def get_visible_page_objects(request, pages, site): """ This code is basically a many-pages-at-once version of cms.utils.page_permissions.user_can_view_page pages contains all published pages """ user = request.user public_for = get_cms_setting('PUBLIC_FOR') can_see_unrestricted = public_for == 'all' or (public_for == 'staff' and user.is_staff) if not user.is_authenticated() and not can_see_unrestricted: # User is not authenticated and can't see unrestricted pages, # no need to check for page restrictions because if there's some, # user is anon and if there is not any, user can't see unrestricted. return [] if user_can_view_all_pages(user, site): return pages restricted_pages = get_view_restrictions(pages) if not restricted_pages: # If there's no restrictions, let the user see all pages # only if he can see unrestricted, otherwise return no pages. return pages if can_see_unrestricted else [] user_id = user.pk user_groups = SimpleLazyObject( lambda: frozenset(user.groups.values_list('pk', flat=True))) is_auth_user = user.is_authenticated() def user_can_see_page(page): if page.publisher_is_draft: page_id = page.pk else: page_id = page.publisher_public_id page_permissions = restricted_pages.get(page_id, []) if not page_permissions: # Page has no view restrictions, fallback to the project's # CMS_PUBLIC_FOR setting. return can_see_unrestricted if not is_auth_user: return False for perm in page_permissions: if perm.user_id == user_id or perm.group_id in user_groups: return True return False return [page for page in pages if user_can_see_page(page)]
def get_visible_page_objects(request, pages, site=None): """ This code is basically a many-pages-at-once version of cms.utils.page_permissions.user_can_view_page pages contains all published pages """ user = request.user public_for = get_cms_setting('PUBLIC_FOR') can_see_unrestricted = public_for == 'all' or (public_for == 'staff' and user.is_staff) if not user.is_authenticated() and not can_see_unrestricted: # User is not authenticated and can't see unrestricted pages, # no need to check for page restrictions because if there's some, # user is anon and if there is not any, user can't see unrestricted. return [] if not site: site = current_site(request) if user_can_view_all_pages(user, site): return pages restricted_pages = get_view_restrictions(pages) if not restricted_pages: # If there's no restrictions, let the user see all pages # only if he can see unrestricted, otherwise return no pages. return pages if can_see_unrestricted else [] user_id = user.pk user_groups = SimpleLazyObject(lambda: frozenset(user.groups.values_list('pk', flat=True))) is_auth_user = user.is_authenticated() def user_can_see_page(page): if page.publisher_is_draft: page_id = page.pk else: page_id = page.publisher_public_id page_permissions = restricted_pages.get(page_id, []) if not page_permissions: # Page has no view restrictions, fallback to the project's # CMS_PUBLIC_FOR setting. return can_see_unrestricted if not is_auth_user: return False for perm in page_permissions: if perm.user_id == user_id or perm.group_id in user_groups: return True return False return [page for page in pages if user_can_see_page(page)]