Support 202011 (#917)

* install django-grainy

* nsp to grainy first iteration

* Fix validation error message overflow

* Add migration, update views.py and template to add help_text to UI

* nsp to grainy second iteration

* grainy and django-grainy pinned to latest releases

* deskpro ticket cc (#875)

* black formatting

* move ac link to bottom for ticket body

* Fix typo

* Update djangorestframework, peeringdb, django-ratelimit

* Rewrite login view ratelimit decorator

* Relock pipfile

* add list() to make copy of dictionaries before iterating

* respect ix-f url visibilty in ix-f conflict emails

* Add type coercion to settings taken from environment variables

* Add bool handling

* relock pipfile with python3.9
change docker to use python3.9

* Check bool via isinstance

* add ordering to admin search queryset for deskproticket and email

* update settings with envvar_type option

* Add tooltips to add ix and add exchange views (in org)

* Add tooltip to suggest fac view

* get phone information in view

* add missing migration

* add migration and make org a geo model

* Wire normalization to put/create requests for Facility

* Update admin with new address fields

* Refactor serializer using mixin

* Add floor and suite to address API

* Write command to geonormalize existing entries

* Remove unnecessary method from model

* Add floor and suite to views

* Add ignore geo status

* Force refresh for fac and org updates

* adjust frontend typo

* add checking if update needs geosync

* redo error handling for geosync

* remove save keyword from geonormalize command script

* change raw_id_fields

* alternate autocomplete lookup field depending on where inline is called

* remove unnecessary error handling

* Add  csv option

* Fix bug
 with None vs empty string

* add regex parsing for suite and floor conversion

* Add migration that removes geo error as a field

* add geostatus update to command

* Ignore suite floor and address2 changes for api normalization

* update geomodel by removing geo_error

* Black models.py

* Black serializers.py

* remove geocode error from admin

* Add function for reversing pretty speed

* add conversion to export method

* fix typo

* fix speed value feedback after submit

* remove conditional

* Add error handling to create endpoint

* Refine floor and suite parsing regex

* Add geocoding tests

* Add json for tests

* IX-F Importer: Bogus output of "Preview" tool #896

* remove cruft

* black formatting

* IX-F Importer: history of changes per ixlan & netixlan #893

* 6 add geocode to org view

* 4 update geocode without refresh

* Update error display

* Fix bug with formatting translated string

* Add DateTimeFields to model

* Add update signals

* add last updated fields to views and serializers

* Add last updated model migration

* Add the data migration for last updated fields

* add test that tests a normal org user with create org permissions

* grainy to 1.7
django grainy to 1.9.1

* Fix formatting issues

* Adjust var names

* Refactor signals

* Temporary: save override from network model

* Empty vlan lists no longer cause error

* typo in ixf.py

* typo in admin

* Typos in model verbose names

* Add serializer IXLAN validation for ixf_ixp_import_enabled

* Add model validation to IXLan

* relock pipfile

* relock pipfile

* begin signal test file

* Remove full clean from save in ixlan

* use post_reversion_commit signal instead

* remove redundant save override

* remove cruft / debug code

* Add signal tests

* exclude organizations with city missing from commandline geosync

* Skip geosync if the only address information we have is a country

* initial commit for vlan matcher in importer

* Add more tests and remove unused imports

* update tests

* Actually add vlan matching to importer

* Add type checking for speed list and state

* Change how we register connection.state

* add bootstrap options

* add rdap cache command

* remove outdated perm docs

* rdap from master and relock

* propagate rdap settings to peeringdb.settings

* add loaddata for initial fixtures

* user friendly error message on RdapNotFound errors (#497)

* update rdap errors

* django-peeringdb to 2.5.0 and relock

* rdap to 1.2.0 and relock

* fix migration hierarchy

* add ignore_recurse_errors option

* add missing fields to mock
remove cruft missed during merge

* rdap to 1.2.1

* dont geo validate during api tests

* fix tests

* Add test file

* fix merge

* RDAP_SELF_BOOTSTRAP to False while running tests

* black formatted

* run black

* add github actions

* add runs on

Co-authored-by: Stefan Pratter <stefan@20c.com>
Co-authored-by: Elliot Frank <elliot@20c.com>

peeringdb_server/rest.py

@@ -20,8 +20,7 @@ from django.db import connection
 from django.utils import timezone
 from django.db.models import DateTimeField
 from django.utils.translation import ugettext_lazy as _
-import django_namespace_perms.rest as nsp_rest
-
+from django_grainy.rest import ModelViewSetPermissions, PermissionDenied
 import reversion
 
 from peeringdb_server.models import Network, UTC, ProtectedAction
@@ -29,9 +28,7 @@ from peeringdb_server.serializers import ParentStatusException
 from peeringdb_server.api_cache import CacheRedirect, APICacheLoader
 from peeringdb_server.api_schema import BaseSchema
 from peeringdb_server.deskpro import ticket_queue_deletion_prevented
-
-import django_namespace_perms.util as nsp
-from django_namespace_perms.exceptions import *
+from peeringdb_server.util import check_permissions, APIPermissionsApplicator
 
 
 class DataException(ValueError):
@@ -272,15 +269,10 @@ class ModelViewSet(viewsets.ModelViewSet):
     """
     Generic ModelViewSet Base Class
     This should probably be moved to a common lib ?
-    Ueaj
     """
 
     paginate_by_param = ("limit",)
-
-    # use django namespace permissions backend, this is also specified in the
-    # settings but for some reason it only works when explicitly set here,
-    # need to investigate
-    permission_classes = (nsp_rest.BasePermission,)
+    permission_classes = (ModelViewSetPermissions,)
 
     def get_queryset(self):
         """
@@ -496,6 +488,13 @@ class ModelViewSet(viewsets.ModelViewSet):
                     status=404, data={"data": [], "detail": "Entity not found"}
                 )
 
+        print("done in %.5f seconds, %d queries" % (d, len(connection.queries)))
+
+        applicator = APIPermissionsApplicator(request.user)
+
+        if not applicator.is_generating_api_cache:
+            r.data = applicator.apply(r.data)
+
         return r
 
     @client_check()
@@ -509,6 +508,12 @@ class ModelViewSet(viewsets.ModelViewSet):
         d = time.time() - t
         print("done in %.5f seconds, %d queries" % (d, len(connection.queries)))
 
+        applicator = APIPermissionsApplicator(request.user)
+
+        if not applicator.is_generating_api_cache:
+            r.data = applicator.apply(r.data)
+            if r.data == applicator.denied:
+                return Response(status=status.HTTP_403_FORBIDDEN)
         return r
 
     def require_data(self, request):
@@ -541,7 +546,10 @@ class ModelViewSet(viewsets.ModelViewSet):
             with reversion.create_revision():
                 if request.user:
                     reversion.set_user(request.user)
-                return super().create(request, *args, **kwargs)
+                r = super().create(request, *args, **kwargs)
+                if "_grainy" in r.data:
+                    del r.data["_grainy"]
+                return r
         except PermissionDenied as inst:
             return Response(status=status.HTTP_403_FORBIDDEN)
         except (ParentStatusException, DataException) as inst:
@@ -562,7 +570,13 @@ class ModelViewSet(viewsets.ModelViewSet):
                 if request.user:
                     reversion.set_user(request.user)
 
-                return super().update(request, *args, **kwargs)
+                r = super().update(request, *args, **kwargs)
+                if "_grainy" in r.data:
+                    del r.data["_grainy"]
+                return r
+
+        except PermissionDenied as inst:
+            return Response(status=status.HTTP_403_FORBIDDEN)
         except TypeError as inst:
             return Response(
                 status=status.HTTP_400_BAD_REQUEST, data={"detail": str(inst)}
@@ -595,7 +609,7 @@ class ModelViewSet(viewsets.ModelViewSet):
             except self.model.DoesNotExist:
                 return Response(status=status.HTTP_204_NO_CONTENT)
 
-            if nsp.has_perms(request.user, obj, "delete"):
+            if check_permissions(request.user, obj, "d"):
                 with reversion.create_revision():
                     if request.user:
                         reversion.set_user(request.user)