1 files changed, 62 insertions, 0 deletions
diff --git a/ishtar/ishtar_base/backend.py b/ishtar/ishtar_base/backend.py
new file mode 100644
index 000000000..f50edd708
--- /dev/null
+++ b/ishtar/ishtar_base/backend.py
@@ -0,0 +1,62 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+# Copyright (C) 2010-2011 Étienne Loks  <etienne.loks_AT_peacefrogsDOTnet>
+
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as
+# published by the Free Software Foundation, either version 3 of the
+# License, or (at your option) any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+
+# You should have received a copy of the GNU Affero General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+# See the file COPYING for details.
+
+"""
+Permission backend to manage "own" objects
+"""
+
+from django.conf import settings
+from django.contrib.auth.models import User
+from django.core.exceptions import ObjectDoesNotExist
+
+import models
+
+class ObjectOwnPermBackend(object):
+    supports_object_permissions = True
+    supports_anonymous_user = True
+
+    def authenticate(self, username, password):
+        # managed by the default backend
+        return None
+
+    def has_perm(self, user_obj, perm, model=None, obj=None):
+        if not user_obj.is_authenticated():
+            return False
+        if not model:
+            # let it manage by the default backend
+            return False
+        try:
+            ishtar_user = models.IshtarUser.objects.get(user_ptr=user_obj)
+        except ObjectDoesNotExist:
+            return False
+        try:
+            # only manage "own" permissions
+            assert perm.split('.')[-1].split('_')[1] == 'own'
+        except (IndexError, AssertionError):
+            return False
+        if ishtar_user.person.person_type \
+           == models.PersonType.objects.get(txt_idx="administrator"):
+            return True
+        if obj is None:
+            model_name = perm.split('_')[-1].capitalize()
+            if not hasattr(models, model_name):
+                return False
+            model = getattr(models, model_name)
+            return user_obj.has_perm(perm) and model.has_item_of(ishtar_user)
+        return user_obj.has_perm(perm) and obj.is_own(user_obj)