Exemple #1
0
    def get_user_collections(user, collection_type, collections=None):
        """
        Args:
            user: instance of User model
            collection_type: string for filtering collections based on their type
            collections: queryset of collections to filter
        Returns: wagtail collections queryset where given user has add, change permissions
        if collections queryset is provided filter is applied on that.
        """
        model_mapping = {
            'documents': {
                "model": Document,
                "owner_field": "uploaded_by_user"
            },
            'images': {
                "model": Image,
                "owner_field": "uploaded_by_user"
            },
            'videos': {
                "model": Video,
                "owner_field": "source_course_run"
            },
        }
        if not collections:
            collections = Collection.objects.all()

        collection_permission_policy = CollectionOwnershipPermissionPolicy(
            model_mapping[collection_type]["model"],
            owner_field_name=model_mapping[collection_type]["owner_field"])
        user_collections = collection_permission_policy.collections_user_has_any_permission_for(
            user, ['add', 'change'])
        return collections.filter(pk__in=user_collections)
Exemple #2
0
def index(request, pk):
    newsindex = get_object_or_404(
        Page.objects.specific().type(NewsIndexMixin), pk=pk)
    NewsItem = newsindex.get_newsitem_model()

    if not user_can_edit_newsitem(request.user, NewsItem):
        raise PermissionDenied()

    newsitem_list = NewsItem.objects.filter(newsindex=newsindex)

    query = None
    try:
        query = request.GET['q']
    except KeyError:
        pass
    else:
        backend = get_search_backend()
        newsitem_list = backend.search(query, newsitem_list)

    paginator, page = paginate(request, newsitem_list)

    policy = CollectionOwnershipPermissionPolicy(
        model=NewsItem,
        auth_model=NewsItem)

    return render(request, 'wagtailnews/index.html', {
        'newsindex': newsindex,
        'page': page,
        'paginator': paginator,
        'newsitem_list': page.object_list,
        'newsitem_perms': perms_for_template(request, NewsItem),
        'query_string': query,
        'policy': policy,
    })
Exemple #3
0
        def fun_call(request, pk, newsitem_pk=None):
            newsindex = get_object_or_404(
                Page.objects.specific().type(NewsIndexMixin), pk=pk)
            NewsItem = newsindex.get_newsitem_model()
            user = get_user(request)

            policy = CollectionOwnershipPermissionPolicy(model=NewsItem,
                                                         auth_model=NewsItem)

            if perm == 'add':
                return function(request=request,
                                newsindex=newsindex,
                                NewsItem=NewsItem,
                                user=user,
                                policy=policy)

            newsitem = get_object_or_404(NewsItem,
                                         newsindex=newsindex,
                                         pk=newsitem_pk)
            if perm == 'change':
                newsitem = newsitem.get_latest_revision_as_newsitem()

            if not policy.user_has_permission_for_instance(
                    user, perm, newsitem):
                raise PermissionDenied()

            return function(request=request,
                            newsindex=newsindex,
                            user=user,
                            NewsItem=NewsItem,
                            newsitem=newsitem,
                            policy=policy)
Exemple #4
0
"""
Permissions for related to journals app
"""
from wagtail.contrib.modeladmin.helpers import PermissionHelper
from wagtail.wagtailcore.permission_policies.collections import CollectionOwnershipPermissionPolicy

from journals.apps.journals.models import Video

video_permission_policy = CollectionOwnershipPermissionPolicy(
    Video, owner_field_name='source_course_run')


class VideoPermissionHelper(PermissionHelper):
    """
    Permission overrides for videos
    """
    def user_can_create(self, user):
        """
        Since video entries are imported from studio. We need to override this method to disable
        add button for videos
        """
        return False

    def user_can_edit_obj(self, user, obj):
        """
        Check if user has edit permissions on videos
        """
        return video_permission_policy.user_has_permission_for_instance(
            user, 'change', obj)

    def user_can_delete_obj(self, user, obj):
Exemple #5
0
from wagtail.wagtailcore.permission_policies.collections import CollectionOwnershipPermissionPolicy
from wagtail.wagtailimages.models import Image, get_image_model

permission_policy = CollectionOwnershipPermissionPolicy(
    get_image_model(), auth_model=Image, owner_field_name='uploaded_by_user')
from __future__ import absolute_import, print_function, unicode_literals

from wagtail.wagtailcore.permission_policies.collections import \
    CollectionOwnershipPermissionPolicy

from wagtailvideos.models import Video

permission_policy = CollectionOwnershipPermissionPolicy(
    Video, auth_model=Video, owner_field_name='uploaded_by_user')
from wagtail.wagtailcore.permission_policies.collections import (
    CollectionOwnershipPermissionPolicy
)

from wagtailmedia.models import Media, get_media_model

permission_policy = CollectionOwnershipPermissionPolicy(
    get_media_model(),
    auth_model=Media,
    owner_field_name='uploaded_by_user'
)
from wagtail.wagtailcore.permission_policies.collections import (
    CollectionOwnershipPermissionPolicy
)
from .models import get_embed_video_model
from .models import EmbedVideo


permission_policy = CollectionOwnershipPermissionPolicy(
    get_embed_video_model(),
    auth_model=EmbedVideo,
    owner_field_name='uploaded_by_user'
)
Exemple #9
0
from __future__ import absolute_import, unicode_literals

from wagtail.wagtailcore.permission_policies.collections import CollectionOwnershipPermissionPolicy
from wagtail.wagtaildocs.models import Document, get_document_model

permission_policy = CollectionOwnershipPermissionPolicy(
    get_document_model(),
    auth_model=Document,
    owner_field_name='uploaded_by_user')
 def setUp(self):
     super(TestCollectionOwnershipPermissionPolicy, self).setUp()
     self.policy = CollectionOwnershipPermissionPolicy(
         Document,
         owner_field_name='uploaded_by_user',
     )