def has_change_permission(self, request, obj=None):
"""
Returns True if the given request has permission to change the given
Django model instance.
If `obj` is None, this should return True if the given request has
permission to change *any* object of the given type.
If request is GET type, at least view_permission is needed. In case
of POST request change permission is needed.
"""
cfield = model_category_fk_value(obj)
if obj is None or not cfield:
if request.method == 'POST':
return super(NewmanModelAdmin,
self).has_change_permission(request, obj)
else:
return self.has_model_view_permission(request, obj)
opts = self.opts
change_perm = '%s.%s' % (opts.app_label, opts.get_change_permission())
view_perm = '%s.view_%s' % (opts.app_label, opts.object_name.lower())
can_view = has_category_permission(request.user, cfield, view_perm)
can_change = has_category_permission(request.user, cfield, change_perm)
if request.method == 'POST' and can_change:
return True
elif request.method == 'GET' and (can_view or can_change):
return True
return False
def has_change_permission(self, request, obj=None):
"""
Returns True if the given request has permission to change the given
Django model instance.
If `obj` is None, this should return True if the given request has
permission to change *any* object of the given type.
If request is GET type, at least view_permission is needed. In case
of POST request change permission is needed.
"""
cfield = model_category_fk_value(obj)
if obj is None or not cfield:
if request.method == 'POST':
return super(NewmanModelAdmin, self).has_change_permission(request, obj)
else:
return self.has_model_view_permission(request, obj)
opts = self.opts
change_perm = '%s.%s' % ( opts.app_label, opts.get_change_permission() )
view_perm = '%s.view_%s' % ( opts.app_label, opts.object_name.lower() )
can_view = has_category_permission( request.user, cfield, view_perm )
can_change = has_category_permission( request.user, cfield, change_perm )
if request.method == 'POST' and can_change:
return True
elif request.method == 'GET' and (can_view or can_change):
return True
return False
def get_queryset(self):
# Avoid a circular import.
from django.contrib.contenttypes.models import ContentType
user = self.form._magic_user
if self.instance is None:
return self.model._default_manager.empty()
out = self.model._default_manager.filter(**{
self.ct_field.name: ContentType.objects.get_for_model(self.instance),
self.ct_fk_field.name: self.instance.pk,
})
if user.is_superuser:
return out
# filtering -- view permitted categories only
cfield = model_category_fk_value(self.model)
if not cfield:
return out
# self.instance .. Article, self.model .. Placement (in GenericInlineFormSet for Placement Inline)
view_perm = get_permission('view', self.model)
change_perm = get_permission('change', self.model)
perms = (view_perm, change_perm,)
qs = permission_filtered_model_qs(out, user, perms)
qs = utils.user_category_filter(qs, user)
return qs
def test_model_category_fk_value_parent_category_value(self):
tools.assert_equals(self.nested_first_level, model_category_fk_value(self.nested_second_level))
def test_model_category_fk_value_parent_category_value(self):
tools.assert_equals(self.nested_first_level,
model_category_fk_value(self.nested_second_level))
