summaryrefslogtreecommitdiff
path: root/ishtar_common/models.py
diff options
context:
space:
mode:
Diffstat (limited to 'ishtar_common/models.py')
-rw-r--r--ishtar_common/models.py38
1 files changed, 38 insertions, 0 deletions
diff --git a/ishtar_common/models.py b/ishtar_common/models.py
index 44bc138eb..77b4ed335 100644
--- a/ishtar_common/models.py
+++ b/ishtar_common/models.py
@@ -90,6 +90,44 @@ def post_save_user(sender, **kwargs):
post_save.connect(post_save_user, sender=User)
+def check_model_access_control(request, model, available_perms=None):
+ """
+ Check access control to a model for a specific request
+
+ :param request: the current request
+ :param model: the concerned model
+ :param available_perms: specific permissions to check if not specified
+ "view" and "view_own" will be checked
+ :return: (allowed, own) tuple
+ """
+ own = True # more restrictive by default
+ allowed = False
+ if not request.user.is_authenticated():
+ return allowed, own
+
+ if not available_perms:
+ available_perms = ['view_' + model.__name__.lower(),
+ 'view_own_' + model.__name__.lower()]
+ if request.user.ishtaruser.has_right('administrator',
+ session=request.session):
+ allowed = True
+ own = False
+ return allowed, own
+ for perm, lbl in model._meta.permissions:
+ if perm not in available_perms:
+ continue
+ cperm = model._meta.app_label + '.' + perm
+ if request.user.has_perm(cperm) \
+ or cperm in request.user.get_all_permissions() \
+ or request.user.ishtaruser.has_right(
+ perm, session=request.session):
+ allowed = True
+ if "_own_" not in perm:
+ own = False
+ break # max right reach
+ return allowed, own
+
+
class Imported(models.Model):
imports = models.ManyToManyField(
'Import', blank=True, null=True,
generated by cgit v1.2.3 (git 2.39.1) at 2025-10-16 22:37:11 +0000