diff options
| -rw-r--r-- | archaeological_context_records/views.py | 17 | ||||
| -rw-r--r-- | archaeological_files/views.py | 21 | ||||
| -rw-r--r-- | archaeological_finds/views.py | 11 | ||||
| -rw-r--r-- | archaeological_operations/views.py | 60 | ||||
| -rw-r--r-- | archaeological_warehouse/views.py | 28 | ||||
| -rw-r--r-- | ishtar_common/admin.py | 1 | ||||
| -rw-r--r-- | ishtar_common/tests.py | 4 | ||||
| -rw-r--r-- | ishtar_common/views.py | 130 | ||||
| -rw-r--r-- | ishtar_common/views_item.py | 47 |
9 files changed, 132 insertions, 187 deletions
diff --git a/archaeological_context_records/views.py b/archaeological_context_records/views.py index 691564341..49b94553e 100644 --- a/archaeological_context_records/views.py +++ b/archaeological_context_records/views.py @@ -41,7 +41,7 @@ from ishtar_common.views import ( wizard_is_available, QAItemEditForm, ) -from ishtar_common.views_item import get_item, show_item, revert_item +from ishtar_common.views_item import get_item, get_autocomplete_query, show_item, revert_item from archaeological_context_records import wizards show_contextrecord = show_item( @@ -51,19 +51,12 @@ revert_contextrecord = revert_item(models.ContextRecord) def autocomplete_contextrecord(request): - ishtaruser = getattr(request.user, "ishtaruser", None) - if not ishtaruser: - return HttpResponse(content_type="text/plain") - if not ishtaruser.has_permission( - "archaeological_context_records.view_contextrecord" - ) and not ishtaruser.has_permission( - "archaeological_context_records.view_own_contextrecord", - ): - return HttpResponse(content_type="text/plain") - if not request.GET.get("term"): + query = get_autocomplete_query( + request, "archaeological_context_records", "contextrecord" + ) + if query is None: return HttpResponse(content_type="text/plain") q = request.GET.get("term") - query = Q() if request.GET.get("operation__pk"): query = Q(operation__pk=request.GET.get("operation__pk")) for q in q.split(" "): diff --git a/archaeological_files/views.py b/archaeological_files/views.py index 0d3f978b5..5a8ce1975 100644 --- a/archaeological_files/views.py +++ b/archaeological_files/views.py @@ -49,6 +49,7 @@ from archaeological_files.wizards import ( FileEditAdministrativeActWizard, ) from ishtar_common.views import IshtarMixin, LoginRequiredMixin +from ishtar_common.views_item import get_autocomplete_query from archaeological_operations.wizards import OperationWizard from archaeological_operations.views import operation_creation_wizard, get_parcel_modify @@ -62,18 +63,10 @@ RE_YEAR_INDEX = re.compile(r"([1-2][0-9]{3})-([0-9]+)") # eg.: 2014-123 def autocomplete_file(request): - ishtaruser = getattr(request.user, "ishtaruser", None) - if not ishtaruser: - return HttpResponse(content_type="text/plain") - if ( - not ishtaruser.has_permission("archaeological_files.view_file") - and not ishtaruser.has_permission("archaeological_files.view_own_file") - ): - return HttpResponse(content_type="text/plain") - if not request.GET.get("term"): + query = get_autocomplete_query(request, "archaeological_files", "file") + if query is None: return HttpResponse(content_type="text/plain") q = request.GET.get("term") - query = Q() for q in q.split(" "): extra = ( Q(internal_reference__icontains=q) @@ -538,14 +531,14 @@ class PreventiveEditView(IshtarMixin, LoginRequiredMixin, MixFormFormsetUpdateVi def get_form_kwargs(self): kwargs = super(PreventiveEditView, self).get_form_kwargs() try: - file = models.File.objects.get(pk=self.kwargs.get("pk")) + file_obj = models.File.objects.get(pk=self.kwargs.get("pk")) except models.Document.DoesNotExist: raise Http404() - if not check_permission(self.request, "file/edit-preventive/", file.pk): + if not check_permission(self.request, "archaeological_files.change_file", file_obj): raise Http404() initial = {} for k in list(self.form_class.base_fields.keys()): - value = getattr(file, k) + value = getattr(file_obj, k) if hasattr(value, "all"): value = ",".join([str(v.pk) for v in value.all()]) if hasattr(value, "pk"): @@ -553,7 +546,7 @@ class PreventiveEditView(IshtarMixin, LoginRequiredMixin, MixFormFormsetUpdateVi initial[k] = value kwargs["initial"] = initial kwargs["user"] = self.request.user - self.file = file + self.file = file_obj return kwargs def get_context_data(self, **kwargs): diff --git a/archaeological_finds/views.py b/archaeological_finds/views.py index 52085f2ef..aa51d129d 100644 --- a/archaeological_finds/views.py +++ b/archaeological_finds/views.py @@ -59,6 +59,7 @@ from ishtar_common.views_item import ( revert_item, get_autocomplete_item, get_autocomplete_queries, + get_autocomplete_query ) from archaeological_operations.wizards import AdministrativeActDeletionWizard @@ -168,18 +169,12 @@ get_administrativeacttreatmentfile = get_item( def autocomplete_treatmentfile(request): - ishtaruser = getattr(request.user, "ishtaruser", None) - if not ishtaruser: - return HttpResponse(content_type="text/plain") - if ( - not ishtaruser.has_permission("archaeological_finds.view_treatment") - and not ishtaruser.has_permission("archaeological_finds.view_own_treatment") - ): + query = get_autocomplete_query(request, "archaeological_finds", "treatmentfile") + if query is None: return HttpResponse(content_type="text/plain") if not request.GET.get("term"): return HttpResponse(content_type="text/plain") q = request.GET.get("term") - query = Q() for q1 in q.split(" "): for q in q1.split(" "): extra = ( diff --git a/archaeological_operations/views.py b/archaeological_operations/views.py index a93ba80e3..db5721be7 100644 --- a/archaeological_operations/views.py +++ b/archaeological_operations/views.py @@ -52,23 +52,16 @@ from ishtar_common.views import ( IshtarMixin, LoginRequiredMixin, ) -from ishtar_common.views_item import get_item, show_item, revert_item, new_qa_item +from ishtar_common.views_item import get_item, get_autocomplete_query, show_item, \ + revert_item, new_qa_item from ishtar_common.wizards import SearchWizard def autocomplete_patriarche(request): - ishtaruser = getattr(request.user, "ishtaruser", None) - if not ishtaruser: - return HttpResponse(content_type="text/plain") - if ( - not ishtaruser.has_permission("archaeological_operations.view_operation") - and not ishtaruser.has_permission("archaeological_operations.view_own_operation") - ): - return HttpResponse(content_type="text/plain") - if not request.GET.get("term"): + query = get_autocomplete_query(request, "archaeological_operations", "operation") + if query is None: return HttpResponse(content_type="text/plain") q = request.GET.get("term") - query = Q() for q in q.split(" "): query &= Q(code_patriarche__startswith=q) limit = 15 @@ -85,19 +78,12 @@ def autocomplete_patriarche(request): def autocomplete_archaeologicalsite(request): - ishtaruser = getattr(request.user, "ishtaruser", None) - if not ishtaruser: - return HttpResponse(content_type="text/plain") - if not ishtaruser.has_permission( - "archaeological_operations.view_archaeologicalsite" - ) and not ishtaruser.has_permission( - "archaeological_operations.view_own_archaeologicalsite", - ): - return HttpResponse(content_type="text/plain") - if not request.GET.get("term"): + query = get_autocomplete_query( + request, "archaeological_operations", "archaeologicalsite" + ) + if query is None: return HttpResponse(content_type="text/plain") q = request.GET.get("term") - query = Q() for q in q.split(" "): qt = Q(reference__icontains=q) | Q(name__icontains=q) query = query & qt @@ -120,21 +106,10 @@ new_archaeologicalsite = new_qa_item( def autocomplete_operation(request): - ishtaruser = getattr(request.user, "ishtaruser", None) - if not ishtaruser: - return HttpResponse(content_type="text/plain") - # person_types = request.user.ishtaruser.person.person_type - if ( - not ishtaruser.has_permission("archaeological_operations.view_operation") - and not ishtaruser.has_permission( - "archaeological_operations.view_own_operation" - ) - ): - return HttpResponse(content_type="text/plain") - if not request.GET.get("term"): + query = get_autocomplete_query(request, "archaeological_operations", "operation") + if query is None: return HttpResponse(content_type="text/plain") q = request.GET.get("term") - query = Q() for q in q.split(" "): extra = Q(towns__name__icontains=q) | Q(common_name__icontains=q) try: @@ -1041,19 +1016,12 @@ def administrativeactfile_document( def autocomplete_administrativeact(request): - ishtaruser = getattr(request.user, "ishtaruser", None) - if not ishtaruser: - return HttpResponse(content_type="text/plain") - if not ishtaruser.has_permission( - "archaeological_operations.view_administrativeact" - ) and not ishtaruser.has_permission( - "archaeological_operations.view_own_administrativeact" - ): - return HttpResponse(content_type="text/plain") - if not request.GET.get("term"): + query = get_autocomplete_query( + request, "archaeological_operations", "administrativeact" + ) + if query is None: return HttpResponse(content_type="text/plain") q = request.GET.get("term") - query = Q() for q in q.split(" "): qt = Q(act_type__label__icontains=q) | Q(towns_label=q) try: diff --git a/archaeological_warehouse/views.py b/archaeological_warehouse/views.py index 416849c9a..f8e632e9e 100644 --- a/archaeological_warehouse/views.py +++ b/archaeological_warehouse/views.py @@ -45,7 +45,7 @@ from ishtar_common.views import ( QAItemEditForm, wizard_is_available, ) -from ishtar_common.views_item import get_item, show_item, new_qa_item, revert_item +from ishtar_common.views_item import get_item, get_autocomplete_query, show_item, new_qa_item, revert_item from archaeological_finds.views import treatment_add from archaeological_warehouse.wizards import ( @@ -95,19 +95,10 @@ new_container = new_qa_item( def autocomplete_warehouse(request): - ishtaruser = getattr(request.user, "ishtaruser", None) - if not ishtaruser: - return HttpResponse(content_type="text/plain") - if not ishtaruser.has_permission( - "archaeological_warehouse.view_warehouse" - ) and not ishtaruser.has_permission( - "archaeological_warehouse.view_own_warehouse", models.Warehouse - ): - return HttpResponse(content_type="text/plain") - if not request.GET.get("term"): + query = get_autocomplete_query(request, "archaeological_warehouse", "warehouse") + if query is None: return HttpResponse(content_type="text/plain") q = request.GET.get("term") - query = Q() for q in q.split(" "): extra = Q(name__icontains=q) | Q(slug__icontains=q) | \ Q(warehouse_type__label__icontains=q) @@ -121,20 +112,11 @@ def autocomplete_warehouse(request): def autocomplete_container(request, warehouse_id=None): - ishtaruser = getattr(request.user, "ishtaruser", None) - if not ishtaruser: - return HttpResponse(content_type="text/plain") - if not ishtaruser.has_permission( - "archaeological_warehouse.view_container" - ) and not ishtaruser.has_permission( - "archaeological_warehouse.view_own_container" - ): - return HttpResponse(content_type="text/plain") - if not request.GET.get("term"): + base_query = get_autocomplete_query(request, "archaeological_warehouse", "container") + if base_query is None: return HttpResponse(content_type="text/plain") term = request.GET.get("term").strip() limit = 15 - base_query = Q() if warehouse_id: base_query = Q(location_id=warehouse_id) try: diff --git a/ishtar_common/admin.py b/ishtar_common/admin.py index 6fda81283..cc26d6253 100644 --- a/ishtar_common/admin.py +++ b/ishtar_common/admin.py @@ -1871,7 +1871,6 @@ class ProfileTypeAdmin(GeneralTypeAdmin): ) ) - def check_permission(self, request, object_id): # check that all "own" permission has a request associated try: diff --git a/ishtar_common/tests.py b/ishtar_common/tests.py index 32e1f12a8..daa814a94 100644 --- a/ishtar_common/tests.py +++ b/ishtar_common/tests.py @@ -1517,7 +1517,9 @@ class AutocompleteTestBase: self.assertEqual( response.status_code, 200, msg="Status code != 200 - {}".format(url) ) - data = json.loads(response.content.decode()) + result = response.content.decode() + self.assertTrue(result) + data = json.loads(result) self.assertEqual( len(data), 1, diff --git a/ishtar_common/views.py b/ishtar_common/views.py index 6411441f1..3a7dc06b7 100644 --- a/ishtar_common/views.py +++ b/ishtar_common/views.py @@ -98,11 +98,12 @@ from ishtar_common import tasks from .views_item import ( check_permission, display_item, + get_autocomplete_query, get_item, - show_item, - new_qa_item, - modify_qa_item, get_short_html_detail, + modify_qa_item, + new_qa_item, + show_item, ) convert_document = None @@ -866,10 +867,8 @@ def autocomplete_person_permissive( def autocomplete_user(request): - ishtaruser = getattr(request.user, "ishtaruser", None) - if not ishtaruser: - return HttpResponse("[]", content_type="text/plain") - if not ishtaruser.has_permission("ishtar_common.view_person"): + query = get_autocomplete_query(request, "ishtar_common", "view_person") + if query: return HttpResponse("[]", content_type="text/plain") q = request.GET.get("term") limit = request.GET.get("limit", 20) @@ -877,7 +876,6 @@ def autocomplete_user(request): limit = int(limit) except ValueError: return HttpResponseBadRequest() - query = Q() for q in q.split(" "): qu = ( Q(ishtaruser__person__name__icontains=q) @@ -899,10 +897,8 @@ def autocomplete_user(request): def autocomplete_ishtaruser(request): - ishtaruser = getattr(request.user, "ishtaruser", None) - if not ishtaruser: - return HttpResponse("[]", content_type="text/plain") - if not ishtaruser.has_permission("ishtar_common.view_person"): + query = get_autocomplete_query(request, "ishtar_common", "view_person") + if query is None: return HttpResponse("[]", content_type="text/plain") q = request.GET.get("term", "") limit = request.GET.get("limit", 20) @@ -910,7 +906,6 @@ def autocomplete_ishtaruser(request): limit = int(limit) except ValueError: return HttpResponseBadRequest() - query = Q() for q in q.split(" "): qu = ( Q(person__name__unaccent__icontains=q) @@ -926,14 +921,8 @@ def autocomplete_ishtaruser(request): def autocomplete_person( request, person_types=None, attached_to=None, is_ishtar_user=None, permissive=False ): - ishtaruser = getattr(request.user, "ishtaruser", None) - if not ishtaruser: - return HttpResponse("[]", content_type="text/plain") - all_items = ishtaruser.has_permission("ishtar_common.view_person") - own_items = False - if not all_items: - own_items = ishtaruser.has_permission("ishtar_common.view_own_person") - if not all_items and not own_items or not request.GET.get("term"): + query = get_autocomplete_query(request, "ishtar_common", "view_person") + if query is None: return HttpResponse("[]", content_type="text/plain") q = request.GET.get("term") limit = request.GET.get("limit", 20) @@ -941,7 +930,6 @@ def autocomplete_person( limit = int(limit) except ValueError: return HttpResponseBadRequest() - query = Q() for q in q.split(" "): qu = ( Q(name__unaccent__icontains=q) @@ -964,10 +952,6 @@ def autocomplete_person( pass if is_ishtar_user: query = query & Q(ishtaruser__isnull=False) - if own_items: - if not hasattr(request.user, "ishtaruser"): - return HttpResponse(json.dumps([]), content_type="text/plain") - query &= models.Person.get_query_owns(request.user.ishtaruser) persons = models.Person.objects.filter(query).distinct()[:limit] data = json.dumps( [{"id": person.pk, "value": str(person)} for person in persons if person] @@ -976,14 +960,8 @@ def autocomplete_person( def autocomplete_import(request): - ishtaruser = getattr(request.user, "ishtaruser", None) - if not ishtaruser: - return HttpResponse("[]", content_type="text/plain") - all_items = ishtaruser.has_permission("ishtar_common.view_import") - own_items = False - if not all_items: - own_items = ishtaruser.has_permission("ishtar_common.view_own_import") - if not all_items and not own_items or not request.GET.get("term"): + query = get_autocomplete_query(request, "ishtar_common", "view_import") + if query is None: return HttpResponse("[]", content_type="text/plain") q = request.GET.get("term") limit = request.GET.get("limit", 20) @@ -991,14 +969,9 @@ def autocomplete_import(request): limit = int(limit) except ValueError: return HttpResponseBadRequest() - query = Q() for q in q.split(" "): query = query & (Q(name__unaccent__icontains=q) | Q(group__name__unaccent__icontains=q)) - if own_items: - if not hasattr(request.user, "ishtaruser"): - return HttpResponse(json.dumps([]), content_type="text/plain") - query &= models.Import.get_query_owns(request.user.ishtaruser) items = models.Import.objects.filter(query).distinct()[:limit] data = [{"id": item.pk, "value": item.name} for item in items if item] return HttpResponse(json.dumps(data), content_type="text/plain") @@ -1085,7 +1058,8 @@ def autocomplete_advanced_town(request, department_id=None, state_id=None): def autocomplete_document(request): - if not request.GET.get("term"): + query = get_autocomplete_query(request, "ishtar_common", "view_document") + if query is None: return HttpResponse(content_type="text/plain") q = request.GET.get("term") q = unicodedata.normalize("NFKD", q).encode("ascii", "ignore").decode() @@ -1097,12 +1071,11 @@ def autocomplete_document(request): "authors__person__cached_label__icontains", "authors_raw__icontains", ] - query = None for q in q.split(" "): qu = Q(**{fields[0]: q}) for field in fields[1:]: qu |= Q(**{field: q}) - query = qu if not query else query & qu + query = query & qu limit = 20 items = models.Document.objects.filter(query).exclude(title="").distinct()[:limit] data = json.dumps([{"id": item.pk, "value": str(item)} for item in items]) @@ -1128,18 +1101,10 @@ def department_by_state(request, state_id=""): def autocomplete_organization(request, orga_type=None): - ishtaruser = getattr(request.user, "ishtaruser", None) - if not ishtaruser: - return HttpResponse("[]", content_type="text/plain") - if ( - not ishtaruser.has_permission("ishtar_common.view_organization") - and not ishtaruser.has_permission("ishtar_common.view_own_organization") - ): - return HttpResponse("[]", content_type="text/plain") - if not request.GET.get("term"): + query = get_autocomplete_query(request, "ishtar_common", "view_organization") + if query is None: return HttpResponse("[]", content_type="text/plain") q = request.GET.get("term") - query = Q() for q in q.split(" "): extra = Q(cached_label__unaccent__icontains=q) query = query & extra @@ -1157,18 +1122,10 @@ def autocomplete_organization(request, orga_type=None): def autocomplete_author(request): - ishtaruser = getattr(request.user, "ishtaruser", None) - if not ishtaruser: - return HttpResponse("[]", content_type="text/plain") - if not ishtaruser.has_permission( - "ishtar_common.view_author" - ) and not ishtaruser.has_permission( - "ishtar_common.view_own_author"): - return HttpResponse("[]", content_type="text/plain") - if not request.GET.get("term"): + query = get_autocomplete_query(request, "ishtar_common", "view_author") + if query is None: return HttpResponse("[]", content_type="text/plain") q = request.GET.get("term") - query = Q() for q in q.split(" "): extra = ( Q(person__name__icontains=q) @@ -1184,10 +1141,8 @@ def autocomplete_author(request): def autocomplete_biographical_note(request): - ishtaruser = getattr(request.user, "ishtaruser", None) - if not ishtaruser: - return HttpResponse("[]", content_type="text/plain") - if not ishtaruser.has_permission("ishtar_common.view_person"): + query = get_autocomplete_query(request, "ishtar_common", "view_person") + if query is None: return HttpResponse("[]", content_type="text/plain") q = request.GET.get("term", "") limit = request.GET.get("limit", 20) @@ -1195,7 +1150,6 @@ def autocomplete_biographical_note(request): limit = int(limit) except ValueError: return HttpResponseBadRequest() - query = Q() for q in q.split(" "): qu = ( Q(last_name__unaccent__icontains=q) @@ -1251,13 +1205,47 @@ show_import = show_item(models.Import, "import") show_import_group = show_item(models.ImportGroup, "importgroup") +ACTION_MODEL_DICT = { + 'import': models.Import, + 'account': models.IshtarUser, + 'document': models.Document, + 'person': models.Person, + 'orga': models.Organization, + 'organization': models.Organization, + 'operation': apps.get_model("archaeological_operations", "Operation"), + 'administrativact': apps.get_model( + "archaeological_operations", "AdministrativeAct"), + 'file': apps.get_model("archaeological_files", "File"), + 'site': apps.get_model("archaeological_operations", "ArchaeologicalSite"), + 'record': apps.get_model("archaeological_context_records", "ContextRecord"), + 'find': apps.get_model("archaeological_finds", "Find"), + 'treatment': apps.get_model("archaeological_finds", "Treatment"), + 'treatmentfle': apps.get_model("archaeological_finds", "TreatmentFile"), + 'exhibition': apps.get_model("archaeological_finds", "Exhibition"), + 'container': apps.get_model("archaeological_warehouse", "Container"), + 'warehouse': apps.get_model("archaeological_warehouse", "Warehouse"), +} + + def action(request, action_slug, obj_id=None, *args, **kwargs): """ Action management """ - if not check_permission(request, action_slug, obj_id): + if not check_permission(request, action_slug): not_permitted_msg = ugettext("Operation not permitted.") - return HttpResponse(not_permitted_msg) + if obj_id: + model_name = action.split('_')[0].split("-")[0].split("/")[0] + if model_name not in ACTION_MODEL_DICT: + print(f"ishtar_common/views - action: {model_name} not in ACTION_MODEL_DICT") + return HttpResponse(not_permitted_msg) + try: + obj = ACTION_MODEL_DICT[model_name].objects.get(pk=obj_id) + except ACTION_MODEL_DICT[model_name].DoesNotExist: + return HttpResponse(not_permitted_msg) + if not check_permission(request, action_slug, obj): + return HttpResponse(not_permitted_msg) + else: + return HttpResponse(not_permitted_msg) request.session["CURRENT_ACTION"] = action_slug dct = {} globals_dct = globals() @@ -2845,7 +2833,7 @@ class DocumentEditView(DocumentFormMixin, UpdateView): document = models.Document.objects.get(pk=self.kwargs.get("pk")) except models.Document.DoesNotExist: raise Http404() - if not check_permission(self.request, "document/edit", document.pk): + if not check_permission(self.request, "ishtar_common.change_document", document): raise Http404() initial = {} for k in ( @@ -3571,7 +3559,7 @@ class GeoEditView(GeoFormMixin, UpdateView): except models.GeoVectorData.DoesNotExist: raise Http404() - if not check_permission(self.request, "geo/edit", geo.pk): + if not check_permission(self.request, "ishtar_common.change_geovectordata", geo): raise Http404() initial = {} diff --git a/ishtar_common/views_item.py b/ishtar_common/views_item.py index 345bd0025..9f5755eaf 100644 --- a/ishtar_common/views_item.py +++ b/ishtar_common/views_item.py @@ -134,6 +134,23 @@ LIST_FIELDS = { # key: hierarchic depth HIERARCHIC_FIELDS = list(LIST_FIELDS.keys()) +def get_autocomplete_query(request, app, model_name): + ishtaruser = getattr(request.user, "ishtaruser", None) + if not ishtaruser or not request.GET.get("term"): + return + if ishtaruser.has_permission(f"{app}.view_{model_name}"): + return Q() + if not ishtaruser.has_permission(f"{app}.view_own_{model_name}"): + return + permission_id = Permission.objects.get(codename=f"view_own_{model_name}").id + object_ids = [ + int(pk) for pk in UserObjectPermission.objects.filter( + permission_id=permission_id, user_id=request.user.id + ).values_list("object_pk", flat=True) + ] + return Q(pk__in=object_ids) + + def get_autocomplete_queries(request, label_attributes, extra=None): if not label_attributes: return [Q(pk__isnull=True)] @@ -171,9 +188,17 @@ def get_autocomplete_item(model, extra=None): extra = {} def func(request, current_right=None, limit=20): + meta = model._meta + model_name = meta.model_name.lower() + if model_name == "basefind": + model_name = "find" + base_query = get_autocomplete_query(request, meta.app_label, model_name) + if base_query is None: + return HttpResponse(content_type="text/plain") result = OrderedDict() + base_query = model.objects.filter(base_query) for query in get_autocomplete_queries(request, ["cached_label"], extra=extra): - objects = model.objects.filter(query).values("cached_label", "id")[:limit] + objects = base_query.filter(query).values("cached_label", "id")[:limit] for obj in objects: if obj["id"] not in list(result.keys()): result[obj["id"]] = obj["cached_label"] @@ -190,15 +215,15 @@ def get_autocomplete_item(model, extra=None): return func -def check_permission(request, action_slug, obj_id=None): +def check_permission(request, action_slug, obj=None): main_menu = Menu(request.user) main_menu.init() if action_slug not in main_menu.items: # TODO return True - if obj_id: + if obj: return main_menu.items[action_slug].is_available( - request.user, obj_id + request.user, obj ) return main_menu.items[action_slug].can_be_available(request.user) @@ -253,12 +278,12 @@ def get_short_html_detail(model): def func(request, pk): model_name = model._meta.object_name not_permitted_msg = ugettext("Operation not permitted.") - if not check_permission(request, "view_" + model_name.lower(), pk): - return HttpResponse(not_permitted_msg) try: item = model.objects.get(pk=pk) except model.DoesNotExist: return HttpResponse(not_permitted_msg) + if not check_permission(request, "view_" + model_name.lower(), item): + return HttpResponse(not_permitted_msg) html = item.get_short_html_detail() return HttpResponse(html) @@ -270,15 +295,15 @@ def modify_qa_item(model, frm, callback=None): template = "ishtar/forms/qa_new_item.html" model_name = model._meta.object_name not_permitted_msg = ugettext("Operation not permitted.") - if not check_permission(request, "change_" + model_name.lower(), pk): - return HttpResponse(not_permitted_msg) - slug = model.SLUG - if model.SLUG == "site": - slug = "archaeologicalsite" try: item = model.objects.get(pk=pk) except model.DoesNotExist: return HttpResponse(not_permitted_msg) + if not check_permission(request, "change_" + model_name.lower(), item): + return HttpResponse(not_permitted_msg) + slug = model.SLUG + if model.SLUG == "site": + slug = "archaeologicalsite" url_slug = "modify-" + slug dct = { "page_name": str(_("Modify a %s" % model_name.lower())), |