def objecttoolbar(context, obj): request = context['request'] context['action'] = request.action if request.action == 'insert': context['new'] = True context['has_access'] = request.user.is_authenticated and has_access(request.user, 'insert', location=obj.parent.direct_cast()) else: context['has_access'] = request.user.is_authenticated and has_access(request.user, 'edit', location=obj.direct_cast()) context['tabs'] = [(u'view',u'Просмотр'),(u'content',u'Содeржимое'),(u'edit',u'Правка'),\ (u'extra',u'Дополнительно'),(u'metadata',u'Метаданные')] if obj.type in ('News', 'Page') and not obj.view_template: context['tabs'].append((u'template_conf', u'Настройка шаблона')) if request.user.is_superuser or u'Owner' in [x.name for x in request.user.groups.all()]: context['tabs'].append((u'configuration',u'Конфигурация')) return context
def moderation(request): if not has_access(request.user, 'can_moderate'): raise Http403(u'Недостаточно прав для модерации комментариев.') context = {} context['comments'] = Comment.objects.filter(is_public=False, is_remove=False) return context
def get_available_states(self, object): """ возвращает список доступных переходов """ from rights import has_access q = StateTransform.objects.filter(from_state=self) if not has_access(get_current_user(),'reviewing'): q = [x for x in q if not x.to_state.name in [u'опубликованный', u'на главной']] return [{'url': x.slug, 'name':x.to_state.name} for x in q]
def get_actions(request): res = [{ 'name': act['verbose_name'], 'url': act['url'] } for act in REGISTRUM['actions'].values() if act['category'] == 'workspace' and has_access(request.user, 'portal_%s' % act['funcname'])] return res
def moderation_action(request, action): if not has_access(request.user, 'can_moderate'): raise Http403(u'Недостаточно прав для модерации комментариев.') comment_id = request.POST.get('comment_id') comment = Comment.objects.get(id=comment_id) return { 'publish': comment.publish, 'remove': comment.remove }[action](request.user)
def get_available_states(self, object): """ возвращает список доступных переходов """ from rights import has_access q = StateTransform.objects.filter(from_state=self) if not has_access(get_current_user(), 'reviewing'): q = [ x for x in q if not x.to_state.name in [u'опубликованный', u'на главной'] ] return [{'url': x.slug, 'name': x.to_state.name} for x in q]
def objecttoolbar(context, obj): request = context['request'] context['action'] = request.action if request.action == 'insert': context['new'] = True context['has_access'] = request.user.is_authenticated and has_access( request.user, 'insert', location=obj.parent.direct_cast()) else: context['has_access'] = request.user.is_authenticated and has_access( request.user, 'edit', location=obj.direct_cast()) context['tabs'] = [(u'view',u'Просмотр'),(u'content',u'Содeржимое'),(u'edit',u'Правка'),\ (u'extra',u'Дополнительно'),(u'metadata',u'Метаданные')] if obj.type in ('News', 'Page') and not obj.view_template: context['tabs'].append( (u'template_conf', u'Настройка шаблона')) if request.user.is_superuser or u'Owner' in [ x.name for x in request.user.groups.all() ]: context['tabs'].append((u'configuration', u'Конфигурация')) return context
def get_available_types(request): from core.views import get_object_by_url from django.contrib.auth.models import Permission from django.contrib.contenttypes.models import ContentType available_types = [] for type in REGISTRUM['workspace'].values(): obj = get_object_by_url(type['default_place']) content_type = ContentType.objects.get_for_model(REGISTRUM['types'][type['type']]['cls']) permission = Permission.objects.get(codename='insert', content_type=content_type) if has_access(request.user, permission, obj): available_types.append(type) return available_types
def insert(self, request): from rights import check_permission, has_access from django.contrib.auth.models import Permission from django.contrib.contenttypes.models import ContentType from core import types cls = getattr(types, request.GET['type']) content_type = ContentType.objects.get_for_model(cls) permission = Permission.objects.get(codename='insert', content_type=content_type) if not has_access(request.user, permission, self): raise Http403 if not self.isContainable: raise Exception(u'В данном объекте не возможно создавать другие объекты') return cls._create(request=request, parent=self)
def get_available_types(request): from core.views import get_object_by_url from django.contrib.auth.models import Permission from django.contrib.contenttypes.models import ContentType available_types = [] for type in REGISTRUM['workspace'].values(): obj = get_object_by_url(type['default_place']) content_type = ContentType.objects.get_for_model( REGISTRUM['types'][type['type']]['cls']) permission = Permission.objects.get(codename='insert', content_type=content_type) if has_access(request.user, permission, obj): available_types.append(type) return available_types
def insert(self, request): from rights import check_permission, has_access from django.contrib.auth.models import Permission from django.contrib.contenttypes.models import ContentType from core import types cls = getattr(types, request.GET['type']) content_type = ContentType.objects.get_for_model(cls) permission = Permission.objects.get(codename='insert', content_type=content_type) if not has_access(request.user, permission, self): raise Http403 if not self.isContainable: raise Exception( u'В данном объекте не возможно создавать другие объекты') return cls._create(request=request, parent=self)
def call(*cargs, **ckw): request = ckw.get('request') or cargs[0] if not has_access(request.user, 'portal_%s'%fn.__name__): raise Http403 return fn(*cargs, **ckw)
def call(*args, **kw): location = args[0] request = kw.get('request') or args[1] if check_access and location.id and not has_access(request.user, fn.__name__, location): raise Http403 return fn(*args, **kw)
def moderation_action(request, action): if not has_access(request.user, 'can_moderate'): raise Http403(u'Недостаточно прав для модерации комментариев.') comment_id = request.POST.get('comment_id') comment = Comment.objects.get(id=comment_id) return {'publish': comment.publish, 'remove': comment.remove}[action](request.user)
def get_actions(request): res = [{'name': act['verbose_name'], 'url': act['url']} for act in REGISTRUM['actions'].values() if act['category'] == 'workspace' and has_access(request.user, 'portal_%s'%act['funcname'])] return res