#!/usr/bin/env python # -*- coding: utf-8 -*- # Copyright (C) 2010-2011 Étienne Loks # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU Affero General Public License as # published by the Free Software Foundation, either version 3 of the # License, or (at your option) any later version. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Affero General Public License for more details. # You should have received a copy of the GNU Affero General Public License # along with this program. If not, see . # See the file COPYING for details. """ Permission backend to manage "own" objects """ from django.conf import settings from django.contrib.auth.models import User from django.core.exceptions import ObjectDoesNotExist import models class ObjectOwnPermBackend(object): supports_object_permissions = True supports_anonymous_user = True def authenticate(self, username, password): # managed by the default backend return None def has_perm(self, user_obj, perm, model=None, obj=None): if not user_obj.is_authenticated(): return False if not model: # let it manage by the default backend return False try: ishtar_user = models.IshtarUser.objects.get(user_ptr=user_obj) except ObjectDoesNotExist: return False try: # only manage "own" permissions assert perm.split('.')[-1].split('_')[1] == 'own' except (IndexError, AssertionError): return False if ishtar_user.person.person_type \ == models.PersonType.objects.get(txt_idx="administrator"): return True if obj is None: model_name = perm.split('_')[-1].capitalize() if not hasattr(models, model_name): return False model = getattr(models, model_name) return user_obj.has_perm(perm) and model.has_item_of(ishtar_user) return user_obj.has_perm(perm) and obj.is_own(user_obj)