From: shamoon <4887959+shamoon@users.noreply.github.com>
Date: Wed, 10 Dec 2025 00:12:40 +0000 (-0800)
Subject: Chore: fix set_permissions_for_object type (#11564)
X-Git-Tag: v2.20.2~1^2~20
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=128c3539d50fa66d4ce152a84fa7561b299c4714;p=thirdparty%2Fpaperless-ngx.git

Chore: fix set_permissions_for_object type (#11564)
---

diff --git a/src/documents/permissions.py b/src/documents/permissions.py
index 802cb8798e..ac6d3f9cae 100644
--- a/src/documents/permissions.py
+++ b/src/documents/permissions.py
@@ -61,21 +61,22 @@ def get_groups_with_only_permission(obj, codename):
     return Group.objects.filter(id__in=group_object_perm_group_ids).distinct()
 
 
-def set_permissions_for_object(permissions: list[str], object, *, merge: bool = False):
+def set_permissions_for_object(permissions: dict, object, *, merge: bool = False):
     """
-    Set permissions for an object. The permissions are given as a list of strings
-    in the format "action_modelname", e.g. "view_document".
+    Set permissions for an object. The permissions are given as a mapping of actions
+    to a dict of user / group id lists, e.g.
+    {"view": {"users": [1], "groups": [2]}, "change": {"users": [], "groups": []}}.
 
     If merge is True, the permissions are merged with the existing permissions and
     no users or groups are removed. If False, the permissions are set to exactly
     the given list of users and groups.
     """
 
-    for action in permissions:
+    for action, entry in permissions.items():
         permission = f"{action}_{object.__class__.__name__.lower()}"
-        if "users" in permissions[action]:
+        if "users" in entry:
             # users
-            users_to_add = User.objects.filter(id__in=permissions[action]["users"])
+            users_to_add = User.objects.filter(id__in=entry["users"])
             users_to_remove = (
                 get_users_with_perms(
                     object,
@@ -100,9 +101,9 @@ def set_permissions_for_object(permissions: list[str], object, *, merge: bool =
                             user,
                             object,
                         )
-        if "groups" in permissions[action]:
+        if "groups" in entry:
             # groups
-            groups_to_add = Group.objects.filter(id__in=permissions[action]["groups"])
+            groups_to_add = Group.objects.filter(id__in=entry["groups"])
             groups_to_remove = (
                 get_groups_with_only_permission(
                     object,
diff --git a/src/documents/tests/test_api_search.py b/src/documents/tests/test_api_search.py
index 5a2fc9b52c..1913817214 100644
--- a/src/documents/tests/test_api_search.py
+++ b/src/documents/tests/test_api_search.py
@@ -1289,7 +1289,7 @@ class TestDocumentSearchApi(DirectoriesMixin, APITestCase):
                 content_type__app_label="admin",
             ),
         )
-        set_permissions([4, 5], set_permissions=[], owner=user2, merge=False)
+        set_permissions([4, 5], set_permissions={}, owner=user2, merge=False)
 
         with index.open_index_writer() as writer:
             index.update_document(writer, d1)