예제 #1
0
def _get_page_ids_for_action(user,
                             site,
                             action,
                             check_global=True,
                             use_cache=True):
    if user.is_superuser or not get_cms_setting('PERMISSION'):
        # got superuser, or permissions aren't enabled?
        # just return grant all mark
        return GRANT_ALL_PERMISSIONS

    if use_cache:
        # read from cache if possible
        cached = get_permission_cache(user, action)
        get_page_actions = get_page_actions_for_user
    else:
        cached = None
        get_page_actions = get_page_actions_for_user.without_cache

    if cached is not None:
        return cached

    if check_global and has_global_permission(
            user, site, action=action, use_cache=use_cache):
        return GRANT_ALL_PERMISSIONS

    page_actions = get_page_actions(user, site)
    page_ids = list(page_actions[action])
    set_permission_cache(user, action, page_ids)
    return page_ids
예제 #2
0
    def test_cache_invalidation(self):
        """
        Test permission cache clearing on page save
        """
        set_permission_cache(self.user_normal, "can_change", [self.home_page.id])

        self.home_page.save()
        cached_permissions = get_permission_cache(self.user_normal, "can_change")
        self.assertIsNone(cached_permissions)
예제 #3
0
    def test_cache_invalidation(self):
        """
        Test permission cache clearing on page save
        """
        set_permission_cache(self.user_normal, "can_change",
                             [self.home_page.id])

        self.home_page.save()
        cached_permissions = get_permission_cache(self.user_normal,
                                                  "can_change")
        self.assertIsNone(cached_permissions)
예제 #4
0
    def test_basic_permissions(self):
        """
        Test basic permissions cache get / set / clear low-level api
        """
        cached_permissions = get_permission_cache(self.user_normal, "can_change")
        self.assertIsNone(cached_permissions)

        set_permission_cache(self.user_normal, "can_change", [self.home_page.id])
        cached_permissions = get_permission_cache(self.user_normal, "can_change")
        self.assertEqual(cached_permissions, [self.home_page.id])

        clear_user_permission_cache(self.user_normal)
        cached_permissions = get_permission_cache(self.user_normal, "can_change")
        self.assertIsNone(cached_permissions)
예제 #5
0
    def test_basic_permissions(self):
        """
        Test basic permissions cache get / set / clear low-level api
        """
        cached_permissions = get_permission_cache(self.user_normal, "change_page")
        self.assertIsNone(cached_permissions)

        set_permission_cache(self.user_normal, "change_page", [self.home_page.id])
        cached_permissions = get_permission_cache(self.user_normal, "change_page")
        self.assertEqual(cached_permissions, [self.home_page.id])

        clear_user_permission_cache(self.user_normal)
        cached_permissions = get_permission_cache(self.user_normal, "change_page")
        self.assertIsNone(cached_permissions)
예제 #6
0
    def __get_id_list(self, user, site, attr):
        if site and not isinstance(site, six.integer_types):
            site = site.pk
        from cms.models import (GlobalPagePermission, PagePermission,
                                MASK_PAGE, MASK_CHILDREN, MASK_DESCENDANTS)

        if attr != "can_view":
            if not user.is_authenticated() or not user.is_staff:
                return []
        if user.is_superuser or not get_cms_setting('PERMISSION'):
            # got superuser, or permissions aren't enabled? just return grant
            # all mark
            return PagePermissionsPermissionManager.GRANT_ALL
            # read from cache if possible
        cached = get_permission_cache(user, attr)
        if cached is not None:
            return cached
            # check global permissions
        global_perm = GlobalPagePermission.objects.user_has_permission(
            user, site, attr).exists()
        if global_perm:
            # user or his group are allowed to do `attr` action
            # !IMPORTANT: page permissions must not override global permissions
            return PagePermissionsPermissionManager.GRANT_ALL
            # for standard users without global permissions, get all pages for him or
        # his group/s
        qs = PagePermission.objects.with_user(user)
        qs.filter(**{
            'page__site_id': site
        }).order_by('page__path').select_related('page')
        # default is denny...
        page_id_allow_list = []
        for permission in qs:
            if getattr(permission, attr):
                # can add is special - we are actually adding page under current page
                if permission.grant_on & MASK_PAGE or attr is "can_add":
                    page_id_allow_list.append(permission.page_id)
                if permission.grant_on & MASK_CHILDREN and not attr is "can_add":
                    page_id_allow_list.extend(
                        permission.page.get_children().values_list('id',
                                                                   flat=True))
                elif permission.grant_on & MASK_DESCENDANTS:
                    page_id_allow_list.extend(
                        permission.page.get_descendants().values_list(
                            'id', flat=True))
                    # store value in cache
        set_permission_cache(user, attr, page_id_allow_list)
        return page_id_allow_list
예제 #7
0
 def __get_id_list(self, user, attr):
     # TODO: result of this method should be cached per user, and cache should
     # be cleaned after some change in permissions / globalpermission
     
     if not user.is_authenticated() or not user.is_staff:
         return []
     
     if user.is_superuser or not settings.CMS_PERMISSION:
         # got superuser, or permissions aren't enabled? just return grant 
         # all mark
         return PagePermissionsPermissionManager.GRANT_ALL
     
     # read from cache if posssible
     cached = get_permission_cache(user, attr)
     if cached is not None:
         return cached
     
     from cms.models import GlobalPagePermission, PagePermission, MASK_PAGE,\
         MASK_CHILDREN, MASK_DESCENDANTS
     # check global permissions
     in_global_permissions = GlobalPagePermission.objects.with_user(user).filter(**{attr: True})
     if in_global_permissions:
         # user or his group are allowed to do `attr` action
         # !IMPORTANT: page permissions must not override global permissions 
         return PagePermissionsPermissionManager.GRANT_ALL
     
     # for standard users without global permissions, get all pages for him or
     # his group/s
     qs = PagePermission.objects.with_user(user)
     qs.order_by('page__tree_id', 'page__level', 'page__lft')
     
     # default is denny...
     page_id_allow_list = []
     for permission in qs:
         is_allowed = getattr(permission, attr)
         if is_allowed:
             # can add is special - we are actually adding page under current page
             if permission.grant_on & MASK_PAGE or attr is "can_add":
                 page_id_allow_list.append(permission.page.id)
             if permission.grant_on & MASK_CHILDREN:
                 page_id_allow_list.extend(permission.page.get_children().values_list('id', flat=True))
             elif permission.grant_on & MASK_DESCENDANTS:
                 page_id_allow_list.extend(permission.page.get_descendants().values_list('id', flat=True))
     # store value in cache
     set_permission_cache(user, attr, page_id_allow_list)
     return page_id_allow_list
예제 #8
0
    def test_cached_permission_precedence(self):
        # refs - https://github.com/divio/django-cms/issues/6335
        # cached page permissions should not override global permissions
        page = create_page(
            "test page",
            "nav_playground.html",
            "en",
            created_by=self.user_super,
        )
        page_permission = GlobalPagePermission.objects.create(
            can_change=True,
            can_publish=True,
            user=self.user_normal,
        )
        page_permission.sites.add(Site.objects.get_current())
        set_permission_cache(self.user_normal, "publish_page", [])

        can_publish = user_can_publish_page(self.user_normal, page)
        self.assertTrue(can_publish)
예제 #9
0
    def __get_id_list(self, user, site, attr):
        from cms.models import (GlobalPagePermission, PagePermission,
            MASK_PAGE, MASK_CHILDREN, MASK_DESCENDANTS)

        if attr != "can_view":
            if not user.is_authenticated() or not user.is_staff:
                return []
        if user.is_superuser or not get_cms_setting('PERMISSION'):
            # got superuser, or permissions aren't enabled? just return grant
            # all mark
            return PagePermissionsPermissionManager.GRANT_ALL
            # read from cache if possible
        cached = get_permission_cache(user, attr)
        if cached is not None:
            return cached
            # check global permissions
        global_permissions = GlobalPagePermission.objects.with_user(user)
        if global_permissions.filter(**{
            attr: True, 'sites__in': [site]
        }).exists():
            # user or his group are allowed to do `attr` action
            # !IMPORTANT: page permissions must not override global permissions
            return PagePermissionsPermissionManager.GRANT_ALL
            # for standard users without global permissions, get all pages for him or
        # his group/s
        qs = PagePermission.objects.with_user(user)
        qs.order_by('page__tree_id', 'page__level', 'page__lft')
        # default is denny...
        page_id_allow_list = []
        for permission in qs:
            if getattr(permission, attr):
                # can add is special - we are actually adding page under current page
                if permission.grant_on & MASK_PAGE or attr is "can_add":
                    page_id_allow_list.append(permission.page.id)
                if permission.grant_on & MASK_CHILDREN and not attr is "can_add":
                    page_id_allow_list.extend(permission.page.get_children().values_list('id', flat=True))
                elif permission.grant_on & MASK_DESCENDANTS:
                    page_id_allow_list.extend(permission.page.get_descendants().values_list('id', flat=True))
                    # store value in cache
        set_permission_cache(user, attr, page_id_allow_list)
        return page_id_allow_list
예제 #10
0
def _get_page_ids_for_action(user, site, action, check_global=True, use_cache=True):
    if user.is_superuser or not get_cms_setting('PERMISSION'):
        # got superuser, or permissions aren't enabled?
        # just return grant all mark
        return GRANT_ALL_PERMISSIONS

    if use_cache:
        # read from cache if possible
        cached = get_permission_cache(user, action)
        get_page_actions = get_page_actions_for_user
    else:
        cached = None
        get_page_actions = get_page_actions_for_user.without_cache

    if cached is not None:
        return cached

    if check_global and has_global_permission(user, site, action=action, use_cache=use_cache):
        return GRANT_ALL_PERMISSIONS

    page_actions = get_page_actions(user, site)
    page_ids = list(page_actions[action])
    set_permission_cache(user, action, page_ids)
    return page_ids