def delete_row_level_permission(request, app_label, model_name, object_id, ct_id, rlp_id, hash): """ Deletes the given row level permission. """ msg = {} if utils.verify_objref_hash(ct_id, rlp_id, hash): model = models.get_model(app_label, model_name) object_id = unquote(object_id) model_ct = ContentType.objects.get_for_model(model) model_instance = get_object_or_404(model, pk=object_id) rlp = get_object_or_404(RowLevelPermission, pk=rlp_id) ct = rlp.model_ct obj = rlp.model model_id = model_instance._get_pk_val() if not (model_id == rlp.model_id): raise PermissionDenied if not request.user.has_perm(rlp._meta.app_label + "." + rlp._meta.get_delete_permission()): raise PermissionDenied if not request.user.has_perm(obj._meta.app_label + "." + obj._meta.get_change_permission(), object=obj): raise PermissionDenied rlp.delete() msg = {"result": True, "text": _("Row level permission was successful deleted"), "id": rlp_id} else: msg = {"result": False, "text": _("row level permission not found (bad hash)")} request.user.message_set.create(message=msg["text"]) return HttpResponseRedirect(request.META["HTTP_REFERER"])
def change_row_level_permission(request, app_label, model_name, object_id, ct_id, rlp_id, hash): msg = {} if not request.POST: msg = {"result": False, "text": _("Only POSTs are allowed")} if not utils.verify_objref_hash(ct_id, rlp_id, hash): msg = {"result": False, "text": _("row level permission not found (bad hash)")} if msg.has_key("result"): request.user.message_set.create(message=msg["text"]) return HttpResponseRedirect("../../../../") model = models.get_model(app_label, model_name) object_id = unquote(object_id) ct = ContentType.objects.get_for_model(model) model_instance = get_object_or_404(model, pk=object_id) rlp = get_object_or_404(RowLevelPermission, pk=rlp_id) opts = rlp._meta if not request.user.has_perm(opts.app_label + "." + opts.get_add_permission()): raise PermissionDenied obj = rlp.model model_id = model_instance._get_pk_val() object_id = obj._get_pk_val() if model_id is not object_id: raise PermissionDenied if not request.user.has_perm(rlp._meta.app_label + "." + rlp._meta.get_change_permission(), object=obj): raise PermissionDenied manip = ChangeRLPManipulator() new_data = request.POST.copy() new_data["id"] = rlp_id manip.do_html2python(new_data) from django.core import validators try: new_rlp = manip.save(new_data) except validators.ValidationError: msg = {"result": False, "text": _("A row level permission already exists with the specified values")} else: msg = {"result": True, "text": _("Row level permission has successfully been changed"), "id": rlp_id} request.user.message_set.create(message=msg["text"]) return HttpResponseRedirect(request.META["HTTP_REFERER"])