diff options
| author | Étienne Loks <etienne.loks@iggdrasil.net> | 2018-06-05 20:42:14 +0200 | 
|---|---|---|
| committer | Étienne Loks <etienne.loks@iggdrasil.net> | 2018-06-12 09:57:24 +0200 | 
| commit | 5341c3beb0fc3b52e864156bbfee54db78612b20 (patch) | |
| tree | 2e9d8c696298f89e33e713d4eaf2a4c1c48af3b5 /ishtar_common/utils.py | |
| parent | 5a52b18c2cd4fcde86cefb84f90b4bd0df7be5a3 (diff) | |
| download | Ishtar-5341c3beb0fc3b52e864156bbfee54db78612b20.tar.bz2 Ishtar-5341c3beb0fc3b52e864156bbfee54db78612b20.zip | |
Document form - refactoring (refs #4107)
Diffstat (limited to 'ishtar_common/utils.py')
| -rw-r--r-- | ishtar_common/utils.py | 46 | 
1 files changed, 45 insertions, 1 deletions
| diff --git a/ishtar_common/utils.py b/ishtar_common/utils.py index 0b5b1bd57..443a22111 100644 --- a/ishtar_common/utils.py +++ b/ishtar_common/utils.py @@ -17,6 +17,7 @@  # See the file COPYING for details. +from csv import QUOTE_ALL  import datetime  from functools import wraps  from itertools import chain @@ -37,6 +38,7 @@ from django.contrib.sessions.backends.db import SessionStore  from django.core.cache import cache  from django.core.files import File  from django.core.urlresolvers import reverse +from django.http import HttpResponseRedirect  from django.utils.datastructures import MultiValueDict as BaseMultiValueDict  from django.utils.safestring import mark_safe  from django.utils.translation import ugettext_lazy as _, ugettext @@ -57,6 +59,9 @@ class BColors:      UNDERLINE = '\033[4m' +CSV_OPTIONS = {'delimiter': ',', 'quotechar': '"', 'quoting': QUOTE_ALL} + +  def check_rights(rights=[], redirect_url='/'):      """      Decorator that checks the rights to access the view. @@ -103,6 +108,41 @@ def check_rights_condition(rights):      return func +def check_model_access_control(request, model, available_perms=None): +    """ +    Check access control to a model for a specific request + +    :param request: the current request +    :param model: the concerned model +    :param available_perms: specific permissions to check if not specified +    "view" and "view_own" will be checked +    :return: (allowed, own) tuple +    """ +    own = True  # more restrictive by default +    allowed = False +    if not request.user.is_authenticated(): +        return allowed, own + +    if not available_perms: +        available_perms = ['view_' + model.__name__.lower(), +                           'view_own_' + model.__name__.lower()] +    if request.user.ishtaruser.has_right('administrator', +                                         session=request.session): +        allowed = True +        own = False +        return allowed, own +    for perm, lbl in model._meta.permissions: +        if perm not in available_perms: +            continue +        if request.user.ishtaruser.person.has_right( +                perm, session=request.session): +            allowed = True +            if "_own_" not in perm: +                own = False +                break  # max right reach +    return allowed, own + +  class MultiValueDict(BaseMultiValueDict):      def get(self, *args, **kwargs):          v = super(MultiValueDict, self).getlist(*args, **kwargs) @@ -756,10 +796,14 @@ def get_urls_for_model(model, views):      Generate get and show url for a model      """      urls = [ -        url(r'show-{}(?:/(?P<pk>.+))?/(?P<type>.+)?$'.format(model.SLUG), +        url(r'show-{}/(?P<pk>.+)/(?P<type>.+)?$'.format(model.SLUG),              check_rights(['view_' + model.SLUG, 'view_own_' + model.SLUG])(                  getattr(views, 'show_' + model.SLUG)),              name="show-" + model.SLUG), +        url(r'^display-{}/(?P<pk>.+)/$'.format(model.SLUG), +            check_rights(['view_' + model.SLUG, 'view_own_' + model.SLUG])( +                getattr(views, 'display_' + model.SLUG)), +            name='display-' + model.SLUG),          url(r'get-{}/(?P<type>.+)?$'.format(model.SLUG),              check_rights(['view_' + model.SLUG, 'view_own_' + model.SLUG])(                  getattr(views, 'get_' + model.SLUG)), | 
