def populate(self): # always use draft if we have a page self.page = get_page_draft(self.request.current_page) if not self.page: # Nothing to do return # check global permissions if CMS_PERMISSIONS is active if get_cms_setting("PERMISSION"): has_global_current_page_change_permission = has_page_change_permission(self.request) else: has_global_current_page_change_permission = False # check if user has page edit permission can_change = self.request.current_page and self.request.current_page.has_change_permission(self.request) if has_global_current_page_change_permission or can_change: try: extension = CSSExtension.objects.get(extended_object_id=self.page.id) except CSSExtension.DoesNotExist: extension = None try: if extension: url = reverse("admin:cms_extensions_cssextension_change", args=(extension.pk,)) else: url = reverse("admin:cms_extensions_cssextension_add") + "?extended_object=%s" % self.page.pk except NoReverseMatch: # not in urls pass else: not_edit_mode = not self.toolbar.edit_mode current_page_menu = self.toolbar.get_or_create_menu("page") current_page_menu.add_modal_item(_("CSS"), url=url, disabled=not_edit_mode)
def populate(self): self.current_site = Site.objects.get_current() # always use draft if we have a page self.page = get_page_draft(self.request.current_page) # check global permissions if CMS_PERMISSIONS is active if get_cms_setting('PERMISSION'): has_global_current_page_change_permission = has_page_change_permission(self.request) else: has_global_current_page_change_permission = False # check if user has page edit permission can_change = self.request.current_page and self.request.current_page.has_change_permission(self.request) if has_global_current_page_change_permission or can_change: self.change_admin_menu() if self.page: self.add_page_menu() if self.toolbar.edit_mode: # history menu self.add_history_menu() self.change_language_menu() # publish button if self.page.has_publish_permission(self.request): classes = ["cms_btn-action", "cms_btn-publish"] if self.page.is_dirty(): classes.append("cms_btn-publish-active") if self.page.published: title = _("Publish Changes") else: title = _("Publish Page now") publish_url = reverse('admin:cms_page_publish_page', args=(self.page.pk,)) self.toolbar.add_button(title, url=publish_url, extra_classes=classes, side=self.toolbar.RIGHT, disabled=not self.page.is_dirty()) self.add_draft_live()
def _setup_extension_toolbar(self): """ Does all the sanity check for the current environment: * that a page exists * permissions check on the current page It returns the page menu or None if the above conditions are not met """ page = self._get_page() if not page: # Nothing to do return # check global permissions if CMS_PERMISSION is active if get_cms_setting('PERMISSION'): has_global_current_page_change_permission = has_page_change_permission( self.request) else: has_global_current_page_change_permission = True # check if user has page edit permission can_change = (self.request.current_page and self.request.current_page.has_change_permission( self.request)) current_page_menu = self.toolbar.get_or_create_menu('page') if can_change and has_global_current_page_change_permission: return current_page_menu else: return
def populate(self): # always use draft if we have a page self.page = get_page_draft(self.request.current_page) try: self.title = Title.objects.get(page=self.page, language=self.current_lang, publisher_is_draft=True) except Title.DoesNotExist: self.title = None # check global permissions if CMS_PERMISSIONS is active if get_cms_setting('PERMISSION'): has_global_current_page_change_permission = has_page_change_permission( self.request) else: has_global_current_page_change_permission = False # check if user has page edit permission can_change = self.request.current_page and self.request.current_page.has_change_permission( self.request) if has_global_current_page_change_permission or can_change: self.change_admin_menu() if self.page: self.add_page_menu() # history menu if self.page and self.toolbar.edit_mode: self.add_history_menu() self.change_language_menu()
def populate(self): # always use draft if we have a page self.page = get_page_draft(self.request.current_page) if not self.page: # Nothing to do return # check global permissions if CMS_PERMISSIONS is active if get_cms_setting('PERMISSION'): has_global_current_page_change_permission = has_page_change_permission(self.request) else: has_global_current_page_change_permission = False # check if user has page edit permission can_change = self.request.current_page and self.request.current_page.has_change_permission(self.request) if has_global_current_page_change_permission or can_change: try: icon_extension = MenuExtension.objects.get(extended_object_id=self.page.id) except MenuExtension.DoesNotExist: icon_extension = None try: if icon_extension: url = reverse('admin:app_menuextension_change', args=(icon_extension.pk,)) else: url = reverse('admin:app_menuextension_add') + '?extended_object=%s' % self.page.pk except NoReverseMatch: pass else: not_edit_mode = not self.toolbar.edit_mode current_page_menu = self.toolbar.get_or_create_menu('page') current_page_menu.add_modal_item(_('Menu Settings'), url=url, disabled=not_edit_mode)
def _setup_extension_toolbar(self): """ Does all the sanity check for the current environment: * that a page exists * permissions check on the current page It returns the page menu or None if the above conditions are not met """ page = self._get_page() if not page: # Nothing to do return # check global permissions if CMS_PERMISSIONS is active if get_cms_setting('PERMISSION'): has_global_current_page_change_permission = has_page_change_permission(self.request) else: has_global_current_page_change_permission = True # check if user has page edit permission can_change = (self.request.current_page and self.request.current_page.has_change_permission(self.request)) current_page_menu = self.toolbar.get_or_create_menu('page') if can_change and has_global_current_page_change_permission: return current_page_menu else: return
def populate(self): # always use draft if we have a page self.page = get_page_draft(self.request.current_page) if not self.page: # Nothing to do return # check global permissions if CMS_PERMISSIONS is active if get_cms_setting('PERMISSION'): has_global_current_page_change_permission = has_page_change_permission(self.request) else: has_global_current_page_change_permission = False # check if user has page edit permission can_change = self.request.current_page and self.request.current_page.has_change_permission(self.request) if has_global_current_page_change_permission or can_change: try: mypageextension = MyPageExtension.objects.get(extended_object_id=self.page.id) except MyPageExtension.DoesNotExist: mypageextension = None try: if mypageextension: url = admin_reverse('extensionapp_mypageextension_change', args=(mypageextension.pk,)) else: url = admin_reverse('extensionapp_mypageextension_add') + '?extended_object=%s' % self.page.pk except NoReverseMatch: # not in urls pass else: not_edit_mode = not self.toolbar.edit_mode current_page_menu = self.toolbar.get_or_create_menu('page') current_page_menu.add_modal_item(_('Page Extension'), url=url, disabled=not_edit_mode)
def has_change_permission(self, request, obj=None): """ Return true if the current user has permission on the page. Return the string 'All' if the user has all rights. """ if settings.CMS_PERMISSION: if obj: return obj.has_change_permission(request) else: return has_page_change_permission(request) return super(PageAdmin, self).has_change_permission(request, obj)
def has_page_change_permission(self): if not hasattr(self, 'page_change_permission'): # check global permissions if CMS_PERMISSIONS is active global_permission = self.permissions_activated and has_page_change_permission(self.request) # check if user has page edit permission page_permission = self.page and self.page.has_change_permission(self.request) self.page_change_permission = global_permission or page_permission return self.page_change_permission
def populate(self): # always use draft if we have a page self.page = get_page_draft(self.request.current_page) if not self.page: # Nothing to do return # check global permissions if CMS_PERMISSIONS is active if get_cms_setting("PERMISSION"): has_global_current_page_change_permission = has_page_change_permission(self.request) else: has_global_current_page_change_permission = False # check if user has page edit permission can_change = self.request.current_page and self.request.current_page.has_change_permission(self.request) if has_global_current_page_change_permission or can_change: not_edit_mode = not self.toolbar.edit_mode current_page_menu = self.toolbar.get_or_create_menu("page") super_item = current_page_menu.find_first(Break, identifier=PAGE_MENU_SECOND_BREAK) + 1 meta_menu = current_page_menu.get_or_create_menu("pagemeta", PAGE_META_MENU_TITLE, position=super_item) position = 0 # Page tags try: page_extension = PageMeta.objects.get(extended_object_id=self.page.pk) except PageMeta.DoesNotExist: page_extension = None try: if page_extension: url = reverse("admin:djangocms_page_meta_pagemeta_change", args=(page_extension.pk,)) else: url = "%s?extended_object=%s" % (reverse("admin:djangocms_page_meta_pagemeta_add"), self.page.pk) except NoReverseMatch: # not in urls pass else: meta_menu.add_modal_item(PAGE_META_ITEM_TITLE, url=url, disabled=not_edit_mode, position=position) # Title tags for title in self.page.title_set.all(): try: title_extension = TitleMeta.objects.get(extended_object_id=title.pk) except TitleMeta.DoesNotExist: title_extension = None try: if title_extension: url = reverse("admin:djangocms_page_meta_titlemeta_change", args=(title_extension.pk,)) else: url = "%s?extended_object=%s" % (reverse("admin:djangocms_page_meta_titlemeta_add"), title.pk) except NoReverseMatch: # not in urls pass else: position += 1 language = get_language_object(title.language) meta_menu.add_modal_item(language["name"], url=url, disabled=not_edit_mode, position=position)
def can_change_page(request): """ Check whether a user has the permission to change the page. This will work across all permission-related setting, with a unified interface to permission checking. """ # check global permissions if CMS_PERMISSION is active global_permission = get_cms_setting('PERMISSION') and has_page_change_permission(request) # check if user has page edit permission page_permission = request.current_page and request.current_page.has_change_permission(request) return global_permission or page_permission
def populate(self): # always use draft if we have a page self.page = get_page_draft(self.request.current_page) if not self.page: # Nothing to do return # check global permissions if CMS_PERMISSIONS is active if get_cms_setting('PERMISSION'): if not has_page_change_permission: has_global_current_page_change_permission = has_page_permission( self.request.user, self.request.current_page, 'change' ) else: has_global_current_page_change_permission = has_page_change_permission( self.request ) else: has_global_current_page_change_permission = False # check if user has page edit permission if not has_page_change_permission: can_change = (self.request.current_page and self.request.current_page.has_change_permission(self.request.user)) else: can_change = (self.request.current_page and self.request.current_page.has_change_permission(self.request)) if has_global_current_page_change_permission or can_change: not_edit_mode = not self.toolbar.edit_mode current_page_menu = self.toolbar.get_or_create_menu('page') position = current_page_menu.find_first( Break, identifier=PAGE_MENU_THIRD_BREAK) - 1 # Page tags try: page_extension = PageSitemapProperties.objects.get(extended_object_id=self.page.pk) except PageSitemapProperties.DoesNotExist: page_extension = None try: if page_extension: url = reverse('admin:djangocms_page_sitemap_pagesitemapproperties_change', args=(page_extension.pk,)) else: url = "%s?extended_object=%s" % ( reverse('admin:djangocms_page_sitemap_pagesitemapproperties_add'), self.page.pk) except NoReverseMatch: # pragma: no cover # not in urls pass else: current_page_menu.add_modal_item(PAGE_SITEMAP_MENU_TITLE, url=url, disabled=not_edit_mode, position=position)
def populate(self): self.current_site = Site.objects.get_current() # always use draft if we have a page self.page = get_page_draft(self.request.current_page) # check global permissions if CMS_PERMISSIONS is active if get_cms_setting('PERMISSION'): has_global_current_page_change_permission = has_page_change_permission( self.request) else: has_global_current_page_change_permission = False # check if user has page edit permission can_change = self.request.current_page and self.request.current_page.has_change_permission( self.request) if has_global_current_page_change_permission or can_change: self.change_admin_menu() if self.page: self.add_page_menu() if self.toolbar.edit_mode: # history menu self.add_history_menu() self.change_language_menu() # publish button if self.page.has_publish_permission(self.request): classes = ["cms_btn-action", "cms_btn-publish"] if self.page.is_dirty(): classes.append("cms_btn-publish-active") if self.page.published: title = _("Publish Changes") else: title = _("Publish Page now") # PATCH: publish_url = reverse('admin:cms_page_publish_page', args=(self.page.pk,)) publish_url = reverse('admin:cms_page_publish_page', args=(self.page.pk, ))[3:] self.toolbar.add_button( title, url=publish_url, extra_classes=classes, side=self.toolbar.RIGHT, disabled=not self.page.is_dirty()) self.add_draft_live()
def populate(self): # always use draft if we have a page self.page = get_page_draft(self.request.current_page) try: self.title = Title.objects.get(page=self.page, language=self.current_lang, publisher_is_draft=True) except Title.DoesNotExist: self.title = None # check global permissions if CMS_PERMISSIONS is active if get_cms_setting('PERMISSION'): has_global_current_page_change_permission = has_page_change_permission(self.request) else: has_global_current_page_change_permission = False # check if user has page edit permission can_change = self.request.current_page and self.request.current_page.has_change_permission(self.request) if has_global_current_page_change_permission or can_change: self.change_admin_menu() if self.page: self.add_page_menu() # history menu if self.page and self.toolbar.edit_mode: self.add_history_menu() self.change_language_menu()
def populate(self): # always use draft if we have a page self.page = get_page_draft(self.request.current_page) if not self.page: # Nothing to do return # check global permissions if CMS_PERMISSIONS is active if get_cms_setting("PERMISSION"): has_global_current_page_change_permission = has_page_change_permission( self.request) else: has_global_current_page_change_permission = False # check if user has page edit permission can_change = self.request.current_page and self.request.current_page.has_change_permission( self.request) if has_global_current_page_change_permission or can_change: try: extension = CSSExtension.objects.get( extended_object_id=self.page.id) except CSSExtension.DoesNotExist: extension = None try: if extension: url = reverse("admin:cms_extensions_cssextension_change", args=(extension.pk, )) else: url = reverse("admin:cms_extensions_cssextension_add" ) + "?extended_object=%s" % self.page.pk except NoReverseMatch: # not in urls pass else: not_edit_mode = not self.toolbar.edit_mode current_page_menu = self.toolbar.get_or_create_menu("page") current_page_menu.add_modal_item(_("CSS"), url=url, disabled=not_edit_mode)
def populate(self): # always use draft if we have a page self.page = get_page_draft(self.request.current_page) if not self.page: # Nothing to do return # check global permissions if CMS_PERMISSIONS is active if get_cms_setting('PERMISSION'): if not has_page_change_permission: has_global_current_page_change_permission = has_page_permission( self.request.user, self.request.current_page, 'change') else: has_global_current_page_change_permission = has_page_change_permission( self.request) else: has_global_current_page_change_permission = False # check if user has page edit permission if not has_page_change_permission: can_change = (self.request.current_page and self.request.current_page.has_change_permission( self.request.user)) else: can_change = (self.request.current_page and self.request.current_page.has_change_permission( self.request)) if has_global_current_page_change_permission or can_change: not_edit_mode = not self.toolbar.edit_mode current_page_menu = self.toolbar.get_or_create_menu('page') super_item = current_page_menu.find_first( Break, identifier=PAGE_MENU_SECOND_BREAK) + 1 meta_menu = current_page_menu.get_or_create_menu( 'pagemeta', PAGE_META_MENU_TITLE, position=super_item) position = 0 # Page tags try: page_extension = PageMeta.objects.get( extended_object_id=self.page.pk) except PageMeta.DoesNotExist: page_extension = None try: if page_extension: url = reverse('admin:djangocms_page_meta_pagemeta_change', args=(page_extension.pk, )) else: url = '%s?extended_object=%s' % ( reverse('admin:djangocms_page_meta_pagemeta_add'), self.page.pk) except NoReverseMatch: # not in urls pass else: meta_menu.add_modal_item(PAGE_META_ITEM_TITLE, url=url, disabled=not_edit_mode, position=position) # Title tags for title in self.page.title_set.filter( language__in=get_language_list(self.page.site_id)): try: title_extension = TitleMeta.objects.get( extended_object_id=title.pk) except TitleMeta.DoesNotExist: title_extension = None try: if title_extension: url = reverse( 'admin:djangocms_page_meta_titlemeta_change', args=(title_extension.pk, )) else: url = '%s?extended_object=%s' % ( reverse('admin:djangocms_page_meta_titlemeta_add'), title.pk) except NoReverseMatch: # not in urls pass else: position += 1 language = get_language_object(title.language) meta_menu.add_modal_item(language['name'], url=url, disabled=not_edit_mode, position=position)
def test_emulate_admin_index(self): """ Call methods that emulate the adminsite instance's index. This test was basically the reason for the new manager, in light of the problem highlighted in ticket #1120, which asserts that giving a user no site-specific rights when creating a GlobalPagePermission should allow access to all sites. """ # create and then ignore this user. superuser = self._create_user("super", is_staff=True, is_active=True, is_superuser=True) superuser.set_password("super") superuser.save() # create 2 staff users SITES = [ Site.objects.get(pk=1), Site.objects.create(domain='example2.com', name='example2.com'), ] USERS = [ self._create_user("staff", is_staff=True, is_active=True), self._create_user("staff_2", is_staff=True, is_active=True), ] for user in USERS: user.set_password('staff') # re-use the same methods the UserPage form does. # Note that it internally calls .save(), as we've not done so. save_permissions({ 'can_add_page': True, 'can_change_page': True, 'can_delete_page': False }, user) GlobalPagePermission.objects.create(can_add=True, can_change=True, can_delete=False, user=USERS[0]) # we're querying here to ensure that even though we've created two users # above, we should have successfully filtered to just one perm. self.assertEqual(1, GlobalPagePermission.objects.with_user(USERS[0]).count()) # this will confirm explicit permissions still work, by adding the first # site instance to the many2many relationship 'sites' GlobalPagePermission.objects.create(can_add=True, can_change=True, can_delete=False, user=USERS[1]).sites.add(SITES[0]) self.assertEqual(1, GlobalPagePermission.objects.with_user(USERS[1]).count()) homepage = create_page(title="master", template="nav_playground.html", language="en", in_navigation=True, slug='/') publish_page(page=homepage, user=superuser, language='en') with SettingsOverride(CMS_PERMISSION=True): # for all users, they should have access to site 1 request = RequestFactory().get(path='/', data={'site__exact': 1}) # we need a session attribute for current_site(request), which is # used by has_page_add_permission and has_page_change_permission request.session = {} for user in USERS: # has_page_add_permission and has_page_change_permission both test # for this explicitly, to see if it's a superuser. request.user = user # Note, the query count is inflated by doing additional lookups # because there's a site param in the request. with self.assertNumQueries(FuzzyInt(6,7)): # PageAdmin swaps out the methods called for permissions # if the setting is true, it makes use of cms.utils.permissions self.assertTrue(has_page_add_permission(request)) self.assertTrue(has_page_change_permission(request)) # internally this calls PageAdmin.has_[add|change|delete]_permission() self.assertEqual({'add': True, 'change': True, 'delete': False}, site._registry[Page].get_model_perms(request)) # can't use the above loop for this test, as we're testing that # user 1 has access, but user 2 does not, as they are only assigned # to site 1 request = RequestFactory().get('/', data={'site__exact': 2}) request.session = {} # As before, the query count is inflated by doing additional lookups # because there's a site param in the request with self.assertNumQueries(FuzzyInt(11, 20)): # this user shouldn't have access to site 2 request.user = USERS[1] self.assertTrue(not has_page_add_permission(request)) self.assertTrue(not has_page_change_permission(request)) self.assertEqual({'add': False, 'change': False, 'delete': False}, site._registry[Page].get_model_perms(request)) # but, going back to the first user, they should. request = RequestFactory().get('/', data={'site__exact': 2}) request.user = USERS[0] self.assertTrue(has_page_add_permission(request)) self.assertTrue(has_page_change_permission(request)) self.assertEqual({'add': True, 'change': True, 'delete': False}, site._registry[Page].get_model_perms(request))
def populate(self): # always use draft if we have a page self.page = get_page_draft(self.request.current_page) if not self.page: # Nothing to do return self.lang = get_language_from_request(self.request) try: self.title_page = self.page.title_set.get(language=self.lang) except: # Nothing to do return # # Remove default menu # #self.page_menu = self.toolbar.get_or_create_menu('page') #self.toolbar.remove_item(self.page_menu) # # check global permissions # if get_cms_setting('PERMISSION'): has_global_current_page_change_permission = has_page_change_permission(self.request) else: has_global_current_page_change_permission = False can_change = self.request.current_page and self.request.current_page.has_change_permission(self.request) if has_global_current_page_change_permission or can_change: # Page urls page_url = reverse(PAGE_MENU_ADD) delete_page_url = reverse(PAGE_MENU_DELETE, args=(self.page.pk,)) sub_page_params = {'edit': 1, 'position': 'last-child', 'target': self.page.pk} # Rich page urls rich_page_add_url = reverse(RICHPAGE_MENU_ADD) + '?extended_object=%s' % self.title_page.pk # Rich Slideshow rich_slideshow_add_url = reverse(RICHSLIDESHOW_MENU_ADD) + '?extended_object=%s' % self.page.pk # # build the Pages menu # menu = self.toolbar.get_or_create_menu('rich-page-new', _('Pages'), position=1) menu.add_modal_item(_('New Page'), url=page_url) menu.add_modal_item(_('New Sub Page'), url=add_url_parameters(page_url, sub_page_params)) menu.add_modal_item(_('Delete page'), url=delete_page_url) try: rich_page = RichPage.objects.get(extended_object_id=self.title_page.pk) except RichPage.DoesNotExist: rich_page = None try: rich_slideshow = RichSlideshow.objects.get(extended_object_id=self.page.id) except RichSlideshow.DoesNotExist: rich_slideshow = None if not rich_page: menu.add_break(PAGE_MENU_BREAK) menu.add_modal_item(_('Add article'), url=rich_page_add_url) # # Check if the page has rich content or rich collection # if rich_page: menu.add_break(PAGE_MENU_BREAK) # # Rich page urls # rich_page_change_url = reverse(RICHPAGE_MENU_CHANGE, args=(self.title_page.pk,)) + '?extended_object=%s' % self.title_page.pk rich_page_delete_url = reverse(RICHPAGE_MENU_DELETE, args=(self.title_page.pk,)) + '?extended_object=%s' % self.title_page.pk menu.add_modal_item(_('Edit article'), url=rich_page_change_url) menu.add_modal_item(_('Delete article'), url=rich_page_delete_url) menu.add_break(PAGE_MENU_BREAK) if rich_slideshow: rich_slideshow_change_url = reverse(RICHSLIDESHOW_MENU_CHANGE, args=(rich_slideshow.pk,)) + '?extended_object=%s' % self.page.pk menu.add_modal_item(_('Delete slideshow'), url=rich_slideshow_change_url) else: menu.add_modal_item(_('Add slideshow'), url=rich_slideshow_add_url)
def can_change(self): return has_page_change_permission(self.request)
def populate(self): # always use draft if we have a page self.page = get_page_draft(self.request.current_page) if not self.page: # Nothing to do return # check global permissions if CMS_PERMISSIONS is active if get_cms_setting('PERMISSION'): if not has_page_change_permission: has_global_current_page_change_permission = has_page_permission( self.request.user, self.request.current_page, 'change' ) else: has_global_current_page_change_permission = has_page_change_permission( self.request ) else: has_global_current_page_change_permission = False # check if user has page edit permission if not has_page_change_permission: can_change = (self.request.current_page and self.request.current_page.has_change_permission(self.request.user)) else: can_change = (self.request.current_page and self.request.current_page.has_change_permission(self.request)) if has_global_current_page_change_permission or can_change: not_edit_mode = not self.toolbar.edit_mode tags_menu = self.toolbar.get_or_create_menu('page') super_item = tags_menu.find_first(Break, identifier=PAGE_MENU_SECOND_BREAK) + 1 tags_menu = tags_menu.get_or_create_menu( 'pagetags', PAGE_TAGS_MENU_TITLE, position=super_item ) position = 0 # Page tags try: page_extension = PageTags.objects.get(extended_object_id=self.page.pk) except PageTags.DoesNotExist: page_extension = None try: if page_extension: url = reverse('admin:djangocms_page_tags_pagetags_change', args=(page_extension.pk,)) else: url = '%s?extended_object=%s' % ( reverse('admin:djangocms_page_tags_pagetags_add'), self.page.pk ) except NoReverseMatch: # pragma: no cover # not in urls pass else: tags_menu.add_modal_item(PAGE_TAGS_ITEM_TITLE, url=url, disabled=not_edit_mode, position=position) # Title tags for title in self.page.title_set.filter( language__in=get_language_list(self.page.site_id) ): try: title_extension = TitleTags.objects.get(extended_object_id=title.pk) except TitleTags.DoesNotExist: title_extension = None try: if title_extension: url = reverse('admin:djangocms_page_tags_titletags_change', args=(title_extension.pk,)) else: url = '%s?extended_object=%s' % ( reverse('admin:djangocms_page_tags_titletags_add'), title.pk) except NoReverseMatch: # pragma: no cover # not in urls pass else: position += 1 language = get_language_object(title.language) tags_menu.add_modal_item(language['name'], url=url, disabled=not_edit_mode, position=position)
def populate(self): # always use draft if we have a page self.page = get_page_draft(self.request.current_page) if self.page and has_page_change_permission(self.request): return