diff options
| author | Étienne Loks <etienne.loks@peacefrogs.net> | 2013-10-17 20:53:11 +0200 |
|---|---|---|
| committer | Étienne Loks <etienne.loks@peacefrogs.net> | 2013-10-17 20:53:11 +0200 |
| commit | 42c142e549a2890fcf18aba3049ca713b848d02e (patch) | |
| tree | 32d48af331dc356dcbb3510655942728be1390f4 | |
| parent | 76a8b8c9807b780705180e617caf0f7f5a40264d (diff) | |
| download | Ishtar-42c142e549a2890fcf18aba3049ca713b848d02e.tar.bz2 Ishtar-42c142e549a2890fcf18aba3049ca713b848d02e.zip | |
Fix permission management
* improve ObjectPermBackend
* change permission right from wizard to groups
* remove default to administrator
* add default data for french person_types
| -rw-r--r-- | archaeological_files/ishtar_menu.py | 5 | ||||
| -rw-r--r-- | archaeological_operations/ishtar_menu.py | 5 | ||||
| -rw-r--r-- | example_project/settings.py | 2 | ||||
| -rw-r--r-- | ishtar_common/admin.py | 2 | ||||
| -rw-r--r-- | ishtar_common/backend.py | 26 | ||||
| -rw-r--r-- | ishtar_common/fixtures/groups_person_types-SRA-fr.json | 361 | ||||
| -rw-r--r-- | ishtar_common/migrations/0004_auto.py | 210 | ||||
| -rw-r--r-- | ishtar_common/models.py | 22 | ||||
| -rw-r--r-- | ishtar_common/wizards.py | 2 |
9 files changed, 613 insertions, 22 deletions
diff --git a/archaeological_files/ishtar_menu.py b/archaeological_files/ishtar_menu.py index 236c47776..6655a381c 100644 --- a/archaeological_files/ishtar_menu.py +++ b/archaeological_files/ishtar_menu.py @@ -40,8 +40,9 @@ MENU_SECTIONS = [ access_controls=['change_file', 'change_own_file']), MenuItem('file_closing', _(u"Closing"), model=models.File, - access_controls=['change_file', - 'change_own_file']), + access_controls=['sra_agent']), + #'change_file', + #'change_own_file']), MenuItem('file_deletion', _(u"Deletion"), model=models.File, access_controls=['delete_file', 'delete_own_file']), diff --git a/archaeological_operations/ishtar_menu.py b/archaeological_operations/ishtar_menu.py index 7790087d9..cd8ebc2d2 100644 --- a/archaeological_operations/ishtar_menu.py +++ b/archaeological_operations/ishtar_menu.py @@ -40,8 +40,9 @@ MENU_SECTIONS = [ 'change_own_operation']), MenuItem('operation_closing', _(u"Closing"), model=models.Operation, - access_controls=['change_operation', - 'change_own_operation']), + access_controls=['sra_agent']), + #'change_operation', + #'change_own_operation']), MenuItem('operation_deletion', _(u"Deletion"), model=models.Operation, access_controls=['change_operation', diff --git a/example_project/settings.py b/example_project/settings.py index d45770277..e7a2d5643 100644 --- a/example_project/settings.py +++ b/example_project/settings.py @@ -102,7 +102,7 @@ TEMPLATE_DIRS = ( AUTHENTICATION_BACKENDS = ( 'django.contrib.auth.backends.ModelBackend', - 'ishtar_common.backend.ObjectOwnPermBackend', + 'ishtar_common.backend.ObjectPermBackend', ) INSTALLED_APPS = [ diff --git a/ishtar_common/admin.py b/ishtar_common/admin.py index fdff516f9..093d137ae 100644 --- a/ishtar_common/admin.py +++ b/ishtar_common/admin.py @@ -77,7 +77,7 @@ admin.site.register(models.Author, AuthorAdmin) class PersonTypeAdmin(admin.ModelAdmin): model = models.PersonType - filter_vertical = ('rights',) + filter_vertical = ('groups',) admin.site.register(models.PersonType, PersonTypeAdmin) diff --git a/ishtar_common/backend.py b/ishtar_common/backend.py index 297c96180..7ebdab221 100644 --- a/ishtar_common/backend.py +++ b/ishtar_common/backend.py @@ -24,10 +24,11 @@ Permission backend to manage "own" objects from django.conf import settings from django.contrib.auth.models import User from django.core.exceptions import ObjectDoesNotExist +from django.db.models.loading import cache import models -class ObjectOwnPermBackend(object): +class ObjectPermBackend(object): supports_object_permissions = True supports_anonymous_user = True @@ -46,16 +47,23 @@ class ObjectOwnPermBackend(object): except ObjectDoesNotExist: return False try: - # only manage "own" permissions - assert perm.split('.')[-1].split('_')[1] == 'own' - except (IndexError, AssertionError): - return False + is_ownperm = perm.split('.')[-1].split('_')[1] == 'own' + except IndexError: + is_ownperm = False if ishtar_user.has_right('administrator'): return True + main_right = ishtar_user.person.has_right(perm) \ + or user_obj.has_perm(perm) + if not main_right or not is_ownperm: + return main_right if obj is None: model_name = perm.split('_')[-1].capitalize() - if not hasattr(models, model_name): + model = None + for app in cache.get_apps(): + for modl in cache.get_models(app): + if modl.__name__ == model_name: + model = modl + if not model: return False - model = getattr(models, model_name) - return user_obj.has_perm(perm) and model.has_item_of(ishtar_user) - return user_obj.has_perm(perm) and obj.is_own(user_obj) + return not is_ownperm or model.has_item_of(ishtar_user) + return not is_ownperm or obj.is_own(user_obj) diff --git a/ishtar_common/fixtures/groups_person_types-SRA-fr.json b/ishtar_common/fixtures/groups_person_types-SRA-fr.json new file mode 100644 index 000000000..e758bd645 --- /dev/null +++ b/ishtar_common/fixtures/groups_person_types-SRA-fr.json @@ -0,0 +1,361 @@ +[ + { + "pk": 2, + "model": "auth.group", + "fields": { + "name": "Dossiers : voir", + "permissions": [ + 241 + ] + } + }, + { + "pk": 1, + "model": "auth.group", + "fields": { + "name": "Op\u00e9rations : voir", + "permissions": [ + 245 + ] + } + }, + { + "pk": 4, + "model": "auth.group", + "fields": { + "name": "UEs : voir", + "permissions": [ + 243 + ] + } + }, + { + "pk": 3, + "model": "auth.group", + "fields": { + "name": "Utilisateurs : voir", + "permissions": [ + 56 + ] + } + }, + { + "pk": 5, + "model": "auth.group", + "fields": { + "name": "D\u00e9p\u00f4ts : voir", + "permissions": [ + 248 + ] + } + }, + { + "pk": 7, + "model": "auth.group", + "fields": { + "name": "Traitements : voir", + "permissions": [ + 247 + ] + } + }, + { + "pk": 6, + "model": "auth.group", + "fields": { + "name": "Mobilier : voir", + "permissions": [ + 242, + 244 + ] + } + }, + { + "pk": 8, + "model": "auth.group", + "fields": { + "name": "Actes administratifs : voir", + "permissions": [ + 240 + ] + } + }, + { + "pk": 9, + "model": "auth.group", + "fields": { + "name": "Actes administratifs : ajout", + "permissions": [ + 135 + ] + } + }, + { + "pk": 10, + "model": "auth.group", + "fields": { + "name": "Actes administratifs : modification/suppression", + "permissions": [ + 136, + 137 + ] + } + }, + { + "pk": 11, + "model": "auth.group", + "fields": { + "name": "D\u00e9p\u00f4ts : ajout", + "permissions": [ + 182 + ] + } + }, + { + "pk": 12, + "model": "auth.group", + "fields": { + "name": "D\u00e9p\u00f4ts : modification/suppression", + "permissions": [ + 183, + 184 + ] + } + }, + { + "pk": 13, + "model": "auth.group", + "fields": { + "name": "Dossiers : ajout", + "permissions": [ + 94 + ] + } + }, + { + "pk": 14, + "model": "auth.group", + "fields": { + "name": "Dossiers : modification/suppression", + "permissions": [ + 95, + 96 + ] + } + }, + { + "pk": 15, + "model": "auth.group", + "fields": { + "name": "Mobilier : ajout", + "permissions": [ + 201, + 211 + ] + } + }, + { + "pk": 16, + "model": "auth.group", + "fields": { + "name": "Mobilier : modification/suppression", + "permissions": [ + 202, + 203, + 212, + 213 + ] + } + }, + { + "pk": 17, + "model": "auth.group", + "fields": { + "name": "Op\u00e9rations : ajout", + "permissions": [ + 116 + ] + } + }, + { + "pk": 18, + "model": "auth.group", + "fields": { + "name": "Op\u00e9rations : modification/suppression", + "permissions": [ + 117, + 118 + ] + } + }, + { + "pk": 19, + "model": "auth.group", + "fields": { + "name": "Traitements : ajout", + "permissions": [ + 227 + ] + } + }, + { + "pk": 20, + "model": "auth.group", + "fields": { + "name": "Traitements : modification/suppression", + "permissions": [ + 228, + 229 + ] + } + }, + { + "pk": 21, + "model": "auth.group", + "fields": { + "name": "UEs : ajout", + "permissions": [ + 169 + ] + } + }, + { + "pk": 22, + "model": "auth.group", + "fields": { + "name": "UEs : modification/suppression", + "permissions": [ + 170, + 171 + ] + } + }, + { + "pk": 23, + "model": "auth.group", + "fields": { + "name": "Utilisateurs : ajout", + "permissions": [ + 53 + ] + } + }, + { + "pk": 24, + "model": "auth.group", + "fields": { + "name": "Utilisateurs : modification/suppression", + "permissions": [ + 54, + 55 + ] + } + }, + { + "pk": 7, + "model": "ishtar_common.persontype", + "fields": { + "comment": "Un acc\u00e8s limit\u00e9 \u00e0 la base, uniquement en lecture. Apr\u00e8s enregistrement.", + "available": true, + "txt_idx": "public_access", + "groups": [], + "label": "Acc\u00e8s public" + } + }, + { + "pk": 1, + "model": "ishtar_common.persontype", + "fields": { + "comment": "", + "available": true, + "txt_idx": "administrator", + "groups": [], + "label": "Administrateur" + } + }, + { + "pk": 3, + "model": "ishtar_common.persontype", + "fields": { + "comment": "Responsables de dossiers d'arch\u00e9ologie", + "available": true, + "txt_idx": "sra_agent", + "groups": [ + 1, + 2, + 4, + 5, + 6, + 7, + 8, + 9, + 10, + 13, + 14, + 15, + 16, + 17, + 18, + 21, + 22 + ], + "label": "Agent SRA (prescripteur)" + } + }, + { + "pk": 6, + "model": "ishtar_common.persontype", + "fields": { + "comment": "Responsable de l'am\u00e9nagement", + "available": true, + "txt_idx": "general_contractor", + "groups": [], + "label": "Am\u00e9nageur" + } + }, + { + "pk": 5, + "model": "ishtar_common.persontype", + "fields": { + "comment": "Cette personne peut g\u00e9rer du mobilier qu'il n'a pas cr\u00e9\u00e9\r\n\r\n", + "available": true, + "txt_idx": "warehouse_manager", + "groups": [], + "label": "Gestionnaire de d\u00e9p\u00f4t" + } + }, + { + "pk": 2, + "model": "ishtar_common.persontype", + "fields": { + "comment": "Article 13 D\u00e9cret 2004\r\n\r\nLe pr\u00e9fet de r\u00e9gion \u00e9dicte les prescriptions arch\u00e9ologiques, d\u00e9livre l'autorisation de fouille et d\u00e9signe le responsable scientifique de toute op\u00e9ration d'arch\u00e9ologie pr\u00e9ventive.\r\n\r\nLe responsable scientifique est l'interlocuteur du pr\u00e9fet de r\u00e9gion et le garant de la qualit\u00e9 scientifique de l'op\u00e9ration arch\u00e9ologique. A ce titre, il prend, dans le cadre de la mise en oeuvre du projet d'intervention de l'op\u00e9rateur, les d\u00e9cisions relatives \u00e0 la conduite scientifique de l'op\u00e9ration et \u00e0 l'\u00e9laboration du rapport dont il dirige la r\u00e9daction. Il peut \u00eatre diff\u00e9rent pour la r\u00e9alisation du diagnostic et pour la r\u00e9alisation de la fouille.", + "available": true, + "txt_idx": "head_scientist", + "groups": [], + "label": "Responsable scientifique" + } + }, + { + "pk": 4, + "model": "ishtar_common.persontype", + "fields": { + "comment": "Acc\u00e8s pour les secr\u00e9taires d'un SRA", + "available": true, + "txt_idx": "secretarial_dept", + "groups": [ + 1, + 2, + 6, + 7, + 8, + 9, + 10, + 13, + 14, + 17, + 18 + ], + "label": "Secr\u00e9tariat SRA" + } + } +]
\ No newline at end of file diff --git a/ishtar_common/migrations/0004_auto.py b/ishtar_common/migrations/0004_auto.py new file mode 100644 index 000000000..074080757 --- /dev/null +++ b/ishtar_common/migrations/0004_auto.py @@ -0,0 +1,210 @@ +# -*- coding: utf-8 -*- +import datetime +from south.db import db +from south.v2 import SchemaMigration +from django.db import models + + +class Migration(SchemaMigration): + + def forwards(self, orm): + # Removing M2M table for field rights on 'PersonType' + db.delete_table('ishtar_common_persontype_rights') + + # Adding M2M table for field groups on 'PersonType' + db.create_table('ishtar_common_persontype_groups', ( + ('id', models.AutoField(verbose_name='ID', primary_key=True, auto_created=True)), + ('persontype', models.ForeignKey(orm['ishtar_common.persontype'], null=False)), + ('group', models.ForeignKey(orm['auth.group'], null=False)) + )) + db.create_unique('ishtar_common_persontype_groups', ['persontype_id', 'group_id']) + + + def backwards(self, orm): + # Adding M2M table for field rights on 'PersonType' + db.create_table('ishtar_common_persontype_rights', ( + ('id', models.AutoField(verbose_name='ID', primary_key=True, auto_created=True)), + ('persontype', models.ForeignKey(orm['ishtar_common.persontype'], null=False)), + ('wizardstep', models.ForeignKey(orm['ishtar_common.wizardstep'], null=False)) + )) + db.create_unique('ishtar_common_persontype_rights', ['persontype_id', 'wizardstep_id']) + + # Removing M2M table for field groups on 'PersonType' + db.delete_table('ishtar_common_persontype_groups') + + + models = { + 'auth.group': { + 'Meta': {'object_name': 'Group'}, + 'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}), + 'name': ('django.db.models.fields.CharField', [], {'unique': 'True', 'max_length': '80'}), + 'permissions': ('django.db.models.fields.related.ManyToManyField', [], {'to': "orm['auth.Permission']", 'symmetrical': 'False', 'blank': 'True'}) + }, + 'auth.permission': { + 'Meta': {'ordering': "('content_type__app_label', 'content_type__model', 'codename')", 'unique_together': "(('content_type', 'codename'),)", 'object_name': 'Permission'}, + 'codename': ('django.db.models.fields.CharField', [], {'max_length': '100'}), + 'content_type': ('django.db.models.fields.related.ForeignKey', [], {'to': "orm['contenttypes.ContentType']"}), + 'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}), + 'name': ('django.db.models.fields.CharField', [], {'max_length': '50'}) + }, + 'auth.user': { + 'Meta': {'object_name': 'User'}, + 'date_joined': ('django.db.models.fields.DateTimeField', [], {'default': 'datetime.datetime.now'}), + 'email': ('django.db.models.fields.EmailField', [], {'max_length': '75', 'blank': 'True'}), + 'first_name': ('django.db.models.fields.CharField', [], {'max_length': '30', 'blank': 'True'}), + 'groups': ('django.db.models.fields.related.ManyToManyField', [], {'to': "orm['auth.Group']", 'symmetrical': 'False', 'blank': 'True'}), + 'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}), + 'is_active': ('django.db.models.fields.BooleanField', [], {'default': 'True'}), + 'is_staff': ('django.db.models.fields.BooleanField', [], {'default': 'False'}), + 'is_superuser': ('django.db.models.fields.BooleanField', [], {'default': 'False'}), + 'last_login': ('django.db.models.fields.DateTimeField', [], {'default': 'datetime.datetime.now'}), + 'last_name': ('django.db.models.fields.CharField', [], {'max_length': '30', 'blank': 'True'}), + 'password': ('django.db.models.fields.CharField', [], {'max_length': '128'}), + 'user_permissions': ('django.db.models.fields.related.ManyToManyField', [], {'to': "orm['auth.Permission']", 'symmetrical': 'False', 'blank': 'True'}), + 'username': ('django.db.models.fields.CharField', [], {'unique': 'True', 'max_length': '30'}) + }, + 'contenttypes.contenttype': { + 'Meta': {'ordering': "('name',)", 'unique_together': "(('app_label', 'model'),)", 'object_name': 'ContentType', 'db_table': "'django_content_type'"}, + 'app_label': ('django.db.models.fields.CharField', [], {'max_length': '100'}), + 'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}), + 'model': ('django.db.models.fields.CharField', [], {'max_length': '100'}), + 'name': ('django.db.models.fields.CharField', [], {'max_length': '100'}) + }, + 'ishtar_common.arrondissement': { + 'Meta': {'object_name': 'Arrondissement'}, + 'department': ('django.db.models.fields.related.ForeignKey', [], {'to': "orm['ishtar_common.Department']"}), + 'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}), + 'name': ('django.db.models.fields.CharField', [], {'max_length': '30'}) + }, + 'ishtar_common.author': { + 'Meta': {'object_name': 'Author'}, + 'author_type': ('django.db.models.fields.related.ForeignKey', [], {'to': "orm['ishtar_common.AuthorType']"}), + 'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}), + 'person': ('django.db.models.fields.related.ForeignKey', [], {'related_name': "'author'", 'to': "orm['ishtar_common.Person']"}) + }, + 'ishtar_common.authortype': { + 'Meta': {'object_name': 'AuthorType'}, + 'available': ('django.db.models.fields.BooleanField', [], {'default': 'False'}), + 'comment': ('django.db.models.fields.TextField', [], {'null': 'True', 'blank': 'True'}), + 'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}), + 'label': ('django.db.models.fields.CharField', [], {'max_length': '100'}), + 'txt_idx': ('django.db.models.fields.CharField', [], {'unique': 'True', 'max_length': '30'}) + }, + 'ishtar_common.canton': { + 'Meta': {'object_name': 'Canton'}, + 'arrondissement': ('django.db.models.fields.related.ForeignKey', [], {'to': "orm['ishtar_common.Arrondissement']"}), + 'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}), + 'name': ('django.db.models.fields.CharField', [], {'max_length': '30'}) + }, + 'ishtar_common.department': { + 'Meta': {'ordering': "['number']", 'object_name': 'Department'}, + 'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}), + 'label': ('django.db.models.fields.CharField', [], {'max_length': '30'}), + 'number': ('django.db.models.fields.CharField', [], {'unique': 'True', 'max_length': '3'}) + }, + 'ishtar_common.historicalorganization': { + 'Meta': {'ordering': "('-history_date', '-history_id')", 'object_name': 'HistoricalOrganization'}, + 'address': ('django.db.models.fields.TextField', [], {'null': 'True', 'blank': 'True'}), + 'address_complement': ('django.db.models.fields.TextField', [], {'null': 'True', 'blank': 'True'}), + 'country': ('django.db.models.fields.CharField', [], {'max_length': '30', 'null': 'True', 'blank': 'True'}), + 'history_date': ('django.db.models.fields.DateTimeField', [], {'auto_now_add': 'True', 'blank': 'True'}), + 'history_id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}), + 'history_modifier_id': ('django.db.models.fields.IntegerField', [], {'db_index': 'True', 'null': 'True', 'blank': 'True'}), + 'history_type': ('django.db.models.fields.CharField', [], {'max_length': '1'}), + 'history_user': ('django.db.models.fields.related.ForeignKey', [], {'to': "orm['auth.User']", 'null': 'True'}), + 'id': ('django.db.models.fields.IntegerField', [], {'db_index': 'True', 'blank': 'True'}), + 'mobile_phone': ('django.db.models.fields.CharField', [], {'max_length': '18', 'null': 'True', 'blank': 'True'}), + 'name': ('django.db.models.fields.CharField', [], {'max_length': '100'}), + 'organization_type_id': ('django.db.models.fields.IntegerField', [], {'db_index': 'True', 'null': 'True', 'blank': 'True'}), + 'phone': ('django.db.models.fields.CharField', [], {'max_length': '18', 'null': 'True', 'blank': 'True'}), + 'postal_code': ('django.db.models.fields.CharField', [], {'max_length': '10', 'null': 'True', 'blank': 'True'}), + 'town': ('django.db.models.fields.CharField', [], {'max_length': '30', 'null': 'True', 'blank': 'True'}) + }, + 'ishtar_common.ishtaruser': { + 'Meta': {'object_name': 'IshtarUser', '_ormbases': ['auth.User']}, + 'person': ('django.db.models.fields.related.ForeignKey', [], {'to': "orm['ishtar_common.Person']", 'unique': 'True'}), + 'user_ptr': ('django.db.models.fields.related.OneToOneField', [], {'to': "orm['auth.User']", 'unique': 'True', 'primary_key': 'True'}) + }, + 'ishtar_common.organization': { + 'Meta': {'object_name': 'Organization'}, + 'address': ('django.db.models.fields.TextField', [], {'null': 'True', 'blank': 'True'}), + 'address_complement': ('django.db.models.fields.TextField', [], {'null': 'True', 'blank': 'True'}), + 'country': ('django.db.models.fields.CharField', [], {'max_length': '30', 'null': 'True', 'blank': 'True'}), + 'history_modifier': ('django.db.models.fields.related.ForeignKey', [], {'related_name': "'+'", 'to': "orm['auth.User']"}), + 'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}), + 'mobile_phone': ('django.db.models.fields.CharField', [], {'max_length': '18', 'null': 'True', 'blank': 'True'}), + 'name': ('django.db.models.fields.CharField', [], {'max_length': '100'}), + 'organization_type': ('django.db.models.fields.related.ForeignKey', [], {'to': "orm['ishtar_common.OrganizationType']"}), + 'phone': ('django.db.models.fields.CharField', [], {'max_length': '18', 'null': 'True', 'blank': 'True'}), + 'postal_code': ('django.db.models.fields.CharField', [], {'max_length': '10', 'null': 'True', 'blank': 'True'}), + 'town': ('django.db.models.fields.CharField', [], {'max_length': '30', 'null': 'True', 'blank': 'True'}) + }, + 'ishtar_common.organizationtype': { + 'Meta': {'ordering': "('label',)", 'object_name': 'OrganizationType'}, + 'available': ('django.db.models.fields.BooleanField', [], {'default': 'False'}), + 'comment': ('django.db.models.fields.TextField', [], {'null': 'True', 'blank': 'True'}), + 'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}), + 'label': ('django.db.models.fields.CharField', [], {'max_length': '100'}), + 'txt_idx': ('django.db.models.fields.CharField', [], {'unique': 'True', 'max_length': '30'}) + }, + 'ishtar_common.person': { + 'Meta': {'object_name': 'Person'}, + 'address': ('django.db.models.fields.TextField', [], {'null': 'True', 'blank': 'True'}), + 'address_complement': ('django.db.models.fields.TextField', [], {'null': 'True', 'blank': 'True'}), + 'attached_to': ('django.db.models.fields.related.ForeignKey', [], {'to': "orm['ishtar_common.Organization']", 'null': 'True', 'blank': 'True'}), + 'country': ('django.db.models.fields.CharField', [], {'max_length': '30', 'null': 'True', 'blank': 'True'}), + 'email': ('django.db.models.fields.CharField', [], {'max_length': '40', 'null': 'True', 'blank': 'True'}), + 'history_modifier': ('django.db.models.fields.related.ForeignKey', [], {'related_name': "'+'", 'to': "orm['auth.User']"}), + 'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}), + 'mobile_phone': ('django.db.models.fields.CharField', [], {'max_length': '18', 'null': 'True', 'blank': 'True'}), + 'name': ('django.db.models.fields.CharField', [], {'max_length': '30'}), + 'person_types': ('django.db.models.fields.related.ManyToManyField', [], {'to': "orm['ishtar_common.PersonType']", 'symmetrical': 'False'}), + 'phone': ('django.db.models.fields.CharField', [], {'max_length': '18', 'null': 'True', 'blank': 'True'}), + 'postal_code': ('django.db.models.fields.CharField', [], {'max_length': '10', 'null': 'True', 'blank': 'True'}), + 'surname': ('django.db.models.fields.CharField', [], {'max_length': '20', 'null': 'True', 'blank': 'True'}), + 'title': ('django.db.models.fields.CharField', [], {'max_length': '2'}), + 'town': ('django.db.models.fields.CharField', [], {'max_length': '30', 'null': 'True', 'blank': 'True'}) + }, + 'ishtar_common.persontype': { + 'Meta': {'ordering': "('label',)", 'object_name': 'PersonType'}, + 'available': ('django.db.models.fields.BooleanField', [], {'default': 'False'}), + 'comment': ('django.db.models.fields.TextField', [], {'null': 'True', 'blank': 'True'}), + 'groups': ('django.db.models.fields.related.ManyToManyField', [], {'to': "orm['auth.Group']", 'symmetrical': 'False'}), + 'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}), + 'label': ('django.db.models.fields.CharField', [], {'max_length': '100'}), + 'txt_idx': ('django.db.models.fields.CharField', [], {'unique': 'True', 'max_length': '30'}) + }, + 'ishtar_common.sourcetype': { + 'Meta': {'object_name': 'SourceType'}, + 'available': ('django.db.models.fields.BooleanField', [], {'default': 'False'}), + 'comment': ('django.db.models.fields.TextField', [], {'null': 'True', 'blank': 'True'}), + 'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}), + 'label': ('django.db.models.fields.CharField', [], {'max_length': '100'}), + 'txt_idx': ('django.db.models.fields.CharField', [], {'unique': 'True', 'max_length': '30'}) + }, + 'ishtar_common.town': { + 'Meta': {'ordering': "['numero_insee']", 'object_name': 'Town'}, + 'canton': ('django.db.models.fields.related.ForeignKey', [], {'to': "orm['ishtar_common.Canton']", 'null': 'True', 'blank': 'True'}), + 'center': ('django.contrib.gis.db.models.fields.PointField', [], {'srid': '27572', 'null': 'True', 'blank': 'True'}), + 'departement': ('django.db.models.fields.related.ForeignKey', [], {'to': "orm['ishtar_common.Department']", 'null': 'True', 'blank': 'True'}), + 'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}), + 'name': ('django.db.models.fields.CharField', [], {'max_length': '100'}), + 'numero_insee': ('django.db.models.fields.CharField', [], {'unique': 'True', 'max_length': '6'}), + 'surface': ('django.db.models.fields.IntegerField', [], {'null': 'True', 'blank': 'True'}) + }, + 'ishtar_common.wizard': { + 'Meta': {'ordering': "['url_name']", 'object_name': 'Wizard'}, + 'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}), + 'url_name': ('django.db.models.fields.CharField', [], {'unique': 'True', 'max_length': '128'}) + }, + 'ishtar_common.wizardstep': { + 'Meta': {'ordering': "['wizard', 'order']", 'object_name': 'WizardStep'}, + 'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}), + 'name': ('django.db.models.fields.CharField', [], {'max_length': '128'}), + 'order': ('django.db.models.fields.IntegerField', [], {}), + 'url_name': ('django.db.models.fields.CharField', [], {'max_length': '128'}), + 'wizard': ('django.db.models.fields.related.ForeignKey', [], {'to': "orm['ishtar_common.Wizard']"}) + } + } + + complete_apps = ['ishtar_common']
\ No newline at end of file diff --git a/ishtar_common/models.py b/ishtar_common/models.py index 456368d6e..ee5ad0c8d 100644 --- a/ishtar_common/models.py +++ b/ishtar_common/models.py @@ -37,7 +37,7 @@ from django.utils.translation import ugettext_lazy as _, ugettext from django.utils.safestring import SafeUnicode, mark_safe from django.template.defaultfilters import slugify -from django.contrib.auth.models import User +from django.contrib.auth.models import User, Group from django.contrib.gis.db import models from django.contrib import admin @@ -641,7 +641,8 @@ class Organization(Address, OwnPerms): return self.name class PersonType(GeneralType): - rights = models.ManyToManyField(WizardStep, verbose_name=_(u"Rights")) + #rights = models.ManyToManyField(WizardStep, verbose_name=_(u"Rights")) + groups = models.ManyToManyField(Group, verbose_name=_(u"Groups")) class Meta: verbose_name = _(u"Person type") verbose_name_plural = _(u"Person types") @@ -687,11 +688,17 @@ class Person(Address, OwnPerms) : return u", ".join([unicode(pt) for pt in self.person_types.all()]) def has_right(self, right_name): + if '.' in right_name: + right_name = right_name.split('.')[-1] if type(right_name) in (list, tuple): - return bool( - self.person_types.filter(txt_idx__in=right_name).count()) + return bool(self.person_types.filter( + txt_idx__in=right_name).count()) or \ + bool(self.person_types.filter( + groups__permissions__codename__in=right_name).count()) # or self.person_types.filter(wizard__url_name__in=right_name).count()) - return bool(self.person_types.filter(txt_idx=right_name).count()) + return bool(self.person_types.filter(txt_idx=right_name).count()) or \ + bool(self.person_types.filter( + groups__permissions__codename=right_name).count()) # or self.person_types.filter(wizard__url_name=right_name).count()) def full_label(self): @@ -711,7 +718,8 @@ class Person(Address, OwnPerms) : return slugify(u"-".join(values)) class IshtarUser(User): - person = models.ForeignKey(Person, verbose_name=_(u"Person"), unique=True) + person = models.ForeignKey(Person, verbose_name=_(u"Person"), unique=True, + related_name='ishtaruser') class Meta: verbose_name = _(u"Ishtar user") @@ -735,7 +743,7 @@ class IshtarUser(User): return IshtarUser.objects.create(user_ptr=user, person=person) def has_right(self, right_name): - return self.person.has_right('administrator') + return self.person.has_right(right_name) class AuthorType(GeneralType): class Meta: diff --git a/ishtar_common/wizards.py b/ishtar_common/wizards.py index df415ce34..534671972 100644 --- a/ishtar_common/wizards.py +++ b/ishtar_common/wizards.py @@ -46,6 +46,8 @@ class Wizard(NamedUrlWizardView): cond = condition(self) if not cond: return False + return True + #TODO: to be check if not hasattr(self.request.user, 'ishtaruser'): return False return self.request.user.ishtaruser.has_right(('administrator', |