def has_add_permission(self, request):
"""
Overrides Django admin behaviour to add ownership based access control
"""
user = request.user
return has_global_permission(user, 'submit_redirects') or \
has_global_permission(user, 'manage_redirects')
def has_add_permission(self, request):
"""
Overrides Django admin behaviour to add ownership based access control
"""
user = request.user
return has_global_permission(user, 'submit_redirects') or \
has_global_permission(user, 'manage_redirects')
def has_change_permission(self, request, obj=None):
"""
Overrides Django admin behaviour to add ownership based access control
"""
if obj and obj.is_active != bool(request.POST.get('is_active')):
return has_global_permission(request.user, 'manage_redirects')
return super(RedirectAdmin, self).has_change_permission(request, obj)
def has_change_permission(self, request, obj=None):
"""
Overrides Django admin behaviour to add ownership based access control
"""
if obj and obj.is_active != bool(request.POST.get('is_active')):
return has_global_permission(request.user, 'manage_redirects')
return super(RedirectAdmin, self).has_change_permission(request, obj)
def queryset(self, request, bypass_perms=False):
"""
Overrides the Django behaviour to take permissions into account
"""
qs = super(BaseSectionAdmin, self).queryset(request)
if not bypass_perms and not perms_api.can_manage_site(request.user) and \
not perms_api.has_global_permission(request.user, 'edit'):
qs = qs.filter(Q(owners=request.user))
return qs
def queryset(self, request):
multimedia = self.basecontent
qs = BaseContent.objects.exclude(multimediarelation__multimedia=multimedia)
user = request.user
if not perms_api.can_manage_site(user) and not perms_api.has_global_permission(user, "edit"):
owner_filter = Q(owners=request.user)
if settings.ACQUIRE_SECTION_ROLES:
owner_filter = owner_filter | Q(sections__owners=request.user)
qs = qs.filter(owner_filter)
return qs
def queryset(self, request):
multimedia = self.basecontent
qs = BaseContent.objects.exclude(
multimediarelation__multimedia=multimedia)
user = request.user
if not perms_api.can_manage_site(user) and\
not perms_api.has_global_permission(user, 'edit'):
owner_filter = Q(owners=request.user)
if settings.ACQUIRE_SECTION_ROLES:
owner_filter = owner_filter | Q(sections__owners=request.user)
qs = qs.filter(owner_filter)
return qs
def has_change_permission(self, request, obj=None):
"""
Overrides Django admin behaviour to add ownership based access control
"""
permission = super(BaseSectionAdmin, self).has_change_permission(request, obj)
if permission:
return permission
if perms_api.has_global_permission(request.user, 'manage_section'):
return True
elif obj is None:
return True
return False
def render(self, context):
if not self.obj:
obj = context.get("obj") or context.get("content")
else:
obj = self.obj.resolve(context)
request = context.get("request")
permission = self.permission.resolve(context, True)
if obj:
has_perm = has_permission(obj, request.user, permission)
else:
has_perm = has_global_permission(request.user, permission)
if has_perm:
return self.nodelist_true.render(context)
else:
if self.nodelist_false:
return self.nodelist_false.render(context)
return ''
def render(self, context):
if not self.obj:
obj = context.get("obj") or context.get("content")
else:
obj = self.obj.resolve(context)
request = context.get("request")
permission = self.permission.resolve(context, True)
if obj:
has_perm = has_permission(obj, request.user, permission)
else:
has_perm = has_global_permission(request.user, permission)
if has_perm:
return self.nodelist_true.render(context)
else:
if self.nodelist_false:
return self.nodelist_false.render(context)
return ''
def show(self, context):
cache_site = getattr(settings, 'CACHE_SITE_FOR_ANONYMOUS', False)
user = getattr(context.get('request', None), 'user', None)
return cache_site and user and \
has_global_permission(user, MANAGE_CACHE_INVALIDATION_PERMISSION)
def show(self, context):
user = getattr(context.get('request', None), 'user', None)
return user and has_global_permission(user, MANAGE_BLOCK_PERMISSION)
def has_add_permission(self, request):
"""
Overrides Django admin behaviour to add ownership based access control
"""
return perms_api.has_global_permission(request.user, 'manage_review')
def has_delete_permission(self, request, obj=None):
"""
Overrides Django admin behaviour to add ownership based access control
"""
return perms_api.has_global_permission(request.user, 'manage_section')
def get_form(self, request, obj=None, **kwargs):
form = super(RedirectAdmin, self).get_form(request, obj, **kwargs)
if not has_global_permission(request.user, 'manage_redirects'):
# only redirects managers can activate a redirect
del form.base_fields['is_active']
return form
def get_form(self, request, obj=None, **kwargs):
form = super(RedirectAdmin, self).get_form(request, obj, **kwargs)
if not has_global_permission(request.user, 'manage_redirects'):
# only redirects managers can activate a redirect
del form.base_fields['is_active']
return form
def show(self, context):
cache_site = getattr(settings, 'CACHE_SITE_FOR_ANONYMOUS', False)
user = getattr(context.get('request', None), 'user', None)
return cache_site and user and \
has_global_permission(user, MANAGE_CACHE_INVALIDATION_PERMISSION)
def can_delete(self, user):
return (perms_api.has_global_permission(user, perms_api.MANAGE_BLOCK_PERMISSION) or
(self.content_id is not None and self.content.can_edit(user)))
def can_delete(self, user):
return (perms_api.has_global_permission(
user, perms_api.MANAGE_BLOCK_PERMISSION) or
(self.content_id is not None and self.content.can_edit(user)))
def show(self, context):
user = getattr(context.get('request', None), 'user', None)
return user and has_global_permission(user, MANAGE_BLOCK_PERMISSION)
def has_add_permission(self, request):
"""
Overrides Django admin behaviour to add ownership based access control
"""
return perms_api.has_global_permission(request.user, 'manage_menu')