summaryrefslogtreecommitdiff
path: root/ishtar_common/backend.py
diff options
context:
space:
mode:
Diffstat (limited to 'ishtar_common/backend.py')
-rw-r--r--ishtar_common/backend.py26
1 files changed, 17 insertions, 9 deletions
diff --git a/ishtar_common/backend.py b/ishtar_common/backend.py
index 297c96180..7ebdab221 100644
--- a/ishtar_common/backend.py
+++ b/ishtar_common/backend.py
@@ -24,10 +24,11 @@ Permission backend to manage "own" objects
from django.conf import settings
from django.contrib.auth.models import User
from django.core.exceptions import ObjectDoesNotExist
+from django.db.models.loading import cache
import models
-class ObjectOwnPermBackend(object):
+class ObjectPermBackend(object):
supports_object_permissions = True
supports_anonymous_user = True
@@ -46,16 +47,23 @@ class ObjectOwnPermBackend(object):
except ObjectDoesNotExist:
return False
try:
- # only manage "own" permissions
- assert perm.split('.')[-1].split('_')[1] == 'own'
- except (IndexError, AssertionError):
- return False
+ is_ownperm = perm.split('.')[-1].split('_')[1] == 'own'
+ except IndexError:
+ is_ownperm = False
if ishtar_user.has_right('administrator'):
return True
+ main_right = ishtar_user.person.has_right(perm) \
+ or user_obj.has_perm(perm)
+ if not main_right or not is_ownperm:
+ return main_right
if obj is None:
model_name = perm.split('_')[-1].capitalize()
- if not hasattr(models, model_name):
+ model = None
+ for app in cache.get_apps():
+ for modl in cache.get_models(app):
+ if modl.__name__ == model_name:
+ model = modl
+ if not model:
return False
- model = getattr(models, model_name)
- return user_obj.has_perm(perm) and model.has_item_of(ishtar_user)
- return user_obj.has_perm(perm) and obj.is_own(user_obj)
+ return not is_ownperm or model.has_item_of(ishtar_user)
+ return not is_ownperm or obj.is_own(user_obj)
generated by cgit v1.2.3 (git 2.39.1) at 2025-10-16 22:54:56 +0000