From 92aadcc4ee469255c4ef56e1be0808d403e8086e Mon Sep 17 00:00:00 2001 From: Roberto Rosario Date: Mon, 27 Feb 2012 14:41:36 -0400 Subject: [PATCH 1/2] Allow access to objects that doesn't have a content type --- apps/acls/managers.py | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/apps/acls/managers.py b/apps/acls/managers.py index 42ad2f7bc4..6ba807a897 100644 --- a/apps/acls/managers.py +++ b/apps/acls/managers.py @@ -74,13 +74,18 @@ class AccessEntryManager(models.Manager): return True actor = AnonymousUserSingleton.objects.passthru_check(actor) + try: + content_type=ContentType.objects.get_for_model(obj) + except AttributeError: + # Object doesn't have a content type, therefore allow access + return True try: self.model.objects.get( permission=permission.get_stored_permission(), holder_type=ContentType.objects.get_for_model(actor), holder_id=actor.pk, - content_type=ContentType.objects.get_for_model(obj), + content_type=content_type, object_id=obj.pk ) except self.model.DoesNotExist: From 723dbdb7e4805dc5f268c22655197b9620f2ae73 Mon Sep 17 00:00:00 2001 From: Roberto Rosario Date: Mon, 27 Feb 2012 14:45:39 -0400 Subject: [PATCH 2/2] Allow preview and deletion of staging files with either the DOCUMENT_CREATE or NEW_VERSION permissions --- apps/sources/__init__.py | 7 ++++--- apps/sources/views.py | 6 +++--- 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/apps/sources/__init__.py b/apps/sources/__init__.py index d9612a6f9d..4596235c3a 100644 --- a/apps/sources/__init__.py +++ b/apps/sources/__init__.py @@ -6,7 +6,8 @@ from navigation.api import (register_links, register_model_list_columns) from common.utils import encapsulate from project_setup.api import register_setup -from documents.permissions import PERMISSION_DOCUMENT_NEW_VERSION +from documents.permissions import (PERMISSION_DOCUMENT_NEW_VERSION, + PERMISSION_DOCUMENT_CREATE) from .staging import StagingFile from .models import (WebForm, StagingFolder, SourceTransformation, @@ -16,8 +17,8 @@ from .permissions import (PERMISSION_SOURCES_SETUP_VIEW, PERMISSION_SOURCES_SETUP_EDIT, PERMISSION_SOURCES_SETUP_DELETE, PERMISSION_SOURCES_SETUP_CREATE) -staging_file_preview = {'text': _(u'preview'), 'class': 'fancybox-noscaling', 'view': 'staging_file_preview', 'args': ['source.source_type', 'source.pk', 'object.id'], 'famfam': 'zoom'} -staging_file_delete = {'text': _(u'delete'), 'view': 'staging_file_delete', 'args': ['source.source_type', 'source.pk', 'object.id'], 'famfam': 'delete', 'keep_query': True} +staging_file_preview = {'text': _(u'preview'), 'class': 'fancybox-noscaling', 'view': 'staging_file_preview', 'args': ['source.source_type', 'source.pk', 'object.id'], 'famfam': 'zoom', 'permissions': [PERMISSION_DOCUMENT_NEW_VERSION, PERMISSION_DOCUMENT_CREATE]} +staging_file_delete = {'text': _(u'delete'), 'view': 'staging_file_delete', 'args': ['source.source_type', 'source.pk', 'object.id'], 'famfam': 'delete', 'keep_query': True, 'permissions': [PERMISSION_DOCUMENT_NEW_VERSION, PERMISSION_DOCUMENT_CREATE]} setup_sources = {'text': _(u'sources'), 'view': 'setup_web_form_list', 'famfam': 'application_form', 'icon': 'application_form.png', 'children_classes': [WebForm], 'permissions': [PERMISSION_SOURCES_SETUP_VIEW], 'children_view_regex': [r'setup_web_form', r'setup_staging_folder', r'setup_source_']} setup_web_form_list = {'text': _(u'web forms'), 'view': 'setup_web_form_list', 'famfam': 'application_form', 'icon': 'application_form.png', 'children_classes': [WebForm], 'permissions': [PERMISSION_SOURCES_SETUP_VIEW]} diff --git a/apps/sources/views.py b/apps/sources/views.py index ddbf4c71b0..adb4df3611 100644 --- a/apps/sources/views.py +++ b/apps/sources/views.py @@ -353,7 +353,7 @@ def get_form_filename(form): def staging_file_preview(request, source_type, source_id, staging_file_id): - Permission.objects.check_permissions(request.user, [PERMISSION_DOCUMENT_CREATE]) + Permission.objects.check_permissions(request.user, [PERMISSION_DOCUMENT_CREATE, PERMISSION_DOCUMENT_NEW_VERSION]) staging_folder = get_object_or_404(StagingFolder, pk=source_id) StagingFile = create_staging_file_class(request, staging_folder.folder_path) transformations, errors = SourceTransformation.transformations.get_for_object_as_list(staging_folder) @@ -372,7 +372,7 @@ def staging_file_preview(request, source_type, source_id, staging_file_id): def staging_file_thumbnail(request, source_id, staging_file_id): - Permission.objects.check_permissions(request.user, [PERMISSION_DOCUMENT_CREATE]) + Permission.objects.check_permissions(request.user, [PERMISSION_DOCUMENT_CREATE, PERMISSION_DOCUMENT_NEW_VERSION]) staging_folder = get_object_or_404(StagingFolder, pk=source_id) StagingFile = create_staging_file_class(request, staging_folder.folder_path, source=staging_folder) transformations, errors = SourceTransformation.transformations.get_for_object_as_list(staging_folder) @@ -391,7 +391,7 @@ def staging_file_thumbnail(request, source_id, staging_file_id): def staging_file_delete(request, source_type, source_id, staging_file_id): - Permission.objects.check_permissions(request.user, [PERMISSION_DOCUMENT_CREATE]) + Permission.objects.check_permissions(request.user, [PERMISSION_DOCUMENT_CREATE, PERMISSION_DOCUMENT_NEW_VERSION]) staging_folder = get_object_or_404(StagingFolder, pk=source_id) StagingFile = create_staging_file_class(request, staging_folder.folder_path)