Example #1
0
def set_tastypie_obj_create_permissions(sender, bundle, **kwargs):
    """
    Grant all row level permissions for creator (the authenticated user).

    .. note::

        Permissions will only be set for objects created via tastypie API
        GuardianModelResource() classes.

    """

    klass = bundle.obj.__class__
    permission_set = set()

    # Build a list of permissions which should be granted
    for action in ("view", "add", "change", "delete"):
        perm = "%(action)s_%(module_name)s" % {"action": action, "module_name": klass._meta.module_name}
        object_permission = assign_perm(perm=perm, user_or_group=bundle.request.user, obj=bundle.obj)
        permission_set.add(object_permission.permission.name)

    # Create a nice debug message for the logger
    logger.debug(
        "%(klass)s <%(object)s: %(pk)d>: %(user)s was granted the following permission set: "
        "%(permission_set)s."
        % {
            "klass": klass,
            "object": bundle.obj,
            "pk": bundle.obj.pk,
            "user": repr(bundle.request.user),
            "permission_set": ", ".join(permission_set),
        }
    )
Example #2
0
def remove_obj_permissions(sender, instance, **kwargs):
    """
    In order to clean up unused permissions, connect this handler to django's `pre_delete()
    <https://docs.djangoproject.com/en/dev/ref/signals/#pre-delete>`_ signal in models.py.

    .. warning::

        This code is quite expensive as it runs on every deletion in the
        *entire* application. Try to figure out a better method to only
        listen to instances on models defined in the `INSTALLED_APPS`,
        in other words, only defined instances, not inherited!
    """

    # Do not listen to UserObjectPermission and GroupObjectPermission
    # instances. They should not have content type relations to itself.
    if not isinstance(instance, (UserObjectPermission, GroupObjectPermission)):
        lookup = Q(content_type=ContentType.objects.get_for_model(instance), object_pk=instance.pk)

        user_permissions = UserObjectPermission.objects.filter(lookup)
        if user_permissions.count():
            # Log removal of user permissions if any
            permission_set = set()
            for perm in user_permissions:
                permission_set.add(" ".join((repr(perm.user), perm.permission.name)))

            user_permissions.delete()
            logger.debug(
                "Removed following user permissions for deleted object %(klass)s <%(object)s: %(pk)d>: "
                "%(permission_set)s."
                % {
                    "klass": instance.__class__,
                    "object": instance,
                    "pk": instance.pk,
                    "permission_set": ", ".join(permission_set),
                }
            )

        group_permissions = GroupObjectPermission.objects.filter(lookup)
        if group_permissions.count():
            # Log removal of group permissions if any
            permission_set = set()
            for perm in group_permissions:
                permission_set.add(" ".join((repr(perm.group), perm.permission.name)))

            group_permissions.delete()
            logger.debug(
                "Removed following group permissions for deleted object %(klass)s <%(object)s: %(pk)d>: "
                "%(permission_set)s."
                % {
                    "klass": instance.__class__,
                    "object": instance,
                    "pk": instance.pk,
                    "permission_set": ", ".join(permission_set),
                }
            )