From c3175c7ea40cdbc7778d2b7b2a67884a152fc53e Mon Sep 17 00:00:00 2001
From: Roberto Rosario <Roberto.Rosario.Gonzalez@gmail.com>
Date: Sun, 8 Jan 2012 04:57:54 -0400
Subject: [PATCH] Add anonymous user support to the permission app

---
 apps/permissions/managers.py |  1 -
 apps/permissions/models.py   | 15 +++++++++++++--
 2 files changed, 13 insertions(+), 3 deletions(-)

diff --git a/apps/permissions/managers.py b/apps/permissions/managers.py
index 38a94ceee4..2284f55e01 100644
--- a/apps/permissions/managers.py
+++ b/apps/permissions/managers.py
@@ -17,7 +17,6 @@ logger = logging.getLogger(__name__)
 class RoleMemberManager(models.Manager):
     def get_roles_for_member(self, member_obj):
         member_obj = AnonymousUserSingleton.objects.passthru_check(member_obj)
-
         member_type = ContentType.objects.get_for_model(member_obj)
         return [role_member.role for role_member in self.model.objects.filter(member_type=member_type, member_id=member_obj.pk)]
 
diff --git a/apps/permissions/models.py b/apps/permissions/models.py
index 744703f1c3..2ec16fe68f 100644
--- a/apps/permissions/models.py
+++ b/apps/permissions/models.py
@@ -10,6 +10,8 @@ from django.contrib.contenttypes import generic
 from django.contrib.auth.models import User
 from django.core.exceptions import PermissionDenied
 
+from common.models import AnonymousUserSingleton
+
 from .managers import (RoleMemberManager, StoredPermissionManager)
     
 logger = logging.getLogger(__name__)
@@ -44,6 +46,8 @@ class PermissionManager(object):
             if permission.requester_has_this(requester):
                 return True
 
+        logger.debug('no permission')
+
         raise PermissionDenied(ugettext(u'Insufficient permissions.'))
         
     @classmethod
@@ -105,8 +109,7 @@ class Permission(object):
         return stored_permission
      
     def requester_has_this(self, requester):
-        stored_permission = self.get_stored_permission(
-        )
+        stored_permission = self.get_stored_permission()
         return stored_permission.requester_has_this(requester)
 
     def save(self, *args, **kwargs):
@@ -139,6 +142,8 @@ class StoredPermission(models.Model):
         return [holder.holder_object for holder in self.permissionholder_set.all()]
 
     def requester_has_this(self, requester):
+        requester = AnonymousUserSingleton.objects.passthru_check(requester)
+        logger.debug('requester: %s' % requester)
         if isinstance(requester, User):
             if requester.is_superuser or requester.is_staff:
                 return True
@@ -159,12 +164,17 @@ class StoredPermission(models.Model):
         for membership in list(set(roles) | set(groups)):
             if self.requester_has_this(membership):
                 return True
+            
+        logger.debug('Fallthru')
+        return False
 
     def grant_to(self, requester):
+        requester = AnonymousUserSingleton.objects.passthru_check(requester)
         permission_holder, created = PermissionHolder.objects.get_or_create(permission=self, holder_type=ContentType.objects.get_for_model(requester), holder_id=requester.pk)
         return created
 
     def revoke_from(self, holder):
+        requester = AnonymousUserSingleton.objects.passthru_check(requester)
         try:
             permission_holder = PermissionHolder.objects.get(permission=self, holder_type=ContentType.objects.get_for_model(holder), holder_id=holder.pk)
             permission_holder.delete()
@@ -199,6 +209,7 @@ class Role(models.Model):
         verbose_name_plural = _(u'roles')
 
     def add_member(self, member):
+        member = AnonymousUserSingleton.objects.passthru_check(member)
         role_member, created = RoleMember.objects.get_or_create(
             role=self,
             member_type=ContentType.objects.get_for_model(member),