Remove (external) permissions app which has been obsolete since the move to the new schema
- Legacy-Id: 6300
This commit is contained in:
Ole Laursen
parent
f7ad84ecb9
commit
c419271d97
|
|
@ -154,7 +154,6 @@ INSTALLED_APPS = (
|
|||
'django.contrib.humanize',
|
||||
'django.contrib.messages',
|
||||
'south',
|
||||
'permissions',
|
||||
'ietf.person',
|
||||
'ietf.name',
|
||||
'ietf.group',
|
||||
|
|
|
|||
1
permissions/.gitignore
vendored
1
permissions/.gitignore
vendored
|
|
@ -1 +0,0 @@
|
|||
/*.pyc
|
||||
|
|
@ -1,148 +0,0 @@
|
|||
import permissions.utils
|
||||
|
||||
class PermissionBase(object):
|
||||
"""Mix-in class for permissions.
|
||||
"""
|
||||
def grant_permission(self, role, permission):
|
||||
"""Grants passed permission to passed role. Returns True if the
|
||||
permission was able to be added, otherwise False.
|
||||
|
||||
**Parameters:**
|
||||
|
||||
role
|
||||
The role for which the permission should be granted.
|
||||
|
||||
permission
|
||||
The permission which should be granted. Either a permission
|
||||
object or the codename of a permission.
|
||||
"""
|
||||
return permissions.utils.grant_permission(self, role, permission)
|
||||
|
||||
def remove_permission(self, role, permission):
|
||||
"""Removes passed permission from passed role. Returns True if the
|
||||
permission has been removed.
|
||||
|
||||
**Parameters:**
|
||||
|
||||
role
|
||||
The role for which a permission should be removed.
|
||||
|
||||
permission
|
||||
The permission which should be removed. Either a permission object
|
||||
or the codename of a permission.
|
||||
"""
|
||||
return permissions.utils.remove_permission(self, role, permission)
|
||||
|
||||
def has_permission(self, user, permission, roles=[]):
|
||||
"""Returns True if the passed user has passed permission for this
|
||||
instance. Otherwise False.
|
||||
|
||||
**Parameters:**
|
||||
|
||||
permission
|
||||
The permission's codename which should be checked. Must be a
|
||||
string with a valid codename.
|
||||
|
||||
user
|
||||
The user for which the permission should be checked.
|
||||
|
||||
roles
|
||||
If passed, these roles will be assigned to the user temporarily
|
||||
before the permissions are checked.
|
||||
"""
|
||||
return permissions.utils.has_permission(self, user, permission, roles)
|
||||
|
||||
def check_permission(self, user, permission, roles=[]):
|
||||
"""Raise Unauthorized if the the passed user hasn't passed permission
|
||||
for this instance.
|
||||
|
||||
**Parameters:**
|
||||
|
||||
permission
|
||||
The permission's codename which should be checked. Must be a
|
||||
string with a valid codename.
|
||||
|
||||
user
|
||||
The user for which the permission should be checked.
|
||||
|
||||
roles
|
||||
If passed, these roles will be assigned to the user temporarily
|
||||
before the permissions are checked.
|
||||
"""
|
||||
if not self.has_permission(user, permission, roles):
|
||||
raise Unauthorized("User %s doesn't have permission %s for object %s" % (user, permission, obj.slug))
|
||||
|
||||
def add_inheritance_block(self, permission):
|
||||
"""Adds an inheritance block for the passed permission.
|
||||
|
||||
**Parameters:**
|
||||
|
||||
permission
|
||||
The permission for which an inheritance block should be added.
|
||||
Either a permission object or the codename of a permission.
|
||||
"""
|
||||
return permissions.utils.add_inheritance_block(self, permission)
|
||||
|
||||
def remove_inheritance_block(self, permission):
|
||||
"""Removes a inheritance block for the passed permission.
|
||||
|
||||
**Parameters:**
|
||||
|
||||
permission
|
||||
The permission for which an inheritance block should be removed.
|
||||
Either a permission object or the codename of a permission.
|
||||
"""
|
||||
return permissions.utils.remove_inheritance_block(self, permission)
|
||||
|
||||
def is_inherited(self, codename):
|
||||
"""Returns True if the passed permission is inherited.
|
||||
|
||||
**Parameters:**
|
||||
|
||||
codename
|
||||
The permission which should be checked. Must be the codename of
|
||||
the permission.
|
||||
"""
|
||||
return permissions.utils.is_inherited(self, codename)
|
||||
|
||||
def add_role(self, principal, role):
|
||||
"""Adds a local role for the principal.
|
||||
|
||||
**Parameters:**
|
||||
|
||||
principal
|
||||
The principal (user or group) which gets the role.
|
||||
|
||||
role
|
||||
The role which is assigned.
|
||||
"""
|
||||
return permissions.utils.add_local_role(self, principal, role)
|
||||
|
||||
def get_roles(self, principal):
|
||||
"""Returns *direct* local roles for passed principal (user or group).
|
||||
"""
|
||||
return permissions.utils.get_local_roles(self, principal)
|
||||
|
||||
def remove_role(self, principal, role):
|
||||
"""Adds a local role for the principal to the object.
|
||||
|
||||
**Parameters:**
|
||||
|
||||
principal
|
||||
The principal (user or group) from which the role is removed.
|
||||
|
||||
role
|
||||
The role which is removed.
|
||||
"""
|
||||
return permissions.utils.remove_local_role(self, principal, role)
|
||||
|
||||
def remove_roles(self, principal):
|
||||
"""Removes all local roles for the passed principal from the object.
|
||||
|
||||
**Parameters:**
|
||||
|
||||
principal
|
||||
The principal (user or group) from which all local roles are
|
||||
removed.
|
||||
"""
|
||||
return permissions.utils.remove_local_roles(self, principal)
|
||||
|
|
@ -1,45 +0,0 @@
|
|||
# permissions imports
|
||||
import permissions.utils
|
||||
|
||||
class ObjectPermissionsBackend(object):
|
||||
"""Django backend for object permissions. Needs Django 1.2.
|
||||
|
||||
|
||||
Use it together with the default ModelBackend like so::
|
||||
|
||||
AUTHENTICATION_BACKENDS = (
|
||||
'django.contrib.auth.backends.ModelBackend',
|
||||
'permissions.backend.ObjectPermissionsBackend',
|
||||
)
|
||||
|
||||
Then you can use it like:
|
||||
|
||||
user.has_perm("view", your_object)
|
||||
|
||||
"""
|
||||
supports_object_permissions = True
|
||||
supports_anonymous_user = True
|
||||
|
||||
def authenticate(self, username, password):
|
||||
return None
|
||||
|
||||
def has_perm(self, user_obj, perm, obj=None):
|
||||
"""Checks whether the passed user has passed permission for passed
|
||||
object (obj).
|
||||
|
||||
This should be the primary method to check wether a user has a certain
|
||||
permission.
|
||||
|
||||
Parameters
|
||||
==========
|
||||
|
||||
perm
|
||||
The permission's codename which should be checked.
|
||||
|
||||
user_obj
|
||||
The user for which the permission should be checked.
|
||||
|
||||
obj
|
||||
The object for which the permission should be checked.
|
||||
"""
|
||||
return permissions.utils.has_permission(obj, user_obj, perm)
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
class Unauthorized(Exception):
|
||||
def __init__(self, str):
|
||||
super(Unauthorized, self).__init__(str)
|
||||
|
|
@ -1,23 +0,0 @@
|
|||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<django-objects version="1.0">
|
||||
<object pk="1" model="permissions.permission">
|
||||
<field type="CharField" name="name">View</field>
|
||||
<field type="CharField" name="codename">view</field>
|
||||
</object>
|
||||
<object pk="2" model="permissions.permission">
|
||||
<field type="CharField" name="name">Edit</field>
|
||||
<field type="CharField" name="codename">edit</field>
|
||||
</object>
|
||||
<object pk="3" model="permissions.permission">
|
||||
<field type="CharField" name="name">Delete</field>
|
||||
<field type="CharField" name="codename">delete</field>
|
||||
</object>
|
||||
<object pk="4" model="permissions.permission">
|
||||
<field type="CharField" name="name">Cut</field>
|
||||
<field type="CharField" name="codename">cut</field>
|
||||
</object>
|
||||
<object pk="5" model="permissions.permission">
|
||||
<field type="CharField" name="name">Copy</field>
|
||||
<field type="CharField" name="codename">copy</field>
|
||||
</object>
|
||||
</django-objects>
|
||||
Binary file not shown.
|
|
@ -1,52 +0,0 @@
|
|||
# German translations for django-permissions
|
||||
# Copyright (C) 2010 Kai Diefenbach
|
||||
# This file is distributed under the same license as the PACKAGE package.
|
||||
# Kai Diefenbach <kai.diefenbach@iqpp.de>, 2010.
|
||||
#
|
||||
msgid ""
|
||||
msgstr ""
|
||||
"Project-Id-Version: 1.0\n"
|
||||
"Report-Msgid-Bugs-To: \n"
|
||||
"POT-Creation-Date: 2010-03-30 23:12+0200\n"
|
||||
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
|
||||
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
|
||||
"Language-Team: LANGUAGE <LL@li.org>\n"
|
||||
"MIME-Version: 1.0\n"
|
||||
"Content-Type: text/plain; charset=UTF-8\n"
|
||||
"Content-Transfer-Encoding: 8bit\n"
|
||||
|
||||
#: models.py:154
|
||||
msgid "Name"
|
||||
msgstr "Name"
|
||||
|
||||
#: models.py:155
|
||||
msgid "Codename"
|
||||
msgstr "Codename"
|
||||
|
||||
#: models.py:156
|
||||
msgid "Content Types"
|
||||
msgstr "Inhaltstypen"
|
||||
|
||||
#: models.py:175 models.py:280
|
||||
msgid "Role"
|
||||
msgstr "Rolle"
|
||||
|
||||
#: models.py:176 models.py:216
|
||||
msgid "Permission"
|
||||
msgstr "Recht"
|
||||
|
||||
#: models.py:178 models.py:218 models.py:282
|
||||
msgid "Content type"
|
||||
msgstr "Inhaltstyp"
|
||||
|
||||
#: models.py:179 models.py:219 models.py:283
|
||||
msgid "Content id"
|
||||
msgstr "Inhalts-ID"
|
||||
|
||||
#: models.py:278
|
||||
msgid "User"
|
||||
msgstr "Benutzer"
|
||||
|
||||
#: models.py:279
|
||||
msgid "Group"
|
||||
msgstr "Gruppe"
|
||||
1
permissions/migrations/.gitignore
vendored
1
permissions/migrations/.gitignore
vendored
|
|
@ -1 +0,0 @@
|
|||
/*.pyc
|
||||
|
|
@ -1,154 +0,0 @@
|
|||
|
||||
from south.db import db
|
||||
from django.db import models
|
||||
from permissions.models import *
|
||||
|
||||
class Migration:
|
||||
|
||||
def forwards(self, orm):
|
||||
|
||||
# Adding model 'Role'
|
||||
db.create_table('permissions_role', (
|
||||
('id', orm['permissions.Role:id']),
|
||||
('name', orm['permissions.Role:name']),
|
||||
))
|
||||
db.send_create_signal('permissions', ['Role'])
|
||||
|
||||
# Adding model 'ObjectPermissionInheritanceBlock'
|
||||
db.create_table('permissions_objectpermissioninheritanceblock', (
|
||||
('id', orm['permissions.ObjectPermissionInheritanceBlock:id']),
|
||||
('permission', orm['permissions.ObjectPermissionInheritanceBlock:permission']),
|
||||
('content_type', orm['permissions.ObjectPermissionInheritanceBlock:content_type']),
|
||||
('content_id', orm['permissions.ObjectPermissionInheritanceBlock:content_id']),
|
||||
))
|
||||
db.send_create_signal('permissions', ['ObjectPermissionInheritanceBlock'])
|
||||
|
||||
# Adding model 'ObjectPermission'
|
||||
db.create_table('permissions_objectpermission', (
|
||||
('id', orm['permissions.ObjectPermission:id']),
|
||||
('role', orm['permissions.ObjectPermission:role']),
|
||||
('permission', orm['permissions.ObjectPermission:permission']),
|
||||
('content_type', orm['permissions.ObjectPermission:content_type']),
|
||||
('content_id', orm['permissions.ObjectPermission:content_id']),
|
||||
))
|
||||
db.send_create_signal('permissions', ['ObjectPermission'])
|
||||
|
||||
# Adding model 'Permission'
|
||||
db.create_table('permissions_permission', (
|
||||
('id', orm['permissions.Permission:id']),
|
||||
('name', orm['permissions.Permission:name']),
|
||||
('codename', orm['permissions.Permission:codename']),
|
||||
))
|
||||
db.send_create_signal('permissions', ['Permission'])
|
||||
|
||||
# Adding model 'PrincipalRoleRelation'
|
||||
db.create_table('permissions_principalrolerelation', (
|
||||
('id', orm['permissions.PrincipalRoleRelation:id']),
|
||||
('user', orm['permissions.PrincipalRoleRelation:user']),
|
||||
('group', orm['permissions.PrincipalRoleRelation:group']),
|
||||
('role', orm['permissions.PrincipalRoleRelation:role']),
|
||||
('content_type', orm['permissions.PrincipalRoleRelation:content_type']),
|
||||
('content_id', orm['permissions.PrincipalRoleRelation:content_id']),
|
||||
))
|
||||
db.send_create_signal('permissions', ['PrincipalRoleRelation'])
|
||||
|
||||
# Adding ManyToManyField 'Permission.content_types'
|
||||
db.create_table('permissions_permission_content_types', (
|
||||
('id', models.AutoField(verbose_name='ID', primary_key=True, auto_created=True)),
|
||||
('permission', models.ForeignKey(orm.Permission, null=False)),
|
||||
('contenttype', models.ForeignKey(orm['contenttypes.ContentType'], null=False))
|
||||
))
|
||||
|
||||
|
||||
|
||||
def backwards(self, orm):
|
||||
|
||||
# Deleting model 'Role'
|
||||
db.delete_table('permissions_role')
|
||||
|
||||
# Deleting model 'ObjectPermissionInheritanceBlock'
|
||||
db.delete_table('permissions_objectpermissioninheritanceblock')
|
||||
|
||||
# Deleting model 'ObjectPermission'
|
||||
db.delete_table('permissions_objectpermission')
|
||||
|
||||
# Deleting model 'Permission'
|
||||
db.delete_table('permissions_permission')
|
||||
|
||||
# Deleting model 'PrincipalRoleRelation'
|
||||
db.delete_table('permissions_principalrolerelation')
|
||||
|
||||
# Dropping ManyToManyField 'Permission.content_types'
|
||||
db.delete_table('permissions_permission_content_types')
|
||||
|
||||
|
||||
|
||||
models = {
|
||||
'auth.group': {
|
||||
'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
|
||||
'name': ('django.db.models.fields.CharField', [], {'unique': 'True', 'max_length': '80'}),
|
||||
'permissions': ('django.db.models.fields.related.ManyToManyField', [], {'to': "orm['auth.Permission']", 'blank': 'True'})
|
||||
},
|
||||
'auth.permission': {
|
||||
'Meta': {'unique_together': "(('content_type', 'codename'),)"},
|
||||
'codename': ('django.db.models.fields.CharField', [], {'max_length': '100'}),
|
||||
'content_type': ('django.db.models.fields.related.ForeignKey', [], {'to': "orm['contenttypes.ContentType']"}),
|
||||
'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
|
||||
'name': ('django.db.models.fields.CharField', [], {'max_length': '50'})
|
||||
},
|
||||
'auth.user': {
|
||||
'date_joined': ('django.db.models.fields.DateTimeField', [], {'default': 'datetime.datetime.now'}),
|
||||
'email': ('django.db.models.fields.EmailField', [], {'max_length': '75', 'blank': 'True'}),
|
||||
'first_name': ('django.db.models.fields.CharField', [], {'max_length': '30', 'blank': 'True'}),
|
||||
'groups': ('django.db.models.fields.related.ManyToManyField', [], {'to': "orm['auth.Group']", 'blank': 'True'}),
|
||||
'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
|
||||
'is_active': ('django.db.models.fields.BooleanField', [], {'default': 'True', 'blank': 'True'}),
|
||||
'is_staff': ('django.db.models.fields.BooleanField', [], {'default': 'False', 'blank': 'True'}),
|
||||
'is_superuser': ('django.db.models.fields.BooleanField', [], {'default': 'False', 'blank': 'True'}),
|
||||
'last_login': ('django.db.models.fields.DateTimeField', [], {'default': 'datetime.datetime.now'}),
|
||||
'last_name': ('django.db.models.fields.CharField', [], {'max_length': '30', 'blank': 'True'}),
|
||||
'password': ('django.db.models.fields.CharField', [], {'max_length': '128'}),
|
||||
'user_permissions': ('django.db.models.fields.related.ManyToManyField', [], {'to': "orm['auth.Permission']", 'blank': 'True'}),
|
||||
'username': ('django.db.models.fields.CharField', [], {'unique': 'True', 'max_length': '30'})
|
||||
},
|
||||
'contenttypes.contenttype': {
|
||||
'Meta': {'unique_together': "(('app_label', 'model'),)", 'db_table': "'django_content_type'"},
|
||||
'app_label': ('django.db.models.fields.CharField', [], {'max_length': '100'}),
|
||||
'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
|
||||
'model': ('django.db.models.fields.CharField', [], {'max_length': '100'}),
|
||||
'name': ('django.db.models.fields.CharField', [], {'max_length': '100'})
|
||||
},
|
||||
'permissions.objectpermission': {
|
||||
'content_id': ('django.db.models.fields.PositiveIntegerField', [], {}),
|
||||
'content_type': ('django.db.models.fields.related.ForeignKey', [], {'to': "orm['contenttypes.ContentType']"}),
|
||||
'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
|
||||
'permission': ('django.db.models.fields.related.ForeignKey', [], {'to': "orm['permissions.Permission']"}),
|
||||
'role': ('django.db.models.fields.related.ForeignKey', [], {'to': "orm['permissions.Role']", 'null': 'True', 'blank': 'True'})
|
||||
},
|
||||
'permissions.objectpermissioninheritanceblock': {
|
||||
'content_id': ('django.db.models.fields.PositiveIntegerField', [], {}),
|
||||
'content_type': ('django.db.models.fields.related.ForeignKey', [], {'to': "orm['contenttypes.ContentType']"}),
|
||||
'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
|
||||
'permission': ('django.db.models.fields.related.ForeignKey', [], {'to': "orm['permissions.Permission']"})
|
||||
},
|
||||
'permissions.permission': {
|
||||
'codename': ('django.db.models.fields.CharField', [], {'unique': 'True', 'max_length': '100'}),
|
||||
'content_types': ('django.db.models.fields.related.ManyToManyField', [], {'to': "orm['contenttypes.ContentType']", 'null': 'True', 'blank': 'True'}),
|
||||
'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
|
||||
'name': ('django.db.models.fields.CharField', [], {'unique': 'True', 'max_length': '100'})
|
||||
},
|
||||
'permissions.principalrolerelation': {
|
||||
'content_id': ('django.db.models.fields.PositiveIntegerField', [], {'null': 'True', 'blank': 'True'}),
|
||||
'content_type': ('django.db.models.fields.related.ForeignKey', [], {'to': "orm['contenttypes.ContentType']", 'null': 'True', 'blank': 'True'}),
|
||||
'group': ('django.db.models.fields.related.ForeignKey', [], {'to': "orm['auth.Group']", 'null': 'True', 'blank': 'True'}),
|
||||
'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
|
||||
'role': ('django.db.models.fields.related.ForeignKey', [], {'to': "orm['permissions.Role']"}),
|
||||
'user': ('django.db.models.fields.related.ForeignKey', [], {'to': "orm['auth.User']", 'null': 'True', 'blank': 'True'})
|
||||
},
|
||||
'permissions.role': {
|
||||
'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
|
||||
'name': ('django.db.models.fields.CharField', [], {'unique': 'True', 'max_length': '100'})
|
||||
}
|
||||
}
|
||||
|
||||
complete_apps = ['permissions']
|
||||
|
|
@ -1,190 +0,0 @@
|
|||
# django imports
|
||||
from django.db import models
|
||||
from django.contrib.auth.models import User
|
||||
from django.contrib.auth.models import Group
|
||||
from django.contrib.contenttypes import generic
|
||||
from django.contrib.contenttypes.models import ContentType
|
||||
from django.utils.translation import ugettext_lazy as _
|
||||
|
||||
class Permission(models.Model):
|
||||
"""A permission which can be granted to users/groups and objects.
|
||||
|
||||
**Attributes:**
|
||||
|
||||
name
|
||||
The unique name of the permission. This is displayed to users.
|
||||
|
||||
codename
|
||||
The unique codename of the permission. This is used internal to
|
||||
identify a permission.
|
||||
|
||||
content_types
|
||||
The content types for which the permission is active. This can be
|
||||
used to display only reasonable permissions for an object.
|
||||
"""
|
||||
name = models.CharField(_(u"Name"), max_length=100, unique=True)
|
||||
codename = models.CharField(_(u"Codename"), max_length=100, unique=True)
|
||||
content_types = models.ManyToManyField(ContentType, verbose_name=_(u"Content Types"), blank=True, null=True, related_name="content_types")
|
||||
|
||||
def __unicode__(self):
|
||||
return "%s (%s)" % (self.name, self.codename)
|
||||
|
||||
class ObjectPermission(models.Model):
|
||||
"""Grants permission for specific user/group and object.
|
||||
|
||||
**Attributes:**
|
||||
|
||||
role
|
||||
The role for which the permission is granted.
|
||||
|
||||
permission
|
||||
The permission which is granted.
|
||||
|
||||
content
|
||||
The object for which the permission is granted.
|
||||
"""
|
||||
role = models.ForeignKey("Role", verbose_name=_(u"Role"), blank=True, null=True)
|
||||
permission = models.ForeignKey(Permission, verbose_name=_(u"Permission"))
|
||||
|
||||
content_type = models.ForeignKey(ContentType, verbose_name=_(u"Content type"))
|
||||
content_id = models.PositiveIntegerField(verbose_name=_(u"Content id"))
|
||||
content = generic.GenericForeignKey(ct_field="content_type", fk_field="content_id")
|
||||
|
||||
def __unicode__(self):
|
||||
if self.role:
|
||||
principal = self.role
|
||||
else:
|
||||
principal = self.user
|
||||
|
||||
return "%s / %s / %s - %s" % (self.permission.name, principal, self.content_type, self.content_id)
|
||||
|
||||
def get_principal(self):
|
||||
"""Returns the principal.
|
||||
"""
|
||||
return self.user or self.group
|
||||
|
||||
def set_principal(self, principal):
|
||||
"""Sets the principal.
|
||||
"""
|
||||
if isinstance(principal, User):
|
||||
self.user = principal
|
||||
else:
|
||||
self.group = principal
|
||||
|
||||
principal = property(get_principal, set_principal)
|
||||
|
||||
class ObjectPermissionInheritanceBlock(models.Model):
|
||||
"""Blocks the inheritance for specific permission and object.
|
||||
|
||||
**Attributes:**
|
||||
|
||||
permission
|
||||
The permission for which inheritance is blocked.
|
||||
|
||||
content
|
||||
The object for which the inheritance is blocked.
|
||||
"""
|
||||
permission = models.ForeignKey(Permission, verbose_name=_(u"Permission"))
|
||||
|
||||
content_type = models.ForeignKey(ContentType, verbose_name=_(u"Content type"))
|
||||
content_id = models.PositiveIntegerField(verbose_name=_(u"Content id"))
|
||||
content = generic.GenericForeignKey(ct_field="content_type", fk_field="content_id")
|
||||
|
||||
def __unicode__(self):
|
||||
return "%s / %s - %s" % (self.permission, self.content_type, self.content_id)
|
||||
|
||||
class Role(models.Model):
|
||||
"""A role gets permissions to do something. Principals (users and groups)
|
||||
can only get permissions via roles.
|
||||
|
||||
**Attributes:**
|
||||
|
||||
name
|
||||
The unique name of the role
|
||||
"""
|
||||
name = models.CharField(max_length=100, unique=True)
|
||||
|
||||
class Meta:
|
||||
ordering = ("name", )
|
||||
|
||||
def __unicode__(self):
|
||||
return self.name
|
||||
|
||||
def add_principal(self, principal, content=None):
|
||||
"""Addes the given principal (user or group) ot the Role.
|
||||
"""
|
||||
if isinstance(principal, User):
|
||||
PrincipalRoleRelation.objects.create(user=principal, role=self)
|
||||
else:
|
||||
PrincipalRoleRelation.objects.create(group=principal, role=self)
|
||||
|
||||
def get_groups(self, content=None):
|
||||
"""Returns all groups which has this role assigned. If content is given
|
||||
it returns also the local roles.
|
||||
"""
|
||||
if content:
|
||||
ctype = ContentType.objects.get_for_model(content)
|
||||
prrs = PrincipalRoleRelation.objects.filter(role=self,
|
||||
content_id__in = (None, content.pk),
|
||||
content_type__in = (None, ctype)).exclude(group=None)
|
||||
else:
|
||||
prrs = PrincipalRoleRelation.objects.filter(role=self,
|
||||
content_id=None, content_type=None).exclude(group=None)
|
||||
|
||||
return [prr.group for prr in prrs]
|
||||
|
||||
def get_users(self, content=None):
|
||||
"""Returns all users which has this role assigned. If content is given
|
||||
it returns also the local roles.
|
||||
"""
|
||||
if content:
|
||||
ctype = ContentType.objects.get_for_model(content)
|
||||
prrs = PrincipalRoleRelation.objects.filter(role=self,
|
||||
content_id__in = (None, content.pk),
|
||||
content_type__in = (None, ctype)).exclude(user=None)
|
||||
else:
|
||||
prrs = PrincipalRoleRelation.objects.filter(role=self,
|
||||
content_id=None, content_type=None).exclude(user=None)
|
||||
|
||||
return [prr.user for prr in prrs]
|
||||
|
||||
class PrincipalRoleRelation(models.Model):
|
||||
"""A role given to a principal (user or group). If a content object is
|
||||
given this is a local role, i.e. the principal has this role only for this
|
||||
content object. Otherwise it is a global role, i.e. the principal has
|
||||
this role generally.
|
||||
|
||||
user
|
||||
A user instance. Either a user xor a group needs to be given.
|
||||
|
||||
group
|
||||
A group instance. Either a user xor a group needs to be given.
|
||||
|
||||
role
|
||||
The role which is given to the principal for content.
|
||||
|
||||
content
|
||||
The content object which gets the local role (optional).
|
||||
"""
|
||||
user = models.ForeignKey(User, verbose_name=_(u"User"), blank=True, null=True)
|
||||
group = models.ForeignKey(Group, verbose_name=_(u"Group"), blank=True, null=True)
|
||||
role = models.ForeignKey(Role, verbose_name=_(u"Role"))
|
||||
|
||||
content_type = models.ForeignKey(ContentType, verbose_name=_(u"Content type"), blank=True, null=True)
|
||||
content_id = models.PositiveIntegerField(verbose_name=_(u"Content id"), blank=True, null=True)
|
||||
content = generic.GenericForeignKey(ct_field="content_type", fk_field="content_id")
|
||||
|
||||
def get_principal(self):
|
||||
"""Returns the principal.
|
||||
"""
|
||||
return self.user or self.group
|
||||
|
||||
def set_principal(self, principal):
|
||||
"""Sets the principal.
|
||||
"""
|
||||
if isinstance(principal, User):
|
||||
self.user = principal
|
||||
else:
|
||||
self.group = principal
|
||||
|
||||
principal = property(get_principal, set_principal)
|
||||
1
permissions/templatetags/.gitignore
vendored
1
permissions/templatetags/.gitignore
vendored
|
|
@ -1 +0,0 @@
|
|||
/*.pyc
|
||||
|
|
@ -1,48 +0,0 @@
|
|||
# django imports
|
||||
from django import template
|
||||
from django.core.exceptions import ImproperlyConfigured
|
||||
from django.contrib.auth.models import User, AnonymousUser
|
||||
|
||||
import permissions.utils
|
||||
register = template.Library()
|
||||
|
||||
class PermissionComparisonNode(template.Node):
|
||||
"""Implements a node to provide an if current user has passed permission
|
||||
for current object.
|
||||
"""
|
||||
@classmethod
|
||||
def handle_token(cls, parser, token):
|
||||
bits = token.contents.split()
|
||||
if len(bits) != 2:
|
||||
raise template.TemplateSyntaxError(
|
||||
"'%s' tag takes one argument" % bits[0])
|
||||
end_tag = 'endifhasperm'
|
||||
nodelist_true = parser.parse(('else', end_tag))
|
||||
token = parser.next_token()
|
||||
if token.contents == 'else': # there is an 'else' clause in the tag
|
||||
nodelist_false = parser.parse((end_tag,))
|
||||
parser.delete_first_token()
|
||||
else:
|
||||
nodelist_false = ""
|
||||
|
||||
return cls(bits[1], nodelist_true, nodelist_false)
|
||||
|
||||
def __init__(self, permission, nodelist_true, nodelist_false):
|
||||
self.permission = permission
|
||||
self.nodelist_true = nodelist_true
|
||||
self.nodelist_false = nodelist_false
|
||||
|
||||
def render(self, context):
|
||||
obj = context.get("obj")
|
||||
request = context.get("request")
|
||||
if permissions.utils.has_permission(self.permission, request.user, obj):
|
||||
return self.nodelist_true.render(context)
|
||||
else:
|
||||
return self.nodelist_false
|
||||
|
||||
@register.tag
|
||||
def ifhasperm(parser, token):
|
||||
"""This function provides functionality for the 'ifhasperm' template tag.
|
||||
"""
|
||||
return PermissionComparisonNode.handle_token(parser, token)
|
||||
|
||||
|
|
@ -1,783 +0,0 @@
|
|||
# django imports
|
||||
from django.contrib.flatpages.models import FlatPage
|
||||
from django.contrib.auth.models import Group
|
||||
from django.contrib.auth.models import User
|
||||
from django.conf import settings
|
||||
from django.core.urlresolvers import reverse
|
||||
from django.test import TestCase
|
||||
from django.test.client import Client
|
||||
|
||||
# permissions imports
|
||||
from permissions.models import Permission
|
||||
from permissions.models import ObjectPermission
|
||||
from permissions.models import ObjectPermissionInheritanceBlock
|
||||
from permissions.models import Role
|
||||
|
||||
import permissions.utils
|
||||
|
||||
class BackendTestCase(TestCase):
|
||||
"""
|
||||
"""
|
||||
def setUp(self):
|
||||
"""
|
||||
"""
|
||||
settings.AUTHENTICATION_BACKENDS = (
|
||||
'django.contrib.auth.backends.ModelBackend',
|
||||
'permissions.backend.ObjectPermissionsBackend',
|
||||
)
|
||||
|
||||
self.role_1 = permissions.utils.register_role("Role 1")
|
||||
self.user = User.objects.create(username="john")
|
||||
self.page_1 = FlatPage.objects.create(url="/page-1/", title="Page 1")
|
||||
self.view = permissions.utils.register_permission("View", "view")
|
||||
|
||||
# Add user to role
|
||||
self.role_1.add_principal(self.user)
|
||||
|
||||
def test_has_perm(self):
|
||||
"""Tests has perm of the backend.
|
||||
"""
|
||||
result = self.user.has_perm(self.view, self.page_1)
|
||||
self.assertEqual(result, False)
|
||||
|
||||
# assign view permission to role 1
|
||||
permissions.utils.grant_permission(self.page_1, self.role_1, self.view)
|
||||
|
||||
result = self.user.has_perm("view", self.page_1)
|
||||
self.assertEqual(result, True)
|
||||
|
||||
class RoleTestCase(TestCase):
|
||||
"""
|
||||
"""
|
||||
def setUp(self):
|
||||
"""
|
||||
"""
|
||||
self.role_1 = permissions.utils.register_role("Role 1")
|
||||
self.role_2 = permissions.utils.register_role("Role 2")
|
||||
|
||||
self.user = User.objects.create(username="john")
|
||||
self.group = Group.objects.create(name="brights")
|
||||
|
||||
self.user.groups.add(self.group)
|
||||
|
||||
self.page_1 = FlatPage.objects.create(url="/page-1/", title="Page 1")
|
||||
self.page_2 = FlatPage.objects.create(url="/page-1/", title="Page 2")
|
||||
|
||||
def test_getter(self):
|
||||
"""
|
||||
"""
|
||||
result = permissions.utils.get_group(self.group.id)
|
||||
self.assertEqual(result, self.group)
|
||||
|
||||
result = permissions.utils.get_group(42)
|
||||
self.assertEqual(result, None)
|
||||
|
||||
result = permissions.utils.get_role(self.role_1.id)
|
||||
self.assertEqual(result, self.role_1)
|
||||
|
||||
result = permissions.utils.get_role(42)
|
||||
self.assertEqual(result, None)
|
||||
|
||||
result = permissions.utils.get_user(self.user.id)
|
||||
self.assertEqual(result, self.user)
|
||||
|
||||
result = permissions.utils.get_user(42)
|
||||
self.assertEqual(result, None)
|
||||
|
||||
def test_global_roles_user(self):
|
||||
"""
|
||||
"""
|
||||
# Add role 1
|
||||
result = permissions.utils.add_role(self.user, self.role_1)
|
||||
self.assertEqual(result, True)
|
||||
|
||||
# Add role 1 again
|
||||
result = permissions.utils.add_role(self.user, self.role_1)
|
||||
self.assertEqual(result, False)
|
||||
|
||||
result = permissions.utils.get_roles(self.user)
|
||||
self.assertEqual(result, [self.role_1])
|
||||
|
||||
# Add role 2
|
||||
result = permissions.utils.add_role(self.user, self.role_2)
|
||||
self.assertEqual(result, True)
|
||||
|
||||
result = permissions.utils.get_roles(self.user)
|
||||
self.assertEqual(result, [self.role_1, self.role_2])
|
||||
|
||||
# Remove role 1
|
||||
result = permissions.utils.remove_role(self.user, self.role_1)
|
||||
self.assertEqual(result, True)
|
||||
|
||||
# Remove role 1 again
|
||||
result = permissions.utils.remove_role(self.user, self.role_1)
|
||||
self.assertEqual(result, False)
|
||||
|
||||
result = permissions.utils.get_roles(self.user)
|
||||
self.assertEqual(result, [self.role_2])
|
||||
|
||||
# Remove role 2
|
||||
result = permissions.utils.remove_role(self.user, self.role_2)
|
||||
self.assertEqual(result, True)
|
||||
|
||||
result = permissions.utils.get_roles(self.user)
|
||||
self.assertEqual(result, [])
|
||||
|
||||
def test_global_roles_group(self):
|
||||
"""
|
||||
"""
|
||||
# Add role 1
|
||||
result = permissions.utils.add_role(self.group, self.role_1)
|
||||
self.assertEqual(result, True)
|
||||
|
||||
# Add role 1 again
|
||||
result = permissions.utils.add_role(self.group, self.role_1)
|
||||
self.assertEqual(result, False)
|
||||
|
||||
result = permissions.utils.get_roles(self.group)
|
||||
self.assertEqual(result, [self.role_1])
|
||||
|
||||
# Add role 2
|
||||
result = permissions.utils.add_role(self.group, self.role_2)
|
||||
self.assertEqual(result, True)
|
||||
|
||||
result = permissions.utils.get_roles(self.group)
|
||||
self.assertEqual(result, [self.role_1, self.role_2])
|
||||
|
||||
# Remove role 1
|
||||
result = permissions.utils.remove_role(self.group, self.role_1)
|
||||
self.assertEqual(result, True)
|
||||
|
||||
# Remove role 1 again
|
||||
result = permissions.utils.remove_role(self.group, self.role_1)
|
||||
self.assertEqual(result, False)
|
||||
|
||||
result = permissions.utils.get_roles(self.group)
|
||||
self.assertEqual(result, [self.role_2])
|
||||
|
||||
# Remove role 2
|
||||
result = permissions.utils.remove_role(self.group, self.role_2)
|
||||
self.assertEqual(result, True)
|
||||
|
||||
result = permissions.utils.get_roles(self.group)
|
||||
self.assertEqual(result, [])
|
||||
|
||||
def test_remove_roles_user(self):
|
||||
"""
|
||||
"""
|
||||
# Add role 1
|
||||
result = permissions.utils.add_role(self.user, self.role_1)
|
||||
self.assertEqual(result, True)
|
||||
|
||||
# Add role 2
|
||||
result = permissions.utils.add_role(self.user, self.role_2)
|
||||
self.assertEqual(result, True)
|
||||
|
||||
result = permissions.utils.get_roles(self.user)
|
||||
self.assertEqual(result, [self.role_1, self.role_2])
|
||||
|
||||
# Remove roles
|
||||
result = permissions.utils.remove_roles(self.user)
|
||||
self.assertEqual(result, True)
|
||||
|
||||
result = permissions.utils.get_roles(self.user)
|
||||
self.assertEqual(result, [])
|
||||
|
||||
# Remove roles
|
||||
result = permissions.utils.remove_roles(self.user)
|
||||
self.assertEqual(result, False)
|
||||
|
||||
def test_remove_roles_group(self):
|
||||
"""
|
||||
"""
|
||||
# Add role 1
|
||||
result = permissions.utils.add_role(self.group, self.role_1)
|
||||
self.assertEqual(result, True)
|
||||
|
||||
# Add role 2
|
||||
result = permissions.utils.add_role(self.group, self.role_2)
|
||||
self.assertEqual(result, True)
|
||||
|
||||
result = permissions.utils.get_roles(self.group)
|
||||
self.assertEqual(result, [self.role_1, self.role_2])
|
||||
|
||||
# Remove roles
|
||||
result = permissions.utils.remove_roles(self.group)
|
||||
self.assertEqual(result, True)
|
||||
|
||||
result = permissions.utils.get_roles(self.group)
|
||||
self.assertEqual(result, [])
|
||||
|
||||
# Remove roles
|
||||
result = permissions.utils.remove_roles(self.group)
|
||||
self.assertEqual(result, False)
|
||||
|
||||
def test_local_role_user(self):
|
||||
"""
|
||||
"""
|
||||
# Add local role to page 1
|
||||
result = permissions.utils.add_local_role(self.page_1, self.user, self.role_1)
|
||||
self.assertEqual(result, True)
|
||||
|
||||
# Again
|
||||
result = permissions.utils.add_local_role(self.page_1, self.user, self.role_1)
|
||||
self.assertEqual(result, False)
|
||||
|
||||
result = permissions.utils.get_local_roles(self.page_1, self.user)
|
||||
self.assertEqual(result, [self.role_1])
|
||||
|
||||
# Add local role 2
|
||||
result = permissions.utils.add_local_role(self.page_1, self.user, self.role_2)
|
||||
self.assertEqual(result, True)
|
||||
|
||||
result = permissions.utils.get_local_roles(self.page_1, self.user)
|
||||
self.assertEqual(result, [self.role_1, self.role_2])
|
||||
|
||||
# Remove role 1
|
||||
result = permissions.utils.remove_local_role(self.page_1, self.user, self.role_1)
|
||||
self.assertEqual(result, True)
|
||||
|
||||
# Remove role 1 again
|
||||
result = permissions.utils.remove_local_role(self.page_1, self.user, self.role_1)
|
||||
self.assertEqual(result, False)
|
||||
|
||||
result = permissions.utils.get_local_roles(self.page_1, self.user)
|
||||
self.assertEqual(result, [self.role_2])
|
||||
|
||||
# Remove role 2
|
||||
result = permissions.utils.remove_local_role(self.page_1, self.user, self.role_2)
|
||||
self.assertEqual(result, True)
|
||||
|
||||
result = permissions.utils.get_local_roles(self.page_1, self.user)
|
||||
self.assertEqual(result, [])
|
||||
|
||||
def test_local_role_group(self):
|
||||
"""
|
||||
"""
|
||||
# Add local role to page 1
|
||||
result = permissions.utils.add_local_role(self.page_1, self.group, self.role_1)
|
||||
self.assertEqual(result, True)
|
||||
|
||||
# Again
|
||||
result = permissions.utils.add_local_role(self.page_1, self.group, self.role_1)
|
||||
self.assertEqual(result, False)
|
||||
|
||||
result = permissions.utils.get_local_roles(self.page_1, self.group)
|
||||
self.assertEqual(result, [self.role_1])
|
||||
|
||||
# Add local role 2
|
||||
result = permissions.utils.add_local_role(self.page_1, self.group, self.role_2)
|
||||
self.assertEqual(result, True)
|
||||
|
||||
result = permissions.utils.get_local_roles(self.page_1, self.group)
|
||||
self.assertEqual(result, [self.role_1, self.role_2])
|
||||
|
||||
# Remove role 1
|
||||
result = permissions.utils.remove_local_role(self.page_1, self.group, self.role_1)
|
||||
self.assertEqual(result, True)
|
||||
|
||||
# Remove role 1 again
|
||||
result = permissions.utils.remove_local_role(self.page_1, self.group, self.role_1)
|
||||
self.assertEqual(result, False)
|
||||
|
||||
result = permissions.utils.get_local_roles(self.page_1, self.group)
|
||||
self.assertEqual(result, [self.role_2])
|
||||
|
||||
# Remove role 2
|
||||
result = permissions.utils.remove_local_role(self.page_1, self.group, self.role_2)
|
||||
self.assertEqual(result, True)
|
||||
|
||||
result = permissions.utils.get_local_roles(self.page_1, self.group)
|
||||
self.assertEqual(result, [])
|
||||
|
||||
def test_remove_local_roles_user(self):
|
||||
"""
|
||||
"""
|
||||
# Add local role to page 1
|
||||
result = permissions.utils.add_local_role(self.page_1, self.user, self.role_1)
|
||||
self.assertEqual(result, True)
|
||||
|
||||
# Add local role 2
|
||||
result = permissions.utils.add_local_role(self.page_1, self.user, self.role_2)
|
||||
self.assertEqual(result, True)
|
||||
|
||||
result = permissions.utils.get_local_roles(self.page_1, self.user)
|
||||
self.assertEqual(result, [self.role_1, self.role_2])
|
||||
|
||||
# Remove all local roles
|
||||
result = permissions.utils.remove_local_roles(self.page_1, self.user)
|
||||
self.assertEqual(result, True)
|
||||
|
||||
result = permissions.utils.get_local_roles(self.page_1, self.user)
|
||||
self.assertEqual(result, [])
|
||||
|
||||
# Remove all local roles again
|
||||
result = permissions.utils.remove_local_roles(self.page_1, self.user)
|
||||
self.assertEqual(result, False)
|
||||
|
||||
def test_get_groups_1(self):
|
||||
"""Tests global roles for groups.
|
||||
"""
|
||||
result = self.role_1.get_groups()
|
||||
self.assertEqual(len(result), 0)
|
||||
|
||||
result = permissions.utils.add_role(self.group, self.role_1)
|
||||
self.assertEqual(result, True)
|
||||
|
||||
result = self.role_1.get_groups()
|
||||
self.assertEqual(result[0].name, "brights")
|
||||
|
||||
# Add another group
|
||||
self.group_2 = Group.objects.create(name="atheists")
|
||||
result = permissions.utils.add_role(self.group_2, self.role_1)
|
||||
|
||||
result = self.role_1.get_groups()
|
||||
self.assertEqual(result[0].name, "brights")
|
||||
self.assertEqual(result[1].name, "atheists")
|
||||
self.assertEqual(len(result), 2)
|
||||
|
||||
# Add the role to an user
|
||||
result = permissions.utils.add_role(self.user, self.role_1)
|
||||
self.assertEqual(result, True)
|
||||
|
||||
# This shouldn't have an effect on the result
|
||||
result = self.role_1.get_groups()
|
||||
self.assertEqual(result[0].name, "brights")
|
||||
self.assertEqual(result[1].name, "atheists")
|
||||
self.assertEqual(len(result), 2)
|
||||
|
||||
def test_get_groups_2(self):
|
||||
"""Tests local roles for groups.
|
||||
"""
|
||||
result = self.role_1.get_groups(self.page_1)
|
||||
self.assertEqual(len(result), 0)
|
||||
|
||||
result = permissions.utils.add_local_role(self.page_1, self.group, self.role_1)
|
||||
self.assertEqual(result, True)
|
||||
|
||||
result = self.role_1.get_groups(self.page_1)
|
||||
self.assertEqual(result[0].name, "brights")
|
||||
|
||||
# Add another local group
|
||||
self.group_2 = Group.objects.create(name="atheists")
|
||||
result = permissions.utils.add_local_role(self.page_1, self.group_2, self.role_1)
|
||||
|
||||
result = self.role_1.get_groups(self.page_1)
|
||||
self.assertEqual(result[0].name, "brights")
|
||||
self.assertEqual(result[1].name, "atheists")
|
||||
|
||||
# A the global role to group
|
||||
result = permissions.utils.add_role(self.group, self.role_1)
|
||||
self.assertEqual(result, True)
|
||||
|
||||
# Nontheless there are just two groups returned (and no duplicate)
|
||||
result = self.role_1.get_groups(self.page_1)
|
||||
self.assertEqual(result[0].name, "brights")
|
||||
self.assertEqual(result[1].name, "atheists")
|
||||
self.assertEqual(len(result), 2)
|
||||
|
||||
# Andere there should one global role
|
||||
result = self.role_1.get_groups()
|
||||
self.assertEqual(result[0].name, "brights")
|
||||
|
||||
# Add the role to an user
|
||||
result = permissions.utils.add_local_role(self.page_1, self.user, self.role_1)
|
||||
self.assertEqual(result, True)
|
||||
|
||||
# This shouldn't have an effect on the result
|
||||
result = self.role_1.get_groups(self.page_1)
|
||||
self.assertEqual(result[0].name, "brights")
|
||||
self.assertEqual(result[1].name, "atheists")
|
||||
self.assertEqual(len(result), 2)
|
||||
|
||||
def test_get_users_1(self):
|
||||
"""Tests global roles for users.
|
||||
"""
|
||||
result = self.role_1.get_users()
|
||||
self.assertEqual(len(result), 0)
|
||||
|
||||
result = permissions.utils.add_role(self.user, self.role_1)
|
||||
self.assertEqual(result, True)
|
||||
|
||||
result = self.role_1.get_users()
|
||||
self.assertEqual(result[0].username, "john")
|
||||
|
||||
# Add another role to an user
|
||||
self.user_2 = User.objects.create(username="jane")
|
||||
result = permissions.utils.add_role(self.user_2, self.role_1)
|
||||
|
||||
result = self.role_1.get_users()
|
||||
self.assertEqual(result[0].username, "john")
|
||||
self.assertEqual(result[1].username, "jane")
|
||||
self.assertEqual(len(result), 2)
|
||||
|
||||
# Add the role to an user
|
||||
result = permissions.utils.add_role(self.group, self.role_1)
|
||||
self.assertEqual(result, True)
|
||||
|
||||
# This shouldn't have an effect on the result
|
||||
result = self.role_1.get_users()
|
||||
self.assertEqual(result[0].username, "john")
|
||||
self.assertEqual(result[1].username, "jane")
|
||||
self.assertEqual(len(result), 2)
|
||||
|
||||
def test_get_users_2(self):
|
||||
"""Tests local roles for users.
|
||||
"""
|
||||
result = self.role_1.get_users(self.page_1)
|
||||
self.assertEqual(len(result), 0)
|
||||
|
||||
result = permissions.utils.add_local_role(self.page_1, self.user, self.role_1)
|
||||
self.assertEqual(result, True)
|
||||
|
||||
result = self.role_1.get_users(self.page_1)
|
||||
self.assertEqual(result[0].username, "john")
|
||||
|
||||
# Add another local role to an user
|
||||
self.user_2 = User.objects.create(username="jane")
|
||||
result = permissions.utils.add_local_role(self.page_1, self.user_2, self.role_1)
|
||||
|
||||
result = self.role_1.get_users(self.page_1)
|
||||
self.assertEqual(result[0].username, "john")
|
||||
self.assertEqual(result[1].username, "jane")
|
||||
|
||||
# A the global role to user
|
||||
result = permissions.utils.add_role(self.user, self.role_1)
|
||||
self.assertEqual(result, True)
|
||||
|
||||
# Nontheless there are just two users returned (and no duplicate)
|
||||
result = self.role_1.get_users(self.page_1)
|
||||
self.assertEqual(result[0].username, "john")
|
||||
self.assertEqual(result[1].username, "jane")
|
||||
self.assertEqual(len(result), 2)
|
||||
|
||||
# Andere there should one user for the global role
|
||||
result = self.role_1.get_users()
|
||||
self.assertEqual(result[0].username, "john")
|
||||
|
||||
# Add the role to an group
|
||||
result = permissions.utils.add_local_role(self.page_1, self.group, self.role_1)
|
||||
self.assertEqual(result, True)
|
||||
|
||||
# This shouldn't have an effect on the result
|
||||
result = self.role_1.get_users(self.page_1)
|
||||
self.assertEqual(result[0].username, "john")
|
||||
self.assertEqual(result[1].username, "jane")
|
||||
self.assertEqual(len(result), 2)
|
||||
|
||||
class PermissionTestCase(TestCase):
|
||||
"""
|
||||
"""
|
||||
def setUp(self):
|
||||
"""
|
||||
"""
|
||||
self.role_1 = permissions.utils.register_role("Role 1")
|
||||
self.role_2 = permissions.utils.register_role("Role 2")
|
||||
|
||||
self.user = User.objects.create(username="john")
|
||||
permissions.utils.add_role(self.user, self.role_1)
|
||||
self.user.save()
|
||||
|
||||
self.page_1 = FlatPage.objects.create(url="/page-1/", title="Page 1")
|
||||
self.page_2 = FlatPage.objects.create(url="/page-1/", title="Page 2")
|
||||
|
||||
self.permission = permissions.utils.register_permission("View", "view")
|
||||
|
||||
def test_add_permissions(self):
|
||||
"""
|
||||
"""
|
||||
# Add per object
|
||||
result = permissions.utils.grant_permission(self.page_1, self.role_1, self.permission)
|
||||
self.assertEqual(result, True)
|
||||
|
||||
# Add per codename
|
||||
result = permissions.utils.grant_permission(self.page_1, self.role_1, "view")
|
||||
self.assertEqual(result, True)
|
||||
|
||||
# Add ermission which does not exist
|
||||
result = permissions.utils.grant_permission(self.page_1, self.role_1, "hurz")
|
||||
self.assertEqual(result, False)
|
||||
|
||||
def test_remove_permission(self):
|
||||
"""
|
||||
"""
|
||||
# Add
|
||||
result = permissions.utils.grant_permission(self.page_1, self.role_1, "view")
|
||||
self.assertEqual(result, True)
|
||||
|
||||
# Remove
|
||||
result = permissions.utils.remove_permission(self.page_1, self.role_1, "view")
|
||||
self.assertEqual(result, True)
|
||||
|
||||
# Remove again
|
||||
result = permissions.utils.remove_permission(self.page_1, self.role_1, "view")
|
||||
self.assertEqual(result, False)
|
||||
|
||||
def test_has_permission_role(self):
|
||||
"""
|
||||
"""
|
||||
result = permissions.utils.has_permission(self.page_1, self.user, "view")
|
||||
self.assertEqual(result, False)
|
||||
|
||||
result = permissions.utils.grant_permission(self.page_1, self.role_1, self.permission)
|
||||
self.assertEqual(result, True)
|
||||
|
||||
result = permissions.utils.has_permission(self.page_1, self.user, "view")
|
||||
self.assertEqual(result, True)
|
||||
|
||||
result = permissions.utils.remove_permission(self.page_1, self.role_1, "view")
|
||||
self.assertEqual(result, True)
|
||||
|
||||
result = permissions.utils.has_permission(self.page_1, self.user, "view")
|
||||
self.assertEqual(result, False)
|
||||
|
||||
def test_has_permission_owner(self):
|
||||
"""
|
||||
"""
|
||||
creator = User.objects.create(username="jane")
|
||||
|
||||
result = permissions.utils.has_permission(self.page_1, creator, "view")
|
||||
self.assertEqual(result, False)
|
||||
|
||||
owner = permissions.utils.register_role("Owner")
|
||||
permissions.utils.grant_permission(self.page_1, owner, "view")
|
||||
|
||||
result = permissions.utils.has_permission(self.page_1, creator, "view", [owner])
|
||||
self.assertEqual(result, True)
|
||||
|
||||
def test_local_role(self):
|
||||
"""
|
||||
"""
|
||||
result = permissions.utils.has_permission(self.page_1, self.user, "view")
|
||||
self.assertEqual(result, False)
|
||||
|
||||
permissions.utils.grant_permission(self.page_1, self.role_2, self.permission)
|
||||
permissions.utils.add_local_role(self.page_1, self.user, self.role_2)
|
||||
|
||||
result = permissions.utils.has_permission(self.page_1, self.user, "view")
|
||||
self.assertEqual(result, True)
|
||||
|
||||
def test_ineritance(self):
|
||||
"""
|
||||
"""
|
||||
result = permissions.utils.is_inherited(self.page_1, "view")
|
||||
self.assertEqual(result, True)
|
||||
|
||||
# per permission
|
||||
permissions.utils.add_inheritance_block(self.page_1, self.permission)
|
||||
|
||||
result = permissions.utils.is_inherited(self.page_1, "view")
|
||||
self.assertEqual(result, False)
|
||||
|
||||
permissions.utils.remove_inheritance_block(self.page_1, self.permission)
|
||||
|
||||
result = permissions.utils.is_inherited(self.page_1, "view")
|
||||
self.assertEqual(result, True)
|
||||
|
||||
# per codename
|
||||
permissions.utils.add_inheritance_block(self.page_1, "view")
|
||||
|
||||
result = permissions.utils.is_inherited(self.page_1, "view")
|
||||
self.assertEqual(result, False)
|
||||
|
||||
permissions.utils.remove_inheritance_block(self.page_1, "view")
|
||||
|
||||
result = permissions.utils.is_inherited(self.page_1, "view")
|
||||
self.assertEqual(result, True)
|
||||
|
||||
def test_unicode(self):
|
||||
"""
|
||||
"""
|
||||
# Permission
|
||||
self.assertEqual(self.permission.__unicode__(), "View (view)")
|
||||
|
||||
# ObjectPermission
|
||||
permissions.utils.grant_permission(self.page_1, self.role_1, self.permission)
|
||||
opr = ObjectPermission.objects.get(permission=self.permission, role=self.role_1)
|
||||
self.assertEqual(opr.__unicode__(), "View / Role 1 / flat page - 1")
|
||||
|
||||
# ObjectPermissionInheritanceBlock
|
||||
permissions.utils.add_inheritance_block(self.page_1, self.permission)
|
||||
opb = ObjectPermissionInheritanceBlock.objects.get(permission=self.permission)
|
||||
|
||||
self.assertEqual(opb.__unicode__(), "View (view) / flat page - 1")
|
||||
|
||||
def test_reset(self):
|
||||
"""
|
||||
"""
|
||||
result = permissions.utils.grant_permission(self.page_1, self.role_1, "view")
|
||||
self.assertEqual(result, True)
|
||||
|
||||
result = permissions.utils.has_permission(self.page_1, self.user, "view")
|
||||
self.assertEqual(result, True)
|
||||
|
||||
permissions.utils.add_inheritance_block(self.page_1, "view")
|
||||
|
||||
result = permissions.utils.is_inherited(self.page_1, "view")
|
||||
self.assertEqual(result, False)
|
||||
|
||||
permissions.utils.reset(self.page_1)
|
||||
|
||||
result = permissions.utils.has_permission(self.page_1, self.user, "view")
|
||||
self.assertEqual(result, False)
|
||||
|
||||
result = permissions.utils.is_inherited(self.page_1, "view")
|
||||
self.assertEqual(result, True)
|
||||
|
||||
permissions.utils.reset(self.page_1)
|
||||
|
||||
class RegistrationTestCase(TestCase):
|
||||
"""Tests the registration of different components.
|
||||
"""
|
||||
def test_group(self):
|
||||
"""Tests registering/unregistering of a group.
|
||||
"""
|
||||
# Register a group
|
||||
result = permissions.utils.register_group("Brights")
|
||||
self.failUnless(isinstance(result, Group))
|
||||
|
||||
# It's there
|
||||
group = Group.objects.get(name="Brights")
|
||||
self.assertEqual(group.name, "Brights")
|
||||
|
||||
# Trying to register another group with same name
|
||||
result = permissions.utils.register_group("Brights")
|
||||
self.assertEqual(result, False)
|
||||
|
||||
group = Group.objects.get(name="Brights")
|
||||
self.assertEqual(group.name, "Brights")
|
||||
|
||||
# Unregister the group
|
||||
result = permissions.utils.unregister_group("Brights")
|
||||
self.assertEqual(result, True)
|
||||
|
||||
# It's not there anymore
|
||||
self.assertRaises(Group.DoesNotExist, Group.objects.get, name="Brights")
|
||||
|
||||
# Trying to unregister the group again
|
||||
result = permissions.utils.unregister_group("Brights")
|
||||
self.assertEqual(result, False)
|
||||
|
||||
def test_role(self):
|
||||
"""Tests registering/unregistering of a role.
|
||||
"""
|
||||
# Register a role
|
||||
result = permissions.utils.register_role("Editor")
|
||||
self.failUnless(isinstance(result, Role))
|
||||
|
||||
# It's there
|
||||
role = Role.objects.get(name="Editor")
|
||||
self.assertEqual(role.name, "Editor")
|
||||
|
||||
# Trying to register another role with same name
|
||||
result = permissions.utils.register_role("Editor")
|
||||
self.assertEqual(result, False)
|
||||
|
||||
role = Role.objects.get(name="Editor")
|
||||
self.assertEqual(role.name, "Editor")
|
||||
|
||||
# Unregister the role
|
||||
result = permissions.utils.unregister_role("Editor")
|
||||
self.assertEqual(result, True)
|
||||
|
||||
# It's not there anymore
|
||||
self.assertRaises(Role.DoesNotExist, Role.objects.get, name="Editor")
|
||||
|
||||
# Trying to unregister the role again
|
||||
result = permissions.utils.unregister_role("Editor")
|
||||
self.assertEqual(result, False)
|
||||
|
||||
def test_permission(self):
|
||||
"""Tests registering/unregistering of a permission.
|
||||
"""
|
||||
# Register a permission
|
||||
result = permissions.utils.register_permission("Change", "change")
|
||||
self.failUnless(isinstance(result, Permission))
|
||||
|
||||
# Is it there?
|
||||
p = Permission.objects.get(codename="change")
|
||||
self.assertEqual(p.name, "Change")
|
||||
|
||||
# Register a permission with the same codename
|
||||
result = permissions.utils.register_permission("Change2", "change")
|
||||
self.assertEqual(result, False)
|
||||
|
||||
# Is it there?
|
||||
p = Permission.objects.get(codename="change")
|
||||
self.assertEqual(p.name, "Change")
|
||||
|
||||
# Register a permission with the same name
|
||||
result = permissions.utils.register_permission("Change", "change2")
|
||||
self.assertEqual(result, False)
|
||||
|
||||
# Is it there?
|
||||
p = Permission.objects.get(codename="change")
|
||||
self.assertEqual(p.name, "Change")
|
||||
|
||||
# Unregister the permission
|
||||
result = permissions.utils.unregister_permission("change")
|
||||
self.assertEqual(result, True)
|
||||
|
||||
# Is it not there anymore?
|
||||
self.assertRaises(Permission.DoesNotExist, Permission.objects.get, codename="change")
|
||||
|
||||
# Unregister the permission again
|
||||
result = permissions.utils.unregister_permission("change")
|
||||
self.assertEqual(result, False)
|
||||
|
||||
# django imports
|
||||
from django.core.handlers.wsgi import WSGIRequest
|
||||
from django.contrib.auth.models import User
|
||||
from django.contrib.sessions.backends.file import SessionStore
|
||||
from django.test.client import Client
|
||||
|
||||
# Taken from "http://www.djangosnippets.org/snippets/963/"
|
||||
class RequestFactory(Client):
|
||||
"""
|
||||
Class that lets you create mock Request objects for use in testing.
|
||||
|
||||
Usage:
|
||||
|
||||
rf = RequestFactory()
|
||||
get_request = rf.get('/hello/')
|
||||
post_request = rf.post('/submit/', {'foo': 'bar'})
|
||||
|
||||
This class re-uses the django.test.client.Client interface, docs here:
|
||||
http://www.djangoproject.com/documentation/testing/#the-test-client
|
||||
|
||||
Once you have a request object you can pass it to any view function,
|
||||
just as if that view had been hooked up using a URLconf.
|
||||
|
||||
"""
|
||||
def request(self, **request):
|
||||
"""
|
||||
Similar to parent class, but returns the request object as soon as it
|
||||
has created it.
|
||||
"""
|
||||
environ = {
|
||||
'HTTP_COOKIE': self.cookies,
|
||||
'PATH_INFO': '/',
|
||||
'QUERY_STRING': '',
|
||||
'REQUEST_METHOD': 'GET',
|
||||
'SCRIPT_NAME': '',
|
||||
'SERVER_NAME': 'testserver',
|
||||
'SERVER_PORT': 80,
|
||||
'SERVER_PROTOCOL': 'HTTP/1.1',
|
||||
}
|
||||
environ.update(self.defaults)
|
||||
environ.update(request)
|
||||
return WSGIRequest(environ)
|
||||
|
||||
def create_request():
|
||||
"""
|
||||
"""
|
||||
rf = RequestFactory()
|
||||
request = rf.get('/')
|
||||
request.session = SessionStore()
|
||||
|
||||
user = User()
|
||||
user.is_superuser = True
|
||||
user.save()
|
||||
request.user = user
|
||||
|
||||
return request
|
||||
|
|
@ -1,665 +0,0 @@
|
|||
# django imports
|
||||
from django.db import IntegrityError
|
||||
from django.db.models import Q
|
||||
from django.db import connection
|
||||
from django.contrib.auth.models import User
|
||||
from django.contrib.auth.models import Group
|
||||
from django.contrib.contenttypes.models import ContentType
|
||||
from django.core.cache import cache
|
||||
from django.core.exceptions import ObjectDoesNotExist
|
||||
|
||||
# permissions imports
|
||||
from permissions.exceptions import Unauthorized
|
||||
from permissions.models import ObjectPermission
|
||||
from permissions.models import ObjectPermissionInheritanceBlock
|
||||
from permissions.models import Permission
|
||||
from permissions.models import PrincipalRoleRelation
|
||||
from permissions.models import Role
|
||||
|
||||
|
||||
# Roles ######################################################################
|
||||
|
||||
def add_role(principal, role):
|
||||
"""Adds a global role to a principal.
|
||||
|
||||
**Parameters:**
|
||||
|
||||
principal
|
||||
The principal (user or group) which gets the role added.
|
||||
|
||||
role
|
||||
The role which is assigned.
|
||||
"""
|
||||
if isinstance(principal, User):
|
||||
try:
|
||||
ppr = PrincipalRoleRelation.objects.get(user=principal, role=role, content_id=None, content_type=None)
|
||||
except PrincipalRoleRelation.DoesNotExist:
|
||||
PrincipalRoleRelation.objects.create(user=principal, role=role)
|
||||
return True
|
||||
else:
|
||||
try:
|
||||
ppr = PrincipalRoleRelation.objects.get(group=principal, role=role, content_id=None, content_type=None)
|
||||
except PrincipalRoleRelation.DoesNotExist:
|
||||
PrincipalRoleRelation.objects.create(group=principal, role=role)
|
||||
return True
|
||||
|
||||
return False
|
||||
|
||||
def add_local_role(obj, principal, role):
|
||||
"""Adds a local role to a principal.
|
||||
|
||||
**Parameters:**
|
||||
|
||||
obj
|
||||
The object for which the principal gets the role.
|
||||
|
||||
principal
|
||||
The principal (user or group) which gets the role.
|
||||
|
||||
role
|
||||
The role which is assigned.
|
||||
"""
|
||||
ctype = ContentType.objects.get_for_model(obj)
|
||||
if isinstance(principal, User):
|
||||
try:
|
||||
ppr = PrincipalRoleRelation.objects.get(user=principal, role=role, content_id=obj.pk, content_type=ctype)
|
||||
except PrincipalRoleRelation.DoesNotExist:
|
||||
PrincipalRoleRelation.objects.create(user=principal, role=role, content=obj)
|
||||
return True
|
||||
else:
|
||||
try:
|
||||
ppr = PrincipalRoleRelation.objects.get(group=principal, role=role, content_id=obj.pk, content_type=ctype)
|
||||
except PrincipalRoleRelation.DoesNotExist:
|
||||
PrincipalRoleRelation.objects.create(group=principal, role=role, content=obj)
|
||||
return True
|
||||
|
||||
return False
|
||||
|
||||
def remove_role(principal, role):
|
||||
"""Removes role from passed principal.
|
||||
|
||||
**Parameters:**
|
||||
|
||||
principal
|
||||
The principal (user or group) from which the role is removed.
|
||||
|
||||
role
|
||||
The role which is removed.
|
||||
"""
|
||||
try:
|
||||
if isinstance(principal, User):
|
||||
ppr = PrincipalRoleRelation.objects.get(
|
||||
user=principal, role=role, content_id=None, content_type=None)
|
||||
else:
|
||||
ppr = PrincipalRoleRelation.objects.get(
|
||||
group=principal, role=role, content_id=None, content_type=None)
|
||||
|
||||
except PrincipalRoleRelation.DoesNotExist:
|
||||
return False
|
||||
else:
|
||||
ppr.delete()
|
||||
|
||||
return True
|
||||
|
||||
def remove_local_role(obj, principal, role):
|
||||
"""Removes role from passed object and principle.
|
||||
|
||||
**Parameters:**
|
||||
|
||||
obj
|
||||
The object from which the role is removed.
|
||||
|
||||
principal
|
||||
The principal (user or group) from which the role is removed.
|
||||
|
||||
role
|
||||
The role which is removed.
|
||||
"""
|
||||
try:
|
||||
ctype = ContentType.objects.get_for_model(obj)
|
||||
|
||||
if isinstance(principal, User):
|
||||
ppr = PrincipalRoleRelation.objects.get(
|
||||
user=principal, role=role, content_id=obj.pk, content_type=ctype)
|
||||
else:
|
||||
ppr = PrincipalRoleRelation.objects.get(
|
||||
group=principal, role=role, content_id=obj.pk, content_type=ctype)
|
||||
|
||||
except PrincipalRoleRelation.DoesNotExist:
|
||||
return False
|
||||
else:
|
||||
ppr.delete()
|
||||
|
||||
return True
|
||||
|
||||
def remove_roles(principal):
|
||||
"""Removes all roles passed principal (user or group).
|
||||
|
||||
**Parameters:**
|
||||
|
||||
principal
|
||||
The principal (user or group) from which all roles are removed.
|
||||
"""
|
||||
if isinstance(principal, User):
|
||||
ppr = PrincipalRoleRelation.objects.filter(
|
||||
user=principal, content_id=None, content_type=None)
|
||||
else:
|
||||
ppr = PrincipalRoleRelation.objects.filter(
|
||||
group=principal, content_id=None, content_type=None)
|
||||
|
||||
if ppr:
|
||||
ppr.delete()
|
||||
return True
|
||||
else:
|
||||
return False
|
||||
|
||||
def remove_local_roles(obj, principal):
|
||||
"""Removes all local roles from passed object and principal (user or
|
||||
group).
|
||||
|
||||
**Parameters:**
|
||||
|
||||
obj
|
||||
The object from which the roles are removed.
|
||||
|
||||
principal
|
||||
The principal (user or group) from which the roles are removed.
|
||||
"""
|
||||
ctype = ContentType.objects.get_for_model(obj)
|
||||
|
||||
if isinstance(principal, User):
|
||||
ppr = PrincipalRoleRelation.objects.filter(
|
||||
user=principal, content_id=obj.pk, content_type=ctype)
|
||||
else:
|
||||
ppr = PrincipalRoleRelation.objects.filter(
|
||||
group=principal, content_id=obj.pk, content_type=ctype)
|
||||
|
||||
if ppr:
|
||||
ppr.delete()
|
||||
return True
|
||||
else:
|
||||
return False
|
||||
|
||||
def get_roles(user, obj=None):
|
||||
"""Returns *all* roles of the passed user.
|
||||
|
||||
This takes direct roles and roles via the user's groups into account.
|
||||
|
||||
If an object is passed local roles will also added. Then all local roles
|
||||
from all ancestors and all user's groups are also taken into account.
|
||||
|
||||
This is the method to use if one want to know whether the passed user
|
||||
has a role in general (for the passed object).
|
||||
|
||||
**Parameters:**
|
||||
|
||||
user
|
||||
The user for which the roles are returned.
|
||||
|
||||
obj
|
||||
The object for which local roles will returned.
|
||||
|
||||
"""
|
||||
roles = []
|
||||
groups = user.groups.all()
|
||||
groups_ids_str = ", ".join([str(g.id) for g in groups])
|
||||
|
||||
# Gobal roles for user and the user's groups
|
||||
cursor = connection.cursor()
|
||||
cursor.execute("""SELECT role_id
|
||||
FROM permissions_principalrolerelation
|
||||
WHERE (user_id=%s OR group_id IN (%s))
|
||||
AND content_id is Null""" % (user.id, groups_ids_str))
|
||||
|
||||
for row in cursor.fetchall():
|
||||
roles.append(row[0])
|
||||
|
||||
# Local roles for user and the user's groups and all ancestors of the
|
||||
# passed object.
|
||||
while obj:
|
||||
ctype = ContentType.objects.get_for_model(obj)
|
||||
cursor.execute("""SELECT role_id
|
||||
FROM permissions_principalrolerelation
|
||||
WHERE (user_id='%s' OR group_id IN (%s))
|
||||
AND content_id='%s'
|
||||
AND content_type_id='%s'""" % (user.id, groups_ids_str, obj.pk, ctype.id))
|
||||
|
||||
for row in cursor.fetchall():
|
||||
roles.append(row[0])
|
||||
|
||||
try:
|
||||
obj = obj.get_parent_for_permissions()
|
||||
except AttributeError:
|
||||
obj = None
|
||||
|
||||
return roles
|
||||
|
||||
def get_global_roles(principal):
|
||||
"""Returns *direct* global roles of passed principal (user or group).
|
||||
"""
|
||||
if isinstance(principal, User):
|
||||
return [prr.role for prr in PrincipalRoleRelation.objects.filter(
|
||||
user=principal, content_id=None, content_type=None)]
|
||||
else:
|
||||
if isinstance(principal, Group):
|
||||
principal = (principal,)
|
||||
return [prr.role for prr in PrincipalRoleRelation.objects.filter(
|
||||
group__in=principal, content_id=None, content_type=None)]
|
||||
|
||||
def get_local_roles(obj, principal):
|
||||
"""Returns *direct* local roles for passed principal and content object.
|
||||
"""
|
||||
ctype = ContentType.objects.get_for_model(obj)
|
||||
|
||||
if isinstance(principal, User):
|
||||
return [prr.role for prr in PrincipalRoleRelation.objects.filter(
|
||||
user=principal, content_id=obj.pk, content_type=ctype)]
|
||||
else:
|
||||
return [prr.role for prr in PrincipalRoleRelation.objects.filter(
|
||||
group=principal, content_id=obj.pk, content_type=ctype)]
|
||||
|
||||
# Permissions ################################################################
|
||||
|
||||
def check_permission(obj, user, codename, roles=None):
|
||||
"""Checks whether passed user has passed permission for passed obj.
|
||||
|
||||
**Parameters:**
|
||||
|
||||
obj
|
||||
The object for which the permission should be checked.
|
||||
|
||||
codename
|
||||
The permission's codename which should be checked.
|
||||
|
||||
user
|
||||
The user for which the permission should be checked.
|
||||
|
||||
roles
|
||||
If given these roles will be assigned to the user temporarily before
|
||||
the permissions are checked.
|
||||
"""
|
||||
if not has_permission(obj, user, codename):
|
||||
raise Unauthorized("User '%s' doesn't have permission '%s' for object '%s' (%s)"
|
||||
% (user, codename, obj.slug, obj.__class__.__name__))
|
||||
|
||||
def grant_permission(obj, role, permission):
|
||||
"""Grants passed permission to passed role. Returns True if the permission
|
||||
was able to be added, otherwise False.
|
||||
|
||||
**Parameters:**
|
||||
|
||||
obj
|
||||
The content object for which the permission should be granted.
|
||||
|
||||
role
|
||||
The role for which the permission should be granted.
|
||||
|
||||
permission
|
||||
The permission which should be granted. Either a permission
|
||||
object or the codename of a permission.
|
||||
"""
|
||||
if not isinstance(permission, Permission):
|
||||
try:
|
||||
permission = Permission.objects.get(codename = permission)
|
||||
except Permission.DoesNotExist:
|
||||
return False
|
||||
|
||||
ct = ContentType.objects.get_for_model(obj)
|
||||
try:
|
||||
ObjectPermission.objects.get(role=role, content_type = ct, content_id=obj.pk, permission=permission)
|
||||
except ObjectPermission.DoesNotExist:
|
||||
ObjectPermission.objects.create(role=role, content=obj, permission=permission)
|
||||
|
||||
return True
|
||||
|
||||
def remove_permission(obj, role, permission):
|
||||
"""Removes passed permission from passed role and object. Returns True if
|
||||
the permission has been removed.
|
||||
|
||||
**Parameters:**
|
||||
|
||||
obj
|
||||
The content object for which a permission should be removed.
|
||||
|
||||
role
|
||||
The role for which a permission should be removed.
|
||||
|
||||
permission
|
||||
The permission which should be removed. Either a permission object
|
||||
or the codename of a permission.
|
||||
"""
|
||||
if not isinstance(permission, Permission):
|
||||
try:
|
||||
permission = Permission.objects.get(codename = permission)
|
||||
except Permission.DoesNotExist:
|
||||
return False
|
||||
|
||||
ct = ContentType.objects.get_for_model(obj)
|
||||
|
||||
try:
|
||||
op = ObjectPermission.objects.get(role=role, content_type = ct, content_id=obj.pk, permission = permission)
|
||||
except ObjectPermission.DoesNotExist:
|
||||
return False
|
||||
|
||||
op.delete()
|
||||
return True
|
||||
|
||||
def has_permission(obj, user, codename, roles=None):
|
||||
"""Checks whether the passed user has passed permission for passed object.
|
||||
|
||||
**Parameters:**
|
||||
|
||||
obj
|
||||
The object for which the permission should be checked.
|
||||
|
||||
codename
|
||||
The permission's codename which should be checked.
|
||||
|
||||
request
|
||||
The current request.
|
||||
|
||||
roles
|
||||
If given these roles will be assigned to the user temporarily before
|
||||
the permissions are checked.
|
||||
"""
|
||||
cache_key = "%s-%s-%s" % (obj.content_type, obj.pk, codename)
|
||||
result = _get_cached_permission(user, cache_key)
|
||||
if result is not None:
|
||||
return result
|
||||
|
||||
if roles is None:
|
||||
roles = []
|
||||
|
||||
if user.is_superuser:
|
||||
return True
|
||||
|
||||
if not user.is_anonymous():
|
||||
roles.extend(get_roles(user, obj))
|
||||
|
||||
ct = ContentType.objects.get_for_model(obj)
|
||||
|
||||
result = False
|
||||
while obj is not None:
|
||||
p = ObjectPermission.objects.filter(
|
||||
content_type=ct, content_id=obj.pk, role__in=roles, permission__codename = codename).values("id")
|
||||
|
||||
if len(p) > 0:
|
||||
result = True
|
||||
break
|
||||
|
||||
if is_inherited(obj, codename) == False:
|
||||
result = False
|
||||
break
|
||||
|
||||
try:
|
||||
obj = obj.get_parent_for_permissions()
|
||||
ct = ContentType.objects.get_for_model(obj)
|
||||
except AttributeError:
|
||||
result = False
|
||||
break
|
||||
|
||||
_cache_permission(user, cache_key, result)
|
||||
return result
|
||||
|
||||
# Inheritance ################################################################
|
||||
|
||||
def add_inheritance_block(obj, permission):
|
||||
"""Adds an inheritance for the passed permission on the passed obj.
|
||||
|
||||
**Parameters:**
|
||||
|
||||
permission
|
||||
The permission for which an inheritance block should be added.
|
||||
Either a permission object or the codename of a permission.
|
||||
obj
|
||||
The content object for which an inheritance block should be added.
|
||||
"""
|
||||
if not isinstance(permission, Permission):
|
||||
try:
|
||||
permission = Permission.objects.get(codename = permission)
|
||||
except Permission.DoesNotExist:
|
||||
return False
|
||||
|
||||
ct = ContentType.objects.get_for_model(obj)
|
||||
try:
|
||||
ObjectPermissionInheritanceBlock.objects.get(content_type = ct, content_id=obj.pk, permission=permission)
|
||||
except ObjectPermissionInheritanceBlock.DoesNotExist:
|
||||
try:
|
||||
result = ObjectPermissionInheritanceBlock.objects.create(content=obj, permission=permission)
|
||||
except IntegrityError:
|
||||
return False
|
||||
return True
|
||||
|
||||
def remove_inheritance_block(obj, permission):
|
||||
"""Removes a inheritance block for the passed permission from the passed
|
||||
object.
|
||||
|
||||
**Parameters:**
|
||||
|
||||
obj
|
||||
The content object for which an inheritance block should be added.
|
||||
|
||||
permission
|
||||
The permission for which an inheritance block should be removed.
|
||||
Either a permission object or the codename of a permission.
|
||||
"""
|
||||
if not isinstance(permission, Permission):
|
||||
try:
|
||||
permission = Permission.objects.get(codename = permission)
|
||||
except Permission.DoesNotExist:
|
||||
return False
|
||||
|
||||
ct = ContentType.objects.get_for_model(obj)
|
||||
try:
|
||||
opi = ObjectPermissionInheritanceBlock.objects.get(content_type = ct, content_id=obj.pk, permission=permission)
|
||||
except ObjectPermissionInheritanceBlock.DoesNotExist:
|
||||
return False
|
||||
|
||||
opi.delete()
|
||||
return True
|
||||
|
||||
def is_inherited(obj, codename):
|
||||
"""Returns True if the passed permission is inherited for passed object.
|
||||
|
||||
**Parameters:**
|
||||
|
||||
obj
|
||||
The content object for which the permission should be checked.
|
||||
|
||||
codename
|
||||
The permission which should be checked. Must be the codename of
|
||||
the permission.
|
||||
"""
|
||||
ct = ContentType.objects.get_for_model(obj)
|
||||
try:
|
||||
ObjectPermissionInheritanceBlock.objects.get(
|
||||
content_type=ct, content_id=obj.pk, permission__codename = codename)
|
||||
except ObjectDoesNotExist:
|
||||
return True
|
||||
else:
|
||||
return False
|
||||
|
||||
def get_group(id):
|
||||
"""Returns the group with passed id or None.
|
||||
"""
|
||||
try:
|
||||
return Group.objects.get(pk=id)
|
||||
except Group.DoesNotExist:
|
||||
return None
|
||||
|
||||
def get_role(id):
|
||||
"""Returns the role with passed id or None.
|
||||
"""
|
||||
try:
|
||||
return Role.objects.get(pk=id)
|
||||
except Role.DoesNotExist:
|
||||
return None
|
||||
|
||||
def get_user(id):
|
||||
"""Returns the user with passed id or None.
|
||||
"""
|
||||
try:
|
||||
return User.objects.get(pk=id)
|
||||
except User.DoesNotExist:
|
||||
return None
|
||||
|
||||
def has_group(user, group):
|
||||
"""Returns True if passed user has passed group.
|
||||
"""
|
||||
if isinstance(group, str):
|
||||
group = Group.objects.get(name=group)
|
||||
|
||||
return group in user.groups.all()
|
||||
|
||||
def reset(obj):
|
||||
"""Resets all permissions and inheritance blocks of passed object.
|
||||
"""
|
||||
ctype = ContentType.objects.get_for_model(obj)
|
||||
ObjectPermissionInheritanceBlock.objects.filter(content_id=obj.pk, content_type=ctype).delete()
|
||||
ObjectPermission.objects.filter(content_id=obj.pk, content_type=ctype).delete()
|
||||
|
||||
# Registering ################################################################
|
||||
|
||||
def register_permission(name, codename, ctypes=[]):
|
||||
"""Registers a permission to the framework. Returns the permission if the
|
||||
registration was successfully, otherwise False.
|
||||
|
||||
**Parameters:**
|
||||
|
||||
name
|
||||
The unique name of the permission. This is displayed to the
|
||||
customer.
|
||||
codename
|
||||
The unique codename of the permission. This is used internally to
|
||||
identify the permission.
|
||||
content_types
|
||||
The content type for which the permission is active. This can be
|
||||
used to display only reasonable permissions for an object. This
|
||||
must be a Django ContentType
|
||||
"""
|
||||
try:
|
||||
p = Permission.objects.create(name=name, codename=codename)
|
||||
|
||||
ctypes = [ContentType.objects.get_for_model(ctype) for ctype in ctypes]
|
||||
if ctypes:
|
||||
p.content_types = ctypes
|
||||
p.save()
|
||||
except IntegrityError:
|
||||
return False
|
||||
return p
|
||||
|
||||
def unregister_permission(codename):
|
||||
"""Unregisters a permission from the framework
|
||||
|
||||
**Parameters:**
|
||||
|
||||
codename
|
||||
The unique codename of the permission.
|
||||
"""
|
||||
try:
|
||||
permission = Permission.objects.get(codename=codename)
|
||||
except Permission.DoesNotExist:
|
||||
return False
|
||||
permission.delete()
|
||||
return True
|
||||
|
||||
def register_role(name):
|
||||
"""Registers a role with passed name to the framework. Returns the new
|
||||
role if the registration was successfully, otherwise False.
|
||||
|
||||
**Parameters:**
|
||||
|
||||
name
|
||||
The unique role name.
|
||||
"""
|
||||
try:
|
||||
role = Role.objects.create(name=name)
|
||||
except IntegrityError:
|
||||
return False
|
||||
return role
|
||||
|
||||
def unregister_role(name):
|
||||
"""Unregisters the role with passed name.
|
||||
|
||||
**Parameters:**
|
||||
|
||||
name
|
||||
The unique role name.
|
||||
"""
|
||||
try:
|
||||
role = Role.objects.get(name=name)
|
||||
except Role.DoesNotExist:
|
||||
return False
|
||||
|
||||
role.delete()
|
||||
return True
|
||||
|
||||
def register_group(name):
|
||||
"""Registers a group with passed name to the framework. Returns the new
|
||||
group if the registration was successfully, otherwise False.
|
||||
|
||||
Actually this creates just a default Django Group.
|
||||
|
||||
**Parameters:**
|
||||
|
||||
name
|
||||
The unique group name.
|
||||
"""
|
||||
try:
|
||||
group = Group.objects.create(name=name)
|
||||
except IntegrityError:
|
||||
return False
|
||||
return group
|
||||
|
||||
def unregister_group(name):
|
||||
"""Unregisters the group with passed name. Returns True if the
|
||||
unregistration was succesfull otherwise False.
|
||||
|
||||
Actually this deletes just a default Django Group.
|
||||
|
||||
**Parameters:**
|
||||
|
||||
name
|
||||
The unique role name.
|
||||
"""
|
||||
try:
|
||||
group = Group.objects.get(name=name)
|
||||
except Group.DoesNotExist:
|
||||
return False
|
||||
|
||||
group.delete()
|
||||
return True
|
||||
|
||||
def _cache_permission(user, cache_key, data):
|
||||
"""Stores the passed data on the passed user object.
|
||||
|
||||
**Parameters:**
|
||||
|
||||
user
|
||||
The user on which the data is stored.
|
||||
|
||||
cache_key
|
||||
The key under which the data is stored.
|
||||
|
||||
data
|
||||
The data which is stored.
|
||||
"""
|
||||
if not getattr(user, "permissions", None):
|
||||
user.permissions = {}
|
||||
user.permissions[cache_key] = data
|
||||
|
||||
def _get_cached_permission(user, cache_key):
|
||||
"""Returns the stored data from passed user object for passed cache_key.
|
||||
|
||||
**Parameters:**
|
||||
|
||||
user
|
||||
The user from which the data is retrieved.
|
||||
|
||||
cache_key
|
||||
The key under which the data is stored.
|
||||
|
||||
"""
|
||||
permissions = getattr(user, "permissions", None)
|
||||
if permissions:
|
||||
return user.permissions.get(cache_key, None)
|
||||
Loading…
Reference in a new issue