Integration of right management (refs #49)

author: Étienne Loks <etienne.loks@peacefrogs.net> 2011-01-18 03:14:09 +0100
committer: Étienne Loks <etienne.loks@peacefrogs.net> 2011-01-18 03:14:09 +0100
commit: d0dee00918622fde2bdcaf32109b0a1e51410715 (patch)
tree: f99625df790783d15eaa98d2bbf9d075532c4bd0
parent: 8be910aa1b34c25ad858b55d3be92afef63dd860 (diff)
download: Ishtar-d0dee00918622fde2bdcaf32109b0a1e51410715.tar.bz2
Ishtar-d0dee00918622fde2bdcaf32109b0a1e51410715.zip
4 files changed, 88 insertions, 18 deletions
diff --git a/ishtar/furnitures/backend.py b/ishtar/furnitures/backend.py
index c9b8e2b23..d7d3384a8 100644
--- a/ishtar/furnitures/backend.py
+++ b/ishtar/furnitures/backend.py
@@ -23,6 +23,9 @@ Permission backend to manage "own" objects
 
 from django.conf import settings
 from django.contrib.auth.models import User
+from django.core.exceptions import ObjectDoesNotExist
+
+import models
 
 class ObjectOwnPermBackend(object):
     supports_object_permissions = True
@@ -32,18 +35,26 @@ class ObjectOwnPermBackend(object):
         # managed by the default backend
         return None
 
-    def has_perm(self, user_obj, perm, obj=None):
+    def has_perm(self, user_obj, perm, model=None, obj=None):
         if not user_obj.is_authenticated():
-            user_obj = User.objects.get(pk=settings.ANONYMOUS_USER_ID)
-
-        if obj is None:
-            # managed by the default backend
+            return False
+        if not model:
+            # let it manage by the default backend
             return False
 
         try:
+            ishtar_user = models.IshtarUser.objects.get(user_ptr=user_obj)
+        except ObjectDoesNotExist:
+            return False
+        try:
             # only manage "own" permissions
             assert perm.split('.')[-1].split('_')[1] == 'own'
         except (IndexError, AssertionError):
             return False
-
+        if obj is None:
+            model_name = perm.split('_')[-1].capitalize()
+            if not hasattr(models, model_name):
+                return False
+            model = getattr(models, model_name)
+            return user_obj.has_perm(perm) and model.has_item_of(ishtar_user)
         return user_obj.has_perm(perm) and obj.is_own(user_obj)
diff --git a/ishtar/furnitures/menus.py b/ishtar/furnitures/menus.py
index 2e15f6930..24086d3a3 100644
--- a/ishtar/furnitures/menus.py
+++ b/ishtar/furnitures/menus.py
@@ -23,6 +23,8 @@ Menus
 
 from django.utils.translation import ugettext_lazy as _
 
+import models
+
 class SectionItem:
     def __init__(self, idx, label, childs=[]):
         self.idx = idx
@@ -31,9 +33,10 @@ class SectionItem:
         self.available = False
 
 class MenuItem:
-    def __init__(self, idx, label, access_controls=[]):
+    def __init__(self, idx, label, model=None, access_controls=[]):
         self.idx = idx
         self.label = label
+        self.model = model
         self.access_controls = access_controls
         self.available = False
 
@@ -41,7 +44,7 @@ class MenuItem:
         if not self.access_controls:
             return True
         for access_control in self.access_controls:
-            if user.has_perm('furnitures.' + access_control):
+            if user.has_perm('furnitures.' + access_control, self.model):
                 return True
         return False
 
@@ -49,7 +52,7 @@ class MenuItem:
         if not self.access_controls:
             return True
         for access_control in self.access_controls:
-            if user.has_perm('furnitures.' + access_control, obj):
+            if user.has_perm('furnitures.' + access_control, self.model, obj):
                 return True
         return False
 
@@ -61,26 +64,34 @@ class Menu:
         SectionItem('administration', _(u"Administration"),
             childs=[
                 MenuItem('person_creation', _(u"Person creation"),
+                    model=models.Person,
                     access_controls=['add_person', 'add_own_person']),
                 MenuItem('person_modification', _(u"Person modification"),
+                    model=models.Person,
                     access_controls=['change_person', 'change_own_person']),
                 MenuItem('account_management', _(u"Account management"),
+                    model=models.IshtarUser,
                     access_controls=['add_ishtaruser',]),
             ]),
         SectionItem('file_management', _(u"File management"),
             childs=[
                 MenuItem('file_creation', _(u"File creation"),
+                    model=models.File,
                     access_controls=['add_file', 'add_own_file']),
                 MenuItem('file_modification', _(u"File modification"),
+                    model=models.File,
                     access_controls=['change_file', 'change_own_file']),
                 MenuItem('file_deletion', _(u"File deletion"),
+                    model=models.File,
                     access_controls=['delete_file', 'delete_own_file']),
             ]),
         SectionItem('operation_management', _(u"Operation management"),
             childs=[
                 MenuItem('operation_creation', _(u"Operation creation"),
+                    model=models.Operation,
                     access_controls=['add_operation', 'add_own_operation']),
                 MenuItem('operation_modification', _(u"Operation modification"),
+                    model=models.Operation,
                     access_controls=['change_operation', 'change_own_operation']),
             ]),
         ]
diff --git a/ishtar/furnitures/models.py b/ishtar/furnitures/models.py
index 7687cb6f3..64c76822d 100644
--- a/ishtar/furnitures/models.py
+++ b/ishtar/furnitures/models.py
@@ -26,6 +26,7 @@ from django.core.exceptions import ObjectDoesNotExist, ValidationError
 from django.core.validators import validate_slug
 from django.utils.translation import ugettext_lazy as _, ugettext
 from django.db.utils import DatabaseError
+from django.db.models import Q
 
 from django.contrib.auth.models import User
 from django.contrib.gis.db import models
@@ -58,8 +59,47 @@ class OwnPerms:
     """
     Manage special permissions for object's owner
     """
+    @classmethod
+    def get_query_owns(cls, user):
+        """
+        Query object to get own items
+        """
+        return None # implement for each object
+
     def is_own(self, user):
-        return False
+        """
+        Check if the current object is owned by the user
+        """
+        query = self.get_query_owns(user)
+        if not query:
+            return False
+        query = query & Q(pk=self.pk)
+        return cls.objects.filter(query).count()
+
+
+    @classmethod
+    def has_item_of(cls, user):
+        """
+        Check if the user own some items
+        """
+        query = cls.get_query_owns(user)
+        if not query:
+            return False
+        return cls.objects.filter(query).count()
+
+    @classmethod
+    def get_owns(cls, user):
+        """
+        Get Own items
+        """
+        if isinstance(user, User):
+            user = IshtarUser.objects.get(user_ptr=user)
+        if user.is_anonymous():
+            return []
+        query = cls.get_query_owns(user)
+        if not query:
+            return []
+        return cls.objects.filter(query).order_by(*cls._meta.ordering).all()
 
 class GeneralType(models.Model):
     """
@@ -266,6 +306,8 @@ class File(BaseHistorizedItem, OwnPerms):
             ("change_own_file", ugettext(u"Can change own Archaelogical file")),
             ("delete_own_file", ugettext(u"Can delete own Archaelogical file")),
         )
+        ordering = ['-year', '-numeric_reference']
+
     def __unicode__(self):
         items = [unicode(_('Intercommunal'))]
         if self.towns.count() == 1:
@@ -275,13 +317,6 @@ class File(BaseHistorizedItem, OwnPerms):
                                            if getattr(self, k)]
         return u" - ".join(items)
 
-    @classmethod
-    def get_owns(cls, user, order_by=['-year', '-numeric_reference']):
-        if user.is_anonymous():
-            return []
-        return cls.objects.filter(history_modifier=user).order_by(*order_by
-                                                        ).all()
-
 class OperationType(GeneralType):
     class Meta:
         verbose_name = _(u"Operation type")
@@ -332,13 +367,21 @@ class Operation(BaseHistorizedItem, OwnPerms):
                                            if getattr(self, k)]
         return u" - ".join(items)
 
+    def is_own(self, person):
+        return False
+
+    @classmethod
+    def get_query_owns(cls, user):
+        return Q(in_charge=user.person)|Q(history_modifier=user)
+
+    """
     @classmethod
     def get_owns(cls, user, order_by=['-year', '-operation_code']):
         if user.is_anonymous():
             return []
         return cls.objects.filter(history_modifier=user).order_by(*order_by
                                                         ).all()
-
+"""
 class Parcel(LightHistorizedItem):
     associated_file = models.ForeignKey(File, related_name='parcels',
                                 blank=True, null=True, verbose_name=_(u"File"))
diff --git a/ishtar/settings.py.example b/ishtar/settings.py.example
index 4d8cbc8ff..23554fff7 100644
--- a/ishtar/settings.py.example
+++ b/ishtar/settings.py.example
@@ -102,6 +102,11 @@ TEMPLATE_DIRS = (
     ROOT_PATH + 'templates',
 )
 
+AUTHENTICATION_BACKENDS = (
+    'django.contrib.auth.backends.ModelBackend',
+    'furnitures.backend.ObjectOwnPermBackend',
+)
+
 INSTALLED_APPS = (
     'django.contrib.auth',
     'django.contrib.contenttypes',
author	Étienne Loks <etienne.loks@peacefrogs.net>	2011-01-18 03:14:09 +0100
committer	Étienne Loks <etienne.loks@peacefrogs.net>	2011-01-18 03:14:09 +0100
commit	d0dee00918622fde2bdcaf32109b0a1e51410715 (patch)
tree	f99625df790783d15eaa98d2bbf9d075532c4bd0
parent	8be910aa1b34c25ad858b55d3be92afef63dd860 (diff)
download	Ishtar-d0dee00918622fde2bdcaf32109b0a1e51410715.tar.bz2 Ishtar-d0dee00918622fde2bdcaf32109b0a1e51410715.zip