Beispiel #1
0
def is_app_admin(user, obj):
    """
    Check whether `user` is an admin for either;
    - the `obj` `App`
    - the `app` of the `obj` `AppS3Bucket`
    - the `app` of the `obj` `UserApp`

    :param user User: The user to check
    :param obj App|AppS3Bucket|UserApp: The object to check
    """
    if obj is None:
        return True

    if is_superuser(user):
        return True

    if isinstance(obj, App):
        return user in obj.admins

    if isinstance(obj, AppS3Bucket):
        return is_app_admin(user, obj.app)

    if isinstance(obj, UserApp):
        return obj.is_admin

    # XXX raise exception?
    return False
Beispiel #2
0
 def __call__(self, domain_name):
     """Validates if a not authorised user tries to subdomain a domain she
     can't edit"""
     user = get_current_user()
     if rules.is_superuser(user):
         return domain_name
     domain_bits = domain_name.split('.')
     for i in range(-len(domain_bits), 0):
         super_domain = '.'.join(domain_bits[i:])
         try:
             super_domain = Domain.objects.get(name=super_domain)
         except Domain.DoesNotExist:
             continue
         if can_edit(user, super_domain):
             # ALLOW - this user owns a superdomain
             return domain_name
         else:
             # DENY - this user doesn't own a superdomain
             raise ValidationError(
                 "You don't have a permission to create a subdomain in {}".
                 format(super_domain))
     # Fallthrough - ALLOW - we don't manage any superdomain
     return domain_name
Beispiel #3
0
 def __call__(self, domain_name):
     """Validates if a not authorised user tries to subdomain a domain she
     can't edit"""
     user = get_current_user()
     if rules.is_superuser(user):
         return domain_name
     domain_bits = domain_name.split('.')
     for i in range(-len(domain_bits), 0):
         super_domain = '.'.join(domain_bits[i:])
         try:
             super_domain = Domain.objects.get(name=super_domain)
         except Domain.DoesNotExist:
             continue
         if can_edit(user, super_domain):
             # ALLOW - this user owns a superdomain
             return domain_name
         else:
             # DENY - this user doesn't own a superdomain
             raise ValidationError(
                 "You don't have a permission to create a subdomain in {}".
                 format(super_domain)
             )
     # Fallthrough - ALLOW - we don't manage any superdomain
     return domain_name
Beispiel #4
0
 def get_related_filter(self, model, request):
     return super(OwnedAdmin, self).get_related_filter(model, request)
     user = request.user
     if not issubclass(model, Owned) or rules.is_superuser(user):
         return super(OwnedAdmin, self).get_related_filter(model, request)
     return models.Q(owner=user)