From 42c142e549a2890fcf18aba3049ca713b848d02e Mon Sep 17 00:00:00 2001
From: Étienne Loks <etienne.loks@peacefrogs.net>
Date: Thu, 17 Oct 2013 20:53:11 +0200
Subject: Fix permission management

* improve ObjectPermBackend
* change permission right from wizard to groups
* remove default to administrator
* add default data for french person_types
---
 ishtar_common/backend.py | 26 +++++++++++++++++---------
 1 file changed, 17 insertions(+), 9 deletions(-)

(limited to 'ishtar_common/backend.py')

diff --git a/ishtar_common/backend.py b/ishtar_common/backend.py
index 297c96180..7ebdab221 100644
--- a/ishtar_common/backend.py
+++ b/ishtar_common/backend.py
@@ -24,10 +24,11 @@ Permission backend to manage "own" objects
 from django.conf import settings
 from django.contrib.auth.models import User
 from django.core.exceptions import ObjectDoesNotExist
+from django.db.models.loading import cache
 
 import models
 
-class ObjectOwnPermBackend(object):
+class ObjectPermBackend(object):
     supports_object_permissions = True
     supports_anonymous_user = True
 
@@ -46,16 +47,23 @@ class ObjectOwnPermBackend(object):
         except ObjectDoesNotExist:
             return False
         try:
-            # only manage "own" permissions
-            assert perm.split('.')[-1].split('_')[1] == 'own'
-        except (IndexError, AssertionError):
-            return False
+            is_ownperm = perm.split('.')[-1].split('_')[1] == 'own'
+        except IndexError:
+            is_ownperm = False
         if ishtar_user.has_right('administrator'):
             return True
+        main_right = ishtar_user.person.has_right(perm) \
+                           or user_obj.has_perm(perm)
+        if not main_right or not is_ownperm:
+            return main_right
         if obj is None:
             model_name = perm.split('_')[-1].capitalize()
-            if not hasattr(models, model_name):
+            model = None
+            for app in cache.get_apps():
+                for modl in cache.get_models(app):
+                    if modl.__name__ == model_name:
+                        model = modl
+            if not model:
                 return False
-            model = getattr(models, model_name)
-            return user_obj.has_perm(perm) and model.has_item_of(ishtar_user)
-        return user_obj.has_perm(perm) and obj.is_own(user_obj)
+            return not is_ownperm or model.has_item_of(ishtar_user)
+        return not is_ownperm or obj.is_own(user_obj)
-- 
cgit v1.2.3