""" ACL's for targets """ @require_target_type(Forum) def add_acl_to_target(user, target): target.acl['can_see'] = can_see_forum(user, target) target.acl['can_browse'] = can_browse_forum(user, target) """ ACL tests """ def allow_see_forum(user, target): try: forum_id = target.pk except AttributeError: forum_id = int(target) if not forum_id in user.acl['visible_forums']: raise Http404() can_see_forum = return_boolean(allow_see_forum) def allow_browse_forum(user, target): target_acl = user.acl['forums'].get(target.id, {'can_browse': False}) if not target_acl['can_browse']: message = _('You don\'t have permission ' 'to browse "%(forum)s" contents.') raise PermissionDenied(message % {'forum': target.name}) can_browse_forum = return_boolean(allow_browse_forum)
can_hide_events = forum_acl.get('can_can_hide_events', 0) event.acl['can_hide'] = can_hide_events > 0 event.acl['can_delete'] = can_hide_events == 2 """ ACL tests """ def allow_see_thread(user, target): forum_acl = user.acl['forums'].get(target.forum_id, {}) if not forum_acl.get('can_see_all_threads'): if user.is_anonymous() or user.pk != target.starter_id: message = _("You can't see other users threads in this forum.") raise PermissionDenied(user) can_see_thread = return_boolean(allow_see_thread) def allow_start_thread(user, target): if target.is_closed: message = _("This forum is closed. You can't start new threads in it.") raise PermissionDenied(message) if user.is_anonymous(): raise PermissionDenied(_("You have to sign in to start new thread.")) if not user.acl['forums'].get(target.id, {'can_start_threads': False}): raise PermissionDenied(_("You don't have permission to start " "new threads in this forum.")) can_start_thread = return_boolean(allow_start_thread) """
if target_acl[permission]: target_acl['can_have_attitude'] = True break def register_with(registry): registry.acl_annotator(get_user_model(), add_acl_to_user) """ ACL tests """ def allow_browse_users_list(user): if not user.acl['can_browse_users_list']: raise PermissionDenied(_("You can't browse users list.")) can_browse_users_list = return_boolean(allow_browse_users_list) @authenticated_only def allow_follow_user(user, target): if not user.acl['can_follow_users']: raise PermissionDenied(_("You can't follow other users.")) if user.pk == target.pk: raise PermissionDenied(_("You can't add yourself to followed.")) can_follow_user = return_boolean(allow_follow_user) @authenticated_only def allow_block_user(user, target): if target.is_staff or target.is_superuser: raise PermissionDenied(_("You can't block administrators."))
new_acl['forums'][private_forum.pk] = forum_acl return new_acl """ ACL tests """ def allow_use_private_threads(user): if user.is_anonymous(): raise PermissionDenied(_("Unsigned members can't use " "private threads system.")) if not user.acl['can_use_private_threads']: raise PermissionDenied(_("You can't use private threads system.")) can_use_private_threads = return_boolean(allow_use_private_threads) def allow_see_private_thread(user, target): can_see_moderated = user.acl.get('can_moderate_private_threads') can_see_moderated = can_see_moderated and target.has_reported_posts can_see_participating = user in [p.user for p in target.participants_list] if not (can_see_participating or can_see_moderated): raise Http404() can_see_private_thread = return_boolean(allow_see_private_thread) def allow_see_private_post(user, target): can_see_moderated = user.acl.get('can_moderate_private_threads') if not (can_see_moderated and target.thread.has_reported_posts):
}) def register_with(registry): registry.acl_annotator(Thread, add_acl_to_thread) """ ACL tests """ def allow_use_private_threads(user): if user.is_anonymous(): raise PermissionDenied(_("You have to sign in to use private threads.")) if not user.acl['can_use_private_threads']: raise PermissionDenied(_("You can't use private threads.")) can_use_private_threads = return_boolean(allow_use_private_threads) def allow_see_private_thread(user, target): if user.acl['can_moderate_private_threads']: can_see_reported = target.has_reported_posts else: can_see_reported = False can_see_participating = user in [p.user for p in target.participants_list] if not (can_see_participating or can_see_reported): raise Http404() can_see_private_thread = return_boolean(allow_see_private_thread)
category_acl = user.acl['categories'].get(target.category_id, { 'can_close_threads': False, }) if not user.acl.get('can_start_polls'): raise PermissionDenied(_("You can't start polls.")) if user.acl.get('can_start_polls') < 2 and user.pk != target.starter_id: raise PermissionDenied(_("You can't start polls in other users threads.")) if not category_acl.get('can_close_threads'): if target.category.is_closed: raise PermissionDenied(_("This category is closed. You can't start polls in it.")) if target.is_closed: raise PermissionDenied(_("This thread is closed. You can't start polls in it.")) can_start_poll = return_boolean(allow_start_poll) def allow_edit_poll(user, target): if user.is_anonymous(): raise PermissionDenied(_("You have to sign in to edit polls.")) category_acl = user.acl['categories'].get(target.category_id, { 'can_close_threads': False, }) if not user.acl.get('can_edit_polls'): raise PermissionDenied(_("You can't edit polls.")) if user.acl.get('can_edit_polls') < 2: if user.pk != target.poster_id:
if not (category_acl['can_see'] and category_acl['can_browse']): raise Http404() if target.is_hidden and (user.is_anonymous or not category_acl['can_hide_threads']): raise Http404() if user.is_anonymous or user.pk != target.starter_id: if not category_acl['can_see_all_threads']: raise Http404() if target.is_unapproved and not category_acl['can_approve_content']: raise Http404() can_see_thread = return_boolean(allow_see_thread) def allow_start_thread(user, target): if user.is_anonymous: raise PermissionDenied(_("You have to sign in to start threads.")) category_acl = user.acl_cache['categories'].get(target.pk, { 'can_start_threads': False, }) if not category_acl['can_start_threads']: raise PermissionDenied( _("You don't have permission to start new threads in this category." ))
'can_browse': False }) if not (category_acl['can_see'] and category_acl['can_browse']): raise Http404() if target.is_hidden and (user.is_anonymous() or not category_acl['can_hide_threads']): raise Http404() if user.is_anonymous() or user.pk != target.starter_id: if not category_acl['can_see_all_threads']: raise Http404() if target.is_unapproved and not category_acl['can_approve_content']: raise Http404() can_see_thread = return_boolean(allow_see_thread) def allow_start_thread(user, target): if user.is_anonymous(): raise PermissionDenied(_("You have to sign in to start threads.")) category_acl = user.acl['categories'].get(target.pk, { 'can_close_threads': False, 'can_start_threads': False }) if target.is_closed and not category_acl['can_close_threads']: raise PermissionDenied(_("This category is closed. You can't start new threads in it.")) if not category_acl['can_start_threads']:
}) def register_with(registry): registry.acl_annotator(Thread, add_acl_to_thread) def allow_use_private_threads(user): if user.is_anonymous: raise PermissionDenied( _("You have to sign in to use private threads.")) if not user.acl_cache['can_use_private_threads']: raise PermissionDenied(_("You can't use private threads.")) can_use_private_threads = return_boolean(allow_use_private_threads) def allow_see_private_thread(user, target): if user.acl_cache['can_moderate_private_threads']: can_see_reported = target.has_reported_posts else: can_see_reported = False can_see_participating = user in [p.user for p in target.participants_list] if not (can_see_participating or can_see_reported): raise Http404() can_see_private_thread = return_boolean(allow_see_private_thread)
target.acl['can_moderate'] = True break def register_with(registry): registry.acl_annotator(get_user_model(), add_acl_to_user) def allow_rename_user(user, target): if not user.acl_cache['can_rename_users']: raise PermissionDenied(_("You can't rename users.")) if not user.is_superuser and (target.is_staff or target.is_superuser): raise PermissionDenied(_("You can't rename administrators.")) can_rename_user = return_boolean(allow_rename_user) def allow_moderate_avatar(user, target): if not user.acl_cache['can_moderate_avatars']: raise PermissionDenied(_("You can't moderate avatars.")) if not user.is_superuser and (target.is_staff or target.is_superuser): raise PermissionDenied(_("You can't moderate administrators avatars.")) can_moderate_avatar = return_boolean(allow_moderate_avatar) def allow_moderate_signature(user, target): if not user.acl_cache['can_moderate_signatures']: raise PermissionDenied(_("You can't moderate signatures."))
registry.acl_serializer(AnonymousUser, serialize_categories_alcs) """ ACL tests """ def allow_see_category(user, target): try: category_id = target.pk except AttributeError: category_id = int(target) if not category_id in user.acl['visible_categories']: raise Http404() can_see_category = return_boolean(allow_see_category) def allow_browse_category(user, target): target_acl = user.acl['categories'].get(target.id, {'can_browse': False}) if not target_acl['can_browse']: message = _('You don\'t have permission ' 'to browse "%(category)s" contents.') raise PermissionDenied(message % {'category': target.name}) can_browse_category = return_boolean(allow_browse_category)
if target_acl[permission]: target_acl['can_have_attitude'] = True break """ ACL tests """ def allow_browse_users_list(user): if not user.acl['can_browse_users_list']: raise PermissionDenied(_("You can't browse users list.")) can_browse_users_list = return_boolean(allow_browse_users_list) def allow_see_users_online_list(user): if not user.acl['can_see_users_online_list']: raise PermissionDenied(_("You can't browse users online list.")) can_see_users_online_list = return_boolean(allow_see_users_online_list) @authenticated_only def allow_follow_user(user, target): if not user.acl['can_follow_users']: raise PermissionDenied(_("You can't follow other users.")) if user.pk == target.pk:
""" ACL tests """ def allow_delete_user(user, target): newer_than = user.acl['can_delete_users_newer_than'] less_posts_than = user.acl['can_delete_users_with_less_posts_than'] if not (newer_than or less_posts_than): raise PermissionDenied(_("You can't delete users.")) if user.pk == target.pk: raise PermissionDenied(_("You can't delete yourself.")) if target.is_staff or target.is_superuser: raise PermissionDenied(_("You can't delete administrators.")) if newer_than: if target.joined_on < timezone.now() - timedelta(days=newer_than): message = ungettext("You can't delete users that are " "members for more than %(days)s day.", "You can't delete users that are " "members for more than %(days)s days.", newer_than) % {'days': newer_than} raise PermissionDenied(message) if less_posts_than: if target.posts > less_posts_than: message = ungettext( "You can't delete users that made more than %(posts)s post.", "You can't delete users that made more than %(posts)s posts.", less_posts_than) % {'posts': less_posts_than} raise PermissionDenied(message) can_delete_user = return_boolean(allow_delete_user)
""" ACL tests """ def allow_use_private_threads(user): if user.is_anonymous(): raise PermissionDenied( _("Unsigned members can't use " "private threads system.")) if not user.acl['can_use_private_threads']: raise PermissionDenied(_("You can't use private threads system.")) can_use_private_threads = return_boolean(allow_use_private_threads) def allow_see_private_thread(user, target): can_see_moderated = user.acl.get('can_moderate_private_threads') can_see_moderated = can_see_moderated and target.has_reported_posts can_see_participating = user in [p.user for p in target.participants_list] if not (can_see_participating or can_see_moderated): raise Http404() can_see_private_thread = return_boolean(allow_see_private_thread) def allow_see_private_post(user, target):
def allow_delete_user(user, target): newer_than = user.acl_cache['can_delete_users_newer_than'] less_posts_than = user.acl_cache['can_delete_users_with_less_posts_than'] if not newer_than and not less_posts_than: raise PermissionDenied(_("You can't delete users.")) if user.pk == target.pk: raise PermissionDenied(_("You can't delete yourself.")) if target.is_staff or target.is_superuser: raise PermissionDenied(_("You can't delete administrators.")) if newer_than: if target.joined_on < timezone.now() - timedelta(days=newer_than): message = ungettext( "You can't delete users that are members for more than %(days)s day.", "You can't delete users that are members for more than %(days)s days.", newer_than, ) raise PermissionDenied(message % {'days': newer_than}) if less_posts_than: if target.posts > less_posts_than: message = ungettext( "You can't delete users that made more than %(posts)s post.", "You can't delete users that made more than %(posts)s posts.", less_posts_than, ) raise PermissionDenied(message % {'posts': less_posts_than}) can_delete_user = return_boolean(allow_delete_user)
registry.acl_annotator(get_user_model(), add_acl_to_user) """ ACL tests """ def allow_rename_user(user, target): if not user.acl["can_rename_users"]: raise PermissionDenied(_("You can't rename users.")) if not user.is_superuser and (target.is_staff or target.is_superuser): raise PermissionDenied(_("You can't rename administrators.")) can_rename_user = return_boolean(allow_rename_user) def allow_moderate_avatar(user, target): if not user.acl["can_moderate_avatars"]: raise PermissionDenied(_("You can't moderate avatars.")) if not user.is_superuser and (target.is_staff or target.is_superuser): raise PermissionDenied(_("You can't moderate administrators avatars.")) can_moderate_avatar = return_boolean(allow_moderate_avatar) def allow_moderate_signature(user, target): if not user.acl["can_moderate_signatures"]: raise PermissionDenied(_("You can't moderate signatures."))
ACL tests """ def allow_see_thread(user, target): forum_acl = user.acl['forums'].get(target.forum_id, {}) if not forum_acl.get('can_browse'): raise Http404() if user.is_anonymous() or user.pk != target.starter_id: if not forum_acl.get('can_see_all_threads'): raise Http404() if target.is_moderated: if not forum_acl.get('can_review_moderated_content'): raise Http404() if target.is_hidden and not forum_acl.get('can_hide_threads'): raise Http404() can_see_thread = return_boolean(allow_see_thread) def allow_start_thread(user, target): if user.is_anonymous(): raise PermissionDenied(_("You have to sign in to start threads.")) if target.is_closed and not target.acl['can_close_threads']: raise PermissionDenied( _("This forum is closed. You can't start new threads in it.")) if not user.acl['forums'].get(target.id, {'can_start_threads': False}): raise PermissionDenied(_("You don't have permission to start " "new threads in this forum.")) can_start_thread = return_boolean(allow_start_thread)
if target_acl[permission]: target_acl['can_have_attitude'] = True break def register_with(registry): registry.acl_annotator(get_user_model(), add_acl_to_user) """ ACL tests """ def allow_browse_users_list(user): if not user.acl['can_browse_users_list']: raise PermissionDenied(_("You can't browse users list.")) can_browse_users_list = return_boolean(allow_browse_users_list) def allow_see_users_online_list(user): if not user.acl['can_see_users_online_list']: raise PermissionDenied(_("You can't browse users online list.")) can_see_users_online_list = return_boolean(allow_see_users_online_list) @authenticated_only def allow_follow_user(user, target): if not user.acl['can_follow_users']: raise PermissionDenied(_("You can't follow other users.")) if user.pk == target.pk: raise PermissionDenied(_("You can't add yourself to followed.")) can_follow_user = return_boolean(allow_follow_user)
raise PermissionDenied(_("You can't start polls.")) if user.acl_cache.get( 'can_start_polls') < 2 and user.pk != target.starter_id: raise PermissionDenied( _("You can't start polls in other users threads.")) if not category_acl.get('can_close_threads'): if target.category.is_closed: raise PermissionDenied( _("This category is closed. You can't start polls in it.")) if target.is_closed: raise PermissionDenied( _("This thread is closed. You can't start polls in it.")) can_start_poll = return_boolean(allow_start_poll) def allow_edit_poll(user, target): if user.is_anonymous: raise PermissionDenied(_("You have to sign in to edit polls.")) category_acl = user.acl_cache['categories'].get(target.category_id, { 'can_close_threads': False, }) if not user.acl_cache.get('can_edit_polls'): raise PermissionDenied(_("You can't edit polls.")) if user.acl_cache.get('can_edit_polls') < 2: if user.pk != target.poster_id:
def register_with(registry): registry.acl_annotator(get_user_model(), add_acl_to_user) registry.acl_annotator(UserWarning, add_acl_to_warning) """ ACL tests """ def allow_see_warnings(user, target): if user.is_authenticated() and user.pk == target.pk: return None if not user.acl['can_see_other_users_warnings']: raise PermissionDenied(_("You can't see other users warnings.")) can_see_warnings = return_boolean(allow_see_warnings) @authenticated_only def allow_warn_user(user, target): if not user.acl['can_warn_users']: raise PermissionDenied(_("You can't warn users.")) if not user.is_superuser and (target.is_staff or target.is_superuser): raise PermissionDenied(_("You can't warn administrators.")) if not target.acl['can_be_warned']: message = _("%(user)s can't be warned.") raise PermissionDenied(message % {'user': target.username}) can_warn_user = return_boolean(allow_warn_user) @authenticated_only
registry.acl_annotator(get_user_model(), add_acl_to_user) """ ACL tests """ def allow_rename_user(user, target): if not user.acl['can_rename_users']: raise PermissionDenied(_("You can't rename users.")) if not user.is_superuser and (target.is_staff or target.is_superuser): raise PermissionDenied(_("You can't rename administrators.")) can_rename_user = return_boolean(allow_rename_user) def allow_moderate_avatar(user, target): if not user.acl['can_moderate_avatars']: raise PermissionDenied(_("You can't moderate avatars.")) if not user.is_superuser and (target.is_staff or target.is_superuser): raise PermissionDenied(_("You can't moderate administrators avatars.")) can_moderate_avatar = return_boolean(allow_moderate_avatar) def allow_moderate_signature(user, target): if not user.acl['can_moderate_signatures']: raise PermissionDenied(_("You can't moderate signatures."))
serialized_acl['categories'] = categories_acl def register_with(registry): registry.acl_annotator(Category, add_acl_to_category) registry.acl_serializer(get_user_model(), serialize_categories_alcs) registry.acl_serializer(AnonymousUser, serialize_categories_alcs) """ ACL tests """ def allow_see_category(user, target): try: category_id = target.pk except AttributeError: category_id = int(target) if not category_id in user.acl['visible_categories']: raise Http404() can_see_category = return_boolean(allow_see_category) def allow_browse_category(user, target): target_acl = user.acl['categories'].get(target.id, {'can_browse': False}) if not target_acl['can_browse']: message = _('You don\'t have permission to browse "%(category)s" contents.') raise PermissionDenied(message % {'category': target.name}) can_browse_category = return_boolean(allow_browse_category)
forum_acl = user.acl['forums'].get(event.forum_id, {}) can_hide_events = forum_acl.get('can_hide_events', 0) event.acl['can_hide'] = can_hide_events > 0 event.acl['can_delete'] = can_hide_events == 2 """ ACL tests """ def allow_see_thread(user, target): forum_acl = user.acl['forums'].get(target.forum_id, {}) if not forum_acl.get('can_see_all_threads'): if user.is_anonymous() or user.pk != target.starter_id: raise Http404() can_see_thread = return_boolean(allow_see_thread) def allow_start_thread(user, target): if target.is_closed: message = _("This forum is closed. You can't start new threads in it.") raise PermissionDenied(message) if user.is_anonymous(): raise PermissionDenied(_("You have to sign in to start new thread.")) if not user.acl['forums'].get(target.id, {'can_start_threads': False}): raise PermissionDenied(_("You don't have permission to start " "new threads in this forum.")) can_start_thread = return_boolean(allow_start_thread) def allow_reply_thread(user, target):
def register_with(registry): registry.acl_annotator(get_user_model(), add_acl_to_user) """ ACL tests """ def allow_browse_users_list(user): if not user.acl['can_browse_users_list']: raise PermissionDenied(_("You can't browse users list.")) can_browse_users_list = return_boolean(allow_browse_users_list) @authenticated_only def allow_follow_user(user, target): if not user.acl['can_follow_users']: raise PermissionDenied(_("You can't follow other users.")) if user.pk == target.pk: raise PermissionDenied(_("You can't add yourself to followed.")) can_follow_user = return_boolean(allow_follow_user) @authenticated_only def allow_block_user(user, target):