def get_visible_page_objects(request, pages, site=None):
"""
This code is basically a many-pages-at-once version of
Page.has_view_permission.
pages contains all published pages
check if there is ANY restriction
that needs a permission page visibility calculation
"""
public_for = get_cms_setting('PUBLIC_FOR')
can_see_unrestricted = public_for == 'all' or (public_for == 'staff'
and request.user.is_staff)
is_auth_user = request.user.is_authenticated()
restricted_pages = load_view_restrictions(request, pages)
if not restricted_pages:
if can_see_unrestricted:
return pages
elif not is_auth_user:
return [
] # Unauth user can't acquire global or user perm to see pages
if get_cms_setting('PERMISSION') and not site:
site = current_site(request) # avoid one extra query when possible
if has_global_page_permission(request, site, can_view=True):
return pages
has_global_perm = SimpleLazyObject(
lambda: request.user.has_perm('cms.view_page'))
user_groups = SimpleLazyObject(
lambda: set(request.user.groups.values_list('pk', flat=True)))
def has_permission_membership(page_id):
"""
PagePermission user group membership tests
"""
user_pk = request.user.pk
for perm in restricted_pages[page_id]:
if perm.user_id == user_pk or perm.group_id in user_groups:
return True
return False
visible_pages = []
for page in pages:
to_add = False
page_id = page.pk
is_restricted = page_id in restricted_pages
# restricted_pages contains as key any page.pk that is
# affected by a permission grant_on
if not is_restricted and can_see_unrestricted:
to_add = True
elif is_auth_user:
# setting based handling of unrestricted pages
# check group and user memberships to restricted pages
if is_restricted and has_permission_membership(
page_id) or has_global_perm:
to_add = True
if to_add:
visible_pages.append(page)
return visible_pages
def get_nodes(self, request):
page_queryset = get_page_queryset(request)
site = current_site(request)
lang = get_language_from_request(request)
filters = {
'site': site,
}
if hide_untranslated(lang, site.pk):
filters['title_set__language'] = lang
if not use_draft(request):
filters['title_set__published'] = True
if not use_draft(request):
page_queryset = page_queryset.published()
pages = page_queryset.filter(**filters).order_by("path")
ids = {}
nodes = []
first = True
home_cut = False
home_children = []
home = None
actual_pages = []
# cache view perms
visible_pages = get_visible_pages(request, pages, site)
for page in pages:
# Pages are ordered by path, therefore the first page is the root
# of the page tree (a.k.a "home")
if page.pk not in visible_pages:
# Don't include pages the user doesn't have access to
continue
if not home:
home = page
if first and page.pk != home.pk:
home_cut = True
if (home_cut and (page.parent_id == home.pk or
page.parent_id in home_children)):
home_children.append(page.pk)
if ((page.pk == home.pk and home.in_navigation)
or page.pk != home.pk):
first = False
ids[page.id] = page
actual_pages.append(page)
page.title_cache = {}
langs = [lang]
if not hide_untranslated(lang):
langs.extend(get_fallback_languages(lang))
titles = list(get_title_queryset(request).filter(
page__in=ids, language__in=langs))
for title in titles: # add the title and slugs and some meta data
page = ids[title.page_id]
page.title_cache[title.language] = title
for page in actual_pages:
if page.title_cache:
nodes.append(page_to_node(page, home, home_cut))
return nodes
def get_nodes(self, request):
page_queryset = get_page_queryset(request)
site = current_site(request)
lang = get_language_from_request(request)
filters = {
'site': site,
}
if hide_untranslated(lang, site.pk):
filters['title_set__language'] = lang
if not use_draft(request):
filters['title_set__published'] = True
if not use_draft(request):
page_queryset = page_queryset.published()
pages = page_queryset.filter(**filters).order_by("path")
ids = {}
nodes = []
first = True
home_cut = False
home_children = []
home = None
actual_pages = []
# cache view perms
visible_pages = get_visible_pages(request, pages, site)
for page in pages:
# Pages are ordered by path, therefore the first page is the root
# of the page tree (a.k.a "home")
if page.pk not in visible_pages:
# Don't include pages the user doesn't have access to
continue
if not home:
home = page
if first and page.pk != home.pk:
home_cut = True
if (home_cut and (page.parent_id == home.pk or
page.parent_id in home_children)):
home_children.append(page.pk)
if ((page.pk == home.pk and home.in_navigation)
or page.pk != home.pk):
first = False
ids[page.id] = page
actual_pages.append(page)
page.title_cache = {}
langs = [lang]
if not hide_untranslated(lang):
langs.extend(get_fallback_languages(lang))
titles = list(get_title_queryset(request).filter(
page__in=ids, language__in=langs))
for title in titles: # add the title and slugs and some meta data
page = ids[title.page_id]
page.title_cache[title.language] = title
for page in actual_pages:
if page.title_cache:
nodes.append(page_to_node(page, home, home_cut))
return nodes
def has_any_page_change_permissions(request):
from cms.utils.helpers import current_site
if not request.user.is_authenticated():
return False
return request.user.is_superuser or PagePermission.objects.filter(
page__site=current_site(request)).filter(
Q(user=request.user)
| Q(group__in=request.user.groups.all())).exists()
def get_visible_page_objects(request, pages, site=None):
"""
This code is basically a many-pages-at-once version of
Page.has_view_permission.
pages contains all published pages
check if there is ANY restriction
that needs a permission page visibility calculation
"""
public_for = get_cms_setting('PUBLIC_FOR')
can_see_unrestricted = public_for == 'all' or (
public_for == 'staff' and request.user.is_staff)
is_auth_user = request.user.is_authenticated()
restricted_pages = load_view_restrictions(request, pages)
if not restricted_pages:
if can_see_unrestricted:
return pages
elif not is_auth_user:
return [] # Unauth user can't acquire global or user perm to see pages
if get_cms_setting('PERMISSION') and not site:
site = current_site(request) # avoid one extra query when possible
if has_global_page_permission(request, site, can_view=True):
return pages
has_global_perm = SimpleLazyObject(lambda: request.user.has_perm('cms.view_page'))
user_groups = SimpleLazyObject(lambda: set(request.user.groups.values_list('pk', flat=True)))
def has_permission_membership(page_id):
"""
PagePermission user group membership tests
"""
user_pk = request.user.pk
for perm in restricted_pages[page_id]:
if perm.user_id == user_pk or perm.group_id in user_groups:
return True
return False
visible_pages = []
for page in pages:
to_add = False
page_id = page.pk
is_restricted = page_id in restricted_pages
# restricted_pages contains as key any page.pk that is
# affected by a permission grant_on
if not is_restricted and can_see_unrestricted:
to_add = True
elif is_auth_user:
# setting based handling of unrestricted pages
# check group and user memberships to restricted pages
if is_restricted and has_permission_membership(page_id) or has_global_perm:
to_add = True
if to_add:
visible_pages.append(page)
return visible_pages
def get_visible_page_objects(request, pages, site=None):
"""
This code is basically a many-pages-at-once version of
cms.utils.page_permissions.user_can_view_page
pages contains all published pages
"""
user = request.user
public_for = get_cms_setting('PUBLIC_FOR')
can_see_unrestricted = public_for == 'all' or (public_for == 'staff' and user.is_staff)
if not user.is_authenticated() and not can_see_unrestricted:
# User is not authenticated and can't see unrestricted pages,
# no need to check for page restrictions because if there's some,
# user is anon and if there is not any, user can't see unrestricted.
return []
if not site:
site = current_site(request)
if user_can_view_all_pages(user, site):
return pages
restricted_pages = get_view_restrictions(pages)
if not restricted_pages:
# If there's no restrictions, let the user see all pages
# only if he can see unrestricted, otherwise return no pages.
return pages if can_see_unrestricted else []
user_id = user.pk
user_groups = SimpleLazyObject(lambda: frozenset(user.groups.values_list('pk', flat=True)))
is_auth_user = user.is_authenticated()
def user_can_see_page(page):
if page.publisher_is_draft:
page_id = page.pk
else:
page_id = page.publisher_public_id
page_permissions = restricted_pages.get(page_id, [])
if not page_permissions:
# Page has no view restrictions, fallback to the project's
# CMS_PUBLIC_FOR setting.
return can_see_unrestricted
if not is_auth_user:
return False
for perm in page_permissions:
if perm.user_id == user_id or perm.group_id in user_groups:
return True
return False
return [page for page in pages if user_can_see_page(page)]
def has_any_page_change_permissions(request):
from cms.utils.helpers import current_site
if not request.user.is_authenticated():
return False
return request.user.is_superuser or PagePermission.objects.filter(
page__site=current_site(request)
).filter(
Q(user=request.user) |
Q(group__in=request.user.groups.all())
).exists()
def __init__(self, request, *args, **kwargs):
from cms.utils.helpers import current_site
self._current_site = current_site(request)
super(CMSChangeList, self).__init__(request, *args, **kwargs)
try:
self.queryset = self.get_queryset(request)
except: # pragma: no cover
raise
self.get_results(request)
if self._current_site:
request.session['cms_admin_site'] = self._current_site.pk
self.set_sites(request)
def __init__(self, request, *args, **kwargs):
from cms.utils.helpers import current_site
self._current_site = current_site(request)
super(CMSChangeList, self).__init__(request, *args, **kwargs)
try:
self.queryset = self.get_queryset(request)
except:
raise
self.get_results(request)
if self._current_site:
request.session['cms_admin_site'] = self._current_site.pk
self.set_sites(request)
def has_page_change_permission(request):
"""
Return true if the current user has permission to change this page.
To be granted this permission, you need the cms.change_page permission.
In addition, if CMS_PERMISSION is enabled you also need to either have
global can_change permission or just on this page.
"""
from cms.utils.helpers import current_site
user = request.user
site = current_site(request)
global_change_perm = GlobalPagePermission.objects.user_has_change_permission(
user, site).exists()
return user.is_superuser or (
has_auth_page_permission(user, action='change')
and global_change_perm or has_any_page_change_permissions(request))
def has_page_change_permission(request):
"""
Return true if the current user has permission to change this page.
To be granted this permission, you need the cms.change_page permission.
In addition, if CMS_PERMISSION is enabled you also need to either have
global can_change permission or just on this page.
"""
from cms.utils.helpers import current_site
opts = Page._meta
site = current_site(request)
global_change_perm = GlobalPagePermission.objects.user_has_change_permission(
request.user, site).exists()
return request.user.is_superuser or (
request.user.has_perm(opts.app_label + '.' + get_permission_codename('change', opts))
and global_change_perm or has_any_page_change_permissions(request))
def has_page_change_permission(request):
"""
Return true if the current user has permission to change this page.
To be granted this permission, you need the cms.change_page permission.
In addition, if CMS_PERMISSION is enabled you also need to either have
global can_change permission or just on this page.
"""
from cms.utils.helpers import current_site
user = request.user
site = current_site(request)
global_change_perm = GlobalPagePermission.objects.user_has_change_permission(
user, site).exists()
return user.is_superuser or (
has_auth_page_permission(user, action='change') and global_change_perm
or has_any_page_change_permissions(request))
def has_page_change_permission(request):
"""
Return true if the current user has permission to change this page.
To be granted this permission, you need the cms.change_page permission.
In addition, if CMS_PERMISSION is enabled you also need to either have
global can_change permission or just on this page.
"""
from cms.utils.helpers import current_site
opts = Page._meta
site = current_site(request)
global_change_perm = GlobalPagePermission.objects.user_has_change_permission(
request.user, site).exists()
return request.user.is_superuser or (
request.user.has_perm(opts.app_label + '.' + get_permission_codename('change', opts))
and global_change_perm or has_any_page_change_permissions(request))
def has_page_add_permission(request):
"""
Return true if the current user has permission to add a new page. This is
just used for general add buttons - only superuser, or user with can_add in
globalpagepermission can add page.
Special case occur when page is going to be added from add page button in
change list - then we have target and position there, so check if user can
add page under target page will occur.
"""
opts = Page._meta
if request.user.is_superuser:
return True
# if add under page
target = request.GET.get('target', None)
position = request.GET.get('position', None)
from cms.utils.helpers import current_site
site = current_site(request)
if target:
try:
page = Page.objects.get(pk=target)
except Page.DoesNotExist:
return False
global_add_perm = GlobalPagePermission.objects.user_has_add_permission(
request.user, site).exists()
if (request.user.has_perm(opts.app_label + '.' +
get_permission_codename('add', opts))
and global_add_perm):
return True
if position in ("first-child", "last-child"):
return page.has_add_permission(request)
elif position in ("left", "right"):
if page.parent_id:
return has_generic_permission(page.parent_id, request.user,
"add", page.site)
else:
global_add_perm = GlobalPagePermission.objects.user_has_add_permission(
request.user, site).exists()
if (request.user.has_perm(opts.app_label + '.' +
get_permission_codename('add', opts))
and global_add_perm):
return True
return False
def has_page_add_permission(request):
"""
Return true if the current user has permission to add a new page. This is
just used for general add buttons - only superuser, or user with can_add in
globalpagepermission can add page.
Special case occur when page is going to be added from add page button in
change list - then we have target and position there, so check if user can
add page under target page will occur.
"""
opts = Page._meta
if request.user.is_superuser:
return True
# if add under page
target = request.GET.get('target', None)
position = request.GET.get('position', None)
from cms.utils.helpers import current_site
site = current_site(request)
if target:
try:
page = Page.objects.get(pk=target)
except Page.DoesNotExist:
return False
global_add_perm = GlobalPagePermission.objects.user_has_add_permission(
request.user, site).exists()
perm_str = opts.app_label + '.' + get_permission_codename('add', opts)
if request.user.has_perm(perm_str) and global_add_perm:
return True
if position in ("first-child", "last-child"):
return page.has_add_permission(request)
elif position in ("left", "right"):
if page.parent_id:
return has_generic_permission(
page.parent_id, request.user, "add", page.site)
else:
global_add_perm = GlobalPagePermission.objects.user_has_add_permission(
request.user, site).exists()
perm_str = opts.app_label + '.' + get_permission_codename('add', opts)
if request.user.has_perm(perm_str) and global_add_perm:
return True
return False
def has_page_add_permission_from_request(request):
from cms.utils.helpers import current_site
if request.user.is_superuser:
return True
position = request.GET.get('position', None)
target_page_id = request.GET.get('target', None)
if target_page_id:
try:
target = Page.objects.get(pk=target_page_id)
except Page.DoesNotExist:
return False
else:
target = None
has_add_permission = has_page_add_permission(
user=request.user,
target=target,
position=position,
site=current_site(request),
)
return has_add_permission
def has_page_add_permission_from_request(request):
from cms.utils.helpers import current_site
if request.user.is_superuser:
return True
position = request.GET.get('position', None)
target_page_id = request.GET.get('target', None)
if target_page_id:
try:
target = Page.objects.get(pk=target_page_id)
except Page.DoesNotExist:
return False
else:
target = None
has_add_permission = has_page_add_permission(
user=request.user,
target=target,
position=position,
site=current_site(request),
)
return has_add_permission
def current_site(self):
return helpers.current_site(self.request)
