def queryset(self, request): """ First semi-working draft of category-based permissions. It will allow permissions to be set per category effectively hiding the content the user has no permission to see/change. """ # return cached queryset, if possible if self._cached_queryset_request_id == id(request) and type(self._cached_queryset) != type(None): return self._cached_queryset q = super(NewmanModelAdmin, self).queryset(request) # user category filter qs = utils.user_category_filter(q, request.user) # if self.model is licensed filter queryset if License._meta.installed: exclude_pks = License.objects.unapplicable_for_model(self.model) qs_tmp = qs.exclude(pk__in=exclude_pks) utils.copy_queryset_flags(qs_tmp, qs) qs = qs_tmp if request.user.is_superuser: return qs view_perm = self.opts.app_label + '.' + 'view_' + self.model._meta.module_name.lower() change_perm = self.opts.app_label + '.' + 'change_' + self.model._meta.module_name.lower() perms = (view_perm, change_perm,) # return permission_filtered_model_qs(qs, request.user, perms) qs_tmp = permission_filtered_model_qs(qs, request.user, perms) utils.copy_queryset_flags(qs_tmp, qs) # cache the result self._cached_queryset_request_id = id(request) self._cached_queryset = qs_tmp return qs_tmp
def get_queryset(self): user = self.form._magic_user if not hasattr(self, '_queryset'): if self.queryset is not None: qs = self.queryset else: qs = self.model._default_manager.get_query_set() # category based permissions if not user.is_superuser: category_fk = model_category_fk(self.model) if category_fk: # in ListingInlineOptions: self.instance .. Placement instance, self.model .. Listing view_perm = get_permission('view', self.model) change_perm = get_permission('change', self.model) perms = ( view_perm, change_perm, ) qs = permission_filtered_model_qs(qs, user, perms) # user filtered categories qs = utils.user_category_filter(qs, user) if self.max_num > 0: self._queryset = qs[:self.max_num] else: self._queryset = qs return self._queryset
def test_only_viewable_articles_retrieved(self): # article1 accessible_article = Article.objects.create( title=u'Testable rabbit', slug='testable-rabbit', description='Perex', category=self.nested_first_level_two) accessible_article.authors.add(self.author) accessible_article.save() inaccessible_article = Article.objects.create( title='Lost rabbit', slug='testable-rabbit', description='Perex', category=self.nested_first_level) inaccessible_article.authors.add(self.author) inaccessible_article.save() # test filtered_qs = permission_filtered_model_qs( Article.objects.all(), self.user, ['articles.view_article', 'articles.change_article']) available_articles = list(filtered_qs.all()) tools.assert_equals(accessible_article, available_articles[0]) tools.assert_equals(1, len(available_articles))
def filter_func(fspec): root_cats = Category.objects.filter(tree_parent__isnull=True) qs = permission_filtered_model_qs(root_cats, fspec.user) for cat in qs: lookup_dict = dict() lookup_dict[fspec.site_field_path] = cat.site.pk link_text = "%s (%s)" % (cat.site.name, cat.site.domain) link = (link_text, lookup_dict) fspec.links.append(link) return True
def filter_func(fspec): root_cats = Category.objects.filter(tree_parent__isnull=True) qs = permission_filtered_model_qs(root_cats, fspec.user) for cat in qs: lookup_dict = dict() lookup_dict[fspec.site_field_path] = cat.site.pk link_text = '%s (%s)' % (cat.site.name, cat.site.domain) link = (link_text, lookup_dict) fspec.links.append(link) return True
def restrict_field_categories(self, form, user, model): if 'category' not in form.base_fields: return f = form.base_fields['category'] if hasattr(f.queryset, '_newman_filtered'): return view_perm = get_permission('view', model) change_perm = get_permission('change', model) perms = (view_perm, change_perm,) qs = permission_filtered_model_qs(f.queryset, user, perms) qs._newman_filtered = True #magic variable f._set_queryset(qs)
def _get_queryset(self): if hasattr(self._queryset, '_newman_filtered'): return self._queryset view_perm = get_permission('view', self.model) change_perm = get_permission('change', self.model) perms = (view_perm, change_perm,) qs = permission_filtered_model_qs(self._queryset, self.user, perms) # user category filter qs = utils.user_category_filter(qs, self.user) qs._newman_filtered = True #magic variable self._set_queryset(qs) return self._queryset
def test_only_viewable_articles_retrieved(self): # article1 accessible_article = Article.objects.create(title=u'Testable rabbit', slug='testable-rabbit', description='Perex', category=self.nested_first_level_two) accessible_article.authors.add(self.author) accessible_article.save() inaccessible_article = Article.objects.create(title='Lost rabbit', slug='testable-rabbit', description='Perex', category=self.nested_first_level) inaccessible_article.authors.add(self.author) inaccessible_article.save() # test filtered_qs = permission_filtered_model_qs( Article.objects.all(), self.user, ['articles.view_article', 'articles.change_article'] ) available_articles = list(filtered_qs.all()) tools.assert_equals(accessible_article, available_articles[0]) tools.assert_equals(1, len(available_articles))
def queryset(self, request): """ First semi-working draft of category-based permissions. It will allow permissions to be set per category effectively hiding the content the user has no permission to see/change. """ # return cached queryset, if possible if self._cached_queryset_request_id == id(request) and type( self._cached_queryset) != type(None): return self._cached_queryset q = super(NewmanModelAdmin, self).queryset(request) # user category filter qs = utils.user_category_filter(q, request.user) # if self.model is licensed filter queryset if License._meta.installed: exclude_pks = License.objects.unapplicable_for_model(self.model) qs_tmp = qs.exclude(pk__in=exclude_pks) utils.copy_queryset_flags(qs_tmp, qs) qs = qs_tmp if request.user.is_superuser: return qs view_perm = self.opts.app_label + '.' + 'view_' + self.model._meta.module_name.lower( ) change_perm = self.opts.app_label + '.' + 'change_' + self.model._meta.module_name.lower( ) perms = ( view_perm, change_perm, ) # return permission_filtered_model_qs(qs, request.user, perms) qs_tmp = permission_filtered_model_qs(qs, request.user, perms) utils.copy_queryset_flags(qs_tmp, qs) # cache the result self._cached_queryset_request_id = id(request) self._cached_queryset = qs_tmp return qs_tmp
def get_queryset(self): # Avoid a circular import. from django.contrib.contenttypes.models import ContentType user = self.form._magic_user if self.instance is None: return self.model._default_manager.empty() out = self.model._default_manager.filter(**{ self.ct_field.name: ContentType.objects.get_for_model(self.instance), self.ct_fk_field.name: self.instance.pk, }) if user.is_superuser: return out # filtering -- view permitted categories only cfield = model_category_fk_value(self.model) if not cfield: return out # self.instance .. Article, self.model .. Placement (in GenericInlineFormSet for Placement Inline) view_perm = get_permission('view', self.model) change_perm = get_permission('change', self.model) perms = (view_perm, change_perm,) qs = permission_filtered_model_qs(out, user, perms) qs = utils.user_category_filter(qs, user) return qs
def get_queryset(self): user = self.form._magic_user if not hasattr(self, '_queryset'): if self.queryset is not None: qs = self.queryset else: qs = self.model._default_manager.get_query_set() # category based permissions if not user.is_superuser: category_fk = model_category_fk(self.model) if category_fk: # in ListingInlineOptions: self.instance .. Placement instance, self.model .. Listing view_perm = get_permission('view', self.model) change_perm = get_permission('change', self.model) perms = (view_perm, change_perm,) qs = permission_filtered_model_qs(qs, user, perms) # user filtered categories qs = utils.user_category_filter(qs, user) if self.max_num > 0: self._queryset = qs[:self.max_num] else: self._queryset = qs return self._queryset