def decorated(request, *args, **kwargs):
objs = []
if request.user.is_authenticated() or allow_anonymous:
lookup_list = _model_lookups_handler(model_lookups, *args,
**kwargs)
granted = False
for perm_type, perm in perms:
if perm_type == "granular":
for model_class, lookup, value in lookup_list:
objs.append(
get_object_or_404(model_class,
**{lookup: value}))
check = get_check(request.user, perm)
if check is not None:
granted = check(*objs)
else:
if request.user.has_perm(perm):
granted = True
if granted:
return view_func(request, *args, **kwargs)
if redirect_to_login:
path = urlquote(request.get_full_path())
tup = login_url, redirect_field_name, path
return HttpResponseRedirect('%s?%s=%s' % tup)
return permission_denied(request)
def render(self, context):
try:
user = self.resolve(self.user, context)
perm = self.resolve(self.perm, context)
if self.objs:
objs = []
for obj in self.objs:
if obj is not None:
objs.append(self.resolve(obj, context))
else:
objs = None
check = get_check(user, perm)
if check is not None:
if check(*objs):
# return True if check was successful
return self.nodelist_true.render(context)
# If the app couldn't be found
except (ImproperlyConfigured, ImportError):
return ''
# If either variable fails to resolve, return nothing.
except template.VariableDoesNotExist:
return ''
# If the types don't permit comparison, return nothing.
except (TypeError, AttributeError):
return ''
return self.nodelist_false.render(context)
def render(self, context):
try:
user = self.resolve(self.user, context)
perm = self.resolve(self.perm, context)
if self.objs:
objs = []
for obj in self.objs:
if obj is not None:
objs.append(self.resolve(obj, context))
else:
objs = None
check = get_check(user, perm)
if check is not None:
if check(*objs):
# return True if check was successful
return self.nodelist_true.render(context)
# If the app couldn't be found
except (ImproperlyConfigured, ImportError):
return ''
# If either variable fails to resolve, return nothing.
except template.VariableDoesNotExist:
return ''
# If the types don't permit comparison, return nothing.
except (TypeError, AttributeError):
return ''
return self.nodelist_false.render(context)
def has_perm_or_owns(user, perm, obj, perm_obj, field_name='creator'):
"""Given a user, a permission, an object (obj) and another object to check
permissions against (perm_obj), return True if the user has perm on
obj."""
if user == getattr(obj, field_name):
return True
check = get_check(user, perm)
return user.has_perm(perm) or (check and check(perm_obj))
def has_perm_or_owns(user, perm, obj, perm_obj,
field_name='creator'):
"""Given a user, a permission, an object (obj) and another object to check
permissions against (perm_obj), return True if the user has perm on
obj."""
if user == getattr(obj, field_name):
return True
check = get_check(user, perm)
return user.has_perm(perm) or (check and check(perm_obj))
def has_perm_or_owns(user, perm, obj, perm_obj, field_name='creator'):
"""Given a user, a permission, an object (obj) and another object to check
permissions against (perm_obj), return True if the user has perm on
obj."""
if user.is_anonymous():
return False
if hasattr(obj, '%s_id' % field_name):
if getattr(obj, '%s_id' % field_name) == user.pk:
return True
elif user == getattr(obj, field_name):
return True
check = get_check(user, perm)
return user.has_perm(perm) or (check and check(perm_obj))
def has_perm_or_owns(user, perm, obj, perm_obj,
field_name='creator'):
"""Given a user, a permission, an object (obj) and another object to check
permissions against (perm_obj), return True if the user has perm on
obj."""
if user.is_anonymous():
return False
if hasattr(obj, '{0!s}_id'.format(field_name)):
if getattr(obj, '{0!s}_id'.format(field_name)) == user.pk:
return True
elif user == getattr(obj, field_name):
return True
check = get_check(user, perm)
return user.has_perm(perm) or (check and check(perm_obj))
def render(self, context):
objs = [self.resolve(obj, context) for obj in self.objs.split(',')]
var_name = self.resolve(self.var_name, context)
perm = self.resolve(self.perm, context)
user = self.resolve(self.user, context)
granted = False
if not isinstance(user, AnonymousUser):
if self.approved:
check = get_check(user, perm)
if check is not None:
granted = check(*objs)
else:
check = permissions.BasePermission(user=user)
for obj in objs:
granted = check.requested_perm(perm, obj)
if granted:
break
context[var_name] = granted
return ''
def render(self, context):
objs = [self.resolve(obj, context) for obj in self.objs.split(',')]
var_name = self.resolve(self.var_name, context)
perm = self.resolve(self.perm, context)
user = self.resolve(self.user, context)
granted = False
if not isinstance(user, AnonymousUser):
if self.approved:
check = get_check(user, perm)
if check is not None:
granted = check(*objs)
else:
check = permissions.BasePermission(user=user)
for obj in objs:
granted = check.requested_perm(perm, obj)
if granted:
break
context[var_name] = granted
return ''
def decorated(request, *args, **kwargs):
if request.user.is_authenticated():
params = []
for lookup_variable in lookup_variables:
if isinstance(lookup_variable, basestring):
value = kwargs.get(lookup_variable, None)
if value is None:
continue
params.append(value)
elif isinstance(lookup_variable, (tuple, list)):
model, lookup, varname = lookup_variable
value = kwargs.get(varname, None)
if value is None:
continue
if isinstance(model, basestring):
model_class = get_model(*model.split("."))
else:
model_class = model
if model_class is None:
raise ValueError(
"The given argument '%s' is not a valid model."
% model)
if (inspect.isclass(model_class)
and not issubclass(model_class, Model)):
raise ValueError(
'The argument %s needs to be a model.' % model)
obj = get_object_or_404(model_class, **{lookup: value})
params.append(obj)
check = get_check(request.user, perm)
granted = False
if check is not None:
granted = check(*params)
if granted or request.user.has_perm(perm):
return view_func(request, *args, **kwargs)
if redirect_to_login:
path = urlquote(request.get_full_path())
tup = login_url, redirect_field_name, path
return HttpResponseRedirect('%s?%s=%s' % tup)
return permission_denied(request)
def decorated(request, *args, **kwargs):
objs = []
if request.user.is_authenticated() or allow_anonymous:
lookup_list = _model_lookups_handler(model_lookups, *args, **kwargs)
granted = False
for perm_type, perm in perms:
if perm_type == "granular":
for model_class, lookup, value in lookup_list:
objs.append(get_object_or_404(model_class, **{lookup: value}))
check = get_check(request.user, perm)
if check is not None:
granted = check(*objs)
else:
if request.user.has_perm(perm):
granted = True
if granted:
return view_func(request, *args, **kwargs)
if redirect_to_login:
path = urlquote(request.get_full_path())
tup = login_url, redirect_field_name, path
return HttpResponseRedirect('%s?%s=%s' % tup)
return permission_denied(request)
def decorated(request, *args, **kwargs):
if request.user.is_authenticated():
params = []
for lookup_variable in lookup_variables:
if isinstance(lookup_variable, basestring):
value = kwargs.get(lookup_variable, None)
if value is None:
continue
params.append(value)
elif isinstance(lookup_variable, (tuple, list)):
model, lookup, varname = lookup_variable
value = kwargs.get(varname, None)
if value is None:
continue
if isinstance(model, basestring):
model_class = get_model(*model.split("."))
else:
model_class = model
if model_class is None:
raise ValueError(
"The given argument '%s' is not a valid model." % model)
if (inspect.isclass(model_class) and
not issubclass(model_class, Model)):
raise ValueError(
'The argument %s needs to be a model.' % model)
obj = get_object_or_404(model_class, **{lookup: value})
params.append(obj)
check = get_check(request.user, perm)
granted = False
if check is not None:
granted = check(*params)
if granted or request.user.has_perm(perm):
return view_func(request, *args, **kwargs)
if redirect_to_login:
path = urlquote(request.get_full_path())
tup = login_url, redirect_field_name, path
return HttpResponseRedirect('%s?%s=%s' % tup)
return permission_denied(request)
def has_perm(user, perm, obj):
"""Return whether a user has a permission globally or on a given object."""
check = get_check(user, perm) # None sometimes
return user.has_perm(perm) or (check and check(obj))
def has_perm(user, perm, obj):
"""Return whether a user has a permission globally or on a given object."""
check = get_check(user, perm) # None sometimes
return user.has_perm(perm) or (check and check(obj))