def accessible_ids(user, queryset, read=True, write=False, manage=False): queryset = _get_queryset(queryset) key = 'accessible_ids-%d-%s-%d%d%d' % (user.id if user and user.id else 0, md5.new(str(queryset.query)).hexdigest(), read, write, manage) def get_ids(): return list(filter_by_access(user, queryset, read, write, manage).values_list('id', flat=True)) return get_cached_value(key, get_ids, model_dependencies=[queryset.model, AccessControl])
def get_effective_permissions_and_restrictions(user, model_instance, assume_authenticated=False): from models import AccessControl, ExtendedGroup user = user or AnonymousUser() if user.is_superuser: return (True, True, True, None) owner = getattr(model_instance, 'owner', None) if owner and owner == user: return (True, True, True, None) model_type = ContentType.objects.get_for_model(model_instance) key = "get_effective_permissions_and_restrictions-%d-%d-%d" % ( user.id or 0, model_type.id, model_instance.id, ) def calculate(): if not user.is_anonymous(): q = Q(user=user) | Q(usergroup__in=ExtendedGroup.objects.get_extra_groups(user, assume_authenticated)) | Q(usergroup__in=user.groups.all()) else: q = Q(usergroup__in=ExtendedGroup.objects.get_extra_groups(user)) | Q(user=None, usergroup=None) aclist = AccessControl.objects.filter(q, object_id=model_instance.id, content_type__pk=model_type.id) def default_restrictions_precedences(a, b): if a and b: return a if a > b else b else: return None def reduce_aclist(list): def combine(a, b): if a == False or (a == True and b == None): return a else: return b read = write = manage = None restrictions = None for ac in list: read = combine(ac.read, read) write = combine(ac.write, write) manage = combine(ac.manage, manage) r = ac.restrictions or dict() if restrictions == None: restrictions = r continue for key in set(restrictions.keys()) | set(r.keys()): func = restriction_precedences.get(key, default_restrictions_precedences) restrictions[key] = func(restrictions.get(key), r.get(key)) restrictions = dict((k, v) for k, v in restrictions.iteritems() if v) return (read, write, manage, restrictions or dict()) user_aclist = filter(lambda a: a.user, aclist) if user_aclist: return reduce_aclist(user_aclist) else: return reduce_aclist(filter(lambda a: a.usergroup, aclist)) return get_cached_value(key, calculate, model_dependencies=[model_type, AccessControl, User])
def standardfield_ids(field, standard='dc', equiv=False): def get_ids(): f = Field.objects.get(standard__prefix=standard, name=field) if equiv: ids = Field.objects.filter(Q(id=f.id) | Q(id__in=f.get_equivalent_fields())).values_list('id', flat=True) else: ids = [f.id] return ids return get_cached_value('standardfield_ids-%s-%s-%s' % (field, standard, equiv), get_ids, model_dependencies=[Field])
def title(self): def get_title(): titlefields = standardfield_ids('title', equiv=True) titles = self.fieldvalue_set.filter( field__in=titlefields, owner=None, context_type=None, hidden=False) return titles[0].value if titles else None return get_cached_value('record-%d-title' % self.id, get_title, model_dependencies=[Field, FieldValue], ) if self.id else None
def identifier(self): def get_identifier(): idfields = standardfield_ids('identifier', equiv=True) identifiers = self.fieldvalue_set.filter( field__in=idfields, owner=None, context_type=None, hidden=False) return identifiers[0].value if identifiers else None return get_cached_value('record-%d-identifiers' % self.id, get_identifier, model_dependencies=[Field, FieldValue], ) if self.id else None
def get_effective_permissions_and_restrictions(user, model_instance, assume_authenticated=False): user = user or AnonymousUser() if user.is_superuser: return (True, True, True, None) owner = getattr(model_instance, 'owner', None) if owner and owner == user: return (True, True, True, None) model_type = ContentType.objects.get_for_model(model_instance) key = "get_effective_permissions_and_restrictions-%d-%d-%d" % ( user.id or 0, model_type.id, model_instance.id, ) def calculate(): if not user.is_anonymous(): q = Q(user=user) | Q( usergroup__in=ExtendedGroup.objects.get_extra_groups( user, assume_authenticated)) | Q( usergroup__in=user.groups.all()) else: q = Q(usergroup__in=ExtendedGroup.objects.get_extra_groups( user)) | Q(user=None, usergroup=None) aclist = AccessControl.objects.filter(q, object_id=model_instance.id, content_type__pk=model_type.id) def default_restrictions_precedences(a, b): if a and b: return a if a > b else b else: return None def reduce_aclist(list): def combine(a, b): if a == False or (a == True and b == None): return a else: return b read = write = manage = None restrictions = None for ac in list: read = combine(ac.read, read) write = combine(ac.write, write) manage = combine(ac.manage, manage) r = ac.restrictions or dict() if restrictions == None: restrictions = r continue for key in set(restrictions.keys()) | set(r.keys()): func = restriction_precedences.get( key, default_restrictions_precedences) restrictions[key] = func(restrictions.get(key), r.get(key)) restrictions = dict( (k, v) for k, v in restrictions.iteritems() if v) return (read, write, manage, restrictions or dict()) user_aclist = filter(lambda a: a.user, aclist) if user_aclist: return reduce_aclist(user_aclist) else: return reduce_aclist(filter(lambda a: a.usergroup, aclist)) return get_cached_value( key, calculate, model_dependencies=[model_type, AccessControl, User])