diff options
| author | Étienne Loks <etienne.loks@peacefrogs.net> | 2012-10-18 17:49:57 +0200 |
|---|---|---|
| committer | Étienne Loks <etienne.loks@peacefrogs.net> | 2012-10-18 17:51:30 +0200 |
| commit | 7d2aa560ba859ebb593d34b062bf1faf09c8724c (patch) | |
| tree | 4136673563f802d6de992512e3c4adde86ef2a4e /ishtar_common/backend.py | |
| parent | 615457617e65019e0ce39b585f4eeb41b17ba61a (diff) | |
| download | Ishtar-7d2aa560ba859ebb593d34b062bf1faf09c8724c.tar.bz2 Ishtar-7d2aa560ba859ebb593d34b062bf1faf09c8724c.zip | |
Djangoization - Major refactoring (step 1)
Diffstat (limited to 'ishtar_common/backend.py')
| -rw-r--r-- | ishtar_common/backend.py | 62 |
1 files changed, 62 insertions, 0 deletions
diff --git a/ishtar_common/backend.py b/ishtar_common/backend.py new file mode 100644 index 000000000..f50edd708 --- /dev/null +++ b/ishtar_common/backend.py @@ -0,0 +1,62 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- +# Copyright (C) 2010-2011 Étienne Loks <etienne.loks_AT_peacefrogsDOTnet> + +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as +# published by the Free Software Foundation, either version 3 of the +# License, or (at your option) any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. + +# You should have received a copy of the GNU Affero General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +# See the file COPYING for details. + +""" +Permission backend to manage "own" objects +""" + +from django.conf import settings +from django.contrib.auth.models import User +from django.core.exceptions import ObjectDoesNotExist + +import models + +class ObjectOwnPermBackend(object): + supports_object_permissions = True + supports_anonymous_user = True + + def authenticate(self, username, password): + # managed by the default backend + return None + + def has_perm(self, user_obj, perm, model=None, obj=None): + if not user_obj.is_authenticated(): + return False + if not model: + # let it manage by the default backend + return False + try: + ishtar_user = models.IshtarUser.objects.get(user_ptr=user_obj) + except ObjectDoesNotExist: + return False + try: + # only manage "own" permissions + assert perm.split('.')[-1].split('_')[1] == 'own' + except (IndexError, AssertionError): + return False + if ishtar_user.person.person_type \ + == models.PersonType.objects.get(txt_idx="administrator"): + return True + if obj is None: + model_name = perm.split('_')[-1].capitalize() + if not hasattr(models, model_name): + return False + model = getattr(models, model_name) + return user_obj.has_perm(perm) and model.has_item_of(ishtar_user) + return user_obj.has_perm(perm) and obj.is_own(user_obj) |