def __init__(self, extra_fields=None, *args, **kwargs): super(DetailForm, self).__init__(*args, **kwargs) if extra_fields: for extra_field in extra_fields: result = return_attrib(self.instance, extra_field['field']) label = 'label' in extra_field and extra_field['label'] or None #TODO: Add others result types <=> Field types if isinstance(result, models.query.QuerySet): self.fields[ extra_field['field']] = forms.ModelMultipleChoiceField( queryset=result, label=label) else: self.fields[extra_field['field']] = forms.CharField( label=extra_field['label'], #initial=getattr(self.instance, extra_field['field'], None), initial=return_attrib(self.instance, extra_field['field'], None), widget=PlainWidget) for field_name, field in self.fields.items(): if isinstance(field.widget, forms.widgets.SelectMultiple): self.fields[field_name].widget = DetailSelectMultiple( choices=field.widget.choices, attrs=field.widget.attrs, queryset=getattr(field, 'queryset', None), ) self.fields[field_name].help_text = '' elif isinstance(field.widget, forms.widgets.Select): self.fields[field_name].widget = DetailSelectMultiple( choices=field.widget.choices, attrs=field.widget.attrs, queryset=getattr(field, 'queryset', None), ) self.fields[field_name].help_text = ''
def __init__(self, extra_fields=None, *args, **kwargs): super(DetailForm, self).__init__(*args, **kwargs) if extra_fields: for extra_field in extra_fields: result = return_attrib(self.instance, extra_field['field']) label = 'label' in extra_field and extra_field['label'] or None #TODO: Add others result types <=> Field types if isinstance(result, models.query.QuerySet): self.fields[extra_field['field']]=forms.ModelMultipleChoiceField(queryset=result, label=label) else: self.fields[extra_field['field']]=forms.CharField( label=extra_field['label'], #initial=getattr(self.instance, extra_field['field'], None), initial=return_attrib(self.instance, extra_field['field'], None), widget=PlainWidget) for field_name, field in self.fields.items(): if isinstance(field.widget, forms.widgets.SelectMultiple): self.fields[field_name].widget = DetailSelectMultiple( choices=field.widget.choices, attrs=field.widget.attrs, queryset=getattr(field, 'queryset', None), ) self.fields[field_name].help_text='' elif isinstance(field.widget, forms.widgets.Select): self.fields[field_name].widget = DetailSelectMultiple( choices=field.widget.choices, attrs=field.widget.attrs, queryset=getattr(field, 'queryset', None), ) self.fields[field_name].help_text=''
def resolve(self, context): if self.attribute: result = return_attrib(context['object'], self.attribute) elif self.func: result = self.func(context=context) return result
def get_inherited_permissions(self, role, obj): try: instance = obj.first() except AttributeError: instance = obj else: if not instance: return StoredPermission.objects.none() try: parent_accessor = ModelPermission.get_inheritance(type(instance)) except KeyError: return StoredPermission.objects.none() else: try: parent_object = return_attrib( obj=instance, attrib=parent_accessor ) except AttributeError: # Parent accessor is not an attribute, try it as a related # field. parent_object = return_related( instance=instance, related_field=parent_accessor ) content_type = ContentType.objects.get_for_model(parent_object) try: return self.get( role=role, content_type=content_type, object_id=parent_object.pk ).permissions.all() except self.model.DoesNotExist: return StoredPermission.objects.none()
def check_access(self, permissions, user, obj, related=None): if user.is_superuser or user.is_staff: logger.debug( 'Permissions "%s" on "%s" granted to user "%s" as superuser or staff', permissions, obj, user) return True try: stored_permissions = [ permission.stored_permission for permission in permissions ] except TypeError: # Not a list of permissions, just one stored_permissions = [permissions.stored_permission] if related: obj = return_attrib(obj, related) try: parent_accessor = ModelPermission.get_inheritance(obj._meta.model) except KeyError: pass else: try: return self.check_access(permissions, user, getattr(obj, parent_accessor)) except PermissionDenied: pass user_roles = [] for group in user.groups.all(): for role in group.roles.all(): if set(stored_permissions).intersection( set(self.get_inherited_permissions(role=role, obj=obj))): logger.debug( 'Permissions "%s" on "%s" granted to user "%s" through role "%s" via inherited ACL', permissions, obj, user, role) return True user_roles.append(role) if not self.filter(content_type=ContentType.objects.get_for_model(obj), object_id=obj.pk, permissions__in=stored_permissions, role__in=user_roles).exists(): logger.debug('Permissions "%s" on "%s" denied for user "%s"', permissions, obj, user) raise PermissionDenied(ugettext('Insufficient access.')) logger.debug( 'Permissions "%s" on "%s" granted to user "%s" through roles "%s" by direct ACL', permissions, obj, user, user_roles)
def check_access(self, permissions, user, obj, related=None): if user.is_superuser or user.is_staff: logger.debug( 'Permissions "%s" on "%s" granted to user "%s" as superuser ' 'or staff', permissions, obj, user ) return True try: return Permission.check_permissions( requester=user, permissions=permissions ) except PermissionDenied: try: stored_permissions = [ permission.stored_permission for permission in permissions ] except TypeError: # Not a list of permissions, just one stored_permissions = (permissions.stored_permission,) if related: obj = return_attrib(obj, related) try: parent_accessor = ModelPermission.get_inheritance( model=obj._meta.model ) except AttributeError: # AttributeError means non model objects: ie Statistics # These can't have ACLs so we raise PermissionDenied raise PermissionDenied(_('Insufficient access for: %s') % obj) except KeyError: pass else: try: return self.check_access( obj=getattr(obj, parent_accessor), permissions=permissions, user=user ) except AttributeError: # Has no such attribute, try it as a related field try: return self.check_access( obj=return_related( instance=obj, related_field=parent_accessor ), permissions=permissions, user=user ) except PermissionDenied: pass except PermissionDenied: pass user_roles = [] for group in user.groups.all(): for role in group.roles.all(): if set(stored_permissions).intersection(set(self.get_inherited_permissions(role=role, obj=obj))): logger.debug( 'Permissions "%s" on "%s" granted to user "%s" through role "%s" via inherited ACL', permissions, obj, user, role ) return True user_roles.append(role) if not self.filter(content_type=ContentType.objects.get_for_model(obj), object_id=obj.pk, permissions__in=stored_permissions, role__in=user_roles).exists(): logger.debug( 'Permissions "%s" on "%s" denied for user "%s"', permissions, obj, user ) raise PermissionDenied(ugettext('Insufficient access for: %s') % obj) logger.debug( 'Permissions "%s" on "%s" granted to user "%s" through roles "%s" by direct ACL', permissions, obj, user, user_roles )
def get_encoded_parameter(item, parameters_dict): result = {} for attrib_name, attrib in parameters_dict.items(): result[attrib_name] = return_attrib(item, attrib) return dumps(result)
def check_access(self, permissions, user, obj, related=None): if user.is_superuser or user.is_staff: logger.debug( 'Permissions "%s" on "%s" granted to user "%s" as superuser ' 'or staff', permissions, obj, user ) return True try: return Permission.check_permissions( requester=user, permissions=permissions ) except PermissionDenied: try: stored_permissions = [ permission.stored_permission for permission in permissions ] except TypeError: # Not a list of permissions, just one stored_permissions = (permissions.stored_permission,) if related: obj = return_attrib(obj, related) try: parent_accessor = ModelPermission.get_inheritance( model=obj._meta.model ) except AttributeError: # AttributeError means non model objects: ie Statistics # These can't have ACLs so we raise PermissionDenied # Force object to text to avoid UnicodeDecodeError raise PermissionDenied( ugettext('Insufficient access for: %s') % force_text(obj) ) except KeyError: pass else: try: return self.check_access( obj=getattr(obj, parent_accessor), permissions=permissions, user=user ) except AttributeError: # Has no such attribute, try it as a related field try: return self.check_access( obj=return_related( instance=obj, related_field=parent_accessor ), permissions=permissions, user=user ) except PermissionDenied: pass except PermissionDenied: pass user_roles = [] for group in user.groups.all(): for role in group.roles.all(): if set(stored_permissions).intersection(set(self.get_inherited_permissions(role=role, obj=obj))): logger.debug( 'Permissions "%s" on "%s" granted to user "%s" through role "%s" via inherited ACL', permissions, obj, user, role ) return True user_roles.append(role) if not self.filter(content_type=ContentType.objects.get_for_model(obj), object_id=obj.pk, permissions__in=stored_permissions, role__in=user_roles).exists(): logger.debug( 'Permissions "%s" on "%s" denied for user "%s"', permissions, obj, user ) raise PermissionDenied( ugettext('Insufficient access for: %s') % force_text(obj) ) logger.debug( 'Permissions "%s" on "%s" granted to user "%s" through roles "%s" by direct ACL', permissions, obj, user, user_roles )
def object_property(value, arg): return return_attrib(value, arg)