def has_any_page_change_permissions(request):
from cms.utils.plugins import current_site
return PagePermission.objects.filter(
page__site=current_site(request)
).filter((
Q(user=request.user) |
Q(group__in=request.user.groups.all())
)).exists()
def has_any_page_change_permissions(request):
from cms.utils.plugins import current_site
if not request.user.is_authenticated():
return False
return request.user.is_superuser or PagePermission.objects.filter(
page__site=current_site(request)).filter(
(Q(user=request.user)
| Q(group__in=request.user.groups.all()))).exists()
def has_any_page_change_permissions(request):
from cms.utils.plugins import current_site
return PagePermission.objects.filter(
page__site=current_site(request)
).filter((
Q(user=request.user) |
Q(group__in=request.user.groups.all())
)).exists()
def has_any_page_change_permissions(request):
from cms.utils.plugins import current_site
permissions = PagePermission.objects.filter(
page__site=current_site(request)).filter(
Q(user=request.user) | Q(group__in=request.user.groups.all()))
if permissions.count() > 0:
return True
return False
def has_any_page_change_permissions(request):
from cms.utils.plugins import current_site
if not request.user.is_authenticated():
return False
return request.user.is_superuser or PagePermission.objects.filter(
page__site=current_site(request)
).filter((
Q(user=request.user) |
Q(group__in=request.user.groups.all())
)).exists()
def __init__(self, request, *args, **kwargs):
super(CMSChangeList, self).__init__(request, *args, **kwargs)
from cms.utils.plugins import current_site
self._current_site = current_site(request)
try:
self.query_set = self.get_query_set(request)
except:
raise
self.get_results(request)
if self._current_site:
request.session['cms_admin_site'] = self._current_site.pk
self.set_sites(request)
def __init__(self, request, *args, **kwargs):
from cms.utils.plugins import current_site
self._current_site = current_site(request)
super(CMSChangeList, self).__init__(request, *args, **kwargs)
try:
self.query_set = self.get_query_set(request)
except:
raise
self.get_results(request)
if self._current_site:
request.session['cms_admin_site'] = self._current_site.pk
self.set_sites(request)
def has_page_change_permission(request):
"""
Return true if the current user has permission to change any page. This is
just used for building the tree - only superuser, or user with can_change in
globalpagepermission can change a page.
"""
from cms.utils.plugins import current_site
opts = Page._meta
if request.user.is_superuser or (
request.user.has_perm(opts.app_label + '.' + opts.get_change_permission()) and (
has_global_page_permission(request, current_site(request), can_change=True))
or has_any_page_change_permissions(request)):
return True
return False
def has_view_permission(self, request):
from cms.models.permissionmodels import PagePermission, GlobalPagePermission
from cms.utils.plugins import current_site
if not self.publisher_is_draft and self.publisher_public:
return self.publisher_public.has_view_permission(request)
# does any restriction exist?
# inherited and direct
is_restricted = PagePermission.objects.for_page(page=self).filter(
can_view=True).exists()
if request.user.is_authenticated():
site = current_site(request)
global_perms_q = Q(can_view=True) & Q(
Q(sites__in=[site]) | Q(sites__isnull=True))
global_view_perms = GlobalPagePermission.objects.with_user(
request.user).filter(global_perms_q).exists()
# a global permission was given to the request's user
if global_view_perms:
return True
elif not is_restricted:
if ((settings.CMS_PUBLIC_FOR == 'all')
or (settings.CMS_PUBLIC_FOR == 'staff'
and request.user.is_staff)):
return True
# a restricted page and an authenticated user
elif is_restricted:
opts = self._meta
codename = '%s.view_%s' % (opts.app_label,
opts.object_name.lower())
user_perm = request.user.has_perm(codename)
generic_perm = self.has_generic_permission(request, "view")
return (user_perm or generic_perm)
else:
#anonymous user
if is_restricted or not settings.CMS_PUBLIC_FOR == 'all':
# anyonymous user, page has restriction and global access is permitted
return False
else:
# anonymous user, no restriction saved in database
return True
# Authenticated user
# Django wide auth perms "can_view" or cms auth perms "can_view"
opts = self._meta
codename = '%s.view_%s' % (opts.app_label, opts.object_name.lower())
return (request.user.has_perm(codename)
or self.has_generic_permission(request, "view"))
def has_view_permission(self, request):
from cms.models.permissionmodels import PagePermission, GlobalPagePermission
from cms.utils.plugins import current_site
if not self.publisher_is_draft and self.publisher_public:
return self.publisher_public.has_view_permission(request)
# does any restriction exist?
# inherited and direct
is_restricted = PagePermission.objects.for_page(page=self).filter(can_view=True).exists()
if request.user.is_authenticated():
site = current_site(request)
global_perms_q = Q(can_view=True) & Q(
Q(sites__in=[site]) | Q(sites__isnull=True)
)
global_view_perms = GlobalPagePermission.objects.with_user(
request.user).filter(global_perms_q).exists()
# a global permission was given to the request's user
if global_view_perms:
return True
elif not is_restricted:
if ((settings.CMS_PUBLIC_FOR == 'all') or
(settings.CMS_PUBLIC_FOR == 'staff' and
request.user.is_staff)):
return True
# a restricted page and an authenticated user
elif is_restricted:
opts = self._meta
codename = '%s.view_%s' % (opts.app_label, opts.object_name.lower())
user_perm = request.user.has_perm(codename)
generic_perm = self.has_generic_permission(request, "view")
return (user_perm or generic_perm)
else:
#anonymous user
if is_restricted or not settings.CMS_PUBLIC_FOR == 'all':
# anyonymous user, page has restriction and global access is permitted
return False
else:
# anonymous user, no restriction saved in database
return True
# Authenticated user
# Django wide auth perms "can_view" or cms auth perms "can_view"
opts = self._meta
codename = '%s.view_%s' % (opts.app_label, opts.object_name.lower())
return (request.user.has_perm(codename) or
self.has_generic_permission(request, "view"))
def has_page_change_permission(request):
"""
Return true if the current user has permission to change any page. This is
just used for building the tree - only superuser, or user with can_change in
globalpagepermission can change a page.
"""
from cms.utils.plugins import current_site
opts = Page._meta
if request.user.is_superuser or (
request.user.has_perm(opts.app_label + '.' + opts.get_change_permission()) and (
has_global_page_permission(request, current_site(request), can_change=True))
or has_any_page_change_permissions(request)):
return True
return False
def has_page_change_permission(request):
"""
Return true if the current user has permission to change this page.
To be granted this permission, you need the cms.change_page permission.
In addition, if CMS_PERMISSION is enabled you also need to either have
global can_change permission or just on this page.
"""
from cms.utils.plugins import current_site
opts = Page._meta
return request.user.is_superuser or (
request.user.has_perm(opts.app_label + '.' +
opts.get_change_permission()) and
(not get_cms_setting('PERMISSION') or has_global_page_permission(
request, current_site(request), can_change=True)
or has_any_page_change_permissions(request)))
def has_page_change_permission(request):
"""
Return true if the current user has permission to change this page.
To be granted this permission, you need the cms.change_page permission.
In addition, if CMS_PERMISSION is enabled you also need to either have
global can_change permission or just on this page.
"""
from cms.utils.plugins import current_site
opts = Page._meta
site = current_site(request)
global_change_perm = GlobalPagePermission.objects.user_has_change_permission(
request.user, site).exists()
return request.user.is_superuser or (
request.user.has_perm(opts.app_label + '.' + opts.get_change_permission())
and global_change_perm or has_any_page_change_permissions(request))
def has_page_change_permission(request):
"""
Return true if the current user has permission to change this page.
To be granted this permission, you need the cms.change_page permission.
In addition, if CMS_PERMISSION is enabled you also need to either have
global can_change permission or just on this page.
"""
from cms.utils.plugins import current_site
opts = Page._meta
site = current_site(request)
global_change_perm = GlobalPagePermission.objects.user_has_change_permission(
request.user, site).exists()
return request.user.is_superuser or (
request.user.has_perm(opts.app_label + '.' + opts.get_change_permission())
and global_change_perm or has_any_page_change_permissions(request))
def has_page_change_permission(request):
"""
Return true if the current user has permission to change this page.
To be granted this permission, you need the cms.change_page permission.
In addition, if CMS_PERMISSION is enabled you also need to either have
global can_change permission or just on this page.
"""
from cms.utils.plugins import current_site
opts = Page._meta
return request.user.is_superuser or (
request.user.has_perm(opts.app_label + '.' + opts.get_change_permission())
and (
not get_cms_setting('PERMISSION') or
has_global_page_permission(request, current_site(request),
can_change=True) or
has_any_page_change_permissions(request)))
def has_page_add_permission(request):
"""
Return true if the current user has permission to add a new page. This is
just used for general add buttons - only superuser, or user with can_add in
globalpagepermission can add page.
Special case occur when page is going to be added from add page button in
change list - then we have target and position there, so check if user can
add page under target page will occur.
"""
opts = Page._meta
if request.user.is_superuser:
return True
# if add under page
target = request.GET.get('target', None)
position = request.GET.get('position', None)
from cms.utils.plugins import current_site
site = current_site(request)
if target is not None:
try:
page = Page.objects.get(pk=target)
except Page.DoesNotExist:
return False
global_add_perm = GlobalPagePermission.objects.user_has_add_permission(
request.user, site).exists()
if (request.user.has_perm(opts.app_label + '.' +
opts.get_add_permission())
and global_add_perm):
return True
if position in ("first-child", "last-child"):
return page.has_add_permission(request)
elif position in ("left", "right"):
if page.parent_id:
return has_generic_permission(page.parent_id, request.user,
"add", page.site)
else:
global_add_perm = GlobalPagePermission.objects.user_has_add_permission(
request.user, site).exists()
if (request.user.has_perm(opts.app_label + '.' +
opts.get_add_permission())
and global_add_perm):
return True
return False
def has_page_add_permission(request):
"""
Return true if the current user has permission to add a new page. This is
just used for general add buttons - only superuser, or user with can_add in
globalpagepermission can add page.
Special case occur when page is going to be added from add page button in
change list - then we have target and position there, so check if user can
add page under target page will occur.
"""
opts = Page._meta
if request.user.is_superuser:
return True
# if add under page
target = request.GET.get('target', None)
position = request.GET.get('position', None)
from cms.utils.plugins import current_site
site = current_site(request)
if target is not None:
try:
page = Page.objects.get(pk=target)
except Page.DoesNotExist:
return False
global_add_perm = GlobalPagePermission.objects.user_has_add_permission(
request.user, site).exists()
if (request.user.has_perm(opts.app_label + '.' + opts.get_add_permission())
and global_add_perm):
return True
if position in ("first-child", "last-child"):
return page.has_add_permission(request)
elif position in ("left", "right"):
if page.parent_id:
return has_generic_permission(page.parent_id, request.user, "add", page.site)
else:
global_add_perm = GlobalPagePermission.objects.user_has_add_permission(
request.user, site).exists()
if (request.user.has_perm(opts.app_label + '.' + opts.get_add_permission())
and global_add_perm):
return True
return False
def has_view_permission(self, request):
from cms.models.permissionmodels import PagePermission, GlobalPagePermission
from cms.utils.plugins import current_site
# staff is allowed to see everything
if request.user.is_staff and settings.CMS_PUBLIC_FOR in ('staff', 'all'):
return True
if not self.publisher_is_draft and self.publisher_public:
return self.publisher_public.has_view_permission(request)
# does any restriction exist?
# direct
# inherited and direct
is_restricted = PagePermission.objects.for_page(self).filter(can_view=True).exists()
if request.user.is_authenticated():
site = current_site(request)
global_view_perms = GlobalPagePermission.objects.with_user(
request.user).filter(can_view=True, sites__in=[site]).exists()
# a global permission was given to the request's user
if global_view_perms:
return True
# authenticated user, no restriction and public for all fallback
if (not is_restricted and not global_view_perms and
not settings.CMS_PUBLIC_FOR == 'all'):
return False
# authenticated user, no restriction and public for all
if (not is_restricted and not global_view_perms and
settings.CMS_PUBLIC_FOR == 'all'):
return True
else:
#anonymous user
if is_restricted or not settings.CMS_PUBLIC_FOR == 'all':
# anyonymous user, page has restriction and global access is permitted
return False
else:
# anonymous user, no restriction saved in database
return True
# Authenticated user
# Django wide auth perms "can_view" or cms auth perms "can_view"
opts = self._meta
codename = '%s.view_%s' % (opts.app_label, opts.object_name.lower())
return (request.user.has_perm(codename) or
self.has_generic_permission(request, "view"))
def get_any_page_view_permissions(request, page):
from cms.utils.plugins import current_site
return PagePermission.objects.filter(
page__pk=page.pk,
page__site=current_site(request),
can_view=True)
def has_any_page_change_permissions(request):
from cms.utils.plugins import current_site
permissions = PagePermission.objects.filter(page__site=current_site(request)).filter(Q(user=request.user)|Q(group__in=request.user.groups.all()))
if permissions.count()>0:
return True
return False
def get_visible_pages(request, pages, site=None):
"""
This code is basically a many-pages-at-once version of
Page.has_view_permission.
pages contains all published pages
check if there is ANY restriction
that needs a permission page visibility calculation
"""
public_for = get_cms_setting('PUBLIC_FOR')
is_setting_public_all = public_for == 'all'
is_setting_public_staff = public_for == 'staff'
is_auth_user = request.user.is_authenticated()
visible_page_ids = []
restricted_pages = defaultdict(list)
page_permissions = PagePermission.objects.filter(can_view=True).select_related('page', 'group__users')
for perm in page_permissions:
# collect the pages that are affected by permissions
if site and perm.page.site_id != site.pk:
continue
if perm is not None and perm not in restricted_pages[perm.page.pk]:
# affective restricted pages gathering
# using mptt functions
# add the page with the perm itself
if perm.grant_on in [ACCESS_PAGE, ACCESS_PAGE_AND_CHILDREN, ACCESS_PAGE_AND_DESCENDANTS]:
restricted_pages[perm.page.pk].append(perm)
restricted_pages[perm.page.publisher_public_id].append(perm)
# add children
if perm.grant_on in [ACCESS_CHILDREN, ACCESS_PAGE_AND_CHILDREN]:
child_ids = perm.page.get_children().values_list('id', 'publisher_public_id')
for id, public_id in child_ids:
restricted_pages[id].append(perm)
restricted_pages[public_id].append(perm)
# add descendants
elif perm.grant_on in [ACCESS_DESCENDANTS, ACCESS_PAGE_AND_DESCENDANTS]:
child_ids = perm.page.get_descendants().values_list('id', 'publisher_public_id')
for id, public_id in child_ids:
restricted_pages[id].append(perm)
restricted_pages[public_id].append(perm)
# anonymous
# no restriction applied at all
if (not is_auth_user and
is_setting_public_all and
not restricted_pages):
return [page.pk for page in pages]
if site is None:
site = current_site(request)
# authenticated user and global permission
if is_auth_user:
global_page_perm_q = Q(
Q(user=request.user) | Q(group__user=request.user)
) & Q(can_view=True) & Q(Q(sites__in=[site.pk]) | Q(sites__isnull=True))
global_view_perms = GlobalPagePermission.objects.filter(global_page_perm_q).exists()
#no page perms edge case - all visible
if ((is_setting_public_all or (
is_setting_public_staff and request.user.is_staff)) and
not restricted_pages and
not global_view_perms):
return [page.pk for page in pages]
#no page perms edge case - none visible
elif (is_setting_public_staff and
not request.user.is_staff and
not restricted_pages and
not global_view_perms):
return []
def has_global_perm():
if has_global_perm.cache < 0:
has_global_perm.cache = 1 if request.user.has_perm('cms.view_page') else 0
return bool(has_global_perm.cache)
has_global_perm.cache = -1
def has_permission_membership(page):
"""
PagePermission user group membership tests
"""
user_pk = request.user.pk
page_pk = page.pk
has_perm = False
for perm in restricted_pages[page_pk]:
if perm.user_id == user_pk:
has_perm = True
if not perm.group_id:
continue
group_user_ids = perm.group.user_set.values_list('pk', flat=True)
if user_pk in group_user_ids:
has_perm = True
return has_perm
for page in pages:
to_add = False
# default to false, showing a restricted page is bad
# explicitly check all the conditions
# of settings and permissions
is_restricted = page.pk in restricted_pages
# restricted_pages contains as key any page.pk that is
# affected by a permission grant_on
if is_auth_user:
# a global permission was given to the request's user
if global_view_perms:
to_add = True
# setting based handling of unrestricted pages
elif not is_restricted and (
is_setting_public_all or (
is_setting_public_staff and request.user.is_staff)
):
# authenticated user, no restriction and public for all
# or
# authenticated staff user, no restriction and public for staff
to_add = True
# check group and user memberships to restricted pages
elif is_restricted and has_permission_membership(page):
to_add = True
elif has_global_perm():
to_add = True
# anonymous user, no restriction
elif not is_restricted and is_setting_public_all:
to_add = True
# store it
if to_add:
visible_page_ids.append(page.pk)
return visible_page_ids
def get_visible_pages(request, pages, site=None):
"""
This code is basically a many-pages-at-once version of
Page.has_view_permission.
pages contains all published pages
check if there is ANY restriction
that needs a permission page visibility calculation
"""
public_for = get_cms_setting('PUBLIC_FOR')
is_setting_public_all = public_for == 'all'
is_setting_public_staff = public_for == 'staff'
is_auth_user = request.user.is_authenticated()
visible_page_ids = []
restricted_pages = defaultdict(list)
page_permissions = PagePermission.objects.filter(
can_view=True).select_related('page', 'group__users')
for perm in page_permissions:
# collect the pages that are affected by permissions
if site and perm.page.site_id != site.pk:
continue
if perm is not None and perm not in restricted_pages[perm.page.pk]:
# affective restricted pages gathering
# using mptt functions
# add the page with the perm itself
if perm.grant_on in [
ACCESS_PAGE, ACCESS_PAGE_AND_CHILDREN,
ACCESS_PAGE_AND_DESCENDANTS
]:
restricted_pages[perm.page.pk].append(perm)
restricted_pages[perm.page.publisher_public_id].append(perm)
# add children
if perm.grant_on in [ACCESS_CHILDREN, ACCESS_PAGE_AND_CHILDREN]:
child_ids = perm.page.get_children().values_list(
'id', 'publisher_public_id')
for id, public_id in child_ids:
restricted_pages[id].append(perm)
restricted_pages[public_id].append(perm)
# add descendants
elif perm.grant_on in [
ACCESS_DESCENDANTS, ACCESS_PAGE_AND_DESCENDANTS
]:
child_ids = perm.page.get_descendants().values_list(
'id', 'publisher_public_id')
for id, public_id in child_ids:
restricted_pages[id].append(perm)
restricted_pages[public_id].append(perm)
# anonymous
# no restriction applied at all
if (not is_auth_user and is_setting_public_all and not restricted_pages):
return [page.pk for page in pages]
if site is None:
site = current_site(request)
# authenticated user and global permission
if is_auth_user:
global_page_perm_q = Q(
Q(user=request.user)
| Q(group__user=request.user)) & Q(can_view=True) & Q(
Q(sites__in=[site.pk]) | Q(sites__isnull=True))
global_view_perms = GlobalPagePermission.objects.filter(
global_page_perm_q).exists()
#no page perms edge case - all visible
if ((is_setting_public_all or
(is_setting_public_staff and request.user.is_staff))
and not restricted_pages and not global_view_perms):
return [page.pk for page in pages]
#no page perms edge case - none visible
elif (is_setting_public_staff and not request.user.is_staff
and not restricted_pages and not global_view_perms):
return []
def has_global_perm():
if has_global_perm.cache < 0:
has_global_perm.cache = 1 if request.user.has_perm(
'cms.view_page') else 0
return bool(has_global_perm.cache)
has_global_perm.cache = -1
def has_permission_membership(page):
"""
PagePermission user group membership tests
"""
user_pk = request.user.pk
page_pk = page.pk
has_perm = False
for perm in restricted_pages[page_pk]:
if perm.user_id == user_pk:
has_perm = True
if not perm.group_id:
continue
group_user_ids = perm.group.user_set.values_list('pk', flat=True)
if user_pk in group_user_ids:
has_perm = True
return has_perm
for page in pages:
to_add = False
# default to false, showing a restricted page is bad
# explicitly check all the conditions
# of settings and permissions
is_restricted = page.pk in restricted_pages
# restricted_pages contains as key any page.pk that is
# affected by a permission grant_on
if is_auth_user:
# a global permission was given to the request's user
if global_view_perms:
to_add = True
# setting based handling of unrestricted pages
elif not is_restricted and (is_setting_public_all or
(is_setting_public_staff
and request.user.is_staff)):
# authenticated user, no restriction and public for all
# or
# authenticated staff user, no restriction and public for staff
to_add = True
# check group and user memberships to restricted pages
elif is_restricted and has_permission_membership(page):
to_add = True
elif has_global_perm():
to_add = True
# anonymous user, no restriction
elif not is_restricted and is_setting_public_all:
to_add = True
# store it
if to_add:
visible_page_ids.append(page.pk)
return visible_page_ids
def get_visible_pages(request, pages, site=None):
# This code is basically a many-pages-at-once version of
# Page.has_view_permission, check there to see wtf is going on here.
if request.user.is_staff and settings.CMS_PUBLIC_FOR in ('staff', 'all'):
return [page.pk for page in pages]
page_ids = []
pages_perms_q = Q()
for page in pages:
page_q = Q(page__tree_id=page.tree_id) & (
Q(page=page)
| (Q(page__level__lt=page.level) & (Q(grant_on=ACCESS_DESCENDANTS) | Q(grant_on=ACCESS_PAGE_AND_DESCENDANTS)))
| (Q(page__level=page.level - 1) & (Q(grant_on=ACCESS_CHILDREN) | Q(grant_on=ACCESS_PAGE_AND_CHILDREN)))
)
pages_perms_q |= page_q
pages_perms_q &= Q(can_view=True)
page_permissions = PagePermission.objects.filter(pages_perms_q).select_related('page', 'group__users')
restricted_pages = defaultdict(list)
for perm in page_permissions:
restricted_pages[perm.page.pk].append(perm)
if site is None:
site = current_site(request)
if request.user.is_authenticated():
#return self.filter(Q(user=user) | Q(group__user=user))
global_page_perm_q = Q(
Q(user=request.user) | Q(group__user=request.user)
) & Q(can_view=True) & Q(Q(sites__in=[site.pk]) | Q(sites__isnull=True))
global_view_perms = GlobalPagePermission.objects.filter(global_page_perm_q).exists()
def has_global_perm():
if has_global_perm.cache < 0:
has_global_perm.cache = 1 if request.user.has_perm('cms.view_page') else 0
return bool(has_global_perm.cache)
has_global_perm.cache = -1
def has_permission(page):
"""
PagePermission tests
"""
for perm in restricted_pages[page.pk]:
if perm.user_id == request.user.pk:
return True
for perm in restricted_pages[page.pk]:
if not perm.group_id:
continue
if request.user.pk in perm.group.user_set.values_list('id', flat=True):
return True
return False
for page in pages:
is_restricted = page.pk in restricted_pages
if request.user.is_authenticated():
# a global permission was given to the request's user
if global_view_perms:
page_ids.append(page.pk)
# authenticated user, no restriction and public for all
elif settings.CMS_PUBLIC_FOR == 'all':
page_ids.append(page.pk)
elif has_permission(page):
page_ids.append(page.pk)
elif has_global_perm():
page_ids.append(page.pk)
elif not is_restricted and settings.CMS_PUBLIC_FOR == 'all':
# anonymous user, no restriction saved in database
page_ids.append(page.pk)
return page_ids
def get_visible_pages(request, pages, site=None):
# This code is basically a many-pages-at-once version of
# Page.has_view_permission, check there to see wtf is going on here.
if request.user.is_staff and settings.CMS_PUBLIC_FOR in ('staff', 'all'):
return [page.pk for page in pages]
page_ids = []
pages_perms_q = Q()
for page in pages:
page_q = Q(page__tree_id=page.tree_id) & (
Q(page=page)
| (Q(page__level__lt=page.level) &
(Q(grant_on=ACCESS_DESCENDANTS)
| Q(grant_on=ACCESS_PAGE_AND_DESCENDANTS)))
| (Q(page__level=page.level - 1) &
(Q(grant_on=ACCESS_CHILDREN)
| Q(grant_on=ACCESS_PAGE_AND_CHILDREN))))
pages_perms_q |= page_q
pages_perms_q &= Q(can_view=True)
page_permissions = PagePermission.objects.filter(
pages_perms_q).select_related('page', 'group__users')
restricted_pages = defaultdict(list)
for perm in page_permissions:
restricted_pages[perm.page.pk].append(perm)
if site is None:
site = current_site(request)
if request.user.is_authenticated():
#return self.filter(Q(user=user) | Q(group__user=user))
global_page_perm_q = Q(
Q(user=request.user)
| Q(group__user=request.user)) & Q(can_view=True) & Q(
Q(sites__in=[site.pk]) | Q(sites__isnull=True))
global_view_perms = GlobalPagePermission.objects.filter(
global_page_perm_q).exists()
def has_global_perm():
if has_global_perm.cache < 0:
has_global_perm.cache = 1 if request.user.has_perm(
'cms.view_page') else 0
return bool(has_global_perm.cache)
has_global_perm.cache = -1
def has_permission(page):
"""
PagePermission tests
"""
for perm in restricted_pages[page.pk]:
if perm.user_id == request.user.pk:
return True
for perm in restricted_pages[page.pk]:
if not perm.group_id:
continue
if request.user.pk in perm.group.user_set.values_list('id',
flat=True):
return True
return False
for page in pages:
is_restricted = page.pk in restricted_pages
if request.user.is_authenticated():
# a global permission was given to the request's user
if global_view_perms:
page_ids.append(page.pk)
# authenticated user, no restriction and public for all
elif settings.CMS_PUBLIC_FOR == 'all':
page_ids.append(page.pk)
elif has_permission(page):
page_ids.append(page.pk)
elif has_global_perm():
page_ids.append(page.pk)
elif not is_restricted and settings.CMS_PUBLIC_FOR == 'all':
# anonymous user, no restriction saved in database
page_ids.append(page.pk)
return page_ids
def has_page_change_permission(request):
"""Return true if the current user has permission to change any page. This is
just used for building the tree - only superuser, or user with can_change in
globalpagepermission can change a page.
"""
from cms.utils.plugins import current_site
opts = Page._meta
if request.user.is_superuser or \
(request.user.has_perm(opts.app_label + '.' + opts.get_change_permission()) and
(GlobalPagePermission.objects.with_user(request.user).filter(can_change=True, sites__in=[current_site(request)]).count()>0) or
has_any_page_change_permissions(request)):
return True
return False
def get_any_page_view_permissions(request, page):
from cms.utils.plugins import current_site
return PagePermission.objects.filter(
page__pk=page.pk,
page__site=current_site(request),
can_view=True)
