def obj_perms_manage_view(self, request, object_pk):
"""
Main object permissions view. Presents all users and groups with any
object permissions for the current model *instance*. Users or groups
without object permissions for related *instance* would **not** be
shown. In order to add or manage user or group one should use links or
forms presented within the page.
"""
obj = get_object_or_404(self.queryset(request), pk=object_pk)
users_perms = SortedDict(
get_users_with_perms(obj,
attach_perms=True,
with_group_users=False))
users_perms.keyOrder.sort(
key=lambda user: getattr(user,
get_user_model().USERNAME_FIELD))
groups_perms = SortedDict(get_groups_with_perms(obj,
attach_perms=True))
groups_perms.keyOrder.sort(key=lambda group: group.name)
if request.method == 'POST' and 'submit_manage_user' in request.POST:
user_form = UserManage(request.POST)
group_form = GroupManage()
info = (self.admin_site.name, self.model._meta.app_label,
get_model_name(self.model))
if user_form.is_valid():
user_id = user_form.cleaned_data['user'].pk
url = reverse('%s:%s_%s_permissions_manage_user' % info,
args=[obj.pk, user_id])
return redirect(url)
elif request.method == 'POST' and 'submit_manage_group' in request.POST:
user_form = UserManage()
group_form = GroupManage(request.POST)
info = (self.admin_site.name, self.model._meta.app_label,
get_model_name(self.model))
if group_form.is_valid():
group_id = group_form.cleaned_data['group'].id
url = reverse('%s:%s_%s_permissions_manage_group' % info,
args=[obj.pk, group_id])
return redirect(url)
else:
user_form = UserManage()
group_form = GroupManage()
context = self.get_obj_perms_base_context(request, obj)
context['users_perms'] = users_perms
context['groups_perms'] = groups_perms
context['user_form'] = user_form
context['group_form'] = group_form
return render_to_response(
self.get_obj_perms_manage_template(), context,
RequestContext(request, current_app=self.admin_site.name))
def get_urls(self):
"""
Extends standard admin model urls with the following:
- ``.../permissions/`` under ``app_mdodel_permissions`` url name (params: object_pk)
- ``.../permissions/user-manage/<user_id>/`` under ``app_model_permissions_manage_user`` url name (params: object_pk, user_pk)
- ``.../permissions/group-manage/<group_id>/`` under ``app_model_permissions_manage_group`` url name (params: object_pk, group_pk)
.. note::
``...`` above are standard, instance detail url (i.e.
``/admin/flatpages/1/``)
"""
urls = super(GuardedModelAdminMixin, self).get_urls()
if self.include_object_permissions_urls:
info = self.model._meta.app_label, get_model_name(self.model)
myurls = [
url(r'^(?P<object_pk>.+)/permissions/$',
view=self.admin_site.admin_view(
self.obj_perms_manage_view),
name='%s_%s_permissions' % info),
url(r'^(?P<object_pk>.+)/permissions/user-manage/(?P<user_id>\-?\d+)/$',
view=self.admin_site.admin_view(
self.obj_perms_manage_user_view),
name='%s_%s_permissions_manage_user' % info),
url(r'^(?P<object_pk>.+)/permissions/group-manage/(?P<group_id>\-?\d+)/$',
view=self.admin_site.admin_view(
self.obj_perms_manage_group_view),
name='%s_%s_permissions_manage_group' % info),
]
urls = myurls + urls
return urls
def get_urls(self):
"""
Extends standard admin model urls with the following:
- ``.../permissions/`` under ``app_mdodel_permissions`` url name (params: object_pk)
- ``.../permissions/user-manage/<user_id>/`` under ``app_model_permissions_manage_user`` url name (params: object_pk, user_pk)
- ``.../permissions/group-manage/<group_id>/`` under ``app_model_permissions_manage_group`` url name (params: object_pk, group_pk)
.. note::
``...`` above are standard, instance detail url (i.e.
``/admin/flatpages/1/``)
"""
urls = super(GuardedModelAdminMixin, self).get_urls()
if self.include_object_permissions_urls:
info = self.model._meta.app_label, get_model_name(self.model)
myurls = [
url(r'^(?P<object_pk>.+)/permissions/$',
view=self.admin_site.admin_view(self.obj_perms_manage_view),
name='%s_%s_permissions' % info),
url(r'^(?P<object_pk>.+)/permissions/user-manage/(?P<user_id>\-?\d+)/$',
view=self.admin_site.admin_view(self.obj_perms_manage_user_view),
name='%s_%s_permissions_manage_user' % info),
url(r'^(?P<object_pk>.+)/permissions/group-manage/(?P<group_id>\-?\d+)/$',
view=self.admin_site.admin_view(self.obj_perms_manage_group_view),
name='%s_%s_permissions_manage_group' % info),
]
urls = myurls + urls
return urls
def obj_perms_manage_group_view(self, request, object_pk, group_id):
"""
Manages selected groups' permissions for current object.
"""
group = get_object_or_404(Group, id=group_id)
obj = get_object_or_404(self.queryset(request), pk=object_pk)
form_class = self.get_obj_perms_manage_group_form()
form = form_class(group, obj, request.POST or None)
if request.method == 'POST' and form.is_valid():
form.save_obj_perms()
msg = ugettext("Permissions saved.")
messages.success(request, msg)
info = (
self.admin_site.name,
self.model._meta.app_label,
get_model_name(self.model)
)
url = reverse(
'%s:%s_%s_permissions_manage_group' % info,
args=[obj.pk, group.id]
)
return redirect(url)
context = self.get_obj_perms_base_context(request, obj)
context['group_obj'] = group
context['group_perms'] = get_perms(group, obj)
context['form'] = form
return render_to_response(self.get_obj_perms_manage_group_template(),
context, RequestContext(request, current_app=self.admin_site.name))
def obj_perms_manage_user_view(self, request, object_pk, user_id):
"""
Manages selected users' permissions for current object.
"""
if not self.has_change_permission(request, None):
post_url = reverse('admin:index', current_app=self.admin_site.name)
return redirect(post_url)
user = get_object_or_404(get_user_model(), pk=user_id)
obj = get_object_or_404(self.get_queryset(request), pk=object_pk)
form_class = self.get_obj_perms_manage_user_form()
form = form_class(user, obj, request.POST or None)
if request.method == 'POST' and form.is_valid():
form.save_obj_perms()
msg = ugettext("Permissions saved.")
messages.success(request, msg)
info = (self.admin_site.name, self.model._meta.app_label,
get_model_name(self.model))
url = reverse('%s:%s_%s_permissions_manage_user' % info,
args=[obj.pk, user.pk])
return redirect(url)
context = self.get_obj_perms_base_context(request, obj)
context['user_obj'] = user
context['user_perms'] = get_perms(user, obj)
context['form'] = form
request.current_app = self.admin_site.name
return render_to_response(self.get_obj_perms_manage_user_template(),
context, RequestContext(request))
def obj_perms_manage_user_view(self, request, object_pk, user_id):
"""
Manages selected users' permissions for current object.
"""
user = get_object_or_404(get_user_model(), pk=user_id)
obj = get_object_or_404(self.queryset(request), pk=object_pk)
form_class = self.get_obj_perms_manage_user_form()
form = form_class(user, obj, request.POST or None)
if request.method == "POST" and form.is_valid():
form.save_obj_perms()
msg = ugettext("Permissions saved.")
messages.success(request, msg)
info = (self.admin_site.name, self.model._meta.app_label, get_model_name(self.model))
url = reverse("%s:%s_%s_permissions_manage_user" % info, args=[obj.pk, user.pk])
return redirect(url)
context = self.get_obj_perms_base_context(request, obj)
context["user_obj"] = user
context["user_perms"] = get_perms(user, obj)
context["form"] = form
return render_to_response(
self.get_obj_perms_manage_user_template(),
context,
RequestContext(request, current_app=self.admin_site.name),
)
def setUp(self):
self.admin = User.objects.create_superuser('admin', '*****@*****.**',
'admin')
self.user = User.objects.create_user('joe', '*****@*****.**', 'joe')
self.group = Group.objects.create(name='group')
self.client = Client()
self.obj = ContentType.objects.create(model='bar', app_label='fake-for-guardian-tests')
self.obj_info = self.obj._meta.app_label, get_model_name(self.obj)
def setUp(self):
self.admin = User.objects.create_superuser('admin', '*****@*****.**',
'admin')
self.user = User.objects.create_user('joe', '*****@*****.**', 'joe')
self.group = Group.objects.create(name='group')
self.client = Client()
self.obj = ContentType.objects.create(model='bar', app_label='fake-for-guardian-tests')
self.obj_info = self.obj._meta.app_label, get_model_name(self.obj)
def obj_perms_manage_view(self, request, object_pk):
"""
Main object permissions view. Presents all users and groups with any
object permissions for the current model *instance*. Users or groups
without object permissions for related *instance* would **not** be
shown. In order to add or manage user or group one should use links or
forms presented within the page.
"""
obj = get_object_or_404(self.queryset(request), pk=object_pk)
users_perms = SortedDict(get_users_with_perms(obj, attach_perms=True, with_group_users=False))
users_perms.keyOrder.sort(key=lambda user: getattr(user, get_user_model().USERNAME_FIELD))
groups_perms = SortedDict(get_groups_with_perms(obj, attach_perms=True))
groups_perms.keyOrder.sort(key=lambda group: group.name)
if request.method == "POST" and "submit_manage_user" in request.POST:
user_form = UserManage(request.POST)
group_form = GroupManage()
info = (self.admin_site.name, self.model._meta.app_label, get_model_name(self.model))
if user_form.is_valid():
user_id = user_form.cleaned_data["user"].pk
url = reverse("%s:%s_%s_permissions_manage_user" % info, args=[obj.pk, user_id])
return redirect(url)
elif request.method == "POST" and "submit_manage_group" in request.POST:
user_form = UserManage()
group_form = GroupManage(request.POST)
info = (self.admin_site.name, self.model._meta.app_label, get_model_name(self.model))
if group_form.is_valid():
group_id = group_form.cleaned_data["group"].id
url = reverse("%s:%s_%s_permissions_manage_group" % info, args=[obj.pk, group_id])
return redirect(url)
else:
user_form = UserManage()
group_form = GroupManage()
context = self.get_obj_perms_base_context(request, obj)
context["users_perms"] = users_perms
context["groups_perms"] = groups_perms
context["user_form"] = user_form
context["group_form"] = group_form
return render_to_response(
self.get_obj_perms_manage_template(), context, RequestContext(request, current_app=self.admin_site.name)
)
def obj_perms_manage_user_view(self, request, object_pk, user_id):
"""
Manages selected users' permissions for current object.
"""
if not self.has_change_permission(request, None):
post_url = reverse('admin:index', current_app=self.admin_site.name)
return redirect(post_url)
user = get_object_or_404(get_user_model(), pk=user_id)
obj = get_object_or_404(self.get_queryset(request), pk=object_pk)
form_class = self.get_obj_perms_manage_user_form(request)
form = form_class(user, obj, request.POST or None)
if request.method == 'POST' and form.is_valid():
form.save_obj_perms()
msg = ugettext("Permissions saved.")
messages.success(request, msg)
info = (
self.admin_site.name,
self.model._meta.app_label,
get_model_name(self.model)
)
url = reverse(
'%s:%s_%s_permissions_manage_user' % info,
args=[obj.pk, user.pk]
)
return redirect(url)
context = self.get_obj_perms_base_context(request, obj)
context['user_obj'] = user
context['user_perms'] = get_user_perms(user, obj)
context['form'] = form
request.current_app = self.admin_site.name
if django.VERSION >= (1, 10):
return render(request, self.get_obj_perms_manage_user_template(), context)
return render_to_response(self.get_obj_perms_manage_user_template(), context, RequestContext(request))
from guardian.shortcuts import get_users_with_perms
from guardian.shortcuts import get_groups_with_perms
from guardian.shortcuts import get_objects_for_user
from guardian.shortcuts import get_objects_for_group
from guardian.exceptions import MixedContentTypeError
from guardian.exceptions import NotUserNorGroup
from guardian.exceptions import WrongAppError
from guardian.testapp.models import NonIntPKModel
from guardian.testapp.tests.test_core import ObjectPermissionTestCase
from guardian.models import Group, Permission
import warnings
User = get_user_model()
user_app_label = User._meta.app_label
user_module_name = get_model_name(User)
class ShortcutsTests(ObjectPermissionTestCase):
def test_get_perms_for_model(self):
self.assertEqual(get_perms_for_model(self.user).count(), 3)
self.assertTrue(
list(get_perms_for_model(self.user)) == list(
get_perms_for_model(User)))
self.assertEqual(get_perms_for_model(Permission).count(), 3)
model_str = 'contenttypes.ContentType'
self.assertEqual(
sorted(get_perms_for_model(model_str).values_list()),
sorted(get_perms_for_model(ContentType).values_list()))
obj = ContentType()
def obj_perms_manage_view(self, request, object_pk):
"""
Main object permissions view. Presents all users and groups with any
object permissions for the current model *instance*. Users or groups
without object permissions for related *instance* would **not** be
shown. In order to add or manage user or group one should use links or
forms presented within the page.
"""
if not self.has_change_permission(request, None):
post_url = reverse('admin:index', current_app=self.admin_site.name)
return redirect(post_url)
try:
# django >= 1.7
from django.contrib.admin.utils import unquote
except ImportError:
# django < 1.7
from django.contrib.admin.util import unquote
obj = get_object_or_404(self.get_queryset(request),
pk=unquote(object_pk))
users_perms = OrderedDict(
sorted(get_users_with_perms(obj,
attach_perms=True,
with_group_users=False).items(),
key=lambda user: getattr(user[0],
get_user_model().USERNAME_FIELD)))
groups_perms = OrderedDict(
sorted(get_groups_with_perms(obj, attach_perms=True).items(),
key=lambda group: group[0].name))
if request.method == 'POST' and 'submit_manage_user' in request.POST:
user_form = self.get_obj_perms_user_select_form(request)(
request.POST)
group_form = self.get_obj_perms_group_select_form(request)(
request.POST)
info = (self.admin_site.name, self.model._meta.app_label,
get_model_name(self.model))
if user_form.is_valid():
user_id = user_form.cleaned_data['user'].pk
url = reverse('%s:%s_%s_permissions_manage_user' % info,
args=[obj.pk, user_id])
return redirect(url)
elif request.method == 'POST' and 'submit_manage_group' in request.POST:
user_form = self.get_obj_perms_user_select_form(request)(
request.POST)
group_form = self.get_obj_perms_group_select_form(request)(
request.POST)
info = (self.admin_site.name, self.model._meta.app_label,
get_model_name(self.model))
if group_form.is_valid():
group_id = group_form.cleaned_data['group'].id
url = reverse('%s:%s_%s_permissions_manage_group' % info,
args=[obj.pk, group_id])
return redirect(url)
else:
user_form = self.get_obj_perms_user_select_form(request)()
group_form = self.get_obj_perms_group_select_form(request)()
context = self.get_obj_perms_base_context(request, obj)
context['users_perms'] = users_perms
context['groups_perms'] = groups_perms
context['user_form'] = user_form
context['group_form'] = group_form
# https://github.com/django/django/commit/cf1f36bb6eb34fafe6c224003ad585a647f6117b
request.current_app = self.admin_site.name
if django.VERSION >= (1, 10):
return render(request, self.get_obj_perms_manage_template(),
context)
return render_to_response(self.get_obj_perms_manage_template(),
context, RequestContext(request))
def obj_perms_manage_view(self, request, object_pk):
"""
Main object permissions view. Presents all users and groups with any
object permissions for the current model *instance*. Users or groups
without object permissions for related *instance* would **not** be
shown. In order to add or manage user or group one should use links or
forms presented within the page.
"""
if not self.has_change_permission(request, None):
post_url = reverse('admin:index', current_app=self.admin_site.name)
return redirect(post_url)
try:
# django >= 1.7
from django.contrib.admin.utils import unquote
except ImportError:
# django < 1.7
from django.contrib.admin.util import unquote
obj = get_object_or_404(self.get_queryset(request), pk=unquote(object_pk))
users_perms = OrderedDict(
sorted(
list(get_users_with_perms(obj, attach_perms=True, with_group_users=False).items()),
key=lambda user: getattr(user[0], get_user_model().USERNAME_FIELD)
)
)
groups_perms = OrderedDict(
sorted(
list(get_groups_with_perms(obj, attach_perms=True).items()),
key=lambda group: group[0].name
)
)
if request.method == 'POST' and 'submit_manage_user' in request.POST:
user_form = UserManage(request.POST)
group_form = GroupManage()
info = (
self.admin_site.name,
self.model._meta.app_label,
get_model_name(self.model)
)
if user_form.is_valid():
user_id = user_form.cleaned_data['user'].pk
url = reverse(
'%s:%s_%s_permissions_manage_user' % info,
args=[obj.pk, user_id]
)
return redirect(url)
elif request.method == 'POST' and 'submit_manage_group' in request.POST:
user_form = UserManage()
group_form = GroupManage(request.POST)
info = (
self.admin_site.name,
self.model._meta.app_label,
get_model_name(self.model)
)
if group_form.is_valid():
group_id = group_form.cleaned_data['group'].id
url = reverse(
'%s:%s_%s_permissions_manage_group' % info,
args=[obj.pk, group_id]
)
return redirect(url)
else:
user_form = UserManage()
group_form = GroupManage()
context = self.get_obj_perms_base_context(request, obj)
context['users_perms'] = users_perms
context['groups_perms'] = groups_perms
context['user_form'] = user_form
context['group_form'] = group_form
# https://github.com/django/django/commit/cf1f36bb6eb34fafe6c224003ad585a647f6117b
request.current_app = self.admin_site.name
return render_to_response(self.get_obj_perms_manage_template(), context, RequestContext(request))
from guardian.shortcuts import get_groups_with_perms
from guardian.shortcuts import get_objects_for_user
from guardian.shortcuts import get_objects_for_group
from guardian.exceptions import MixedContentTypeError
from guardian.exceptions import NotUserNorGroup
from guardian.exceptions import WrongAppError
from guardian.testapp.models import NonIntPKModel
from guardian.testapp.tests.core_test import ObjectPermissionTestCase
from guardian.models import Group, Permission
import warnings
User = get_user_model()
user_app_label = User._meta.app_label
user_module_name = get_model_name(User)
class ShortcutsTests(ObjectPermissionTestCase):
def test_get_perms_for_model(self):
self.assertEqual(get_perms_for_model(self.user).count(), 3)
self.assertTrue(list(get_perms_for_model(self.user)) ==
list(get_perms_for_model(User)))
self.assertEqual(get_perms_for_model(Permission).count(), 3)
model_str = 'contenttypes.ContentType'
self.assertEqual(
sorted(get_perms_for_model(model_str).values_list()),
sorted(get_perms_for_model(ContentType).values_list()))
obj = ContentType()
self.assertEqual(
