#!/usr/bin/env python3 # -*- coding: utf-8 -*- # Copyright (C) 2010-2017 Étienne Loks # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU Affero General Public License as # published by the Free Software Foundation, either version 3 of the # License, or (at your option) any later version. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Affero General Public License for more details. # You should have received a copy of the GNU Affero General Public License # along with this program. If not, see . # See the file COPYING for details. """ Permission backend to manage "own" objects """ from django.contrib.auth.backends import ModelBackend from django.core.exceptions import ObjectDoesNotExist from django.apps import apps from . import models class ObjectPermBackend(ModelBackend): supports_object_permissions = True supports_anonymous_user = True def has_perm(self, user_obj, perm, model=None, obj=None, session=None): if not user_obj.is_authenticated(): return False if not model: # let it manage by the default backend return super(ObjectPermBackend, self).has_perm( user_obj=user_obj, perm=perm, obj=obj ) try: ishtar_user = models.IshtarUser.objects.get(user_ptr=user_obj) except ObjectDoesNotExist: return False try: is_ownperm = perm.split(".")[-1].split("_")[1] == "own" except IndexError: is_ownperm = False if ishtar_user.has_right("administrator", session=session): return True main_right = ishtar_user.person.has_right( perm, session=session ) or user_obj.has_perm(perm) if not main_right or not is_ownperm: return main_right if obj is None: model_name = perm.split("_")[-1].lower() model = None for modl in apps.get_models(): if modl.__name__.lower() == model_name: model = modl if not model: return False return not is_ownperm or model.has_item_of(ishtar_user) return not is_ownperm or obj.is_own(user_obj)