diff options
| author | Étienne Loks <etienne.loks@peacefrogs.net> | 2011-06-24 14:37:16 +0200 |
|---|---|---|
| committer | Étienne Loks <etienne.loks@peacefrogs.net> | 2011-06-24 14:37:16 +0200 |
| commit | 95773b4ccd0beaa31f76c93a7c9b5e24211401dc (patch) | |
| tree | 6b4fc14f42da9d91ab2bb4b989ffeeb42947392f /ishtar/ishtar_base/backend.py | |
| parent | 7af17b15fa5cb03050b0fe90d38ab9f37dc51e74 (diff) | |
| download | Ishtar-95773b4ccd0beaa31f76c93a7c9b5e24211401dc.tar.bz2 Ishtar-95773b4ccd0beaa31f76c93a7c9b5e24211401dc.zip | |
Sources creation for Operation (refs #497) - restructuration (refs #57)
Diffstat (limited to 'ishtar/ishtar_base/backend.py')
| -rw-r--r-- | ishtar/ishtar_base/backend.py | 62 |
1 files changed, 62 insertions, 0 deletions
diff --git a/ishtar/ishtar_base/backend.py b/ishtar/ishtar_base/backend.py new file mode 100644 index 000000000..f50edd708 --- /dev/null +++ b/ishtar/ishtar_base/backend.py @@ -0,0 +1,62 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- +# Copyright (C) 2010-2011 Étienne Loks <etienne.loks_AT_peacefrogsDOTnet> + +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as +# published by the Free Software Foundation, either version 3 of the +# License, or (at your option) any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. + +# You should have received a copy of the GNU Affero General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +# See the file COPYING for details. + +""" +Permission backend to manage "own" objects +""" + +from django.conf import settings +from django.contrib.auth.models import User +from django.core.exceptions import ObjectDoesNotExist + +import models + +class ObjectOwnPermBackend(object): + supports_object_permissions = True + supports_anonymous_user = True + + def authenticate(self, username, password): + # managed by the default backend + return None + + def has_perm(self, user_obj, perm, model=None, obj=None): + if not user_obj.is_authenticated(): + return False + if not model: + # let it manage by the default backend + return False + try: + ishtar_user = models.IshtarUser.objects.get(user_ptr=user_obj) + except ObjectDoesNotExist: + return False + try: + # only manage "own" permissions + assert perm.split('.')[-1].split('_')[1] == 'own' + except (IndexError, AssertionError): + return False + if ishtar_user.person.person_type \ + == models.PersonType.objects.get(txt_idx="administrator"): + return True + if obj is None: + model_name = perm.split('_')[-1].capitalize() + if not hasattr(models, model_name): + return False + model = getattr(models, model_name) + return user_obj.has_perm(perm) and model.has_item_of(ishtar_user) + return user_obj.has_perm(perm) and obj.is_own(user_obj) |