matthias/mayan-edms
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Remove unused permissions check code

Browse Source
This commit is contained in:
Roberto Rosario
2015-06-29 16:58:46 -04:00
parent 750c86e41c
commit a68be31e52
5 changed files with 30 additions and 107 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
mayan/apps/permissions/classes.py
View File

@@ -1,11 +1,14 @@
from __future__ import unicode_literals
from django.core.exceptions import PermissionDenied
import logging
from acls.classes import EncapsulatedObject
from django.core.exceptions import PermissionDenied
from django.utils.translation import ugettext_lazy as _
from .models import StoredPermission
logger = logging.getLogger(__name__)
class PermissionNamespace(object):
_registry = {}
@@ -45,7 +48,7 @@ class Permission(object):
logger.debug('no permission')
raise PermissionDenied(ugettext('Insufficient permissions.'))
raise PermissionDenied(_('Insufficient permissions.'))
@classmethod
def get_for_holder(cls, holder):

8
mayan/apps/permissions/forms.py
View File

@@ -2,8 +2,6 @@ from __future__ import unicode_literals
from django import forms
from common.forms import DetailForm
from .models import Role
@@ -11,9 +9,3 @@ class RoleForm(forms.ModelForm):
class Meta:
fields = ('name', 'label')
model = Role
class RoleForm_view(DetailForm):
class Meta:
fields = ('name', 'label')
model = Role

57
mayan/apps/permissions/models.py
View File

@@ -2,17 +2,13 @@ from __future__ import unicode_literals
import logging
from django.contrib.auth.models import Group, User
from django.contrib.contenttypes import generic
from django.contrib.contenttypes.models import ContentType
from django.core.exceptions import PermissionDenied
from django.contrib.auth.models import Group
from django.core.urlresolvers import reverse
from django.db import models
from django.utils.encoding import python_2_unicode_compatible
from django.utils.translation import ugettext
from django.utils.translation import ugettext_lazy as _
from .managers import RoleMemberManager, StoredPermissionManager
from .managers import StoredPermissionManager
logger = logging.getLogger(__name__)
@@ -45,52 +41,25 @@ class StoredPermission(models.Model):
return unicode(getattr(self, 'volatile_permission', self.name))
def get_holders(self):
return self.roles.all()
#return (holder.holder_object for holder in self.permissionholder_set.all())
result = []
for role in self.roles.all():
for user in role.group.user_set.all():
result.append(user)
def requester_has_this(self, actor):
#actor = AnonymousUserSingleton.objects.passthru_check(actor)
return result
logger.debug('actor: %s', actor)
if isinstance(actor, User):
if actor.is_superuser or actor.is_staff:
return True
# Request is one of the permission's holders?
if actor in self.get_holders():
def requester_has_this(self, user):
logger.debug('user: %s', user)
if user.is_superuser or user.is_staff:
return True
# If not check if the requesters memberships objects is one of
# the permission's holder?
roles = RoleMember.objects.get_roles_for_member(actor)
if isinstance(actor, User):
groups = actor.groups.all()
else:
groups = []
for membership in list(set(roles) | set(groups)):
if self.requester_has_this(membership):
return True
# Request is one of the permission's holders?
if user in self.get_holders():
return True
logger.debug('Fallthru')
return False
def grant_to(self, actor):
actor = AnonymousUserSingleton.objects.passthru_check(actor)
permission_holder, created = PermissionHolder.objects.get_or_create(permission=self, holder_type=ContentType.objects.get_for_model(actor), holder_id=actor.pk)
return created
def revoke_from(self, actor):
actor = AnonymousUserSingleton.objects.passthru_check(actor)
try:
permission_holder = PermissionHolder.objects.get(permission=self, holder_type=ContentType.objects.get_for_model(actor), holder_id=actor.pk)
permission_holder.delete()
except PermissionHolder.DoesNotExist:
return False
else:
return True
@python_2_unicode_compatible
class Role(models.Model):

6
mayan/apps/permissions/urls.py
View File

@@ -4,13 +4,13 @@ from django.conf.urls import patterns, url
from .api_views import APIRoleListView, APIRoleView
from .views import (
RoleCreateView, RoleDeleteView, RoleEditView, SetupRoleMembersView,
SetupRolePermissionsView
RoleCreateView, RoleDeleteView, RoleEditView, RoleListView,
SetupRoleMembersView, SetupRolePermissionsView
)
urlpatterns = patterns(
'permissions.views',
url(r'^role/list/$', 'role_list', name='role_list'),
url(r'^role/list/$', RoleListView.as_view(), name='role_list'),
url(r'^role/create/$', RoleCreateView.as_view(), name='role_create'),
url(r'^role/(?P<pk>\d+)/permissions/$', SetupRolePermissionsView.as_view(), name='role_permissions'),
url(r'^role/(?P<pk>\d+)/edit/$', RoleEditView.as_view(), name='role_edit'),

57
mayan/apps/permissions/views.py
View File

@@ -1,29 +1,19 @@
from __future__ import unicode_literals
import itertools
from json import loads
import operator
from django.contrib import messages
from django.contrib.auth.models import Group
from django.contrib.contenttypes.models import ContentType
from django.core.urlresolvers import reverse
from django.core.urlresolvers import reverse_lazy
from django.conf import settings
from django.http import Http404, HttpResponseRedirect
from django.shortcuts import get_object_or_404, render_to_response
from django.template import RequestContext
from django.shortcuts import get_object_or_404
from django.utils.translation import ugettext_lazy as _
from common.views import (
AssignRemoveView, SingleObjectCreateView, SingleObjectDeleteView,
SingleObjectEditView
SingleObjectEditView, SingleObjectListView
)
from common.utils import encapsulate
from common.widgets import two_state_template
from .classes import Permission, PermissionNamespace
from .forms import RoleForm, RoleForm_view
from .forms import RoleForm
from .models import Role, StoredPermission
from .permissions import (
permission_permission_grant, permission_permission_revoke,
@@ -134,42 +124,11 @@ class SetupRolePermissionsView(AssignRemoveView):
return data
def role_list(request):
Permission.check_permissions(request.user, [permission_role_view])
context = {
'object_list': Role.objects.all(),
'title': _('Roles'),
class RoleListView(SingleObjectListView):
extra_context = {
'hide_link': True,
'title': _('Roles'),
}
return render_to_response('appearance/generic_list.html', context,
context_instance=RequestContext(request))
def role_permissions(request, role_id):
Permission.check_permissions(request.user, [permission_permission_grant, permission_permission_revoke])
role = get_object_or_404(Role, pk=role_id)
return render_to_response('appearance/generic_list.html', {
'object': role,
'multi_select_item_properties': {
'permission_id': lambda x: x.pk,
'requester_id': lambda x: role.pk,
'requester_app_label': lambda x: ContentType.objects.get_for_model(role).app_label,
'requester_model': lambda x: ContentType.objects.get_for_model(role).model,
},
'title': _('Permissions for: %s') % role,
'object_list': Permission.all(),
'extra_columns': [
{'name': _('Namespace'), 'attribute': encapsulate(lambda x: x.namespace)},
{'name': _('Name'), 'attribute': encapsulate(lambda x: x.label)},
{
'name': _('Has permission'),
'attribute': encapsulate(lambda x: two_state_template(x.requester_has_this(role))),
},
],
'hide_link': True,
'hide_object': True,
}, context_instance=RequestContext(request))
model = Role
view_permission = permission_role_view