From 3f9e79f0bc02d406cbcffb75d5a503b2ff9baef6 Mon Sep 17 00:00:00 2001 From: Roberto Rosario Date: Thu, 27 Oct 2011 07:44:51 -0400 Subject: [PATCH] Added encapsulation and semi working acl edititing view --- apps/acls/__init__.py | 6 + apps/acls/models.py | 247 +++++++++++++++++++++++++++--------------- apps/acls/urls.py | 2 + apps/acls/views.py | 116 +++++++++++++++----- 4 files changed, 255 insertions(+), 116 deletions(-) diff --git a/apps/acls/__init__.py b/apps/acls/__init__.py index 3a4c29a3aa..679830b4bf 100644 --- a/apps/acls/__init__.py +++ b/apps/acls/__init__.py @@ -1,6 +1,9 @@ from django.utils.translation import ugettext_lazy as _ from permissions.api import register_permission, set_namespace_title +from navigation.api import register_links + +from acls.models import AccessHolder ACLS_EDIT_ACL = {'namespace': 'acls', 'name': 'acl_edit', 'label': _(u'Edit ACLs')} @@ -11,3 +14,6 @@ register_permission(ACLS_EDIT_ACL) register_permission(ACLS_VIEW_ACL) acl_list = {'text': _(u'ACLs'), 'view': 'acl_list', 'famfam': 'lock', 'permissions': [ACLS_VIEW_ACL]} +acl_detail = {'text': _(u'Edit'), 'view': 'acl_detail', 'args': ['access_object.gid', 'object.gid'], 'famfam': 'lock', 'permissions': [ACLS_VIEW_ACL]} + +register_links(AccessHolder, [acl_detail]) diff --git a/apps/acls/models.py b/apps/acls/models.py index 81f2afdbb6..08e1ffc3fb 100644 --- a/apps/acls/models.py +++ b/apps/acls/models.py @@ -5,109 +5,178 @@ from django.contrib.contenttypes import generic from django.contrib.auth.models import User from django.core.exceptions import PermissionDenied from django.core.urlresolvers import reverse +from django.core.exceptions import ObjectDoesNotExist from permissions.models import Permission -from acls.widgets import object_w_content_type_icon +#from acls.widgets import object_w_content_type_icon +_encapsulation_cache = {} + +class EncapsulatedObject(object): + source_object_name = u'source_object' + ''' + @classmethod + def get_by_ct(cls, content_type, object_id): + """ + Return a single ACLHolder instance corresponding to the content + type object given as argument + """ + try: + return AccessHolder( + holder_object=ContentType.objects.get(content_type=access_entry.holder_type, object_id=access_entry.holder_id) + ) + except ContentType.DoesNotExits: + raise ObjectDoesNotExist + ''' + @classmethod + def set_source_object_name(cls, new_name): + cls.source_object_name = new_name + + @classmethod + def encapsulate(cls, source_object): + if source_object not in _encapsulation_cache: + encapsulated_object = cls(source_object) + _encapsulation_cache[source_object] = encapsulated_object + else: + return _encapsulation_cache[source_object] + return encapsulated_object + + @classmethod + def get(cls, gid): + app_label, model, pk = gid.split('.') + content_type = ContentType.objects.get(app_label=app_label, model=model) + source_object = content_type.get_object_for_this_type(pk=pk) + return cls.encapsulate(source_object) + + def __init__(self, source_object): + content_type = ContentType.objects.get_for_model(source_object) + self.gid = '%s.%s.%s' % (content_type.app_label, content_type.name, source_object.pk) + #self.source_object_name = self.__class__.source_object_name + #self.source_object = source_object + setattr(self, self.__class__.source_object_name, source_object) + + def __unicode__(self): + return unicode(getattr(self, self.__class__.source_object_name, None)) + + def __repr__(self): + return self.__unicode__() + + @property + def source_object(self): + return getattr(self, self.__class__.source_object_name, None) + + +class AccessHolder(EncapsulatedObject): + source_object_name = u'holder_object' + + +class AccessObject(EncapsulatedObject): + source_object_name = u'obj' + class AccessEntryManager(models.Manager): - def grant(self, permission, requester, obj): - """ - Grant a permission (what), (to) a requester, (on) a specific object - """ - access_entry, created = self.model.objects.get_or_create( - permission=permission, - holder_type=ContentType.objects.get_for_model(requester), - holder_id=requester.pk, - content_type=ContentType.objects.get_for_model(obj), - object_id=obj.pk - ) - return created + def grant(self, permission, requester, obj): + """ + Grant a permission (what), (to) a requester, (on) a specific object + """ + access_entry, created = self.model.objects.get_or_create( + permission=permission, + holder_type=ContentType.objects.get_for_model(requester), + holder_id=requester.pk, + content_type=ContentType.objects.get_for_model(obj), + object_id=obj.pk + ) + return created - def revoke(self, permission, holder, obj): - try: - access_entry = self.model.objects.get( - permission=permission, - holder_type=ContentType.objects.get_for_model(holder), - holder_id=holder.pk, - content_type=ContentType.objects.get_for_model(obj), - object_id=obj.pk - ) - access_entry.delete() - return True - except self.model.DoesNotExist: - return False + def revoke(self, permission, holder, obj): + try: + access_entry = self.model.objects.get( + permission=permission, + holder_type=ContentType.objects.get_for_model(holder), + holder_id=holder.pk, + content_type=ContentType.objects.get_for_model(obj), + object_id=obj.pk + ) + access_entry.delete() + return True + except self.model.DoesNotExist: + return False - def check_accesses(self, permission_list, requester, obj): - for permission_item in permission_list: - permission = get_object_or_404(Permission, - namespace=permission_item['namespace'], name=permission_item['name']) - try: - access_entry = self.model.objects.get( - permission=permission, - holder_type=ContentType.objects.get_for_model(requester), - holder_id=requester.pk, - content_type=ContentType.objects.get_for_model(obj), - object_id=obj.pk - ) - return True - except self.model.DoesNotExist: - raise PermissionDenied(ugettext(u'Insufficient permissions.')) - - def get_acl_url(self, obj): - content_type = ContentType.objects.get_for_model(obj) - return reverse('acl_list', args=[content_type.app_label, content_type.model, obj.pk]) - - def get_holders_for(self, obj): - content_type = ContentType.objects.get_for_model(obj) - holder_list = [] - for access_entry in self.model.objects.filter(content_type=content_type, object_id=obj.pk): - entry = { - 'object': access_entry.holder_object, - 'label': '%s: %s' % (access_entry.holder_type, access_entry.holder_object), - 'widget': object_w_content_type_icon(access_entry.holder_object), - } - if entry not in holder_list: - holder_list.append(entry) - - return holder_list + def check_accesses(self, permission_list, requester, obj): + for permission_item in permission_list: + permission = get_object_or_404(Permission, + namespace=permission_item['namespace'], name=permission_item['name']) + try: + access_entry = self.model.objects.get( + permission=permission, + holder_type=ContentType.objects.get_for_model(requester), + holder_id=requester.pk, + content_type=ContentType.objects.get_for_model(obj), + object_id=obj.pk + ) + return True + except self.model.DoesNotExist: + raise PermissionDenied(ugettext(u'Insufficient permissions.')) + + def get_acl_url(self, obj): + content_type = ContentType.objects.get_for_model(obj) + return reverse('acl_list', args=[content_type.app_label, content_type.model, obj.pk]) + + def get_holders_for(self, obj): + content_type = ContentType.objects.get_for_model(obj) + holder_list = [] + for access_entry in self.model.objects.filter(content_type=content_type, object_id=obj.pk): + #entry = { + # 'object': access_entry.holder_object, + # 'label': '%s: %s' % (access_entry.holder_type, access_entry.holder_object), + # #'widget': object_w_content_type_icon(access_entry.holder_object), + # 'compound_id': '9', + #} + #entry = ACLHolder.objects.get(content_type=access_entry.holder_type, object_id=access_entry.holder_id) + #entry = access_entry.holder_object + entry = AccessHolder.encapsulate(access_entry.holder_object) + + if entry not in holder_list: + holder_list.append(entry) + + return holder_list - def get_acls_for_holder(self, obj, holder): - holder_type = ContentType.objects.get_for_model(holder) - content_type = ContentType.objects.get_for_model(obj) - return [access.permission for access in self.model.objects.filter(content_type=content_type, object_id=obj.pk, holder_type=holder_type, holder_id=holder.pk)] + def get_permissions_for_holder(self, obj, holder): + holder_type = ContentType.objects.get_for_model(holder) + content_type = ContentType.objects.get_for_model(obj) + return [access.permission for access in self.model.objects.filter(content_type=content_type, object_id=obj.pk, holder_type=holder_type, holder_id=holder.pk)] class AccessEntry(models.Model): - permission = models.ForeignKey(Permission, verbose_name=_(u'permission')) + permission = models.ForeignKey(Permission, verbose_name=_(u'permission')) - holder_type = models.ForeignKey( - ContentType, - related_name='access_holder', - limit_choices_to={'model__in': ('user', 'group', 'role')} - ) - holder_id = models.PositiveIntegerField() - holder_object = generic.GenericForeignKey( - ct_field='holder_type', - fk_field='holder_id' - ) + holder_type = models.ForeignKey( + ContentType, + related_name='access_holder', + limit_choices_to={'model__in': ('user', 'group', 'role')} + ) + holder_id = models.PositiveIntegerField() + holder_object = generic.GenericForeignKey( + ct_field='holder_type', + fk_field='holder_id' + ) - content_type = models.ForeignKey( - ContentType, - related_name='object_content_type' - ) - object_id = models.PositiveIntegerField() - content_object = generic.GenericForeignKey( - ct_field='content_type', - fk_field='object_id' - ) + content_type = models.ForeignKey( + ContentType, + related_name='object_content_type' + ) + object_id = models.PositiveIntegerField() + content_object = generic.GenericForeignKey( + ct_field='content_type', + fk_field='object_id' + ) - objects = AccessEntryManager() + objects = AccessEntryManager() - class Meta: - verbose_name = _(u'access entry') - verbose_name_plural = _(u'access entries') + class Meta: + verbose_name = _(u'access entry') + verbose_name_plural = _(u'access entries') - def __unicode__(self): - return u'%s: %s' % (self.content_type, self.content_object) + def __unicode__(self): + return u'%s: %s' % (self.content_type, self.content_object) diff --git a/apps/acls/urls.py b/apps/acls/urls.py index 00baddf5ea..7dfc8c25f5 100644 --- a/apps/acls/urls.py +++ b/apps/acls/urls.py @@ -2,6 +2,8 @@ from django.conf.urls.defaults import patterns, url urlpatterns = patterns('acls.views', url(r'^list_for/(?P[-\w]+)/(?P[-\w]+)/(?P\d+)/$', 'acl_list', (), 'acl_list'), + #url(r'^object/(?P[-\w]+)/(?P[-\w]+)/(?P\d+)/holder/(?P[-\w]+)/(?P[-\w]+)/(?P\d+)/$', 'acl_detail', (), 'acl_detail'), + url(r'^details/(?P[.\w]+)/holder/(?P[.\w]+)/$', 'acl_detail', (), 'acl_detail'), # url(r'^role/list/$', 'role_list', (), 'role_list'), # url(r'^role/create/$', 'role_create', (), 'role_create'), diff --git a/apps/acls/views.py b/apps/acls/views.py index 6e5671d03a..21ef01fa6f 100644 --- a/apps/acls/views.py +++ b/apps/acls/views.py @@ -9,45 +9,107 @@ from django.views.generic.create_update import create_object, delete_object, upd from django.contrib.contenttypes.models import ContentType from django.contrib.auth.models import User, Group -from permissions.api import check_permissions, namespace_titles, get_permission_label +from permissions.api import check_permissions, namespace_titles, get_permission_label, get_permission_namespace_label from common.utils import generate_choices_w_labels, encapsulate from acls import ACLS_EDIT_ACL, ACLS_VIEW_ACL -from acls.models import AccessEntry +from acls.models import AccessEntry, AccessObject, AccessHolder +from acls.widgets import object_w_content_type_icon def _permission_titles(permission_list): - return u', '.join([get_permission_label(permission) for permission in permission_list]) - - + return u', '.join([get_permission_label(permission) for permission in permission_list]) + + def acl_list_for(request, obj, extra_context=None): - check_permissions(request.user, [ACLS_VIEW_ACL]) + check_permissions(request.user, [ACLS_VIEW_ACL]) - context = { - 'object_list': AccessEntry.objects.get_holders_for(obj), - 'title': _(u'access control lists for: %s' % obj), - #'multi_select_as_buttons': True, - #'hide_links': True, - 'extra_columns': [ - #{'name': _(u'holder'), 'attribute': 'label'}, - {'name': _(u'holder'), 'attribute': 'widget'}, - {'name': _(u'permissions'), 'attribute': encapsulate(lambda x: _permission_titles(AccessEntry.objects.get_acls_for_holder(obj, x['object'])))}, - #{'name': _(u'arguments'), 'attribute': 'arguments'} - ], - #'hide_link': True, - 'hide_object': True, - } + ct = ContentType.objects.get_for_model(obj) - if extra_context: - context.update(extra_context) + context = { + #'app_label': ct.app_label, + #'model_name': ct.model, + 'object_list': AccessEntry.objects.get_holders_for(obj), + 'title': _(u'access control lists for: %s' % obj), + #'multi_select_as_buttons': True, + #'hide_links': True, + 'extra_columns': [ + #{'name': _(u'holder'), 'attribute': 'label'}, + #{'name': _(u'obj'), 'attribute': 'holder_object'}, + {'name': _(u'gid'), 'attribute': 'gid'}, + {'name': _(u'holder'), 'attribute': encapsulate(lambda x: object_w_content_type_icon(x.source_object))}, + {'name': _(u'permissions'), 'attribute': encapsulate(lambda x: _permission_titles(AccessEntry.objects.get_permissions_for_holder(obj, x.source_object)))}, + #{'name': _(u'arguments'), 'attribute': 'arguments'} + ], + #'hide_link': True, + #'hide_object': True, + 'access_object': AccessObject.encapsulate(obj) + } - return render_to_response('generic_list.html', context, - context_instance=RequestContext(request)) + if extra_context: + context.update(extra_context) + + return render_to_response('generic_list.html', context, + context_instance=RequestContext(request)) def acl_list(request, app_label, model_name, object_id): - ct = get_object_or_404(ContentType, app_label=app_label, model=model_name) - obj = get_object_or_404(ContentType.user_type.get_object_for_this_type, pk=object_id) - return acl_list_for(request, obj) + ct = get_object_or_404(ContentType, app_label=app_label, model=model_name) + obj = get_object_or_404(ct.get_object_for_this_type, pk=object_id) + return acl_list_for(request, obj) +#def acl_detail(request, app_label, model_name, object_id, holder_app_label, holder_model_name, holder_id): +def acl_detail(request, access_object_gid, holder_object_gid): + #check_permissions(request.user, [PERMISSION_PERMISSION_GRANT, PERMISSION_PERMISSION_REVOKE]) + #ct = get_object_or_404(ContentType, app_label=app_label, model=model_name) + #obj = get_object_or_404(ct.get_object_for_this_type, pk=object_id) + + #ct = get_object_or_404(ContentType, app_label=holder_app_label, model=holder_model_name) + #holder = get_object_or_404(ct.get_object_for_this_type, pk=holder_id) + + #access_entry = get_object_or_404(AccessEntry, pk=access_entry_id) + #holder = + #role = get_object_or_404(Role, pk=role_id) + #form = RoleForm_view(instance=role) + + #role_permissions_list = Permission.objects.get_for_holder(role) + + #try; + holder = AccessHolder.get(gid=holder_object_gid) + access_object = AccessObject.get(gid=access_object_gid) + #raise 404 + + subtemplates_list = [ + { + 'name': u'generic_list_subtemplate.html', + 'context': { + 'title': _(u'permissions held by: %s for %s' % (holder, access_object)), + 'object_list': AccessEntry.objects.get_permissions_for_holder(access_object.source_object, holder.source_object), + 'extra_columns': [ + {'name': _(u'namespace'), 'attribute': encapsulate(lambda x: get_permission_namespace_label(x))}, + {'name': _(u'name'), 'attribute': encapsulate(lambda x: get_permission_label(x))}, + #{ + # 'name':_(u'has permission'), + # 'attribute': encapsulate(lambda x: two_state_template(x.has_permission(role))), + #}, + ], + #'hide_link': True, + #'hide_object': True, + } + }, + ] + + return render_to_response('generic_detail.html', { + #'form': form, + 'object': access_object.obj, + 'object_name': _(u'object'), + 'subtemplates_list': subtemplates_list, + #'multi_select_as_buttons': True, + #'multi_select_item_properties': { + # 'permission_id': lambda x: x.pk, + # 'requester_id': lambda x: role.pk, + # 'requester_app_label': lambda x: ContentType.objects.get_for_model(role).app_label, + # 'requester_model': lambda x: ContentType.objects.get_for_model(role).model, + #}, + }, context_instance=RequestContext(request))