summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--ishtar/furnitures/backend.py23
-rw-r--r--ishtar/furnitures/menus.py17
-rw-r--r--ishtar/furnitures/models.py61
-rw-r--r--ishtar/settings.py.example5
4 files changed, 88 insertions, 18 deletions
diff --git a/ishtar/furnitures/backend.py b/ishtar/furnitures/backend.py
index c9b8e2b23..d7d3384a8 100644
--- a/ishtar/furnitures/backend.py
+++ b/ishtar/furnitures/backend.py
@@ -23,6 +23,9 @@ Permission backend to manage "own" objects
from django.conf import settings
from django.contrib.auth.models import User
+from django.core.exceptions import ObjectDoesNotExist
+
+import models
class ObjectOwnPermBackend(object):
supports_object_permissions = True
@@ -32,18 +35,26 @@ class ObjectOwnPermBackend(object):
# managed by the default backend
return None
- def has_perm(self, user_obj, perm, obj=None):
+ def has_perm(self, user_obj, perm, model=None, obj=None):
if not user_obj.is_authenticated():
- user_obj = User.objects.get(pk=settings.ANONYMOUS_USER_ID)
-
- if obj is None:
- # managed by the default backend
+ return False
+ if not model:
+ # let it manage by the default backend
return False
try:
+ ishtar_user = models.IshtarUser.objects.get(user_ptr=user_obj)
+ except ObjectDoesNotExist:
+ return False
+ try:
# only manage "own" permissions
assert perm.split('.')[-1].split('_')[1] == 'own'
except (IndexError, AssertionError):
return False
-
+ if obj is None:
+ model_name = perm.split('_')[-1].capitalize()
+ if not hasattr(models, model_name):
+ return False
+ model = getattr(models, model_name)
+ return user_obj.has_perm(perm) and model.has_item_of(ishtar_user)
return user_obj.has_perm(perm) and obj.is_own(user_obj)
diff --git a/ishtar/furnitures/menus.py b/ishtar/furnitures/menus.py
index 2e15f6930..24086d3a3 100644
--- a/ishtar/furnitures/menus.py
+++ b/ishtar/furnitures/menus.py
@@ -23,6 +23,8 @@ Menus
from django.utils.translation import ugettext_lazy as _
+import models
+
class SectionItem:
def __init__(self, idx, label, childs=[]):
self.idx = idx
@@ -31,9 +33,10 @@ class SectionItem:
self.available = False
class MenuItem:
- def __init__(self, idx, label, access_controls=[]):
+ def __init__(self, idx, label, model=None, access_controls=[]):
self.idx = idx
self.label = label
+ self.model = model
self.access_controls = access_controls
self.available = False
@@ -41,7 +44,7 @@ class MenuItem:
if not self.access_controls:
return True
for access_control in self.access_controls:
- if user.has_perm('furnitures.' + access_control):
+ if user.has_perm('furnitures.' + access_control, self.model):
return True
return False
@@ -49,7 +52,7 @@ class MenuItem:
if not self.access_controls:
return True
for access_control in self.access_controls:
- if user.has_perm('furnitures.' + access_control, obj):
+ if user.has_perm('furnitures.' + access_control, self.model, obj):
return True
return False
@@ -61,26 +64,34 @@ class Menu:
SectionItem('administration', _(u"Administration"),
childs=[
MenuItem('person_creation', _(u"Person creation"),
+ model=models.Person,
access_controls=['add_person', 'add_own_person']),
MenuItem('person_modification', _(u"Person modification"),
+ model=models.Person,
access_controls=['change_person', 'change_own_person']),
MenuItem('account_management', _(u"Account management"),
+ model=models.IshtarUser,
access_controls=['add_ishtaruser',]),
]),
SectionItem('file_management', _(u"File management"),
childs=[
MenuItem('file_creation', _(u"File creation"),
+ model=models.File,
access_controls=['add_file', 'add_own_file']),
MenuItem('file_modification', _(u"File modification"),
+ model=models.File,
access_controls=['change_file', 'change_own_file']),
MenuItem('file_deletion', _(u"File deletion"),
+ model=models.File,
access_controls=['delete_file', 'delete_own_file']),
]),
SectionItem('operation_management', _(u"Operation management"),
childs=[
MenuItem('operation_creation', _(u"Operation creation"),
+ model=models.Operation,
access_controls=['add_operation', 'add_own_operation']),
MenuItem('operation_modification', _(u"Operation modification"),
+ model=models.Operation,
access_controls=['change_operation', 'change_own_operation']),
]),
]
diff --git a/ishtar/furnitures/models.py b/ishtar/furnitures/models.py
index 7687cb6f3..64c76822d 100644
--- a/ishtar/furnitures/models.py
+++ b/ishtar/furnitures/models.py
@@ -26,6 +26,7 @@ from django.core.exceptions import ObjectDoesNotExist, ValidationError
from django.core.validators import validate_slug
from django.utils.translation import ugettext_lazy as _, ugettext
from django.db.utils import DatabaseError
+from django.db.models import Q
from django.contrib.auth.models import User
from django.contrib.gis.db import models
@@ -58,8 +59,47 @@ class OwnPerms:
"""
Manage special permissions for object's owner
"""
+ @classmethod
+ def get_query_owns(cls, user):
+ """
+ Query object to get own items
+ """
+ return None # implement for each object
+
def is_own(self, user):
- return False
+ """
+ Check if the current object is owned by the user
+ """
+ query = self.get_query_owns(user)
+ if not query:
+ return False
+ query = query & Q(pk=self.pk)
+ return cls.objects.filter(query).count()
+
+
+ @classmethod
+ def has_item_of(cls, user):
+ """
+ Check if the user own some items
+ """
+ query = cls.get_query_owns(user)
+ if not query:
+ return False
+ return cls.objects.filter(query).count()
+
+ @classmethod
+ def get_owns(cls, user):
+ """
+ Get Own items
+ """
+ if isinstance(user, User):
+ user = IshtarUser.objects.get(user_ptr=user)
+ if user.is_anonymous():
+ return []
+ query = cls.get_query_owns(user)
+ if not query:
+ return []
+ return cls.objects.filter(query).order_by(*cls._meta.ordering).all()
class GeneralType(models.Model):
"""
@@ -266,6 +306,8 @@ class File(BaseHistorizedItem, OwnPerms):
("change_own_file", ugettext(u"Can change own Archaelogical file")),
("delete_own_file", ugettext(u"Can delete own Archaelogical file")),
)
+ ordering = ['-year', '-numeric_reference']
+
def __unicode__(self):
items = [unicode(_('Intercommunal'))]
if self.towns.count() == 1:
@@ -275,13 +317,6 @@ class File(BaseHistorizedItem, OwnPerms):
if getattr(self, k)]
return u" - ".join(items)
- @classmethod
- def get_owns(cls, user, order_by=['-year', '-numeric_reference']):
- if user.is_anonymous():
- return []
- return cls.objects.filter(history_modifier=user).order_by(*order_by
- ).all()
-
class OperationType(GeneralType):
class Meta:
verbose_name = _(u"Operation type")
@@ -332,13 +367,21 @@ class Operation(BaseHistorizedItem, OwnPerms):
if getattr(self, k)]
return u" - ".join(items)
+ def is_own(self, person):
+ return False
+
+ @classmethod
+ def get_query_owns(cls, user):
+ return Q(in_charge=user.person)|Q(history_modifier=user)
+
+ """
@classmethod
def get_owns(cls, user, order_by=['-year', '-operation_code']):
if user.is_anonymous():
return []
return cls.objects.filter(history_modifier=user).order_by(*order_by
).all()
-
+"""
class Parcel(LightHistorizedItem):
associated_file = models.ForeignKey(File, related_name='parcels',
blank=True, null=True, verbose_name=_(u"File"))
diff --git a/ishtar/settings.py.example b/ishtar/settings.py.example
index 4d8cbc8ff..23554fff7 100644
--- a/ishtar/settings.py.example
+++ b/ishtar/settings.py.example
@@ -102,6 +102,11 @@ TEMPLATE_DIRS = (
ROOT_PATH + 'templates',
)
+AUTHENTICATION_BACKENDS = (
+ 'django.contrib.auth.backends.ModelBackend',
+ 'furnitures.backend.ObjectOwnPermBackend',
+)
+
INSTALLED_APPS = (
'django.contrib.auth',
'django.contrib.contenttypes',
generated by cgit v1.2.3 (git 2.39.1) at 2025-10-31 19:48:55 +0000