From 24da6f4796c424f808599dc4a45bc65afcd2c443 Mon Sep 17 00:00:00 2001 From: Roberto Rosario Date: Tue, 3 Jan 2012 04:17:44 -0400 Subject: [PATCH] Add ACL support to the metadata app --- apps/metadata/models.py | 20 +++++++++---------- apps/metadata/views.py | 43 +++++++++++++++++++++++++++++------------ 2 files changed, 41 insertions(+), 22 deletions(-) diff --git a/apps/metadata/models.py b/apps/metadata/models.py index d827b615e5..1c7fda9249 100644 --- a/apps/metadata/models.py +++ b/apps/metadata/models.py @@ -12,9 +12,9 @@ available_functions_string = (_(u' Available functions: %s') % u','.join([u'%s() class MetadataType(models.Model): - """ + ''' Define a type of metadata - """ + ''' name = models.CharField(unique=True, max_length=48, verbose_name=_(u'name'), help_text=_(u'Do not use python reserved words, or spaces.')) title = models.CharField(max_length=48, verbose_name=_(u'title'), blank=True, null=True) default = models.CharField(max_length=128, blank=True, null=True, @@ -35,9 +35,9 @@ class MetadataType(models.Model): class MetadataSet(models.Model): - """ + ''' Define a group of metadata types - """ + ''' title = models.CharField(max_length=48, verbose_name=_(u'title')) def __unicode__(self): @@ -50,10 +50,10 @@ class MetadataSet(models.Model): class MetadataSetItem(models.Model): - """ + ''' Define the set of metadata that relates to a set or group of metadata fields - """ + ''' metadata_set = models.ForeignKey(MetadataSet, verbose_name=_(u'metadata set')) metadata_type = models.ForeignKey(MetadataType, verbose_name=_(u'metadata type')) #required = models.BooleanField(default=True, verbose_name=_(u'required')) @@ -67,10 +67,10 @@ class MetadataSetItem(models.Model): class DocumentMetadata(models.Model): - """ + ''' Link a document to a specific instance of a metadata type with it's current value - """ + ''' document = models.ForeignKey(Document, verbose_name=_(u'document')) metadata_type = models.ForeignKey(MetadataType, verbose_name=_(u'type')) value = models.CharField(max_length=256, blank=True, verbose_name=_(u'value'), db_index=True) @@ -84,10 +84,10 @@ class DocumentMetadata(models.Model): class DocumentTypeDefaults(models.Model): - """ + ''' Default preselected metadata types and metadata set per document type - """ + ''' document_type = models.ForeignKey(DocumentType, verbose_name=_(u'document type')) default_metadata_sets = models.ManyToManyField(MetadataSet, blank=True, verbose_name=_(u'default metadata sets')) default_metadata = models.ManyToManyField(MetadataType, blank=True, verbose_name=_(u'default metadata')) diff --git a/apps/metadata/views.py b/apps/metadata/views.py index 101192e1e9..6f570beed8 100644 --- a/apps/metadata/views.py +++ b/apps/metadata/views.py @@ -8,11 +8,13 @@ from django.contrib import messages from django.http import HttpResponseRedirect from django.core.urlresolvers import reverse from django.utils.http import urlencode +from django.core.exceptions import PermissionDenied from documents.permissions import PERMISSION_DOCUMENT_TYPE_EDIT from documents.models import Document, RecentDocument, DocumentType from permissions.models import Permission from document_indexing.api import update_indexes, delete_indexes +from acls.models import AccessEntry from common.utils import generate_choices_w_labels, encapsulate from common.views import assign_remove @@ -32,8 +34,6 @@ from .models import (DocumentMetadata, MetadataType, MetadataSet, def metadata_edit(request, document_id=None, document_id_list=None): - Permission.objects.check_permissions(request.user, [PERMISSION_METADATA_DOCUMENT_EDIT]) - if document_id: documents = [get_object_or_404(Document, pk=document_id)] if documents[0].documentmetadata_set.count() == 0: @@ -41,9 +41,15 @@ def metadata_edit(request, document_id=None, document_id_list=None): return HttpResponseRedirect(request.META.get('HTTP_REFERER', '/')) elif document_id_list: documents = [get_object_or_404(Document, pk=document_id) for document_id in document_id_list.split(',')] - else: + + try: + Permission.objects.check_permissions(request.user, [PERMISSION_METADATA_DOCUMENT_EDIT]) + except PermissionDenied: + documents = AccessEntry.objects.filter_objects_by_access(PERMISSION_METADATA_DOCUMENT_EDIT, request.user, documents) + + if not documents: messages.error(request, _(u'Must provide at least one document.')) - return HttpResponseRedirect(request.META.get('HTTP_REFERER', '/')) + return HttpResponseRedirect(request.META.get('HTTP_REFERER', '/')) post_action_redirect = reverse('document_list_recent') @@ -123,15 +129,19 @@ def metadata_multiple_edit(request): def metadata_add(request, document_id=None, document_id_list=None): - Permission.objects.check_permissions(request.user, [PERMISSION_METADATA_DOCUMENT_ADD]) - if document_id: documents = [get_object_or_404(Document, pk=document_id)] elif document_id_list: documents = [get_object_or_404(Document, pk=document_id) for document_id in document_id_list.split(',')] - else: + + try: + Permission.objects.check_permissions(request.user, [PERMISSION_METADATA_DOCUMENT_ADD]) + except PermissionDenied: + documents = AccessEntry.objects.filter_objects_by_access(PERMISSION_METADATA_DOCUMENT_ADD, request.user, documents) + + if not documents: messages.error(request, _(u'Must provide at least one document.')) - return HttpResponseRedirect(request.META.get('HTTP_REFERER', '/')) + return HttpResponseRedirect(request.META.get('HTTP_REFERER', '/')) for document in documents: RecentDocument.objects.add_document_for_user(request.user, document) @@ -187,8 +197,6 @@ def metadata_multiple_add(request): def metadata_remove(request, document_id=None, document_id_list=None): - Permission.objects.check_permissions(request.user, [PERMISSION_METADATA_DOCUMENT_REMOVE]) - if document_id: documents = [get_object_or_404(Document, pk=document_id)] if documents[0].documentmetadata_set.count() == 0: @@ -197,7 +205,13 @@ def metadata_remove(request, document_id=None, document_id_list=None): elif document_id_list: documents = [get_object_or_404(Document, pk=document_id) for document_id in document_id_list.split(',')] - else: + + try: + Permission.objects.check_permissions(request.user, [PERMISSION_METADATA_DOCUMENT_REMOVE]) + except PermissionDenied: + documents = AccessEntry.objects.filter_objects_by_access(PERMISSION_METADATA_DOCUMENT_REMOVE, request.user, documents) + + if not documents: messages.error(request, _(u'Must provide at least one document.')) return HttpResponseRedirect(request.META.get('HTTP_REFERER', '/')) @@ -276,9 +290,13 @@ def metadata_multiple_remove(request): def metadata_view(request, document_id): - Permission.objects.check_permissions(request.user, [PERMISSION_METADATA_DOCUMENT_VIEW]) document = get_object_or_404(Document, pk=document_id) + try: + Permission.objects.check_permissions(request.user, [PERMISSION_METADATA_DOCUMENT_VIEW]) + except PermissionDenied: + AccessEntry.objects.check_access(PERMISSION_METADATA_DOCUMENT_VIEW, request.user, document) + return render_to_response('generic_list.html', { 'title': _(u'metadata for: %s') % document, 'object_list': document.documentmetadata_set.all(), @@ -288,6 +306,7 @@ def metadata_view(request, document_id): }, context_instance=RequestContext(request)) +# Setup views def setup_metadata_type_list(request): Permission.objects.check_permissions(request.user, [PERMISSION_METADATA_TYPE_VIEW])