diff --git a/apps/acls/__init__.py b/apps/acls/__init__.py
index 81de093b2b..3a4c29a3aa 100644
--- a/apps/acls/__init__.py
+++ b/apps/acls/__init__.py
@@ -1,9 +1,5 @@
from django.utils.translation import ugettext_lazy as _
-#from documents.models import Document
-from navigation.api import register_links, register_multi_item_links
-from project_setup.api import register_setup
-
from permissions.api import register_permission, set_namespace_title
@@ -15,7 +11,3 @@ register_permission(ACLS_EDIT_ACL)
register_permission(ACLS_VIEW_ACL)
acl_list = {'text': _(u'ACLs'), 'view': 'acl_list', 'famfam': 'lock', 'permissions': [ACLS_VIEW_ACL]}
-
-
-
-#register_links(Document, [acl_list], menu_name='form_header')
diff --git a/apps/acls/literals.py b/apps/acls/literals.py
new file mode 100644
index 0000000000..5222fdb4f5
--- /dev/null
+++ b/apps/acls/literals.py
@@ -0,0 +1,7 @@
+
+CONTENT_TYPE_ICON_MAP = {
+ 'auth.user': 'user',
+ 'auth.group': 'group',
+ 'documents.document': 'page',
+ 'permissions.role': 'medal_gold_1',
+}
diff --git a/apps/acls/models.py b/apps/acls/models.py
index 82d921cc9e..81f2afdbb6 100644
--- a/apps/acls/models.py
+++ b/apps/acls/models.py
@@ -3,21 +3,20 @@ from django.utils.translation import ugettext_lazy as _
from django.contrib.contenttypes.models import ContentType
from django.contrib.contenttypes import generic
from django.contrib.auth.models import User
-#from django.shortcuts import get_object_or_404
-#from django.utils.translation import ugettext
from django.core.exceptions import PermissionDenied
from django.core.urlresolvers import reverse
-
from permissions.models import Permission
+from acls.widgets import object_w_content_type_icon
+
class AccessEntryManager(models.Manager):
def grant(self, permission, requester, obj):
"""
Grant a permission (what), (to) a requester, (on) a specific object
"""
- access_entry, created = AccessEntry.objects.get_or_create(
+ access_entry, created = self.model.objects.get_or_create(
permission=permission,
holder_type=ContentType.objects.get_for_model(requester),
holder_id=requester.pk,
@@ -28,7 +27,7 @@ class AccessEntryManager(models.Manager):
def revoke(self, permission, holder, obj):
try:
- access_entry = AccessEntry.objects.get(
+ access_entry = self.model.objects.get(
permission=permission,
holder_type=ContentType.objects.get_for_model(holder),
holder_id=holder.pk,
@@ -37,7 +36,7 @@ class AccessEntryManager(models.Manager):
)
access_entry.delete()
return True
- except AccessEntry.DoesNotExist:
+ except self.model.DoesNotExist:
return False
def check_accesses(self, permission_list, requester, obj):
@@ -45,7 +44,7 @@ class AccessEntryManager(models.Manager):
permission = get_object_or_404(Permission,
namespace=permission_item['namespace'], name=permission_item['name'])
try:
- access_entry = AccessEntry.objects.get(
+ access_entry = self.model.objects.get(
permission=permission,
holder_type=ContentType.objects.get_for_model(requester),
holder_id=requester.pk,
@@ -53,26 +52,56 @@ class AccessEntryManager(models.Manager):
object_id=obj.pk
)
return True
- except AccessEntry.DoesNotExist:
+ except self.model.DoesNotExist:
raise PermissionDenied(ugettext(u'Insufficient permissions.'))
def get_acl_url(self, obj):
- content_type = ContentType.objects.get_for_model(obj.__class__)
- return reverse('acl_list', args=[content_type.app_label, content_type.model, obj.pk])
+ content_type = ContentType.objects.get_for_model(obj)
+ return reverse('acl_list', args=[content_type.app_label, content_type.model, obj.pk])
+
+ def get_holders_for(self, obj):
+ content_type = ContentType.objects.get_for_model(obj)
+ holder_list = []
+ for access_entry in self.model.objects.filter(content_type=content_type, object_id=obj.pk):
+ entry = {
+ 'object': access_entry.holder_object,
+ 'label': '%s: %s' % (access_entry.holder_type, access_entry.holder_object),
+ 'widget': object_w_content_type_icon(access_entry.holder_object),
+ }
+ if entry not in holder_list:
+ holder_list.append(entry)
+
+ return holder_list
+
+ def get_acls_for_holder(self, obj, holder):
+ holder_type = ContentType.objects.get_for_model(holder)
+ content_type = ContentType.objects.get_for_model(obj)
+ return [access.permission for access in self.model.objects.filter(content_type=content_type, object_id=obj.pk, holder_type=holder_type, holder_id=holder.pk)]
class AccessEntry(models.Model):
permission = models.ForeignKey(Permission, verbose_name=_(u'permission'))
- holder_type = models.ForeignKey(ContentType,
- related_name='access_holder',
- limit_choices_to={'model__in': ('user', 'group', 'role')})
- holder_id = models.PositiveIntegerField()
- holder_object = generic.GenericForeignKey(ct_field='holder_type', fk_field='holder_id')
- content_type = models.ForeignKey(ContentType,
- related_name='object_content_type')
+ holder_type = models.ForeignKey(
+ ContentType,
+ related_name='access_holder',
+ limit_choices_to={'model__in': ('user', 'group', 'role')}
+ )
+ holder_id = models.PositiveIntegerField()
+ holder_object = generic.GenericForeignKey(
+ ct_field='holder_type',
+ fk_field='holder_id'
+ )
+
+ content_type = models.ForeignKey(
+ ContentType,
+ related_name='object_content_type'
+ )
object_id = models.PositiveIntegerField()
- content_object = generic.GenericForeignKey(ct_field='content_type', fk_field='object_id')
+ content_object = generic.GenericForeignKey(
+ ct_field='content_type',
+ fk_field='object_id'
+ )
objects = AccessEntryManager()
diff --git a/apps/acls/views.py b/apps/acls/views.py
index be8a154646..6e5671d03a 100644
--- a/apps/acls/views.py
+++ b/apps/acls/views.py
@@ -9,19 +9,33 @@ from django.views.generic.create_update import create_object, delete_object, upd
from django.contrib.contenttypes.models import ContentType
from django.contrib.auth.models import User, Group
-from permissions.api import check_permissions, namespace_titles
+from permissions.api import check_permissions, namespace_titles, get_permission_label
+from common.utils import generate_choices_w_labels, encapsulate
from acls import ACLS_EDIT_ACL, ACLS_VIEW_ACL
+from acls.models import AccessEntry
+def _permission_titles(permission_list):
+ return u', '.join([get_permission_label(permission) for permission in permission_list])
+
+
def acl_list_for(request, obj, extra_context=None):
check_permissions(request.user, [ACLS_VIEW_ACL])
context = {
- 'object_list': [],
+ 'object_list': AccessEntry.objects.get_holders_for(obj),
'title': _(u'access control lists for: %s' % obj),
#'multi_select_as_buttons': True,
#'hide_links': True,
+ 'extra_columns': [
+ #{'name': _(u'holder'), 'attribute': 'label'},
+ {'name': _(u'holder'), 'attribute': 'widget'},
+ {'name': _(u'permissions'), 'attribute': encapsulate(lambda x: _permission_titles(AccessEntry.objects.get_acls_for_holder(obj, x['object'])))},
+ #{'name': _(u'arguments'), 'attribute': 'arguments'}
+ ],
+ #'hide_link': True,
+ 'hide_object': True,
}
if extra_context:
diff --git a/apps/acls/widgets.py b/apps/acls/widgets.py
new file mode 100644
index 0000000000..c35501df58
--- /dev/null
+++ b/apps/acls/widgets.py
@@ -0,0 +1,26 @@
+from django.utils.translation import ugettext_lazy as _
+from django.utils.safestring import mark_safe
+from django import forms
+from django.forms.util import flatatt
+from django.utils.html import conditional_escape
+from django.utils.encoding import force_unicode
+from django.contrib.contenttypes.models import ContentType
+
+from acls.literals import CONTENT_TYPE_ICON_MAP
+
+
+def content_type_icon(content_type):
+ return mark_safe(u'' % CONTENT_TYPE_ICON_MAP.get('%s.%s' % (content_type.app_label, content_type.name), 'help'))
+
+
+def object_w_content_type_icon(obj):
+ content_type = ContentType.objects.get_for_model(obj)
+
+ ct_fullname = '%s.%s' % (content_type.app_label, content_type.name)
+
+ if ct_fullname == 'auth.user':
+ label = obj.get_full_name()
+ else:
+ label = unicode(obj)
+
+ return mark_safe('%s%s' % (content_type_icon(content_type), label))