Beispiel #1
0
    def __init__(self, extra_fields=None, *args, **kwargs):
        super(DetailForm, self).__init__(*args, **kwargs)
        if extra_fields:
            for extra_field in extra_fields:
                result = return_attrib(self.instance, extra_field['field'])
                label = 'label' in extra_field and extra_field['label'] or None
                #TODO: Add others result types <=> Field types
                if isinstance(result, models.query.QuerySet):
                    self.fields[
                        extra_field['field']] = forms.ModelMultipleChoiceField(
                            queryset=result, label=label)
                else:
                    self.fields[extra_field['field']] = forms.CharField(
                        label=extra_field['label'],
                        #initial=getattr(self.instance, extra_field['field'], None),
                        initial=return_attrib(self.instance,
                                              extra_field['field'], None),
                        widget=PlainWidget)

        for field_name, field in self.fields.items():
            if isinstance(field.widget, forms.widgets.SelectMultiple):
                self.fields[field_name].widget = DetailSelectMultiple(
                    choices=field.widget.choices,
                    attrs=field.widget.attrs,
                    queryset=getattr(field, 'queryset', None),
                )
                self.fields[field_name].help_text = ''
            elif isinstance(field.widget, forms.widgets.Select):
                self.fields[field_name].widget = DetailSelectMultiple(
                    choices=field.widget.choices,
                    attrs=field.widget.attrs,
                    queryset=getattr(field, 'queryset', None),
                )
                self.fields[field_name].help_text = ''
Beispiel #2
0
    def __init__(self, extra_fields=None, *args, **kwargs):
        super(DetailForm, self).__init__(*args, **kwargs)
        if extra_fields:
            for extra_field in extra_fields:
                result = return_attrib(self.instance, extra_field['field'])
                label = 'label' in extra_field and extra_field['label'] or None
                #TODO: Add others result types <=> Field types
                if isinstance(result, models.query.QuerySet):
                    self.fields[extra_field['field']]=forms.ModelMultipleChoiceField(queryset=result, label=label)
                else:
                    self.fields[extra_field['field']]=forms.CharField(
                        label=extra_field['label'],
                        #initial=getattr(self.instance, extra_field['field'], None),
                        initial=return_attrib(self.instance, extra_field['field'], None),
                        widget=PlainWidget)

        for field_name, field in self.fields.items():
            if isinstance(field.widget, forms.widgets.SelectMultiple):
                self.fields[field_name].widget = DetailSelectMultiple(
                    choices=field.widget.choices,
                    attrs=field.widget.attrs,
                    queryset=getattr(field, 'queryset', None),
                )
                self.fields[field_name].help_text=''
            elif isinstance(field.widget, forms.widgets.Select):
                self.fields[field_name].widget = DetailSelectMultiple(
                    choices=field.widget.choices,
                    attrs=field.widget.attrs,
                    queryset=getattr(field, 'queryset', None),
                )
                self.fields[field_name].help_text=''
Beispiel #3
0
    def resolve(self, context):
        if self.attribute:
            result = return_attrib(context['object'], self.attribute)
        elif self.func:
            result = self.func(context=context)

        return result
Beispiel #4
0
    def get_inherited_permissions(self, role, obj):
        try:
            instance = obj.first()
        except AttributeError:
            instance = obj
        else:
            if not instance:
                return StoredPermission.objects.none()

        try:
            parent_accessor = ModelPermission.get_inheritance(type(instance))
        except KeyError:
            return StoredPermission.objects.none()
        else:
            try:
                parent_object = return_attrib(
                    obj=instance, attrib=parent_accessor
                )
            except AttributeError:
                # Parent accessor is not an attribute, try it as a related
                # field.
                parent_object = return_related(
                    instance=instance, related_field=parent_accessor
                )
            content_type = ContentType.objects.get_for_model(parent_object)
            try:
                return self.get(
                    role=role, content_type=content_type,
                    object_id=parent_object.pk
                ).permissions.all()
            except self.model.DoesNotExist:
                return StoredPermission.objects.none()
Beispiel #5
0
    def resolve(self, context):
        if self.attribute:
            result = return_attrib(context['object'], self.attribute)
        elif self.func:
            result = self.func(context=context)

        return result
Beispiel #6
0
    def get_inherited_permissions(self, role, obj):
        try:
            instance = obj.first()
        except AttributeError:
            instance = obj
        else:
            if not instance:
                return StoredPermission.objects.none()

        try:
            parent_accessor = ModelPermission.get_inheritance(type(instance))
        except KeyError:
            return StoredPermission.objects.none()
        else:
            try:
                parent_object = return_attrib(
                    obj=instance, attrib=parent_accessor
                )
            except AttributeError:
                # Parent accessor is not an attribute, try it as a related
                # field.
                parent_object = return_related(
                    instance=instance, related_field=parent_accessor
                )
            content_type = ContentType.objects.get_for_model(parent_object)
            try:
                return self.get(
                    role=role, content_type=content_type,
                    object_id=parent_object.pk
                ).permissions.all()
            except self.model.DoesNotExist:
                return StoredPermission.objects.none()
Beispiel #7
0
    def check_access(self, permissions, user, obj, related=None):
        if user.is_superuser or user.is_staff:
            logger.debug(
                'Permissions "%s" on "%s" granted to user "%s" as superuser or staff',
                permissions, obj, user)
            return True

        try:
            stored_permissions = [
                permission.stored_permission for permission in permissions
            ]
        except TypeError:
            # Not a list of permissions, just one
            stored_permissions = [permissions.stored_permission]

        if related:
            obj = return_attrib(obj, related)

        try:
            parent_accessor = ModelPermission.get_inheritance(obj._meta.model)
        except KeyError:
            pass
        else:
            try:
                return self.check_access(permissions, user,
                                         getattr(obj, parent_accessor))
            except PermissionDenied:
                pass

        user_roles = []
        for group in user.groups.all():
            for role in group.roles.all():
                if set(stored_permissions).intersection(
                        set(self.get_inherited_permissions(role=role,
                                                           obj=obj))):
                    logger.debug(
                        'Permissions "%s" on "%s" granted to user "%s" through role "%s" via inherited ACL',
                        permissions, obj, user, role)
                    return True

                user_roles.append(role)

        if not self.filter(content_type=ContentType.objects.get_for_model(obj),
                           object_id=obj.pk,
                           permissions__in=stored_permissions,
                           role__in=user_roles).exists():
            logger.debug('Permissions "%s" on "%s" denied for user "%s"',
                         permissions, obj, user)
            raise PermissionDenied(ugettext('Insufficient access.'))
        logger.debug(
            'Permissions "%s" on "%s" granted to user "%s" through roles "%s" by direct ACL',
            permissions, obj, user, user_roles)
Beispiel #8
0
    def check_access(self, permissions, user, obj, related=None):
        if user.is_superuser or user.is_staff:
            logger.debug(
                'Permissions "%s" on "%s" granted to user "%s" as superuser '
                'or staff', permissions, obj, user
            )
            return True

        try:
            return Permission.check_permissions(
                requester=user, permissions=permissions
            )
        except PermissionDenied:
            try:
                stored_permissions = [
                    permission.stored_permission for permission in permissions
                ]
            except TypeError:
                # Not a list of permissions, just one
                stored_permissions = (permissions.stored_permission,)

            if related:
                obj = return_attrib(obj, related)

            try:
                parent_accessor = ModelPermission.get_inheritance(
                    model=obj._meta.model
                )
            except AttributeError:
                # AttributeError means non model objects: ie Statistics
                # These can't have ACLs so we raise PermissionDenied
                raise PermissionDenied(_('Insufficient access for: %s') % obj)
            except KeyError:
                pass
            else:
                try:
                    return self.check_access(
                        obj=getattr(obj, parent_accessor),
                        permissions=permissions, user=user
                    )
                except AttributeError:
                    # Has no such attribute, try it as a related field
                    try:
                        return self.check_access(
                            obj=return_related(
                                instance=obj, related_field=parent_accessor
                            ), permissions=permissions, user=user
                        )
                    except PermissionDenied:
                        pass
                except PermissionDenied:
                    pass

            user_roles = []
            for group in user.groups.all():
                for role in group.roles.all():
                    if set(stored_permissions).intersection(set(self.get_inherited_permissions(role=role, obj=obj))):
                        logger.debug(
                            'Permissions "%s" on "%s" granted to user "%s" through role "%s" via inherited ACL',
                            permissions, obj, user, role
                        )
                        return True

                    user_roles.append(role)

            if not self.filter(content_type=ContentType.objects.get_for_model(obj), object_id=obj.pk, permissions__in=stored_permissions, role__in=user_roles).exists():
                logger.debug(
                    'Permissions "%s" on "%s" denied for user "%s"',
                    permissions, obj, user
                )
                raise PermissionDenied(ugettext('Insufficient access for: %s') % obj)

            logger.debug(
                'Permissions "%s" on "%s" granted to user "%s" through roles "%s" by direct ACL',
                permissions, obj, user, user_roles
            )
Beispiel #9
0
def get_encoded_parameter(item, parameters_dict):
    result = {}
    for attrib_name, attrib in parameters_dict.items():
        result[attrib_name] = return_attrib(item, attrib)
    return dumps(result)
Beispiel #10
0
    def check_access(self, permissions, user, obj, related=None):
        if user.is_superuser or user.is_staff:
            logger.debug(
                'Permissions "%s" on "%s" granted to user "%s" as superuser '
                'or staff', permissions, obj, user
            )
            return True

        try:
            return Permission.check_permissions(
                requester=user, permissions=permissions
            )
        except PermissionDenied:
            try:
                stored_permissions = [
                    permission.stored_permission for permission in permissions
                ]
            except TypeError:
                # Not a list of permissions, just one
                stored_permissions = (permissions.stored_permission,)

            if related:
                obj = return_attrib(obj, related)

            try:
                parent_accessor = ModelPermission.get_inheritance(
                    model=obj._meta.model
                )
            except AttributeError:
                # AttributeError means non model objects: ie Statistics
                # These can't have ACLs so we raise PermissionDenied

                # Force object to text to avoid UnicodeDecodeError
                raise PermissionDenied(
                    ugettext('Insufficient access for: %s') % force_text(obj)
                )
            except KeyError:
                pass
            else:
                try:
                    return self.check_access(
                        obj=getattr(obj, parent_accessor),
                        permissions=permissions, user=user
                    )
                except AttributeError:
                    # Has no such attribute, try it as a related field
                    try:
                        return self.check_access(
                            obj=return_related(
                                instance=obj, related_field=parent_accessor
                            ), permissions=permissions, user=user
                        )
                    except PermissionDenied:
                        pass
                except PermissionDenied:
                    pass

            user_roles = []
            for group in user.groups.all():
                for role in group.roles.all():
                    if set(stored_permissions).intersection(set(self.get_inherited_permissions(role=role, obj=obj))):
                        logger.debug(
                            'Permissions "%s" on "%s" granted to user "%s" through role "%s" via inherited ACL',
                            permissions, obj, user, role
                        )
                        return True

                    user_roles.append(role)

            if not self.filter(content_type=ContentType.objects.get_for_model(obj), object_id=obj.pk, permissions__in=stored_permissions, role__in=user_roles).exists():
                logger.debug(
                    'Permissions "%s" on "%s" denied for user "%s"',
                    permissions, obj, user
                )
                raise PermissionDenied(
                    ugettext('Insufficient access for: %s') % force_text(obj)
                )

            logger.debug(
                'Permissions "%s" on "%s" granted to user "%s" through roles "%s" by direct ACL',
                permissions, obj, user, user_roles
            )
Beispiel #11
0
def object_property(value, arg):
    return return_attrib(value, arg)