Fix permission management

* improve ObjectPermBackend * change permission right from wizard to groups * remove default to administrator * add default data for french person_types
author: Étienne Loks <etienne.loks@peacefrogs.net> 2013-10-17 20:53:11 +0200
committer: Étienne Loks <etienne.loks@peacefrogs.net> 2013-10-17 20:53:11 +0200
commit: 0dfe2d08f84dd69fac50401b0af04e602d148242 (patch)
tree: 32d48af331dc356dcbb3510655942728be1390f4 /ishtar_common/backend.py
parent: b6becbf6770dc30a88ef814effecd53b6c707da2 (diff)
download: Ishtar-0dfe2d08f84dd69fac50401b0af04e602d148242.tar.bz2
Ishtar-0dfe2d08f84dd69fac50401b0af04e602d148242.zip
1 files changed, 17 insertions, 9 deletions
diff --git a/ishtar_common/backend.py b/ishtar_common/backend.py
index 297c96180..7ebdab221 100644
--- a/ishtar_common/backend.py
+++ b/ishtar_common/backend.py
@@ -24,10 +24,11 @@ Permission backend to manage "own" objects
 from django.conf import settings
 from django.contrib.auth.models import User
 from django.core.exceptions import ObjectDoesNotExist
+from django.db.models.loading import cache
 
 import models
 
-class ObjectOwnPermBackend(object):
+class ObjectPermBackend(object):
     supports_object_permissions = True
     supports_anonymous_user = True
 
@@ -46,16 +47,23 @@ class ObjectOwnPermBackend(object):
         except ObjectDoesNotExist:
             return False
         try:
-            # only manage "own" permissions
-            assert perm.split('.')[-1].split('_')[1] == 'own'
-        except (IndexError, AssertionError):
-            return False
+            is_ownperm = perm.split('.')[-1].split('_')[1] == 'own'
+        except IndexError:
+            is_ownperm = False
         if ishtar_user.has_right('administrator'):
             return True
+        main_right = ishtar_user.person.has_right(perm) \
+                           or user_obj.has_perm(perm)
+        if not main_right or not is_ownperm:
+            return main_right
         if obj is None:
             model_name = perm.split('_')[-1].capitalize()
-            if not hasattr(models, model_name):
+            model = None
+            for app in cache.get_apps():
+                for modl in cache.get_models(app):
+                    if modl.__name__ == model_name:
+                        model = modl
+            if not model:
                 return False
-            model = getattr(models, model_name)
-            return user_obj.has_perm(perm) and model.has_item_of(ishtar_user)
-        return user_obj.has_perm(perm) and obj.is_own(user_obj)
+            return not is_ownperm or model.has_item_of(ishtar_user)
+        return not is_ownperm or obj.is_own(user_obj)
author	Étienne Loks <etienne.loks@peacefrogs.net>	2013-10-17 20:53:11 +0200
committer	Étienne Loks <etienne.loks@peacefrogs.net>	2013-10-17 20:53:11 +0200
commit	0dfe2d08f84dd69fac50401b0af04e602d148242 (patch)
tree	32d48af331dc356dcbb3510655942728be1390f4 /ishtar_common/backend.py
parent	b6becbf6770dc30a88ef814effecd53b6c707da2 (diff)
download	Ishtar-0dfe2d08f84dd69fac50401b0af04e602d148242.tar.bz2 Ishtar-0dfe2d08f84dd69fac50401b0af04e602d148242.zip