diff --git a/mayan/apps/permissions/classes.py b/mayan/apps/permissions/classes.py index be9f609dd1..b95dfa0d13 100644 --- a/mayan/apps/permissions/classes.py +++ b/mayan/apps/permissions/classes.py @@ -1,11 +1,14 @@ from __future__ import unicode_literals -from django.core.exceptions import PermissionDenied +import logging -from acls.classes import EncapsulatedObject +from django.core.exceptions import PermissionDenied +from django.utils.translation import ugettext_lazy as _ from .models import StoredPermission +logger = logging.getLogger(__name__) + class PermissionNamespace(object): _registry = {} @@ -45,7 +48,7 @@ class Permission(object): logger.debug('no permission') - raise PermissionDenied(ugettext('Insufficient permissions.')) + raise PermissionDenied(_('Insufficient permissions.')) @classmethod def get_for_holder(cls, holder): diff --git a/mayan/apps/permissions/forms.py b/mayan/apps/permissions/forms.py index 4b75990771..bc588e37f0 100644 --- a/mayan/apps/permissions/forms.py +++ b/mayan/apps/permissions/forms.py @@ -2,8 +2,6 @@ from __future__ import unicode_literals from django import forms -from common.forms import DetailForm - from .models import Role @@ -11,9 +9,3 @@ class RoleForm(forms.ModelForm): class Meta: fields = ('name', 'label') model = Role - - -class RoleForm_view(DetailForm): - class Meta: - fields = ('name', 'label') - model = Role diff --git a/mayan/apps/permissions/models.py b/mayan/apps/permissions/models.py index cc14c3a148..c927a341b1 100644 --- a/mayan/apps/permissions/models.py +++ b/mayan/apps/permissions/models.py @@ -2,17 +2,13 @@ from __future__ import unicode_literals import logging -from django.contrib.auth.models import Group, User -from django.contrib.contenttypes import generic -from django.contrib.contenttypes.models import ContentType -from django.core.exceptions import PermissionDenied +from django.contrib.auth.models import Group from django.core.urlresolvers import reverse from django.db import models from django.utils.encoding import python_2_unicode_compatible -from django.utils.translation import ugettext from django.utils.translation import ugettext_lazy as _ -from .managers import RoleMemberManager, StoredPermissionManager +from .managers import StoredPermissionManager logger = logging.getLogger(__name__) @@ -45,52 +41,25 @@ class StoredPermission(models.Model): return unicode(getattr(self, 'volatile_permission', self.name)) def get_holders(self): - return self.roles.all() - #return (holder.holder_object for holder in self.permissionholder_set.all()) + result = [] + for role in self.roles.all(): + for user in role.group.user_set.all(): + result.append(user) - def requester_has_this(self, actor): - #actor = AnonymousUserSingleton.objects.passthru_check(actor) + return result - logger.debug('actor: %s', actor) - if isinstance(actor, User): - if actor.is_superuser or actor.is_staff: - return True - - # Request is one of the permission's holders? - if actor in self.get_holders(): + def requester_has_this(self, user): + logger.debug('user: %s', user) + if user.is_superuser or user.is_staff: return True - # If not check if the requesters memberships objects is one of - # the permission's holder? - roles = RoleMember.objects.get_roles_for_member(actor) - - if isinstance(actor, User): - groups = actor.groups.all() - else: - groups = [] - - for membership in list(set(roles) | set(groups)): - if self.requester_has_this(membership): - return True + # Request is one of the permission's holders? + if user in self.get_holders(): + return True logger.debug('Fallthru') return False - def grant_to(self, actor): - actor = AnonymousUserSingleton.objects.passthru_check(actor) - permission_holder, created = PermissionHolder.objects.get_or_create(permission=self, holder_type=ContentType.objects.get_for_model(actor), holder_id=actor.pk) - return created - - def revoke_from(self, actor): - actor = AnonymousUserSingleton.objects.passthru_check(actor) - try: - permission_holder = PermissionHolder.objects.get(permission=self, holder_type=ContentType.objects.get_for_model(actor), holder_id=actor.pk) - permission_holder.delete() - except PermissionHolder.DoesNotExist: - return False - else: - return True - @python_2_unicode_compatible class Role(models.Model): diff --git a/mayan/apps/permissions/urls.py b/mayan/apps/permissions/urls.py index 1370c19ec7..b965c51d4b 100644 --- a/mayan/apps/permissions/urls.py +++ b/mayan/apps/permissions/urls.py @@ -4,13 +4,13 @@ from django.conf.urls import patterns, url from .api_views import APIRoleListView, APIRoleView from .views import ( - RoleCreateView, RoleDeleteView, RoleEditView, SetupRoleMembersView, - SetupRolePermissionsView + RoleCreateView, RoleDeleteView, RoleEditView, RoleListView, + SetupRoleMembersView, SetupRolePermissionsView ) urlpatterns = patterns( 'permissions.views', - url(r'^role/list/$', 'role_list', name='role_list'), + url(r'^role/list/$', RoleListView.as_view(), name='role_list'), url(r'^role/create/$', RoleCreateView.as_view(), name='role_create'), url(r'^role/(?P\d+)/permissions/$', SetupRolePermissionsView.as_view(), name='role_permissions'), url(r'^role/(?P\d+)/edit/$', RoleEditView.as_view(), name='role_edit'), diff --git a/mayan/apps/permissions/views.py b/mayan/apps/permissions/views.py index 9f7690a746..64d535f561 100644 --- a/mayan/apps/permissions/views.py +++ b/mayan/apps/permissions/views.py @@ -1,29 +1,19 @@ from __future__ import unicode_literals import itertools -from json import loads -import operator -from django.contrib import messages from django.contrib.auth.models import Group -from django.contrib.contenttypes.models import ContentType -from django.core.urlresolvers import reverse from django.core.urlresolvers import reverse_lazy -from django.conf import settings -from django.http import Http404, HttpResponseRedirect -from django.shortcuts import get_object_or_404, render_to_response -from django.template import RequestContext +from django.shortcuts import get_object_or_404 from django.utils.translation import ugettext_lazy as _ from common.views import ( AssignRemoveView, SingleObjectCreateView, SingleObjectDeleteView, - SingleObjectEditView + SingleObjectEditView, SingleObjectListView ) -from common.utils import encapsulate -from common.widgets import two_state_template from .classes import Permission, PermissionNamespace -from .forms import RoleForm, RoleForm_view +from .forms import RoleForm from .models import Role, StoredPermission from .permissions import ( permission_permission_grant, permission_permission_revoke, @@ -134,42 +124,11 @@ class SetupRolePermissionsView(AssignRemoveView): return data -def role_list(request): - Permission.check_permissions(request.user, [permission_role_view]) - - context = { - 'object_list': Role.objects.all(), - 'title': _('Roles'), +class RoleListView(SingleObjectListView): + extra_context = { 'hide_link': True, + 'title': _('Roles'), } - return render_to_response('appearance/generic_list.html', context, - context_instance=RequestContext(request)) - - -def role_permissions(request, role_id): - Permission.check_permissions(request.user, [permission_permission_grant, permission_permission_revoke]) - - role = get_object_or_404(Role, pk=role_id) - - return render_to_response('appearance/generic_list.html', { - 'object': role, - 'multi_select_item_properties': { - 'permission_id': lambda x: x.pk, - 'requester_id': lambda x: role.pk, - 'requester_app_label': lambda x: ContentType.objects.get_for_model(role).app_label, - 'requester_model': lambda x: ContentType.objects.get_for_model(role).model, - }, - 'title': _('Permissions for: %s') % role, - 'object_list': Permission.all(), - 'extra_columns': [ - {'name': _('Namespace'), 'attribute': encapsulate(lambda x: x.namespace)}, - {'name': _('Name'), 'attribute': encapsulate(lambda x: x.label)}, - { - 'name': _('Has permission'), - 'attribute': encapsulate(lambda x: two_state_template(x.requester_has_this(role))), - }, - ], - 'hide_link': True, - 'hide_object': True, - }, context_instance=RequestContext(request)) + model = Role + view_permission = permission_role_view