Ejemplo n.º 1
0
 def has_add_permission(self, request):
     """
     Return true if the current user has permission to add a new page.
     """
     if settings.CMS_PERMISSION:
         return has_page_add_permission(request)
     return super(PageAdmin, self).has_add_permission(request)
Ejemplo n.º 2
0
 def test_has_page_add_permission_with_target(self):
     page = create_page('Test', 'nav_playground.html', 'en')
     user = self._create_user('user')
     request = RequestFactory().get('/', data={'target': page.pk})
     request.user = user
     has_perm = has_page_add_permission(request)
     self.assertFalse(has_perm)
Ejemplo n.º 3
0
 def has_add_permission(self, request):
     """
     Return true if the current user has permission to add a new page.
     """
     if settings.CMS_PERMISSION:
         return has_page_add_permission(request)
     return super(PageAdmin, self).has_add_permission(request)
Ejemplo n.º 4
0
def render_admin_menu_item(request, page, template=None):
    """
    Renders requested page item for the tree. This is used in case when item
    must be reloaded over ajax.
    """
    if not template:
        template = "admin/cms/page/menu_item.html"

    if not page.pk:
        return HttpResponse(NOT_FOUND_RESPONSE) # Not found - tree will remove item
        
    # languages
    languages = []
    if page.site_id in settings.CMS_SITE_LANGUAGES:
        languages = settings.CMS_SITE_LANGUAGES[page.site_id]
    else:
        languages = [x[0] for x in settings.CMS_LANGUAGES]
    
    context = RequestContext(request, {
        'has_add_permission': permissions.has_page_add_permission(request),
        'site_languages': languages,
    })
    
    filtered = 'filtered' in request.REQUEST
    context.update(get_admin_menu_item_context(request, page, filtered))
    # add mimetype to help out IE
    return render_to_response(template, context, mimetype="text/html; charset=utf-8")
Ejemplo n.º 5
0
def render_admin_menu_item(request, page):
    """Renders requested page item for the tree. This is used in case when item
    must be reloaded over ajax.
    """

    if not page.pk:
        return HttpResponse(
            NOT_FOUND_RESPONSE)  # Not found - tree will remove item

    # languages
    languages = []
    if page.site_id in settings.CMS_SITE_LANGUAGES:
        languages = settings.CMS_SITE_LANGUAGES[page.site_id]
    else:
        languages = [x[0] for x in settings.CMS_LANGUAGES]

    context = RequestContext(
        request, {
            'has_add_permission': has_page_add_permission(request),
            'site_languages': languages,
        })

    filtered = 'filtered' in request.REQUEST
    context.update(get_admin_menu_item_context(request, page, filtered))
    return render_to_response('admin/cms/page/menu_item.html', context)
Ejemplo n.º 6
0
def render_admin_menu_item(request, page, template=None, language=None):
    """
    Renders requested page item for the tree. This is used in case when item
    must be reloaded over ajax.
    """
    if not template:
        template = "admin/cms/page/tree/menu_fragment.html"

    if not page.pk:
        return HttpResponse(NOT_FOUND_RESPONSE) # Not found - tree will remove item

    # languages
    from cms.utils import permissions
    languages = get_language_list(page.site_id)
    context = RequestContext(request, {
        'has_add_permission': permissions.has_page_add_permission(request),
        'site_languages': languages,
    })

    filtered = 'filtered' in request.REQUEST
    context.update(get_admin_menu_item_context(request, page, filtered, language))
    # add mimetype to help out IE
    if DJANGO_1_4:
        return render_to_response(template, context, mimetype="text/html; charset=utf-8")
    else:
        return render_to_response(template, context, content_type="text/html; charset=utf-8")
Ejemplo n.º 7
0
def render_admin_menu_item(request, page, template=None):
    """
    Renders requested page item for the tree. This is used in case when item
    must be reloaded over ajax.
    """
    if not template:
        template = "admin/cms/page/menu_fragment.html"

    if not page.pk:
        return HttpResponse(
            NOT_FOUND_RESPONSE)  # Not found - tree will remove item

    # languages
    languages = get_language_list(page.site_id)
    context = RequestContext(
        request, {
            'has_add_permission': permissions.has_page_add_permission(request),
            'site_languages': languages,
        })

    filtered = 'filtered' in request.REQUEST
    context.update(get_admin_menu_item_context(request, page, filtered))
    # add mimetype to help out IE
    return render_to_response(template,
                              context,
                              mimetype="text/html; charset=utf-8")
Ejemplo n.º 8
0
 def user_has_add_permission(self, user, page=None, **kwargs):
     if not page or not page.site_id:
         site = Site.objects.get_current()
     else:
         site = Site.objects.get(pk=page.site_id)
     return permissions.has_page_add_permission(
         user, page, position="right", site=site)
Ejemplo n.º 9
0
 def user_has_add_permission(self, user, page=None, **kwargs):
     if not page or not page.site_id:
         site = Site.objects.get_current()
     else:
         site = Site.objects.get(pk=page.site_id)
     return permissions.has_page_add_permission(user,
                                                page,
                                                position="right",
                                                site=site)
Ejemplo n.º 10
0
 def user_has_add_permission(self, user, page=None, **kwargs):
     if not page or page.application_urls:
         # We can't really add a sub-page to a non-existent page. Or to an
         # app-hooked page.
         return False
     if not page.site_id:
         site = Site.objects.get_current()
     else:
         site = Site.objects.get(pk=page.site_id)
     return permissions.has_page_add_permission(
         user, page, position="last-child", site=site)
Ejemplo n.º 11
0
def render_admin_menu_item(request, page):
    """Renders requested page item for the tree. This is used in case when item
    must be reloaded over ajax.
    """

    if not page.pk:
        return HttpResponse(NOT_FOUND_RESPONSE)  # Not found - tree will remove item

    context = RequestContext(request, {"has_add_permission": has_page_add_permission(request)})

    filtered = "filtered" in request.REQUEST
    context.update(get_admin_menu_item_context(request, page, filtered))
    return render_to_response("admin/cms/page/menu_item.html", context)
Ejemplo n.º 12
0
 def user_has_add_permission(self, user, page=None, **kwargs):
     if not page or page.application_urls:
         # We can't really add a sub-page to a non-existent page. Or to an
         # app-hooked page.
         return False
     if not page.site_id:
         site = Site.objects.get_current()
     else:
         site = Site.objects.get(pk=page.site_id)
     return permissions.has_page_add_permission(user,
                                                page,
                                                position="last-child",
                                                site=site)
Ejemplo n.º 13
0
def render_admin_menu_item(request, page):
    """Renders requested page item for the tree. This is used in case when item
    must be reloaded over ajax.
    """

    if not page.pk:
        return HttpResponse(
            NOT_FOUND_RESPONSE)  # Not found - tree will remove item

    context = RequestContext(
        request, {
            'has_add_permission': has_page_add_permission(request),
        })

    filtered = 'filtered' in request.REQUEST
    context.update(get_admin_menu_item_context(request, page, filtered))
    return render_to_response('admin/cms/page/menu_item.html', context)
Ejemplo n.º 14
0
def render_admin_menu_item(request, page, template=None, language=None):
    """
    Renders requested page item for the tree. This is used in case when item
    must be reloaded over ajax.
    """
    if not template:
        template = "admin/cms/page/tree/menu_fragment.html"

    if not page.pk:
        return HttpResponse(NOT_FOUND_RESPONSE)  # Not found - tree will remove item

    # languages
    from cms.utils import permissions

    languages = get_language_list(page.site_id)
    context = {"has_add_permission": permissions.has_page_add_permission(request), "site_languages": languages}
    filtered = "filtered" in request.GET or "filtered" in request.POST
    context.update(get_admin_menu_item_context(request, page, filtered, language))
    return render(request, template, context)
Ejemplo n.º 15
0
def render_admin_menu_item(request, page):
    """
    Renders requested page item for the tree. This is used in case when item
    must be reloaded over ajax.
    """
    if not page.pk:
        return HttpResponse(NOT_FOUND_RESPONSE)  # Not found - tree will remove item

    # languages
    languages = []
    if page.site_id in settings.CMS_SITE_LANGUAGES:
        languages = settings.CMS_SITE_LANGUAGES[page.site_id]
    else:
        languages = [x[0] for x in settings.CMS_LANGUAGES]

    context = RequestContext(
        request, {"has_add_permission": permissions.has_page_add_permission(request), "site_languages": languages}
    )

    filtered = "filtered" in request.REQUEST
    context.update(get_admin_menu_item_context(request, page, filtered))
    return render_to_response("admin/cms/page/menu_item.html", context)
Ejemplo n.º 16
0
def render_admin_menu_item(request, page, template=None, language=None):
    """
    Renders requested page item for the tree. This is used in case when item
    must be reloaded over ajax.
    """
    if not template:
        template = "admin/cms/page/tree/menu_fragment.html"

    if not page.pk:
        return HttpResponse(
            NOT_FOUND_RESPONSE)  # Not found - tree will remove item

    # languages
    from cms.utils import permissions
    languages = get_language_list(page.site_id)
    context = {
        'has_add_permission': permissions.has_page_add_permission(request),
        'site_languages': languages,
    }
    filtered = 'filtered' in request.REQUEST
    context.update(
        get_admin_menu_item_context(request, page, filtered, language))
    return render(request, template, context)
Ejemplo n.º 17
0
    def test_emulate_admin_index(self):
        """ Call methods that emulate the adminsite instance's index.
        This test was basically the reason for the new manager, in light of the
        problem highlighted in ticket #1120, which asserts that giving a user
        no site-specific rights when creating a GlobalPagePermission should
        allow access to all sites.
        """
        # create and then ignore this user.
        superuser = self._create_user("super", is_staff=True, is_active=True,
                                      is_superuser=True)
        superuser.set_password("super")
        superuser.save()
        # create 2 staff users
        SITES = [
            Site.objects.get(pk=1),
            Site.objects.create(domain='example2.com', name='example2.com'),
        ]
        USERS = [
            self._create_user("staff", is_staff=True, is_active=True),
            self._create_user("staff_2", is_staff=True, is_active=True),
        ]
        for user in USERS:
            user.set_password('staff')
            # re-use the same methods the UserPage form does.
            # Note that it internally calls .save(), as we've not done so.
            save_permissions({
                'can_add_page': True,
                'can_change_page': True,
                'can_delete_page': False
            }, user)

        GlobalPagePermission.objects.create(can_add=True, can_change=True,
                                            can_delete=False, user=USERS[0])
        # we're querying here to ensure that even though we've created two users
        # above, we should have successfully filtered to just one perm.
        self.assertEqual(1, GlobalPagePermission.objects.with_user(USERS[0]).count())

        # this will confirm explicit permissions still work, by adding the first
        # site instance to the many2many relationship 'sites'
        GlobalPagePermission.objects.create(can_add=True, can_change=True,
                                            can_delete=False,
                                            user=USERS[1]).sites.add(SITES[0])
        self.assertEqual(1, GlobalPagePermission.objects.with_user(USERS[1]).count())

        homepage = create_page(title="master", template="nav_playground.html",
                               language="en", in_navigation=True, slug='/')
        publish_page(page=homepage, user=superuser, language='en')

        with SettingsOverride(CMS_PERMISSION=True):
            # for all users, they should have access to site 1
            request = RequestFactory().get(path='/', data={'site__exact': 1})
            # we need a session attribute for current_site(request), which is
            # used by has_page_add_permission and has_page_change_permission
            request.session = {}
            for user in USERS:
                # has_page_add_permission and has_page_change_permission both test
                # for this explicitly, to see if it's a superuser.
                request.user = user
                # Note, the query count is inflated by doing additional lookups
                # because there's a site param in the request.
                with self.assertNumQueries(FuzzyInt(6,7)):
                    # PageAdmin swaps out the methods called for permissions
                    # if the setting is true, it makes use of cms.utils.permissions
                    self.assertTrue(has_page_add_permission(request))
                    self.assertTrue(has_page_change_permission(request))
                    # internally this calls PageAdmin.has_[add|change|delete]_permission()
                    self.assertEqual({'add': True, 'change': True, 'delete': False},
                                     site._registry[Page].get_model_perms(request))

            # can't use the above loop for this test, as we're testing that
            # user 1 has access, but user 2 does not, as they are only assigned
            # to site 1
            request = RequestFactory().get('/', data={'site__exact': 2})
            request.session = {}
            # As before, the query count is inflated by doing additional lookups
            # because there's a site param in the request
            with self.assertNumQueries(FuzzyInt(11, 20)):
                # this user shouldn't have access to site 2
                request.user = USERS[1]
                self.assertTrue(not has_page_add_permission(request))
                self.assertTrue(not has_page_change_permission(request))
                self.assertEqual({'add': False, 'change': False, 'delete': False},
                                 site._registry[Page].get_model_perms(request))
                # but, going back to the first user, they should.
                request = RequestFactory().get('/', data={'site__exact': 2})
                request.user = USERS[0]
                self.assertTrue(has_page_add_permission(request))
                self.assertTrue(has_page_change_permission(request))
                self.assertEqual({'add': True, 'change': True, 'delete': False},
                                 site._registry[Page].get_model_perms(request))
Ejemplo n.º 18
0
    def save(self, **kwargs):
        from cms.api import create_page, add_plugin
        from cms.utils.permissions import has_page_add_permission

        # Check to see if this user has permissions to make this page. We've
        # already checked this when producing a list of wizard entries, but this
        # is to prevent people from possible form-hacking.

        if 'sub_page' in self.cleaned_data:
            sub_page = self.cleaned_data['sub_page']
        else:
            sub_page = False

        if self.page:
            if sub_page:
                parent = self.page
                position = "last-child"
            else:
                parent = self.page.parent
                position = "right"
        else:
            parent = None
            position = "last-child"

        # Before we do this, verify this user has perms to do so.
        if not (self.user.is_superuser or has_page_add_permission(
                self.user, self.page, position=position, site=self.page.site)):
            raise NoPermissionsException(
                _(u"User does not have permission to add page."))

        page = create_page(
            title=self.cleaned_data['title'],
            slug=self.cleaned_data['slug'],
            template=get_cms_setting('PAGE_WIZARD_DEFAULT_TEMPLATE'),
            language=self.language_code,
            created_by=smart_text(self.user),
            parent=parent,
            in_navigation=True,
            published=False)

        page_type = self.cleaned_data.get("page_type")
        if page_type:
            copy_target = Page.objects.filter(pk=page_type).first()
        else:
            copy_target = None

        if copy_target:
            # If the user selected a page type, copy that.
            if not user_has_view_permission(self.user, copy_target):
                raise PermissionDenied()

            # Copy page attributes
            copy_target._copy_attributes(page, clean=True)
            page.save()

            # Copy contents (for each language)
            for lang in copy_target.get_languages():
                copy_target._copy_contents(page, lang)

            # Copy extensions
            from cms.extensions import extension_pool
            extension_pool.copy_extensions(copy_target, page)

        else:
            # If the user provided content, then use that instead.
            content = self.cleaned_data.get('content')
            plugin_type = get_cms_setting('PAGE_WIZARD_CONTENT_PLUGIN')
            plugin_body = get_cms_setting('PAGE_WIZARD_CONTENT_PLUGIN_BODY')
            slot = get_cms_setting('PAGE_WIZARD_CONTENT_PLACEHOLDER')

            if plugin_type in plugin_pool.plugins and plugin_body:
                if content and permissions.has_plugin_permission(
                        self.user, plugin_type, "add"):
                    placeholder = self.get_placeholder(page, slot=slot)
                    if placeholder:
                        opts = {
                            'placeholder': placeholder,
                            'plugin_type': plugin_type,
                            'language': self.language_code,
                            plugin_body: content,
                        }
                        add_plugin(**opts)

        # is it home? publish it right away
        if not self.page and page.is_home:
            page.publish(self.language_code)

        if is_installed('reversion'):
            from cms.utils.helpers import make_revision_with_plugins
            from cms.constants import REVISION_INITIAL_COMMENT
            from cms.utils.reversion_hacks import create_revision

            with create_revision():
                make_revision_with_plugins(
                    obj=page,
                    user=self.user,
                    message=ugettext(REVISION_INITIAL_COMMENT),
                )
        return page
Ejemplo n.º 19
0
    def save(self, **kwargs):
        from cms.api import create_page, add_plugin
        from cms.utils.permissions import has_page_add_permission

        # Check to see if this user has permissions to make this page. We've
        # already checked this when producing a list of wizard entries, but this
        # is to prevent people from possible form-hacking.

        if 'sub_page' in self.cleaned_data:
            sub_page = self.cleaned_data['sub_page']
        else:
            sub_page = False

        if self.page:
            if sub_page:
                parent = self.page
                position = "last-child"
            else:
                parent = self.page.parent
                position = "right"
        else:
            parent = None
            position = "last-child"

        # Before we do this, verify this user has perms to do so.
        if not (self.user.is_superuser or
                has_page_add_permission(self.user, self.page,
                                             position=position,
                                             site=self.page.site)):
            raise NoPermissionsException(
                _(u"User does not have permission to add page."))

        page = create_page(
            title=self.cleaned_data['title'],
            slug=self.cleaned_data['slug'],
            template=get_cms_setting('PAGE_WIZARD_DEFAULT_TEMPLATE'),
            language=self.language_code,
            created_by=smart_text(self.user),
            parent=parent,
            in_navigation=True,
            published=False
        )

        page_type = self.cleaned_data.get("page_type")
        if page_type:
            copy_target = Page.objects.filter(pk=page_type).first()
        else:
            copy_target = None

        if copy_target:
            # If the user selected a page type, copy that.
            if not user_has_view_permission(self.user, copy_target):
                raise PermissionDenied()

            # Copy page attributes
            copy_target._copy_attributes(page, clean=True)
            page.save()

            # Copy contents (for each language)
            for lang in copy_target.get_languages():
                copy_target._copy_contents(page, lang)

            # Copy extensions
            from cms.extensions import extension_pool
            extension_pool.copy_extensions(copy_target, page)

        else:
            # If the user provided content, then use that instead.
            content = self.cleaned_data.get('content')
            plugin_type = get_cms_setting('PAGE_WIZARD_CONTENT_PLUGIN')
            plugin_body = get_cms_setting('PAGE_WIZARD_CONTENT_PLUGIN_BODY')
            slot = get_cms_setting('PAGE_WIZARD_CONTENT_PLACEHOLDER')

            if plugin_type in plugin_pool.plugins and plugin_body:
                if content and permissions.has_plugin_permission(
                        self.user, plugin_type, "add"):
                    placeholder = self.get_placeholder(page, slot=slot)
                    if placeholder:
                        opts = {
                            'placeholder': placeholder,
                            'plugin_type': plugin_type,
                            'language': self.language_code,
                            plugin_body: content,
                        }
                        add_plugin(**opts)

        # is it home? publish it right away
        if not self.page and page.is_home:
            page.publish(self.language_code)

        if is_installed('reversion'):
            from cms.utils.helpers import make_revision_with_plugins
            from cms.constants import REVISION_INITIAL_COMMENT
            from cms.utils.reversion_hacks import create_revision

            with create_revision():
                make_revision_with_plugins(
                    obj=page,
                    user=self.user,
                    message=ugettext(REVISION_INITIAL_COMMENT),
                )
        return page