Esempio n. 1
0
 def has_add_permission(self, request):
     """
     Overrides Django admin behaviour to add ownership based access control
     """
     user = request.user
     return has_global_permission(user, 'submit_redirects') or \
                             has_global_permission(user, 'manage_redirects')
Esempio n. 2
0
 def has_add_permission(self, request):
     """
     Overrides Django admin behaviour to add ownership based access control
     """
     user = request.user
     return has_global_permission(user, 'submit_redirects') or \
                             has_global_permission(user, 'manage_redirects')
Esempio n. 3
0
 def has_change_permission(self, request, obj=None):
     """
     Overrides Django admin behaviour to add ownership based access control
     """
     if obj and obj.is_active != bool(request.POST.get('is_active')):
         return has_global_permission(request.user, 'manage_redirects')
     return super(RedirectAdmin, self).has_change_permission(request, obj)
Esempio n. 4
0
 def has_change_permission(self, request, obj=None):
     """
     Overrides Django admin behaviour to add ownership based access control
     """
     if obj and obj.is_active != bool(request.POST.get('is_active')):
         return has_global_permission(request.user, 'manage_redirects')
     return super(RedirectAdmin, self).has_change_permission(request, obj)
Esempio n. 5
0
 def queryset(self, request, bypass_perms=False):
     """
     Overrides the Django behaviour to take permissions into account
     """
     qs = super(BaseSectionAdmin, self).queryset(request)
     if not bypass_perms and not perms_api.can_manage_site(request.user) and \
        not perms_api.has_global_permission(request.user, 'edit'):
         qs = qs.filter(Q(owners=request.user))
     return qs
Esempio n. 6
0
 def queryset(self, request):
     multimedia = self.basecontent
     qs = BaseContent.objects.exclude(multimediarelation__multimedia=multimedia)
     user = request.user
     if not perms_api.can_manage_site(user) and not perms_api.has_global_permission(user, "edit"):
         owner_filter = Q(owners=request.user)
         if settings.ACQUIRE_SECTION_ROLES:
             owner_filter = owner_filter | Q(sections__owners=request.user)
         qs = qs.filter(owner_filter)
     return qs
Esempio n. 7
0
 def queryset(self, request):
     multimedia = self.basecontent
     qs = BaseContent.objects.exclude(
         multimediarelation__multimedia=multimedia)
     user = request.user
     if not perms_api.can_manage_site(user) and\
        not perms_api.has_global_permission(user, 'edit'):
         owner_filter = Q(owners=request.user)
         if settings.ACQUIRE_SECTION_ROLES:
             owner_filter = owner_filter | Q(sections__owners=request.user)
         qs = qs.filter(owner_filter)
     return qs
Esempio n. 8
0
 def has_change_permission(self, request, obj=None):
     """
     Overrides Django admin behaviour to add ownership based access control
     """
     permission = super(BaseSectionAdmin, self).has_change_permission(request, obj)
     if permission:
         return permission
     if perms_api.has_global_permission(request.user, 'manage_section'):
         return True
     elif obj is None:
         return True
     return False
Esempio n. 9
0
    def render(self, context):
        if not self.obj:
            obj = context.get("obj") or context.get("content")
        else:
            obj = self.obj.resolve(context)
        request = context.get("request")
        permission = self.permission.resolve(context, True)
        if obj:
            has_perm = has_permission(obj, request.user, permission)
        else:
            has_perm = has_global_permission(request.user, permission)

        if has_perm:
            return self.nodelist_true.render(context)
        else:
            if self.nodelist_false:
                return self.nodelist_false.render(context)
            return ''
Esempio n. 10
0
    def render(self, context):
        if not self.obj:
            obj = context.get("obj") or context.get("content")
        else:
            obj = self.obj.resolve(context)
        request = context.get("request")
        permission = self.permission.resolve(context, True)
        if obj:
            has_perm = has_permission(obj, request.user, permission)
        else:
            has_perm = has_global_permission(request.user, permission)

        if has_perm:
            return self.nodelist_true.render(context)
        else:
            if self.nodelist_false:
                return self.nodelist_false.render(context)
            return ''
Esempio n. 11
0
 def show(self, context):
     cache_site = getattr(settings, 'CACHE_SITE_FOR_ANONYMOUS', False)
     user = getattr(context.get('request', None), 'user', None)
     return cache_site and user and \
         has_global_permission(user, MANAGE_CACHE_INVALIDATION_PERMISSION)
Esempio n. 12
0
 def show(self, context):
     user = getattr(context.get('request', None), 'user', None)
     return user and has_global_permission(user, MANAGE_BLOCK_PERMISSION)
Esempio n. 13
0
 def has_add_permission(self, request):
     """
         Overrides Django admin behaviour to add ownership based access control
     """
     return perms_api.has_global_permission(request.user, 'manage_review')
Esempio n. 14
0
 def has_delete_permission(self, request, obj=None):
     """
     Overrides Django admin behaviour to add ownership based access control
     """
     return perms_api.has_global_permission(request.user, 'manage_section')
Esempio n. 15
0
 def get_form(self, request, obj=None, **kwargs):
     form = super(RedirectAdmin, self).get_form(request, obj, **kwargs)
     if not has_global_permission(request.user, 'manage_redirects'):
         # only redirects managers can activate a redirect
         del form.base_fields['is_active']
     return form
Esempio n. 16
0
 def get_form(self, request, obj=None, **kwargs):
     form = super(RedirectAdmin, self).get_form(request, obj, **kwargs)
     if not has_global_permission(request.user, 'manage_redirects'):
         # only redirects managers can activate a redirect
         del form.base_fields['is_active']
     return form
Esempio n. 17
0
 def show(self, context):
     cache_site = getattr(settings, 'CACHE_SITE_FOR_ANONYMOUS', False)
     user = getattr(context.get('request', None), 'user', None)
     return cache_site and user and \
         has_global_permission(user, MANAGE_CACHE_INVALIDATION_PERMISSION)
Esempio n. 18
0
 def can_delete(self, user):
     return (perms_api.has_global_permission(user, perms_api.MANAGE_BLOCK_PERMISSION) or
             (self.content_id is not None and self.content.can_edit(user)))
Esempio n. 19
0
 def can_delete(self, user):
     return (perms_api.has_global_permission(
         user, perms_api.MANAGE_BLOCK_PERMISSION) or
             (self.content_id is not None and self.content.can_edit(user)))
Esempio n. 20
0
 def show(self, context):
     user = getattr(context.get('request', None), 'user', None)
     return user and has_global_permission(user, MANAGE_BLOCK_PERMISSION)
Esempio n. 21
0
 def has_add_permission(self, request):
     """
         Overrides Django admin behaviour to add ownership based access control
     """
     return perms_api.has_global_permission(request.user, 'manage_menu')