def __get_users_and_groups(cls, obj=None):
users = User.objects.all()
groups = Group.objects.all()
content_type = cerberus.get_class_content_type(cls)
class_perms = cerberus.get_class_perms(cls)
ucp = UserClassPermission.objects.filter(content_type=content_type)
gcp = GroupClassPermission.objects.filter(content_type=content_type)
group_class_perms = {}
for g in groups:
group_class_perms[g] = set()
for perm in gcp.filter(group=g).values('codename'):
group_class_perms[g].add(perm['codename'])
g.class_perms = group_class_perms[g]
for u in users:
u.class_perms = {}
u.class_perms_user_only = set()
for perm in ucp.filter(user=u).values('codename'):
u.class_perms[perm['codename']] = 'User permission on %s' % cls.__name__
u.class_perms_user_only.add(perm['codename'])
perms_set = set(u.class_perms)
for g in u.groups.all():
for nperm in (group_class_perms[g] - perms_set):
u.class_perms[nperm] = 'Permission received from group: %s' % unicode(g)
if u.is_superuser:
for cls_perm in class_perms:
u.class_perms[cls_perm] = 'User receives permission as superuser.'
if obj is None:
return (users, groups)
uop = UserObjectPermission.objects.filter(content_type=content_type, object_pk=obj.pk)
gop = GroupObjectPermission.objects.filter(content_type=content_type, object_pk=obj.pk)
object_perms = cerberus.get_object_perms(cls)
group_object_perms = {}
for g in groups:
# handle regular GroupObjectPermissions
group_object_perms[g] = set()
for perm in gop.filter(group=g).values('codename'):
group_object_perms[g].add(perm['codename'])
g.object_perms = group_object_perms[g]
g.object_perms_group_only = group_object_perms[g]
# handle group object perms inherited from class perms
# TODO
for u in users:
# handle regular UserObjectPermissions
u.object_perms_user_only = set()
u.object_perms = {}
for perm in uop.filter(user=u).values('codename'):
u.object_perms_user_only.add(perm['codename'])
u.object_perms[perm['codename']] = 'User permission on %s %s' % (cls.__name__, unicode(obj))
for g in u.groups.all():
for nperm in (group_object_perms[g] - perms_set):
u.object_perms[nperm] = 'Permission received from group: %s' % unicode(g)
if u.is_superuser:
for obj_perm in object_perms:
u.object_perms[obj_perm] = 'User receives permission as superuser.'
# handle user object perms inherited from class perms
# TODO
return (users, groups)
def __get_cls_obj_and_content_type(clsname, obj_pk):
(cls, obj) = (None, None)
for cerb_cls in cerberus.get_classes():
if cerb_cls.__name__.lower() == clsname:
cls = cerb_cls
if cls is None:
raise Exception("Invalid class name.")
content_type = cerberus.get_class_content_type(cls)
if obj_pk is not None:
obj = cls.objects.get(pk=obj_pk)
return (cls, obj, content_type)
