def change_roles_permissions(self, request): if not can_manage_user(request.user): raise PermissionDenied(user=request.user, perm=MANAGE_USER_PERMISION) opts = self.model._meta admin_site = self.admin_site has_perm = request.user.has_perm(opts.app_label + '.' + opts.get_change_permission()) if request.method == 'POST': selected = request.POST.getlist('selected_perm') for obj_perm in ObjectPermission.objects.filter( content__isnull=True): role_perm = "%s_%s" % (obj_perm.role.id, obj_perm.permission.id) if role_perm not in selected: obj_perm.delete() for role_perm in selected: role_id, perm_id = role_perm.split('_') role = Role.objects.get(id=role_id) perm = Permission.objects.get(id=perm_id) op, created = ObjectPermission.objects.get_or_create( role=role, permission=perm, content=None) return self.response_change_permissions(request) roles = Role.objects.all() permissions = {} for perm in Permission.objects.all(): permissions[perm] = [] for role in roles: permissions[perm].append( (role, perm.objectpermission_set.filter(role=role) and True or False)) context = { 'admin_site': admin_site.name, 'change': True, 'is_popup': False, 'save_as': False, 'has_delete_permission': False, 'has_add_permission': False, 'add': False, 'model_admin': self, 'title': "Roles permissions", 'opts': opts, 'root_path': '/%s' % admin_site.root_path, 'app_label': opts.app_label, 'has_change_permission': has_perm, 'role_permissions': permissions, 'roles': roles } template = 'admin/perms/objectpermission/role_permissions.html' return render_to_response(template, context, context_instance=RequestContext(request))
def change_roles_permissions(self, request): if not can_manage_user(request.user): raise PermissionDenied(user=request.user, perm=MANAGE_USER_PERMISION) opts = self.model._meta admin_site = self.admin_site has_perm = request.user.has_perm(opts.app_label + '.' + opts.get_change_permission()) if request.method == 'POST': selected = request.POST.getlist('selected_perm') for obj_perm in ObjectPermission.objects.filter(content__isnull=True): role_perm = "%s_%s" % (obj_perm.role.id, obj_perm.permission.id) if role_perm not in selected: obj_perm.delete() for role_perm in selected: role_id, perm_id = role_perm.split('_') role = Role.objects.get(id=role_id) perm = Permission.objects.get(id=perm_id) op, created = ObjectPermission.objects.get_or_create(role=role, permission=perm, content=None) return self.response_change_permissions(request) roles = Role.objects.all() permissions = {} for perm in Permission.objects.all(): permissions[perm] = [] for role in roles: permissions[perm].append((role, perm.objectpermission_set.filter(role=role) and True or False)) context = {'admin_site': admin_site.name, 'change': True, 'is_popup': False, 'save_as': False, 'has_delete_permission': False, 'has_add_permission': False, 'add': False, 'model_admin': self, 'title': "Roles permissions", 'opts': opts, 'root_path': '/%s' % admin_site.root_path, 'app_label': opts.app_label, 'has_change_permission': has_perm, 'role_permissions': permissions, 'roles': roles} template = 'admin/perms/objectpermission/role_permissions.html' return render_to_response(template, context, context_instance=RequestContext(request))
def has_change_permission(self, request, obj=None): """ Overrides Django admin behaviour to add ownership based access control """ return can_manage_user(request.user)