add django-guardian, djangorestframework-guardian

src/documents/admin.py

@@ -97,7 +97,7 @@ class RuleInline(admin.TabularInline):
 
 class SavedViewAdmin(admin.ModelAdmin):
 
-    list_display = ("name", "user")
+    list_display = ("name", "owner")
 
     inlines = [RuleInline]
 

src/documents/migrations/1028_remove_savedview_user_correspondent_owner_and_more.py

@@ -0,0 +1,87 @@
+# Generated by Django 4.1.3 on 2022-12-06 04:48
+
+from django.conf import settings
+from django.db import migrations, models
+import django.db.models.deletion
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        migrations.swappable_dependency(settings.AUTH_USER_MODEL),
+        ("documents", "1027_remove_paperlesstask_attempted_task_and_more"),
+    ]
+
+    operations = [
+        migrations.RenameField(
+            model_name="savedview",
+            old_name="user",
+            new_name="owner",
+        ),
+        migrations.AlterField(
+            model_name="savedview",
+            name="owner",
+            field=models.ForeignKey(
+                blank=True,
+                null=True,
+                on_delete=django.db.models.deletion.SET_NULL,
+                to=settings.AUTH_USER_MODEL,
+                verbose_name="owner",
+            ),
+        ),
+        migrations.AddField(
+            model_name="correspondent",
+            name="owner",
+            field=models.ForeignKey(
+                blank=True,
+                null=True,
+                on_delete=django.db.models.deletion.SET_NULL,
+                to=settings.AUTH_USER_MODEL,
+                verbose_name="owner",
+            ),
+        ),
+        migrations.AddField(
+            model_name="document",
+            name="owner",
+            field=models.ForeignKey(
+                blank=True,
+                null=True,
+                on_delete=django.db.models.deletion.SET_NULL,
+                to=settings.AUTH_USER_MODEL,
+                verbose_name="owner",
+            ),
+        ),
+        migrations.AddField(
+            model_name="documenttype",
+            name="owner",
+            field=models.ForeignKey(
+                blank=True,
+                null=True,
+                on_delete=django.db.models.deletion.SET_NULL,
+                to=settings.AUTH_USER_MODEL,
+                verbose_name="owner",
+            ),
+        ),
+        migrations.AddField(
+            model_name="storagepath",
+            name="owner",
+            field=models.ForeignKey(
+                blank=True,
+                null=True,
+                on_delete=django.db.models.deletion.SET_NULL,
+                to=settings.AUTH_USER_MODEL,
+                verbose_name="owner",
+            ),
+        ),
+        migrations.AddField(
+            model_name="tag",
+            name="owner",
+            field=models.ForeignKey(
+                blank=True,
+                null=True,
+                on_delete=django.db.models.deletion.SET_NULL,
+                to=settings.AUTH_USER_MODEL,
+                verbose_name="owner",
+            ),
+        ),
+    ]

src/documents/models.py

@@ -57,14 +57,27 @@ class MatchingModel(models.Model):
         return self.name
 
 
-class Correspondent(MatchingModel):
+class ModelWithOwner(models.Model):
+    owner = models.ForeignKey(
+        User,
+        blank=True,
+        null=True,
+        on_delete=models.SET_NULL,
+        verbose_name=_("owner"),
+    )
+
+    class Meta:
+        abstract = True
+
+
+class Correspondent(MatchingModel, ModelWithOwner):
     class Meta:
         ordering = ("name",)
         verbose_name = _("correspondent")
         verbose_name_plural = _("correspondents")
 
 
-class Tag(MatchingModel):
+class Tag(MatchingModel, ModelWithOwner):
 
     color = models.CharField(_("color"), max_length=7, default="#a6cee3")
 
@@ -82,13 +95,13 @@ class Tag(MatchingModel):
         verbose_name_plural = _("tags")
 
 
-class DocumentType(MatchingModel):
+class DocumentType(MatchingModel, ModelWithOwner):
     class Meta:
         verbose_name = _("document type")
         verbose_name_plural = _("document types")
 
 
-class StoragePath(MatchingModel):
+class StoragePath(MatchingModel, ModelWithOwner):
     path = models.CharField(
         _("path"),
         max_length=512,
@@ -100,7 +113,7 @@ class StoragePath(MatchingModel):
         verbose_name_plural = _("storage paths")
 
 
-class Document(models.Model):
+class Document(ModelWithOwner):
 
     STORAGE_TYPE_UNENCRYPTED = "unencrypted"
     STORAGE_TYPE_GPG = "gpg"
@@ -356,14 +369,13 @@ class Log(models.Model):
         return self.message
 
 
-class SavedView(models.Model):
+class SavedView(ModelWithOwner):
     class Meta:
 
         ordering = ("name",)
         verbose_name = _("saved view")
         verbose_name_plural = _("saved views")
 
-    user = models.ForeignKey(User, on_delete=models.CASCADE, verbose_name=_("user"))
     name = models.CharField(_("name"), max_length=128)
 
     show_on_dashboard = models.BooleanField(

src/documents/views.py

@@ -556,10 +556,10 @@ class SavedViewViewSet(ModelViewSet):
 
     def get_queryset(self):
         user = self.request.user
-        return SavedView.objects.filter(user=user)
+        return SavedView.objects.filter(owner=user)
 
     def perform_create(self, serializer):
-        serializer.save(user=self.request.user)
+        serializer.save(owner=self.request.user)
 
 
 class BulkEditView(GenericAPIView):

src/paperless/settings.py

@@ -171,6 +171,7 @@ INSTALLED_APPS = [
     "rest_framework.authtoken",
     "django_filters",
     "django_celery_results",
+    "guardian",
 ] + env_apps
 
 if DEBUG:
@@ -276,6 +277,7 @@ if ENABLE_HTTP_REMOTE_USER:
     AUTHENTICATION_BACKENDS = [
         "django.contrib.auth.backends.RemoteUserBackend",
         "django.contrib.auth.backends.ModelBackend",
+        "guardian.backends.ObjectPermissionBackend",
     ]
     REST_FRAMEWORK["DEFAULT_AUTHENTICATION_CLASSES"].append(
         "rest_framework.authentication.RemoteUserAuthentication",

src/paperless_mail/migrations/0017_mailaccount_owner_mailrule_owner.py

@@ -0,0 +1,38 @@
+# Generated by Django 4.1.3 on 2022-12-06 04:48
+
+from django.conf import settings
+from django.db import migrations, models
+import django.db.models.deletion
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        migrations.swappable_dependency(settings.AUTH_USER_MODEL),
+        ("paperless_mail", "0016_mailrule_consumption_scope"),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name="mailaccount",
+            name="owner",
+            field=models.ForeignKey(
+                blank=True,
+                null=True,
+                on_delete=django.db.models.deletion.SET_NULL,
+                to=settings.AUTH_USER_MODEL,
+                verbose_name="owner",
+            ),
+        ),
+        migrations.AddField(
+            model_name="mailrule",
+            name="owner",
+            field=models.ForeignKey(
+                blank=True,
+                null=True,
+                on_delete=django.db.models.deletion.SET_NULL,
+                to=settings.AUTH_USER_MODEL,
+                verbose_name="owner",
+            ),
+        ),
+    ]

src/paperless_mail/models.py

@@ -3,7 +3,7 @@ from django.db import models
 from django.utils.translation import gettext_lazy as _
 
 
-class MailAccount(models.Model):
+class MailAccount(document_models.ModelWithOwner):
     class Meta:
         verbose_name = _("mail account")
         verbose_name_plural = _("mail accounts")
@@ -51,7 +51,7 @@ class MailAccount(models.Model):
         return self.name
 
 
-class MailRule(models.Model):
+class MailRule(document_models.ModelWithOwner):
     class Meta:
         verbose_name = _("mail rule")
         verbose_name_plural = _("mail rules")