def __init__(self, extra_fields=None, *args, **kwargs):
super(DetailForm, self).__init__(*args, **kwargs)
if extra_fields:
for extra_field in extra_fields:
result = return_attrib(self.instance, extra_field['field'])
label = 'label' in extra_field and extra_field['label'] or None
#TODO: Add others result types <=> Field types
if isinstance(result, models.query.QuerySet):
self.fields[
extra_field['field']] = forms.ModelMultipleChoiceField(
queryset=result, label=label)
else:
self.fields[extra_field['field']] = forms.CharField(
label=extra_field['label'],
#initial=getattr(self.instance, extra_field['field'], None),
initial=return_attrib(self.instance,
extra_field['field'], None),
widget=PlainWidget)
for field_name, field in self.fields.items():
if isinstance(field.widget, forms.widgets.SelectMultiple):
self.fields[field_name].widget = DetailSelectMultiple(
choices=field.widget.choices,
attrs=field.widget.attrs,
queryset=getattr(field, 'queryset', None),
)
self.fields[field_name].help_text = ''
elif isinstance(field.widget, forms.widgets.Select):
self.fields[field_name].widget = DetailSelectMultiple(
choices=field.widget.choices,
attrs=field.widget.attrs,
queryset=getattr(field, 'queryset', None),
)
self.fields[field_name].help_text = ''
def __init__(self, extra_fields=None, *args, **kwargs):
super(DetailForm, self).__init__(*args, **kwargs)
if extra_fields:
for extra_field in extra_fields:
result = return_attrib(self.instance, extra_field['field'])
label = 'label' in extra_field and extra_field['label'] or None
#TODO: Add others result types <=> Field types
if isinstance(result, models.query.QuerySet):
self.fields[extra_field['field']]=forms.ModelMultipleChoiceField(queryset=result, label=label)
else:
self.fields[extra_field['field']]=forms.CharField(
label=extra_field['label'],
#initial=getattr(self.instance, extra_field['field'], None),
initial=return_attrib(self.instance, extra_field['field'], None),
widget=PlainWidget)
for field_name, field in self.fields.items():
if isinstance(field.widget, forms.widgets.SelectMultiple):
self.fields[field_name].widget = DetailSelectMultiple(
choices=field.widget.choices,
attrs=field.widget.attrs,
queryset=getattr(field, 'queryset', None),
)
self.fields[field_name].help_text=''
elif isinstance(field.widget, forms.widgets.Select):
self.fields[field_name].widget = DetailSelectMultiple(
choices=field.widget.choices,
attrs=field.widget.attrs,
queryset=getattr(field, 'queryset', None),
)
self.fields[field_name].help_text=''
def resolve(self, context):
if self.attribute:
result = return_attrib(context['object'], self.attribute)
elif self.func:
result = self.func(context=context)
return result
def get_inherited_permissions(self, role, obj):
try:
instance = obj.first()
except AttributeError:
instance = obj
else:
if not instance:
return StoredPermission.objects.none()
try:
parent_accessor = ModelPermission.get_inheritance(type(instance))
except KeyError:
return StoredPermission.objects.none()
else:
try:
parent_object = return_attrib(
obj=instance, attrib=parent_accessor
)
except AttributeError:
# Parent accessor is not an attribute, try it as a related
# field.
parent_object = return_related(
instance=instance, related_field=parent_accessor
)
content_type = ContentType.objects.get_for_model(parent_object)
try:
return self.get(
role=role, content_type=content_type,
object_id=parent_object.pk
).permissions.all()
except self.model.DoesNotExist:
return StoredPermission.objects.none()
def resolve(self, context):
if self.attribute:
result = return_attrib(context['object'], self.attribute)
elif self.func:
result = self.func(context=context)
return result
def get_inherited_permissions(self, role, obj):
try:
instance = obj.first()
except AttributeError:
instance = obj
else:
if not instance:
return StoredPermission.objects.none()
try:
parent_accessor = ModelPermission.get_inheritance(type(instance))
except KeyError:
return StoredPermission.objects.none()
else:
try:
parent_object = return_attrib(
obj=instance, attrib=parent_accessor
)
except AttributeError:
# Parent accessor is not an attribute, try it as a related
# field.
parent_object = return_related(
instance=instance, related_field=parent_accessor
)
content_type = ContentType.objects.get_for_model(parent_object)
try:
return self.get(
role=role, content_type=content_type,
object_id=parent_object.pk
).permissions.all()
except self.model.DoesNotExist:
return StoredPermission.objects.none()
def check_access(self, permissions, user, obj, related=None):
if user.is_superuser or user.is_staff:
logger.debug(
'Permissions "%s" on "%s" granted to user "%s" as superuser or staff',
permissions, obj, user)
return True
try:
stored_permissions = [
permission.stored_permission for permission in permissions
]
except TypeError:
# Not a list of permissions, just one
stored_permissions = [permissions.stored_permission]
if related:
obj = return_attrib(obj, related)
try:
parent_accessor = ModelPermission.get_inheritance(obj._meta.model)
except KeyError:
pass
else:
try:
return self.check_access(permissions, user,
getattr(obj, parent_accessor))
except PermissionDenied:
pass
user_roles = []
for group in user.groups.all():
for role in group.roles.all():
if set(stored_permissions).intersection(
set(self.get_inherited_permissions(role=role,
obj=obj))):
logger.debug(
'Permissions "%s" on "%s" granted to user "%s" through role "%s" via inherited ACL',
permissions, obj, user, role)
return True
user_roles.append(role)
if not self.filter(content_type=ContentType.objects.get_for_model(obj),
object_id=obj.pk,
permissions__in=stored_permissions,
role__in=user_roles).exists():
logger.debug('Permissions "%s" on "%s" denied for user "%s"',
permissions, obj, user)
raise PermissionDenied(ugettext('Insufficient access.'))
logger.debug(
'Permissions "%s" on "%s" granted to user "%s" through roles "%s" by direct ACL',
permissions, obj, user, user_roles)
def check_access(self, permissions, user, obj, related=None):
if user.is_superuser or user.is_staff:
logger.debug(
'Permissions "%s" on "%s" granted to user "%s" as superuser '
'or staff', permissions, obj, user
)
return True
try:
return Permission.check_permissions(
requester=user, permissions=permissions
)
except PermissionDenied:
try:
stored_permissions = [
permission.stored_permission for permission in permissions
]
except TypeError:
# Not a list of permissions, just one
stored_permissions = (permissions.stored_permission,)
if related:
obj = return_attrib(obj, related)
try:
parent_accessor = ModelPermission.get_inheritance(
model=obj._meta.model
)
except AttributeError:
# AttributeError means non model objects: ie Statistics
# These can't have ACLs so we raise PermissionDenied
raise PermissionDenied(_('Insufficient access for: %s') % obj)
except KeyError:
pass
else:
try:
return self.check_access(
obj=getattr(obj, parent_accessor),
permissions=permissions, user=user
)
except AttributeError:
# Has no such attribute, try it as a related field
try:
return self.check_access(
obj=return_related(
instance=obj, related_field=parent_accessor
), permissions=permissions, user=user
)
except PermissionDenied:
pass
except PermissionDenied:
pass
user_roles = []
for group in user.groups.all():
for role in group.roles.all():
if set(stored_permissions).intersection(set(self.get_inherited_permissions(role=role, obj=obj))):
logger.debug(
'Permissions "%s" on "%s" granted to user "%s" through role "%s" via inherited ACL',
permissions, obj, user, role
)
return True
user_roles.append(role)
if not self.filter(content_type=ContentType.objects.get_for_model(obj), object_id=obj.pk, permissions__in=stored_permissions, role__in=user_roles).exists():
logger.debug(
'Permissions "%s" on "%s" denied for user "%s"',
permissions, obj, user
)
raise PermissionDenied(ugettext('Insufficient access for: %s') % obj)
logger.debug(
'Permissions "%s" on "%s" granted to user "%s" through roles "%s" by direct ACL',
permissions, obj, user, user_roles
)
def get_encoded_parameter(item, parameters_dict):
result = {}
for attrib_name, attrib in parameters_dict.items():
result[attrib_name] = return_attrib(item, attrib)
return dumps(result)
def check_access(self, permissions, user, obj, related=None):
if user.is_superuser or user.is_staff:
logger.debug(
'Permissions "%s" on "%s" granted to user "%s" as superuser '
'or staff', permissions, obj, user
)
return True
try:
return Permission.check_permissions(
requester=user, permissions=permissions
)
except PermissionDenied:
try:
stored_permissions = [
permission.stored_permission for permission in permissions
]
except TypeError:
# Not a list of permissions, just one
stored_permissions = (permissions.stored_permission,)
if related:
obj = return_attrib(obj, related)
try:
parent_accessor = ModelPermission.get_inheritance(
model=obj._meta.model
)
except AttributeError:
# AttributeError means non model objects: ie Statistics
# These can't have ACLs so we raise PermissionDenied
# Force object to text to avoid UnicodeDecodeError
raise PermissionDenied(
ugettext('Insufficient access for: %s') % force_text(obj)
)
except KeyError:
pass
else:
try:
return self.check_access(
obj=getattr(obj, parent_accessor),
permissions=permissions, user=user
)
except AttributeError:
# Has no such attribute, try it as a related field
try:
return self.check_access(
obj=return_related(
instance=obj, related_field=parent_accessor
), permissions=permissions, user=user
)
except PermissionDenied:
pass
except PermissionDenied:
pass
user_roles = []
for group in user.groups.all():
for role in group.roles.all():
if set(stored_permissions).intersection(set(self.get_inherited_permissions(role=role, obj=obj))):
logger.debug(
'Permissions "%s" on "%s" granted to user "%s" through role "%s" via inherited ACL',
permissions, obj, user, role
)
return True
user_roles.append(role)
if not self.filter(content_type=ContentType.objects.get_for_model(obj), object_id=obj.pk, permissions__in=stored_permissions, role__in=user_roles).exists():
logger.debug(
'Permissions "%s" on "%s" denied for user "%s"',
permissions, obj, user
)
raise PermissionDenied(
ugettext('Insufficient access for: %s') % force_text(obj)
)
logger.debug(
'Permissions "%s" on "%s" granted to user "%s" through roles "%s" by direct ACL',
permissions, obj, user, user_roles
)
def object_property(value, arg):
return return_attrib(value, arg)
