def queryset(self, request):
"""
First semi-working draft of category-based permissions. It will allow permissions to be set per category
effectively hiding the content the user has no permission to see/change.
"""
# return cached queryset, if possible
if self._cached_queryset_request_id == id(request) and type(self._cached_queryset) != type(None):
return self._cached_queryset
q = super(NewmanModelAdmin, self).queryset(request)
# user category filter
qs = utils.user_category_filter(q, request.user)
# if self.model is licensed filter queryset
if License._meta.installed:
exclude_pks = License.objects.unapplicable_for_model(self.model)
qs_tmp = qs.exclude(pk__in=exclude_pks)
utils.copy_queryset_flags(qs_tmp, qs)
qs = qs_tmp
if request.user.is_superuser:
return qs
view_perm = self.opts.app_label + '.' + 'view_' + self.model._meta.module_name.lower()
change_perm = self.opts.app_label + '.' + 'change_' + self.model._meta.module_name.lower()
perms = (view_perm, change_perm,)
# return permission_filtered_model_qs(qs, request.user, perms)
qs_tmp = permission_filtered_model_qs(qs, request.user, perms)
utils.copy_queryset_flags(qs_tmp, qs)
# cache the result
self._cached_queryset_request_id = id(request)
self._cached_queryset = qs_tmp
return qs_tmp
def get_queryset(self):
user = self.form._magic_user
if not hasattr(self, '_queryset'):
if self.queryset is not None:
qs = self.queryset
else:
qs = self.model._default_manager.get_query_set()
# category based permissions
if not user.is_superuser:
category_fk = model_category_fk(self.model)
if category_fk:
# in ListingInlineOptions: self.instance .. Placement instance, self.model .. Listing
view_perm = get_permission('view', self.model)
change_perm = get_permission('change', self.model)
perms = (
view_perm,
change_perm,
)
qs = permission_filtered_model_qs(qs, user, perms)
# user filtered categories
qs = utils.user_category_filter(qs, user)
if self.max_num > 0:
self._queryset = qs[:self.max_num]
else:
self._queryset = qs
return self._queryset
def test_only_viewable_articles_retrieved(self):
# article1
accessible_article = Article.objects.create(
title=u'Testable rabbit',
slug='testable-rabbit',
description='Perex',
category=self.nested_first_level_two)
accessible_article.authors.add(self.author)
accessible_article.save()
inaccessible_article = Article.objects.create(
title='Lost rabbit',
slug='testable-rabbit',
description='Perex',
category=self.nested_first_level)
inaccessible_article.authors.add(self.author)
inaccessible_article.save()
# test
filtered_qs = permission_filtered_model_qs(
Article.objects.all(), self.user,
['articles.view_article', 'articles.change_article'])
available_articles = list(filtered_qs.all())
tools.assert_equals(accessible_article, available_articles[0])
tools.assert_equals(1, len(available_articles))
def filter_func(fspec):
root_cats = Category.objects.filter(tree_parent__isnull=True)
qs = permission_filtered_model_qs(root_cats, fspec.user)
for cat in qs:
lookup_dict = dict()
lookup_dict[fspec.site_field_path] = cat.site.pk
link_text = "%s (%s)" % (cat.site.name, cat.site.domain)
link = (link_text, lookup_dict)
fspec.links.append(link)
return True
def filter_func(fspec):
root_cats = Category.objects.filter(tree_parent__isnull=True)
qs = permission_filtered_model_qs(root_cats, fspec.user)
for cat in qs:
lookup_dict = dict()
lookup_dict[fspec.site_field_path] = cat.site.pk
link_text = '%s (%s)' % (cat.site.name, cat.site.domain)
link = (link_text, lookup_dict)
fspec.links.append(link)
return True
def restrict_field_categories(self, form, user, model):
if 'category' not in form.base_fields:
return
f = form.base_fields['category']
if hasattr(f.queryset, '_newman_filtered'):
return
view_perm = get_permission('view', model)
change_perm = get_permission('change', model)
perms = (view_perm, change_perm,)
qs = permission_filtered_model_qs(f.queryset, user, perms)
qs._newman_filtered = True #magic variable
f._set_queryset(qs)
def _get_queryset(self):
if hasattr(self._queryset, '_newman_filtered'):
return self._queryset
view_perm = get_permission('view', self.model)
change_perm = get_permission('change', self.model)
perms = (view_perm, change_perm,)
qs = permission_filtered_model_qs(self._queryset, self.user, perms)
# user category filter
qs = utils.user_category_filter(qs, self.user)
qs._newman_filtered = True #magic variable
self._set_queryset(qs)
return self._queryset
def test_only_viewable_articles_retrieved(self):
# article1
accessible_article = Article.objects.create(title=u'Testable rabbit', slug='testable-rabbit', description='Perex', category=self.nested_first_level_two)
accessible_article.authors.add(self.author)
accessible_article.save()
inaccessible_article = Article.objects.create(title='Lost rabbit', slug='testable-rabbit', description='Perex', category=self.nested_first_level)
inaccessible_article.authors.add(self.author)
inaccessible_article.save()
# test
filtered_qs = permission_filtered_model_qs(
Article.objects.all(),
self.user,
['articles.view_article', 'articles.change_article']
)
available_articles = list(filtered_qs.all())
tools.assert_equals(accessible_article, available_articles[0])
tools.assert_equals(1, len(available_articles))
def queryset(self, request):
"""
First semi-working draft of category-based permissions. It will allow permissions to be set per category
effectively hiding the content the user has no permission to see/change.
"""
# return cached queryset, if possible
if self._cached_queryset_request_id == id(request) and type(
self._cached_queryset) != type(None):
return self._cached_queryset
q = super(NewmanModelAdmin, self).queryset(request)
# user category filter
qs = utils.user_category_filter(q, request.user)
# if self.model is licensed filter queryset
if License._meta.installed:
exclude_pks = License.objects.unapplicable_for_model(self.model)
qs_tmp = qs.exclude(pk__in=exclude_pks)
utils.copy_queryset_flags(qs_tmp, qs)
qs = qs_tmp
if request.user.is_superuser:
return qs
view_perm = self.opts.app_label + '.' + 'view_' + self.model._meta.module_name.lower(
)
change_perm = self.opts.app_label + '.' + 'change_' + self.model._meta.module_name.lower(
)
perms = (
view_perm,
change_perm,
)
# return permission_filtered_model_qs(qs, request.user, perms)
qs_tmp = permission_filtered_model_qs(qs, request.user, perms)
utils.copy_queryset_flags(qs_tmp, qs)
# cache the result
self._cached_queryset_request_id = id(request)
self._cached_queryset = qs_tmp
return qs_tmp
def get_queryset(self):
# Avoid a circular import.
from django.contrib.contenttypes.models import ContentType
user = self.form._magic_user
if self.instance is None:
return self.model._default_manager.empty()
out = self.model._default_manager.filter(**{
self.ct_field.name: ContentType.objects.get_for_model(self.instance),
self.ct_fk_field.name: self.instance.pk,
})
if user.is_superuser:
return out
# filtering -- view permitted categories only
cfield = model_category_fk_value(self.model)
if not cfield:
return out
# self.instance .. Article, self.model .. Placement (in GenericInlineFormSet for Placement Inline)
view_perm = get_permission('view', self.model)
change_perm = get_permission('change', self.model)
perms = (view_perm, change_perm,)
qs = permission_filtered_model_qs(out, user, perms)
qs = utils.user_category_filter(qs, user)
return qs
def get_queryset(self):
user = self.form._magic_user
if not hasattr(self, '_queryset'):
if self.queryset is not None:
qs = self.queryset
else:
qs = self.model._default_manager.get_query_set()
# category based permissions
if not user.is_superuser:
category_fk = model_category_fk(self.model)
if category_fk:
# in ListingInlineOptions: self.instance .. Placement instance, self.model .. Listing
view_perm = get_permission('view', self.model)
change_perm = get_permission('change', self.model)
perms = (view_perm, change_perm,)
qs = permission_filtered_model_qs(qs, user, perms)
# user filtered categories
qs = utils.user_category_filter(qs, user)
if self.max_num > 0:
self._queryset = qs[:self.max_num]
else:
self._queryset = qs
return self._queryset
