return True return False def can_view_child_basic_profile(self, child): ac = self.get_ac(child) if ac: return True required_access = child.basic_prof_privacy if self.has_required_access(child, required_access): return True return False def can_view_child_extended_profile(self, child): ac = self.get_ac(child) if ac: return True required_access = child.ext_prof_privacy if self.has_required_access(child, required_access): return True return False authority.register(Child, ChildPermission) authority.register(User, UserPermission)
import authority from kitsune.forums.models import Forum class ForumPermission(authority.permissions.BasePermission): label = 'forums_forum' checks = ('thread_edit', 'thread_sticky', 'thread_locked', 'thread_delete', 'post_edit', 'post_delete', 'thread_move', 'view_in', 'post_in') # view_in: view the forum, its threads, and its posts # post_in: make new threads and posts in a forum authority.register(Forum, ForumPermission)
# Modelos a los que se les asocia permisos from models import Pas import logging log = logging.getLogger('galotecnia') class PasPermission(permissions.BasePermission): label = 'paspermission' check = ('is_pas',) def asignar_recurso(self): try: profile = self.user.get_profile() except PersonaPerfil.DoesNotExist: # Si no tiene perfil no sabemos que tipo de persona es # por lo tanto, denegamos el acceso log.error(u"No existe perfil asociado al usuario %s" % self.user.username) return False try: pas = profile.pas except Pas.DoesNotExist: log.debug(u"El usuario %s no puede acceder a la informacion de porteria" % self.user.username) return False # TODO: Si hay mas personas que pueden asignar recursos, incluir aqui return True authority.register(Pas, PasPermission)
def can_delete_post(self, post): # Admin can delete post return is_admin(self.user) class TopicPermission(PostPermission): label = 'topic_permission' checks = 'can_toggle_pin' def can_toggle_pin(self, topic): # Only admin can pin topic return is_admin(self.user) class VotePermission(permissions.BasePermission): label = 'vote_permission' checks = ('can_create_vote', ) def can_create_vote(self, post): # Authenticated user can create vote return True authority.register(Forum, ForumPermission) authority.register(Vote, VotePermission) authority.register(Post, PostPermission) authority.register(Topic, TopicPermission)
if any_team and not team: user_teams = project.team_set.filter( Q(coordinators=self.user)| Q(members=self.user)| Q(reviewers=self.user) ).distinct() if user_teams: return True return False submit_translations.short_description = _("Is allowed to submit " "translations to this project") def private(self, project=None): """Test if a user has access to a private project.""" if project: if project.private: # To avoid doing all the checks below! if self.user.is_anonymous(): return False # Maintainers, writers (submitters, coordinators, members) return self.maintain(project) or \ self.submit_translations(project, any_team=True) or\ self.proofread(project, any_team=True) else: # The project is public so let them continue return True return False private.short_description=_('Is allowed to browse this private project') authority.register(Project, ProjectPermission)
import authority from authority import permissions from django.contrib.auth.models import User from django.contrib.auth.models import Group from django.core.exceptions import ObjectDoesNotExist from .models import Country class CountryPermission(permissions.BasePermission): label = "country_permission" checks = ("has_country_affiliation",) def has_country_affiliation(self, user, country): # allow staff and superusers to see all countries if user.is_staff() or user.is_superuser(): return True try: profile = user.get_profile() if profile.country: # if the user declared affiliation with a country # during registration, allow them to view it if profile.country == country: return True except ObjectDoesNotExist: pass return False authority.register(Country, CountryPermission)
print "yay, you can review this flatpage!" return flatpage(request, url) Or the same view using the decorator permission_required:: @permission_required('flatpage_permission.review_flatpage', ('flatpages.flatpage', 'url__contains', 'url')) def review_flatpage(request, url): print "yay, you can review this flatpage!" return flatpage(request, url) Or you can use this permission in your templates like this:: {% ifhasperm "flatpage_permission.review_flatpage" request.user flatpage %} Yes, you are allowed to review flatpage '{{ flatpage }}', aren't you? {% else %} Nope, sorry. You aren't allowed to review this flatpage. {% endifhasperm %} """ label = 'flatpage_permission' checks = ('review', 'top_secret') def top_secret(self, flatpage=None, lala=None): if flatpage and flatpage.registration_required: return self.browse_flatpage(obj=flatpage) return False top_secret.short_description=_('Is allowed to see top secret flatpages') authority.register(FlatPage, FlatPagePermission)
from forums.models import Forum import authority class ForumPermission(authority.permissions.BasePermission): label = 'forums_forum' checks = ('thread_edit', 'thread_sticky', 'thread_locked', 'thread_delete', 'post_edit', 'post_delete', 'thread_move', 'view_in', 'post_in') # view_in: view the forum, its threads, and its posts # post_in: make new threads and posts in a forum authority.register(Forum, ForumPermission)
user_teams = project.team_set.filter( Q(coordinators=self.user) | Q(members=self.user) | Q(reviewers=self.user)).distinct() if user_teams: return True return False submit_translations.short_description = _("Is allowed to submit " "translations to this project") def private(self, project=None): """Test if a user has access to a private project.""" if project: if project.private: # To avoid doing all the checks below! if self.user.is_anonymous(): return False # Maintainers, writers (submitters, coordinators, members) return self.maintain(project) or \ self.submit_translations(project, any_team=True) or\ self.proofread(project, any_team=True) else: # The project is public so let them continue return True return False private.short_description = _('Is allowed to browse this private project') authority.register(Project, ProjectPermission)
from django.test import TestCase from django.contrib.auth.models import User from django.contrib.auth.models import Permission as DjangoPermission import authority from authority import permissions from authority.models import Permission from authority.exceptions import NotAModel, UnsavedModelInstance class UserPermission(permissions.BasePermission): checks = ('browse',) label = 'user_permission' authority.register(User, UserPermission) class BehaviourTest(TestCase): """ self.user will be given: - django permission add_user (test_add) - authority to delete_user which is him (test_delete) This permissions are given in the test case and not in the fixture, for later reference. """ fixtures = ['tests.json',] def setUp(self): self.user = User.objects.get(username='******') self.check = UserPermission(self.user) def test_no_permission(self): self.assertFalse(self.check.add_user())
return False def can_view_child_basic_profile(self, child): ac = self.get_ac(child) if ac: return True required_access = child.basic_prof_privacy if self.has_required_access(child, required_access): return True return False def can_view_child_extended_profile(self, child): ac = self.get_ac(child) if ac: return True required_access = child.ext_prof_privacy if self.has_required_access(child, required_access): return True return False authority.register(Child, ChildPermission) authority.register(User, UserPermission)
import authority from authority import permissions from characters.models import Sheet from chronicles.models import Chronicle, ChronicleMember class SheetPermission(permissions.BasePermission): label = 'sheet_permission' check = ('fullview', 'change', 'delete', 'list', 'history',) authority.register(Sheet, SheetPermission) def can_something_sheet(request, sheet, role, checkperm, user=None, infodump=False): if user is None: user = request.user if user == sheet.player: if infodump: return (True, "Sheet owner") else: return True for chronicle in Chronicle.objects.all(): chronicle_sheets = chronicle.content_objects(Sheet) try: chronicle_sheets.get(id=sheet.id) cm = ChronicleMember.objects.get(user=user, chronicle=chronicle) if role == cm.membership_role: if infodump: return (True, "%s in %s" % (cm.get_membership_role_display(), cm.chronicle.name)) else: return True
import authority from authority import permissions from contests.models import ContestStandingTable # Assume all user must be authenticated before check this permission from vnoiusers.user_util import is_admin class ContestPermission(permissions.BasePermission): label = 'contest_permission' check = 'can_crawl_contest' def can_crawl_contest(self): # Admin can crawl contest return is_admin(self.user) authority.register(ContestStandingTable, ContestPermission)
try: profesor = profile.profesor except Profesor.DoesNotExist: try: pas = profile.pas except Pas.DoesNotExist: log.debug(u"El usuario %s no puede reservar recursos" % self.user.username) return False return True def asignar_recurso(self, recurso = None): if recurso and not recurso.actualmenteDisponible: log.debug(u"El recurso %s no esta disponible actualmente") return False try: profile = self.user.get_profile() except PersonaPerfil.DoesNotExist: # Si no tiene perfil no sabemos que tipo de persona es # por lo tanto, denegamos el acceso log.error(u"No existe perfil asociado al usuario %s" % self.user.username) return False try: pas = profile.pas except Pas.DoesNotExist: log.debug(u"El usuario %s no puede asignar el recursos" % self.user.username) return False return True authority.register(Recurso, RecursoPermission)
if method != 'POST': return True # right to change all the pages if self.change_page(): return True if lang: # try the global language permission first perm = self.user.has_perm( 'pages.can_manage_%s' % lang.replace('-', '_') ) if perm: return True # then per object permission perm_func = getattr(self, 'manage (%s)_page' % lang) if perm_func(page): return True # last hierarchic permissions because it's more expensive perm_func = getattr(self, 'manage hierarchy_page') if perm_func(page): return True else: for ancestor in page.get_ancestors(): if perm_func(ancestor): return True # everything else failed, no permissions return False authority.register(Page, PagePermission)
return False # Usuario profesor for ga in alumno.grupoaulaalumno_set.exclude(grupo__seccion = 'Pendientes'): log.debug("GrupoAulas para el alumno: %s", ga) jefe = profesor.jefeestudios_set.all() for j in jefe: if j.nivel == ga.grupo.curso.ciclo.nivel: return True coordinador = profesor.coordinadorciclo_set.all() for c in coordinador: if c.ciclo == ga.grupo.curso.ciclo: return True tutor = profesor.tutor_set.all() for t in tutor: if t.grupo == ga.grupo: return True try: if asignatura: clase = Horario.objects.get(grupo = ga.grupo, profesor = profesor, asignatura = asignatura) else: clase = Horario.objects.get(grupo = ga.grupo, profesor = profesor) return True except Horario.DoesNotExist: log.error(u"El profesor %s no tiene privilegios para acceder a %s" % (profesor, alumno)) return False return False authority.register(Alumno, AlumnoPermission) authority.register(GrupoAula, GrupoAulaPermission)
__author__ = 'mpetyx' import authority from authority import permissions from django.contrib.flatpages.models import FlatPage class FlatpagePermission(permissions.BasePermission): label = 'flatpage_permission' authority.register(FlatPage, FlatpagePermission)
from authority.models import Permission from authority.exceptions import NotAModel, UnsavedModelInstance from authority.compat import get_user_model # Load the form from authority.forms import UserPermissionForm # noqa User = get_user_model() FIXTURES = ['tests_custom.json'] QUERY = Q(email="*****@*****.**") class UserPermission(permissions.BasePermission): checks = ('browse',) label = 'user_permission' authority.register(User, UserPermission) class GroupPermission(permissions.BasePermission): checks = ('browse',) label = 'group_permission' authority.register(Group, GroupPermission) class DjangoPermissionChecksTestCase(TestCase): """ Django permission objects have certain methods that are always present, test those here. self.user will be given: - django permission add_user (test_add)
import authority from authority import permissions from .models import Band class BandPermission(permissions.BasePermission): label = 'band_permission' checks = ('add', 'change', 'manage') authority.register(Band, BandPermission)
# right to change all the pages if self.change_page(): return True if lang: # try the global language permission first perm = self.user.has_perm('pages.can_manage_%s' % lang.replace('-', '_')) if perm: return True # then per object permission try: perm_func = getattr(self, 'manage (%s)_page' % lang) if perm_func(page): return True except: return False # last hierarchic permissions because it's more expensive perm_func = getattr(self, 'manage hierarchy_page') if perm_func(page): return True else: for ancestor in page.get_ancestors(): if perm_func(ancestor): return True # everything else failed, no permissions return False authority.register(Page, PagePermission)
from authority import permissions # Modelos a los que se les asocia permisos from models import Padre import logging log = logging.getLogger('galotecnia') class PadrePermission(permissions.BasePermission): label = 'padres_permission' check = ('check_padre', ) def check_padre(self): try: profile = self.user.get_profile() except PersonaPerfil.DoesNotExist: # Si no tiene perfil no sabemos que tipo de persona es # por lo tanto, denegamos el acceso log.error(u"No existe el perfil asociado al usuario %s" % self.user.username) return False try: padre = profile.padre except Padre.DoesNotExist: log.debug(u"El usuario %s no puede ver los recursos" % self.user.username) return False return True authority.register(Padre, PadrePermission)