def _check_permission_for_user(self, user, **permissions): # checks if user is owner or has ACL access if check_access(user, self, **permissions): return True # if record does not have individual ACL... if len(_records_with_individual_acl_by_ids([self.id])) > 0: return False # ...check collection access return filter_by_access( user, self.collection_set, **permissions).count() > 0
def editable_by(self, user): return self.record.editable_by(user) and check_access( user, self.storage, write=True)
def upload(request): collection = Collection.objects.get(name='the-breeze') storage = Storage.objects.get(name='the-breeze') check_access(request.user, collection, write=True, fail_if_denied=True) check_access(request.user, storage, write=True, fail_if_denied=True) fcoverage = standardfield('coverage') fdate = standardfield('date') ftitle = standardfield('title') fdescription = standardfield('description') fidentifier = standardfield('identifier') if request.method == 'POST': form = UploadForm(request.POST, request.FILES) if form.is_valid(): volume = str(form.cleaned_data['volume']) issue = str(form.cleaned_data['issue']) date = str(form.cleaned_data['date']) pages = str(form.cleaned_data['pages']) publication = form.cleaned_data['publication'] title = '%s %s Volume %s Issue %s' % ( publication, date, volume, issue, ) record = Record.objects.create() CollectionItem.objects.create(record=record, collection=collection) record.fieldvalue_set.create( field=ftitle, label=None, order=1, value=title, ) record.fieldvalue_set.create( field=fcoverage, label='Volume', order=2, value=volume, ) record.fieldvalue_set.create( field=fcoverage, label='Issue', order=3, value=issue, ) record.fieldvalue_set.create( field=fdate, label=None, order=4, value=date, ) record.fieldvalue_set.create( field=fdescription, label='Pages', order=5, value=pages, ) record.fieldvalue_set.create( field=fidentifier, label=None, order=6, value=title, hidden=True, ) import re filename = re.sub(r'[^a-z0-9]+', '-', title.lower()) + '.pdf' media = Media.objects.create( record=record, storage=storage, mimetype='application/pdf', ) media.save_file(filename, request.FILES['pdf']) return HttpResponseRedirect(reverse('thebreeze-main')) else: form = UploadForm() return render_to_response('thebreeze-upload.html', {'breezelogo': 'breeze_logo_%s.png' % random.choice('00 01 02 03 04'.split()), 'form': form, }, context_instance=RequestContext(request))