
                 state=f"{IMPORT_SERIALIZED_IMPORTING_TABLE_STRUCTURE}{table_name}"
             )

backend/src/baserow/contrib/database/views/handler.py

@@ -88,6 +88,7 @@
 from baserow.core.exceptions import PermissionDenied
 from baserow.core.handler import CoreHandler
 from baserow.core.models import Workspace
+from baserow.core.registries import ImportExportConfig
 from baserow.core.telemetry.utils import baserow_trace_methods
 from baserow.core.trash.handler import TrashHandler
 from baserow.core.utils import (
@@ -898,6 +899,7 @@ def create_view(
             )
 
         view_type.view_created(view=instance)
+        view_ownership_type.view_created(user=user, view=instance, workspace=workspace)
         view_created.send(self, view=instance, user=user, type_name=type_name)
 
         return instance
@@ -938,12 +940,18 @@ def duplicate_view(self, user: AbstractUser, original_view: View) -> View:
 
         view_type = view_type_registry.get_by_model(original_view)
 
+        config = ImportExportConfig(
+            include_permission_data=True,
+            reduce_disk_space_usage=False,
+            is_duplicate=True,
+        )
+
         cache = {
             "workspace_id": workspace.id,
         }
 
         # Use export/import to duplicate the view easily
-        serialized = view_type.export_serialized(original_view, cache)
+        serialized = view_type.export_serialized(original_view, config, cache)
 
         # Change the name of the view
         serialized["name"] = self.find_unused_view_name(
@@ -967,7 +975,7 @@ def duplicate_view(self, user: AbstractUser, original_view: View) -> View:
             "database_field_select_options": MirrorDict(),
         }
         duplicated_view = view_type.import_serialized(
-            original_view.table, serialized, id_mapping
+            original_view.table, serialized, config, id_mapping
         )
 
         if duplicated_view is None:

backend/src/baserow/contrib/database/views/registries.py

@@ -25,7 +25,11 @@
 from baserow.core.exceptions import PermissionDenied
 from baserow.core.handler import CoreHandler
 from baserow.core.models import Workspace, WorkspaceUser
-from baserow.core.registries import OperationType
+from baserow.core.registries import (
+    ImportExportConfig,
+    OperationType,
+    serialization_processor_registry,
+)
 from baserow.core.registry import (
     APIUrlsInstanceMixin,
     APIUrlsRegistryMixin,
@@ -219,6 +223,7 @@ def __init__(self, *args, **kwargs):
     def export_serialized(
         self,
         view: "View",
+        import_export_config: ImportExportConfig,
         cache: Optional[Dict] = None,
         files_zip: Optional[ExportZipFile] = None,
         storage: Optional[Storage] = None,
@@ -228,6 +233,9 @@ def export_serialized(
         `import_serialized` method. This dict is also JSON serializable.
 
         :param view: The view instance that must be exported.
+        :param import_export_config: provides configuration options for the
+            import/export process to customize how it works.
+        :param cache: A cache to use for storing temporary data.
         :param files_zip: A zip file buffer where the files related to the export
             must be copied into.
         :param storage: The storage where the files can be loaded from.
@@ -298,12 +306,24 @@ def export_serialized(
         if self.can_share:
             serialized["public"] = view.public
 
+        # It could be that there is no `table` related to the view when doing an
+        # Airtable export, for example. That means it's not part of a workspace, so we
+        # can't enhance the export with the `serialization_processor_registry`.
+        if view.table_id is not None:
+            for serialized_structure in serialization_processor_registry.get_all():
+                extra_data = serialized_structure.export_serialized(
+                    view.table.database.workspace, view, import_export_config
+                )
+                if extra_data is not None:
+                    serialized.update(**extra_data)
+
         return serialized
 
     def import_serialized(
         self,
         table: "Table",
         serialized_values: Dict[str, Any],
+        import_export_config: ImportExportConfig,
         id_mapping: Dict[str, Any],
         files_zip: Optional[ZipFile] = None,
         storage: Optional[Storage] = None,
@@ -316,6 +336,8 @@ def import_serialized(
         :param table: The table where the view should be added to.
         :param serialized_values: The exported serialized view values that need to
             be imported.
+        :param import_export_config: provides configuration options for the
+            import/export process to customize how it works.
         :param id_mapping: The map of exported ids to newly created ids that must be
             updated when a new instance has been created.
         :param files_zip: A zip file buffer where files related to the export can be
@@ -399,7 +421,15 @@ def import_serialized(
         decorations = (
             serialized_copy.pop("decorations", []) if self.can_decorate else []
         )
-        view = self.model_class.objects.create(table=table, **serialized_copy)
+
+        view = self.model_class(table=table)
+        # Only set the properties that are actually accepted by the view type's model
+        # class.
+        for key, value in serialized_copy.items():
+            if hasattr(view, key):
+                setattr(view, key, value)
+        view.save()
+
         id_mapping["database_views"][view_id] = view.id
 
         if self.can_filter:
@@ -493,6 +523,13 @@ def import_serialized(
                     view_decoration_id
                 ] = view_decoration_object.id
 
+        for (
+            serialized_structure_processor
+        ) in serialization_processor_registry.get_all():
+            serialized_structure_processor.import_serialized(
+                table.database.workspace, view, serialized_copy, import_export_config
+            )
+
         return view
 
     def get_visible_fields_and_model(
@@ -1406,6 +1443,16 @@ class (f. ex. `CollaborativeViewOwnershipType`,
 
         raise PermissionDenied()
 
+    def view_created(self, user: AbstractUser, view: "View", workspace: Workspace):
+        """
+        Hook that is called after a view is created. This can be used to introduce
+        additional permissions checks, for example.
+
+        :param user: The user that created the view.
+        :param view: The view that was created.
+        :param workspace: The workspace where the view was created in.
+        """
+
 
 class ViewOwnershipTypeRegistry(Registry):
     """

backend/src/baserow/contrib/database/views/view_types.py

@@ -48,6 +48,7 @@
 from baserow.contrib.database.views.registries import view_aggregation_type_registry
 from baserow.core.handler import CoreHandler
 from baserow.core.import_export.utils import file_chunk_generator
+from baserow.core.registries import ImportExportConfig
 from baserow.core.storage import ExportZipFile
 from baserow.core.user_files.handler import UserFileHandler
 from baserow.core.user_files.models import UserFile
@@ -108,6 +109,7 @@ def get_api_urls(self):
     def export_serialized(
         self,
         grid: View,
+        import_export_config: ImportExportConfig,
         cache: Optional[Dict] = None,
         files_zip: Optional[ExportZipFile] = None,
         storage: Optional[Storage] = None,
@@ -116,7 +118,9 @@ def export_serialized(
         Adds the serialized grid view options to the exported dict.
         """
 
-        serialized = super().export_serialized(grid, cache, files_zip, storage)
+        serialized = super().export_serialized(
+            grid, import_export_config, cache, files_zip, storage
+        )
         serialized["row_identifier_type"] = grid.row_identifier_type
         serialized["row_height_size"] = grid.row_height_size
 
@@ -141,6 +145,7 @@ def import_serialized(
         self,
         table: Table,
         serialized_values: Dict[str, Any],
+        import_export_config: ImportExportConfig,
         id_mapping: Dict[str, Any],
         files_zip: Optional[ZipFile] = None,
         storage: Optional[Storage] = None,
@@ -152,7 +157,7 @@ def import_serialized(
         serialized_copy = serialized_values.copy()
         field_options = serialized_copy.pop("field_options")
         grid_view = super().import_serialized(
-            table, serialized_copy, id_mapping, files_zip, storage
+            table, serialized_copy, import_export_config, id_mapping, files_zip, storage
         )
         if grid_view is not None:
             if "database_grid_view_field_options" not in id_mapping:
@@ -417,6 +422,7 @@ def after_fields_type_change(self, fields):
     def export_serialized(
         self,
         gallery: View,
+        import_export_config: ImportExportConfig,
         cache: Optional[Dict] = None,
         files_zip: Optional[ExportZipFile] = None,
         storage: Optional[Storage] = None,
@@ -425,7 +431,9 @@ def export_serialized(
         Adds the serialized gallery view options to the exported dict.
         """
 
-        serialized = super().export_serialized(gallery, cache, files_zip, storage)
+        serialized = super().export_serialized(
+            gallery, import_export_config, cache, files_zip, storage
+        )
 
         if gallery.card_cover_image_field_id:
             serialized["card_cover_image_field_id"] = gallery.card_cover_image_field_id
@@ -448,6 +456,7 @@ def import_serialized(
         self,
         table: Table,
         serialized_values: Dict[str, Any],
+        import_export_config: ImportExportConfig,
         id_mapping: Dict[str, Any],
         files_zip: Optional[ZipFile] = None,
         storage: Optional[Storage] = None,
@@ -466,7 +475,7 @@ def import_serialized(
         field_options = serialized_copy.pop("field_options")
 
         gallery_view = super().import_serialized(
-            table, serialized_copy, id_mapping, files_zip, storage
+            table, serialized_copy, import_export_config, id_mapping, files_zip, storage
         )
 
         if gallery_view is not None:
@@ -1110,6 +1119,7 @@ def _update_field_options_allowed_select_options(
     def export_serialized(
         self,
         form: View,
+        import_export_config: ImportExportConfig,
         cache: Optional[Dict] = None,
         files_zip: Optional[ExportZipFile] = None,
         storage: Optional[Storage] = None,
@@ -1118,7 +1128,9 @@ def export_serialized(
         Adds the serialized form view options to the exported dict.
         """
 
-        serialized = super().export_serialized(form, cache, files_zip, storage)
+        serialized = super().export_serialized(
+            form, import_export_config, cache, files_zip, storage
+        )
 
         def add_user_file(user_file):
             if not user_file:
@@ -1195,6 +1207,7 @@ def import_serialized(
         self,
         table: Table,
         serialized_values: Dict[str, Any],
+        import_export_config: ImportExportConfig,
         id_mapping: Dict[str, Any],
         files_zip: Optional[ZipFile] = None,
         storage: Optional[Storage] = None,
@@ -1221,7 +1234,7 @@ def get_file(file):
         serialized_copy["logo_image"] = get_file(serialized_copy.pop("logo_image"))
         field_options = serialized_copy.pop("field_options")
         form_view = super().import_serialized(
-            table, serialized_copy, id_mapping, files_zip, storage
+            table, serialized_copy, import_export_config, id_mapping, files_zip, storage
         )
 
         if form_view is not None:

backend/src/baserow/core/types.py

@@ -4,10 +4,10 @@
     from django.contrib.auth.models import AbstractUser  # noqa: F401
     from django.contrib.auth.models import AnonymousUser  # noqa: F401
 
-    from baserow.contrib.automation.models import Automation
-    from baserow.contrib.builder.models import Builder
-    from baserow.contrib.dashboard.models import Dashboard
-    from baserow.contrib.database.models import Database, Table
+    from baserow.contrib.automation.models import Automation  # noqa: F401
+    from baserow.contrib.builder.models import Builder  # noqa: F401
+    from baserow.contrib.dashboard.models import Dashboard  # noqa: F401
+    from baserow.contrib.database.models import Database, Table, View  # noqa: F401
 
 # A scope object needs to have a related registered ScopeObjectType
 ScopeObject = Any
@@ -24,7 +24,7 @@
 
 # Objects which can be exported and imported in a `SerializationProcessorType`.
 SerializationProcessorScope = Union[
-    "Database", "Table", "Builder", "Dashboard", "Automation"
+    "Database", "Table", "View", "Builder", "Dashboard", "Automation"
 ]