diff --git a/apps/acls/forms.py b/apps/acls/forms.py index 3f2c048320..6182f8fc5f 100644 --- a/apps/acls/forms.py +++ b/apps/acls/forms.py @@ -52,7 +52,7 @@ class BaseHolderSelectionForm(forms.Form): class HolderSelectionForm(BaseHolderSelectionForm): special_holders = [AnonymousUserSingleton.objects.get()] - - + + class ClassHolderSelectionForm(BaseHolderSelectionForm): special_holders = [AnonymousUserSingleton.objects.get(), CreatorSingleton.objects.get()] diff --git a/apps/acls/managers.py b/apps/acls/managers.py index 061359d102..42ad2f7bc4 100644 --- a/apps/acls/managers.py +++ b/apps/acls/managers.py @@ -3,7 +3,6 @@ from __future__ import absolute_import import logging from django.db import models -from django.utils.translation import ugettext_lazy as _ from django.utils.translation import ugettext from django.contrib.contenttypes.models import ContentType from django.contrib.auth.models import User @@ -14,8 +13,7 @@ from django.db.models import Q from common.models import AnonymousUserSingleton from permissions.models import Permission, RoleMember -from .classes import (EncapsulatedObject, AccessHolder, ClassAccessHolder, - get_source_object) +from .classes import AccessHolder, ClassAccessHolder, get_source_object logger = logging.getLogger(__name__) @@ -62,7 +60,6 @@ class AccessEntryManager(models.Manager): access_entry.delete() return True - def has_access(self, permission, actor, obj, db_only=False): """ Returns whether an actor has a specific permission for an object @@ -152,7 +149,7 @@ class AccessEntryManager(models.Manager): groups = actor.groups.all() else: groups = [] - + for group in groups: group_type = ContentType.objects.get_for_model(group) if related: @@ -162,8 +159,8 @@ class AccessEntryManager(models.Manager): if total_queries is None: total_queries = query else: - total_queries = total_queries | query - + total_queries = total_queries | query + if related: actor_query = Q(holder_type=actor_type, holder_id=actor.pk, permission=permission.get_stored_permission) master_list = [obj.content_object for obj in self.model.objects.select_related().filter(actor_query | total_queries)] @@ -189,9 +186,9 @@ class AccessEntryManager(models.Manager): holder_list = [] for access_entry in self.model.objects.filter(content_type=content_type, object_id=obj.pk): if access_entry.holder_object: - # Don't add references to non existant content type objects + # Don't add references to non existant content type objects entry = AccessHolder.encapsulate(access_entry.holder_object) - + if entry not in holder_list: holder_list.append(entry) diff --git a/apps/acls/models.py b/apps/acls/models.py index b5e7c2829b..6637c12a24 100644 --- a/apps/acls/models.py +++ b/apps/acls/models.py @@ -7,8 +7,6 @@ from django.utils.translation import ugettext_lazy as _ from django.utils.translation import ugettext from django.contrib.contenttypes.models import ContentType from django.contrib.contenttypes import generic -from django.core.exceptions import PermissionDenied -from django.core.exceptions import ObjectDoesNotExist from permissions.models import StoredPermission from common.models import Singleton, SingletonManager @@ -102,6 +100,7 @@ class CreatorSingletonManager(SingletonManager): else: return holder + class CreatorSingleton(Singleton): objects = CreatorSingletonManager() diff --git a/apps/acls/utils.py b/apps/acls/utils.py index 01673490e2..17029e18be 100644 --- a/apps/acls/utils.py +++ b/apps/acls/utils.py @@ -7,8 +7,7 @@ from django.contrib.contenttypes.models import ContentType from common.models import AnonymousUserSingleton from .models import AccessEntry, DefaultAccessEntry, CreatorSingleton -from .classes import (EncapsulatedObject, AccessHolder, ClassAccessHolder, - get_source_object) +from .classes import get_source_object logger = logging.getLogger(__name__) @@ -24,7 +23,7 @@ def apply_default_acls(obj, actor=None): for default_acl in DefaultAccessEntry.objects.filter(content_type=content_type): holder = CreatorSingleton.objects.passthru_check(default_acl.holder_object, actor) - + if holder: # When the creator is admin access_entry = AccessEntry( diff --git a/apps/acls/views.py b/apps/acls/views.py index 2325a31114..856b3edd00 100644 --- a/apps/acls/views.py +++ b/apps/acls/views.py @@ -120,7 +120,7 @@ def acl_detail_for(request, actor, obj): 'multi_select_item_properties': { 'permission_pk': lambda x: x.pk, 'holder_gid': lambda x: actor.gid, - 'object_gid': lambda x: obj.gid, + 'object_gid': lambda x: obj.gid, }, 'access_object': obj, 'navigation_object_list': [ @@ -138,10 +138,9 @@ def acl_detail_for(request, actor, obj): def acl_grant(request): items_property_list = loads(request.GET.get('items_property_list', [])) - post_action_redirect = None - next = request.POST.get('next', request.GET.get('next', request.META.get('HTTP_REFERER', None))) - previous = request.POST.get('previous', request.GET.get('previous', request.META.get('HTTP_REFERER', None))) + next = request.POST.get('next', request.GET.get('next', request.META.get('HTTP_REFERER', '/'))) + previous = request.POST.get('previous', request.GET.get('previous', request.META.get('HTTP_REFERER', '/'))) items = {} title_suffix = [] @@ -232,10 +231,9 @@ def acl_grant(request): def acl_revoke(request): items_property_list = loads(request.GET.get('items_property_list', [])) - post_action_redirect = None - next = request.POST.get('next', request.GET.get('next', request.META.get('HTTP_REFERER', None))) - previous = request.POST.get('previous', request.GET.get('previous', request.META.get('HTTP_REFERER', None))) + next = request.POST.get('next', request.GET.get('next', request.META.get('HTTP_REFERER', '/'))) + previous = request.POST.get('previous', request.GET.get('previous', request.META.get('HTTP_REFERER', '/'))) items = {} title_suffix = [] @@ -403,7 +401,7 @@ def acl_class_acl_list(request, access_object_class_gid): access_object_class = AccessObjectClass.get(gid=access_object_class_gid) logger.debug('access_object_class: %s' % access_object_class) - + context = { 'object_list': DefaultAccessEntry.objects.get_holders_for(access_object_class.source_object), 'title': _(u'default access control lists for class: %s') % access_object_class, @@ -496,10 +494,9 @@ def acl_class_new_holder_for(request, access_object_class_gid): def acl_class_multiple_grant(request): Permission.objects.check_permissions(request.user, [ACLS_CLASS_EDIT_ACL]) items_property_list = loads(request.GET.get('items_property_list', [])) - post_action_redirect = None - next = request.POST.get('next', request.GET.get('next', request.META.get('HTTP_REFERER', None))) - previous = request.POST.get('previous', request.GET.get('previous', request.META.get('HTTP_REFERER', None))) + next = request.POST.get('next', request.GET.get('next', request.META.get('HTTP_REFERER', '/'))) + previous = request.POST.get('previous', request.GET.get('previous', request.META.get('HTTP_REFERER', '/'))) items = {} title_suffix = [] @@ -576,10 +573,9 @@ def acl_class_multiple_grant(request): def acl_class_multiple_revoke(request): Permission.objects.check_permissions(request.user, [ACLS_CLASS_EDIT_ACL]) items_property_list = loads(request.GET.get('items_property_list', [])) - post_action_redirect = None - next = request.POST.get('next', request.GET.get('next', request.META.get('HTTP_REFERER', None))) - previous = request.POST.get('previous', request.GET.get('previous', request.META.get('HTTP_REFERER', None))) + next = request.POST.get('next', request.GET.get('next', request.META.get('HTTP_REFERER', '/'))) + previous = request.POST.get('previous', request.GET.get('previous', request.META.get('HTTP_REFERER', '/'))) items = {} title_suffix = []