matthias/mayan-edms
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Moved permission checking logic to model, simplyfing it and adding group support too

Browse Source
This commit is contained in:
Roberto Rosario
2011-05-08 03:06:34 -04:00
parent 30a32c0aff
commit 2cacae7551
2 changed files with 41 additions and 38 deletions
Download Patch File Download Diff File Expand all files Collapse all files

41
apps/permissions/api.py
View File

@@ -1,5 +1,5 @@
from django.contrib.auth.models import User
from django.contrib.auth.models import Group
#from django.contrib.auth.models import User
#from django.contrib.auth.models import Group
from django.db.utils import DatabaseError
from django.shortcuts import get_object_or_404
from django.contrib.contenttypes.models import ContentType
@@ -29,49 +29,16 @@ def register_permissions(namespace, permissions):
#TODO: Handle anonymous users
def check_permissions(requester, namespace, permission_list):
if isinstance(requester, User):
if requester.is_superuser:
return True
for permission_item in permission_list:
permission = get_object_or_404(Permission,
namespace=namespace, name=permission_item)
if check_permission(requester, permission):
#if check_permission(requester, permission):
if permission.has_permission(requester):
return True
raise PermissionDenied(ugettext(u'Insufficient permissions.'))
def check_permission(requester, permission):
for permission_holder in permission.permissionholder_set.all():
if check_requester(requester, permission_holder):
return True
def check_requester(requester, permission_holder):
ct = ContentType.objects.get_for_model(requester)
if permission_holder.holder_type == ct and permission_holder.holder_id == requester.id:
return True
if isinstance(permission_holder.holder_object, Role):
requester_list = [role_member.member_object for role_member in permission_holder.holder_object.rolemember_set.all()]
if check_elements(requester, requester_list):
return True
#Untested
if isinstance(permission_holder.holder_object, Group):
if check_elements(requester, permission_holder.holder_object.user_set.all()):
return True
#TODO: a role may contain groups, make recursive
def check_elements(requester, requester_list):
#ct = ContentType.objects.get_for_model(requester)
for requester_object in requester_list:
if requester == requester_object:
return True
register_permissions('permissions', [
{'name': PERMISSION_ROLE_VIEW, 'label':_(u'View roles')},
{'name': PERMISSION_ROLE_EDIT, 'label':_(u'Edit roles')},