def get_visible_page_objects(request, pages, site):
"""
This code is basically a many-pages-at-once version of
cms.utils.page_permissions.user_can_view_page
pages contains all published pages
"""
user = request.user
public_for = get_cms_setting('PUBLIC_FOR')
can_see_unrestricted = public_for == 'all' or (public_for == 'staff'
and user.is_staff)
if not user.is_authenticated() and not can_see_unrestricted:
# User is not authenticated and can't see unrestricted pages,
# no need to check for page restrictions because if there's some,
# user is anon and if there is not any, user can't see unrestricted.
return []
if user_can_view_all_pages(user, site):
return pages
restricted_pages = get_view_restrictions(pages)
if not restricted_pages:
# If there's no restrictions, let the user see all pages
# only if he can see unrestricted, otherwise return no pages.
return pages if can_see_unrestricted else []
user_id = user.pk
user_groups = SimpleLazyObject(
lambda: frozenset(user.groups.values_list('pk', flat=True)))
is_auth_user = user.is_authenticated()
def user_can_see_page(page):
if page.publisher_is_draft:
page_id = page.pk
else:
page_id = page.publisher_public_id
page_permissions = restricted_pages.get(page_id, [])
if not page_permissions:
# Page has no view restrictions, fallback to the project's
# CMS_PUBLIC_FOR setting.
return can_see_unrestricted
if not is_auth_user:
return False
for perm in page_permissions:
if perm.user_id == user_id or perm.group_id in user_groups:
return True
return False
return [page for page in pages if user_can_see_page(page)]
def get_visible_page_objects(request, pages, site=None):
"""
This code is basically a many-pages-at-once version of
cms.utils.page_permissions.user_can_view_page
pages contains all published pages
"""
user = request.user
public_for = get_cms_setting('PUBLIC_FOR')
can_see_unrestricted = public_for == 'all' or (public_for == 'staff' and user.is_staff)
if not user.is_authenticated() and not can_see_unrestricted:
# User is not authenticated and can't see unrestricted pages,
# no need to check for page restrictions because if there's some,
# user is anon and if there is not any, user can't see unrestricted.
return []
if not site:
site = current_site(request)
if user_can_view_all_pages(user, site):
return pages
restricted_pages = get_view_restrictions(pages)
if not restricted_pages:
# If there's no restrictions, let the user see all pages
# only if he can see unrestricted, otherwise return no pages.
return pages if can_see_unrestricted else []
user_id = user.pk
user_groups = SimpleLazyObject(lambda: frozenset(user.groups.values_list('pk', flat=True)))
is_auth_user = user.is_authenticated()
def user_can_see_page(page):
if page.publisher_is_draft:
page_id = page.pk
else:
page_id = page.publisher_public_id
page_permissions = restricted_pages.get(page_id, [])
if not page_permissions:
# Page has no view restrictions, fallback to the project's
# CMS_PUBLIC_FOR setting.
return can_see_unrestricted
if not is_auth_user:
return False
for perm in page_permissions:
if perm.user_id == user_id or perm.group_id in user_groups:
return True
return False
return [page for page in pages if user_can_see_page(page)]