diff options
| author | Étienne Loks <etienne.loks@iggdrasil.net> | 2018-06-05 20:42:14 +0200 |
|---|---|---|
| committer | Étienne Loks <etienne.loks@iggdrasil.net> | 2018-06-12 09:57:24 +0200 |
| commit | 52f6b37f1a1deac66f0b84c466be6c8dab277514 (patch) | |
| tree | 2e9d8c696298f89e33e713d4eaf2a4c1c48af3b5 /ishtar_common/utils.py | |
| parent | e7418c19b122c5ac0505ad2be5350068d3bf6f6b (diff) | |
| download | Ishtar-52f6b37f1a1deac66f0b84c466be6c8dab277514.tar.bz2 Ishtar-52f6b37f1a1deac66f0b84c466be6c8dab277514.zip | |
Document form - refactoring (refs #4107)
Diffstat (limited to 'ishtar_common/utils.py')
| -rw-r--r-- | ishtar_common/utils.py | 46 |
1 files changed, 45 insertions, 1 deletions
diff --git a/ishtar_common/utils.py b/ishtar_common/utils.py index 0b5b1bd57..443a22111 100644 --- a/ishtar_common/utils.py +++ b/ishtar_common/utils.py @@ -17,6 +17,7 @@ # See the file COPYING for details. +from csv import QUOTE_ALL import datetime from functools import wraps from itertools import chain @@ -37,6 +38,7 @@ from django.contrib.sessions.backends.db import SessionStore from django.core.cache import cache from django.core.files import File from django.core.urlresolvers import reverse +from django.http import HttpResponseRedirect from django.utils.datastructures import MultiValueDict as BaseMultiValueDict from django.utils.safestring import mark_safe from django.utils.translation import ugettext_lazy as _, ugettext @@ -57,6 +59,9 @@ class BColors: UNDERLINE = '\033[4m' +CSV_OPTIONS = {'delimiter': ',', 'quotechar': '"', 'quoting': QUOTE_ALL} + + def check_rights(rights=[], redirect_url='/'): """ Decorator that checks the rights to access the view. @@ -103,6 +108,41 @@ def check_rights_condition(rights): return func +def check_model_access_control(request, model, available_perms=None): + """ + Check access control to a model for a specific request + + :param request: the current request + :param model: the concerned model + :param available_perms: specific permissions to check if not specified + "view" and "view_own" will be checked + :return: (allowed, own) tuple + """ + own = True # more restrictive by default + allowed = False + if not request.user.is_authenticated(): + return allowed, own + + if not available_perms: + available_perms = ['view_' + model.__name__.lower(), + 'view_own_' + model.__name__.lower()] + if request.user.ishtaruser.has_right('administrator', + session=request.session): + allowed = True + own = False + return allowed, own + for perm, lbl in model._meta.permissions: + if perm not in available_perms: + continue + if request.user.ishtaruser.person.has_right( + perm, session=request.session): + allowed = True + if "_own_" not in perm: + own = False + break # max right reach + return allowed, own + + class MultiValueDict(BaseMultiValueDict): def get(self, *args, **kwargs): v = super(MultiValueDict, self).getlist(*args, **kwargs) @@ -756,10 +796,14 @@ def get_urls_for_model(model, views): Generate get and show url for a model """ urls = [ - url(r'show-{}(?:/(?P<pk>.+))?/(?P<type>.+)?$'.format(model.SLUG), + url(r'show-{}/(?P<pk>.+)/(?P<type>.+)?$'.format(model.SLUG), check_rights(['view_' + model.SLUG, 'view_own_' + model.SLUG])( getattr(views, 'show_' + model.SLUG)), name="show-" + model.SLUG), + url(r'^display-{}/(?P<pk>.+)/$'.format(model.SLUG), + check_rights(['view_' + model.SLUG, 'view_own_' + model.SLUG])( + getattr(views, 'display_' + model.SLUG)), + name='display-' + model.SLUG), url(r'get-{}/(?P<type>.+)?$'.format(model.SLUG), check_rights(['view_' + model.SLUG, 'view_own_' + model.SLUG])( getattr(views, 'get_' + model.SLUG)), |