def get_subordinate_groups(user, site):
"""
Similar to get_subordinate_users, but returns queryset of Groups instead
of Users.
"""
from cms.utils.page_permissions import get_change_permissions_id_list
try:
user_level = get_user_permission_level(user, site)
except NoPermissionsException:
# user has no Global or Page permissions.
# return only groups created by user
# whose page permission record has no page attached.
groups = (
Group
.objects
.filter(
Q(pageusergroup__created_by=user) &
Q(pagepermission__page__isnull=True)
)
.distinct()
)
# no permission no records
# page_id_allow_list is empty
return groups
if user_level == ROOT_USER_LEVEL:
return Group.objects.all()
page_id_allow_list = get_change_permissions_id_list(user, site, check_global=False)
return Group.objects.distinct().filter(
(Q(pagepermission__page__id__in=page_id_allow_list) & Q(pagepermission__page__depth__gte=user_level))
| (Q(pageusergroup__created_by=user) & Q(pagepermission__page__isnull=True))
)
def get_subordinate_groups(user, site):
"""
Similar to get_subordinate_users, but returns queryset of Groups instead
of Users.
"""
from cms.utils.page_permissions import get_change_permissions_id_list
try:
user_level = get_user_permission_level(user, site)
except NoPermissionsException:
# user has no Global or Page permissions.
# return only groups created by user
# whose page permission record has no page attached.
groups = (
Group
.objects
.filter(
Q(pageusergroup__created_by=user) &
Q(pagepermission__page__isnull=True)
)
.distinct()
)
# no permission no records
# page_id_allow_list is empty
return groups
if user_level == ROOT_USER_LEVEL:
return Group.objects.all()
page_id_allow_list = get_change_permissions_id_list(user, site, check_global=False)
return Group.objects.distinct().filter(
(Q(pagepermission__page__id__in=page_id_allow_list) & Q(pagepermission__page__depth__gte=user_level))
| (Q(pageusergroup__created_by=user) & Q(pagepermission__page__isnull=True))
)
def get_subordinate_users(user, site):
"""
Returns users queryset, containing all subordinate users to given user
including users created by given user and not assigned to any page.
Not assigned users must be returned, because they shouldn't get lost, and
user should still have possibility to see them.
Only users created_by given user which are on the same, or lover level are
returned.
If user haves global permissions or is a superuser, then he can see all the
users.
This function is currently used in PagePermissionInlineAdminForm for limit
users in permission combobox.
Example:
A,W level 0
/ \
user B,GroupE level 1
Z / \
C,X D,Y,W level 2
Rules: W was created by user, Z was created by user, but is not assigned
to any page.
Will return [user, C, X, D, Y, Z]. W was created by user, but is also
assigned to higher level.
"""
from cms.utils.page_permissions import get_change_permissions_id_list
try:
user_level = get_user_permission_level(user, site)
except NoPermissionsException:
# user has no Global or Page permissions.
# return only staff users created by user
# whose page permission record has no page attached.
qs = get_user_model().objects.distinct().filter(
Q(is_staff=True) &
Q(pageuser__created_by=user) &
Q(pagepermission__page=None)
)
qs = qs.exclude(pk=user.pk).exclude(groups__user__pk=user.pk)
return qs
if user_level == ROOT_USER_LEVEL:
return get_user_model().objects.all()
page_id_allow_list = get_change_permissions_id_list(user, site, check_global=False)
# normal query
qs = get_user_model().objects.distinct().filter(
Q(is_staff=True) &
(Q(pagepermission__page__id__in=page_id_allow_list) & Q(pagepermission__page__depth__gte=user_level))
| (Q(pageuser__created_by=user) & Q(pagepermission__page=None))
)
qs = qs.exclude(pk=user.pk).exclude(groups__user__pk=user.pk)
return qs
def get_subordinate_users(user, site):
"""
Returns users queryset, containing all subordinate users to given user
including users created by given user and not assigned to any page.
Not assigned users must be returned, because they shouldn't get lost, and
user should still have possibility to see them.
Only users created_by given user which are on the same, or lover level are
returned.
If user haves global permissions or is a superuser, then he can see all the
users.
This function is currently used in PagePermissionInlineAdminForm for limit
users in permission combobox.
Example:
A,W level 0
/ \
user B,GroupE level 1
Z / \
C,X D,Y,W level 2
Rules: W was created by user, Z was created by user, but is not assigned
to any page.
Will return [user, C, X, D, Y, Z]. W was created by user, but is also
assigned to higher level.
"""
from cms.utils.page_permissions import get_change_permissions_id_list
try:
user_level = get_user_permission_level(user, site)
except NoPermissionsException:
# user has no Global or Page permissions.
# return only staff users created by user
# whose page permission record has no page attached.
qs = get_user_model().objects.distinct().filter(
Q(is_staff=True) &
Q(pageuser__created_by=user) &
Q(pagepermission__page=None)
)
qs = qs.exclude(pk=user.pk).exclude(groups__user__pk=user.pk)
return qs
if user_level == ROOT_USER_LEVEL:
return get_user_model().objects.all()
page_id_allow_list = get_change_permissions_id_list(user, site, check_global=False)
# normal query
qs = get_user_model().objects.distinct().filter(
Q(is_staff=True) &
(Q(pagepermission__page__id__in=page_id_allow_list) & Q(pagepermission__page__depth__gte=user_level))
| (Q(pageuser__created_by=user) & Q(pagepermission__page=None))
)
qs = qs.exclude(pk=user.pk).exclude(groups__user__pk=user.pk)
return qs
def subordinate_to_user(self, user, site):
"""Get all page permission objects on which user/group is lover in
hierarchy then given user and given user can change permissions on them.
!IMPORTANT, but exclude objects with given user, or any group containing
this user - he can't be able to change his own permissions, because if
he does, and removes some permissions from himself, he will not be able
to add them anymore.
Example:
A
/ \
user B,E
/ \
C,X D,Y
Gives permission nodes C,X,D,Y under user, so he can edit
permissions if he haves can_change_permission.
Example:
A,Y
/ \
user B,E,X
/ \
C,X D,Y
Gives permission nodes C,D under user, so he can edit, but not
anymore to X,Y, because this users are on the same level or higher
in page hierarchy. (but only if user have can_change_permission)
Example:
A
/ \
user B,E
/ \ \
C,X D,Y user
/ \
I J,A
User permissions can be assigned to multiple page nodes, so merge of
all of them is required. In this case user can see permissions for
users C,X,D,Y,I,J but not A, because A user in higher in hierarchy.
If permission object holds group, this permission object can be visible
to user only if all of the group members are lover in hierarchy. If any
of members is higher then given user, this entry must stay invisible.
If user is superuser, or haves global can_change_permission permissions,
show him everything.
Result of this is used in admin for page permissions inline.
"""
# get user level
from cms.utils.permissions import get_user_permission_level
from cms.utils.page_permissions import get_change_permissions_id_list
try:
user_level = get_user_permission_level(user, site)
except NoPermissionsException:
return self.none()
if user_level == ROOT_USER_LEVEL:
return self.all()
# get all permissions
page_id_allow_list = get_change_permissions_id_list(user, site, check_global=False)
# get permission set, but without objects targeting user, or any group
# in which he can be
qs = self.filter(
page__id__in=page_id_allow_list,
page__node__depth__gte=user_level,
)
qs = qs.exclude(user=user).exclude(group__user=user)
return qs
def subordinate_to_user(self, user, site):
"""Get all page permission objects on which user/group is lover in
hierarchy then given user and given user can change permissions on them.
!IMPORTANT, but exclude objects with given user, or any group containing
this user - he can't be able to change his own permissions, because if
he does, and removes some permissions from himself, he will not be able
to add them anymore.
Example:
A
/ \
user B,E
/ \
C,X D,Y
Gives permission nodes C,X,D,Y under user, so he can edit
permissions if he haves can_change_permission.
Example:
A,Y
/ \
user B,E,X
/ \
C,X D,Y
Gives permission nodes C,D under user, so he can edit, but not
anymore to X,Y, because this users are on the same level or higher
in page hierarchy. (but only if user have can_change_permission)
Example:
A
/ \
user B,E
/ \ \
C,X D,Y user
/ \
I J,A
User permissions can be assigned to multiple page nodes, so merge of
all of them is required. In this case user can see permissions for
users C,X,D,Y,I,J but not A, because A user in higher in hierarchy.
If permission object holds group, this permission object can be visible
to user only if all of the group members are lover in hierarchy. If any
of members is higher then given user, this entry must stay invisible.
If user is superuser, or haves global can_change_permission permissions,
show him everything.
Result of this is used in admin for page permissions inline.
"""
# get user level
from cms.utils.permissions import get_user_permission_level
from cms.utils.page_permissions import get_change_permissions_id_list
try:
user_level = get_user_permission_level(user, site)
except NoPermissionsException:
return self.none()
if user_level == ROOT_USER_LEVEL:
return self.all()
# get all permissions
page_id_allow_list = get_change_permissions_id_list(user, site, check_global=False)
# get permission set, but without objects targeting user, or any group
# in which he can be
qs = self.filter(page__id__in=page_id_allow_list, page__depth__gte=user_level)
qs = qs.exclude(user=user).exclude(group__user=user)
return qs
