def check_access(self, permission, actor, obj):
# TODO: Merge with has_access
obj = EncapsulatedObject.get_source_object(obj)
actor = EncapsulatedObject.get_source_object(actor)
if self.has_access(permission, actor, obj):
return True
else:
raise PermissionDenied(ugettext(u'Insufficient access.'))
def check_access(self, permission, actor, obj):
# TODO: Merge with has_access
obj = EncapsulatedObject.get_source_object(obj)
actor = EncapsulatedObject.get_source_object(actor)
if self.has_access(permission, actor, obj):
return True
else:
raise PermissionDenied(ugettext(u'Insufficient access.'))
def check_accesses(self, permission_list, actor, obj):
"""
Returns whether an actor has at least one of a list of permissions for an object
"""
obj = EncapsulatedObject.get_source_object(obj)
actor = EncapsulatedObject.get_source_object(actor)
for permission in permission_list:
if self.has_access(permission, actor, obj):
return True
raise PermissionDenied(ugettext(u'Insufficient access.'))
def check_accesses(self, permission_list, actor, obj):
"""
Returns whether an actor has at least one of a list of permissions for an object
"""
obj = EncapsulatedObject.get_source_object(obj)
actor = EncapsulatedObject.get_source_object(actor)
for permission in permission_list:
if self.has_access(permission, actor, obj):
return True
raise PermissionDenied(ugettext(u'Insufficient access.'))
def grant(self, permission, actor, obj):
"""
Grant a permission (what), (to) an actor, (on) a specific object
"""
obj = EncapsulatedObject.get_source_object(obj)
actor = EncapsulatedObject.get_source_object(actor)
access_entry, created = self.model.objects.get_or_create(
permission=permission,
holder_type=ContentType.objects.get_for_model(actor),
holder_id=actor.pk,
content_type=ContentType.objects.get_for_model(obj),
object_id=obj.pk)
return created
def grant(self, permission, actor, obj):
"""
Grant a permission (what), (to) an actor, (on) a specific object
"""
obj = EncapsulatedObject.get_source_object(obj)
actor = EncapsulatedObject.get_source_object(actor)
access_entry, created = self.model.objects.get_or_create(
permission=permission,
holder_type=ContentType.objects.get_for_model(actor),
holder_id=actor.pk,
content_type=ContentType.objects.get_for_model(obj),
object_id=obj.pk
)
return created
def has_access(self, permission, actor, obj, db_only=False):
"""
Returns whether an actor has a specific permission for an object
"""
obj = EncapsulatedObject.get_source_object(obj)
actor = EncapsulatedObject.get_source_object(actor)
if isinstance(actor, User) and db_only == False:
# db_only causes the return of only the stored permissions
# and not the perceived permissions for an actor
if actor.is_superuser or actor.is_staff:
return True
actor = AnonymousUserSingleton.objects.passthru_check(actor)
try:
content_type=ContentType.objects.get_for_model(obj)
except AttributeError:
# Object doesn't have a content type, therefore allow access
return True
try:
self.model.objects.get(
permission=permission.get_stored_permission(),
holder_type=ContentType.objects.get_for_model(actor),
holder_id=actor.pk,
content_type=content_type,
object_id=obj.pk
)
except self.model.DoesNotExist:
# If not check if the actor's memberships is one of
# the access's holder?
roles = RoleMember.objects.get_roles_for_member(actor)
if isinstance(actor, User):
groups = actor.groups.all()
else:
groups = []
for membership in list(set(roles) | set(groups)):
if self.has_access(permission, membership, obj, db_only):
return True
logger.debug('Fallthru')
return False
else:
return True
def has_access(self, permission, actor, obj, db_only=False):
"""
Returns whether an actor has a specific permission for an object
"""
obj = EncapsulatedObject.get_source_object(obj)
actor = EncapsulatedObject.get_source_object(actor)
if isinstance(actor, User) and db_only == False:
# db_only causes the return of only the stored permissions
# and not the perceived permissions for an actor
if actor.is_superuser or actor.is_staff:
return True
actor = AnonymousUserSingleton.objects.passthru_check(actor)
try:
content_type = ContentType.objects.get_for_model(obj)
except AttributeError:
# Object doesn't have a content type, therefore allow access
return True
try:
self.model.objects.get(
permission=permission.get_stored_permission(),
holder_type=ContentType.objects.get_for_model(actor),
holder_id=actor.pk,
content_type=content_type,
object_id=obj.pk)
except self.model.DoesNotExist:
# If not check if the actor's memberships is one of
# the access's holder?
roles = RoleMember.objects.get_roles_for_member(actor)
if isinstance(actor, User):
groups = actor.groups.all()
else:
groups = []
for membership in list(set(roles) | set(groups)):
if self.has_access(permission, membership, obj, db_only):
return True
logger.debug('Fallthru')
return False
else:
return True
def revoke(self, permission, actor, obj):
"""
Revoke a permission (what), (from) an actor, (on) a specific object
"""
obj = EncapsulatedObject.get_source_object(obj)
actor = EncapsulatedObject.get_source_object(actor)
try:
access_entry = self.model.objects.get(
permission=permission,
holder_type=ContentType.objects.get_for_model(actor),
holder_id=actor.pk,
content_type=ContentType.objects.get_for_model(obj),
object_id=obj.pk)
except self.model.DoesNotExist:
return False
else:
access_entry.delete()
return True
def revoke(self, permission, actor, obj):
"""
Revoke a permission (what), (from) an actor, (on) a specific object
"""
obj = EncapsulatedObject.get_source_object(obj)
actor = EncapsulatedObject.get_source_object(actor)
try:
access_entry = self.model.objects.get(
permission=permission,
holder_type=ContentType.objects.get_for_model(actor),
holder_id=actor.pk,
content_type=ContentType.objects.get_for_model(obj),
object_id=obj.pk
)
except self.model.DoesNotExist:
return False
else:
access_entry.delete()
return True
def get_holders_for(self, cls):
cls = EncapsulatedObject.get_source_object(cls)
content_type = ContentType.objects.get_for_model(cls)
holder_list = []
for access_entry in self.model.objects.filter(content_type=content_type):
if access_entry.holder_object:
# Don't add references to non existant content type objects
entry = ClassAccessHolder.encapsulate(access_entry.holder_object)
if entry not in holder_list:
holder_list.append(entry)
return holder_list
def get_holders_for(self, cls):
cls = EncapsulatedObject.get_source_object(cls)
content_type = ContentType.objects.get_for_model(cls)
holder_list = []
for access_entry in self.model.objects.filter(
content_type=content_type):
if access_entry.holder_object:
# Don't add references to non existant content type objects
entry = ClassAccessHolder.encapsulate(
access_entry.holder_object)
if entry not in holder_list:
holder_list.append(entry)
return holder_list
def apply_default_acls(obj, actor=None):
logger.debug('actor, init: %s' % actor)
obj = EncapsulatedObject.get_source_object(obj)
if actor:
actor = AnonymousUserSingleton.objects.passthru_check(actor)
content_type = ContentType.objects.get_for_model(obj)
for default_acl in DefaultAccessEntry.objects.filter(content_type=content_type):
holder = CreatorSingleton.objects.passthru_check(default_acl.holder_object, actor)
if holder:
# When the creator is admin
access_entry = AccessEntry(
permission=default_acl.permission,
holder_object=holder,
content_object=obj,
)
access_entry.save()
def apply_default_acls(obj, actor=None):
logger.debug('actor, init: %s' % actor)
obj = EncapsulatedObject.get_source_object(obj)
if actor:
actor = AnonymousUserSingleton.objects.passthru_check(actor)
content_type = ContentType.objects.get_for_model(obj)
for default_acl in DefaultAccessEntry.objects.filter(
content_type=content_type):
holder = CreatorSingleton.objects.passthru_check(
default_acl.holder_object, actor)
if holder:
# When the creator is admin
access_entry = AccessEntry(
permission=default_acl.permission,
holder_object=holder,
content_object=obj,
)
access_entry.save()
