def accessible_ids(user, queryset, read=True, write=False, manage=False):
queryset = _get_queryset(queryset)
key = 'accessible_ids-%d-%s-%d%d%d' % (user.id if user and user.id else 0,
md5.new(str(queryset.query)).hexdigest(),
read, write, manage)
def get_ids():
return list(filter_by_access(user, queryset, read, write, manage).values_list('id', flat=True))
return get_cached_value(key, get_ids, model_dependencies=[queryset.model, AccessControl])
def get_effective_permissions_and_restrictions(user, model_instance, assume_authenticated=False):
from models import AccessControl, ExtendedGroup
user = user or AnonymousUser()
if user.is_superuser:
return (True, True, True, None)
owner = getattr(model_instance, 'owner', None)
if owner and owner == user:
return (True, True, True, None)
model_type = ContentType.objects.get_for_model(model_instance)
key = "get_effective_permissions_and_restrictions-%d-%d-%d" % (
user.id or 0,
model_type.id,
model_instance.id,
)
def calculate():
if not user.is_anonymous():
q = Q(user=user) | Q(usergroup__in=ExtendedGroup.objects.get_extra_groups(user, assume_authenticated)) | Q(usergroup__in=user.groups.all())
else:
q = Q(usergroup__in=ExtendedGroup.objects.get_extra_groups(user)) | Q(user=None, usergroup=None)
aclist = AccessControl.objects.filter(q, object_id=model_instance.id, content_type__pk=model_type.id)
def default_restrictions_precedences(a, b):
if a and b:
return a if a > b else b
else:
return None
def reduce_aclist(list):
def combine(a, b):
if a == False or (a == True and b == None): return a
else: return b
read = write = manage = None
restrictions = None
for ac in list:
read = combine(ac.read, read)
write = combine(ac.write, write)
manage = combine(ac.manage, manage)
r = ac.restrictions or dict()
if restrictions == None:
restrictions = r
continue
for key in set(restrictions.keys()) | set(r.keys()):
func = restriction_precedences.get(key, default_restrictions_precedences)
restrictions[key] = func(restrictions.get(key), r.get(key))
restrictions = dict((k, v) for k, v in restrictions.iteritems() if v)
return (read, write, manage, restrictions or dict())
user_aclist = filter(lambda a: a.user, aclist)
if user_aclist:
return reduce_aclist(user_aclist)
else:
return reduce_aclist(filter(lambda a: a.usergroup, aclist))
return get_cached_value(key, calculate, model_dependencies=[model_type, AccessControl, User])
def standardfield_ids(field, standard='dc', equiv=False):
def get_ids():
f = Field.objects.get(standard__prefix=standard, name=field)
if equiv:
ids = Field.objects.filter(Q(id=f.id) | Q(id__in=f.get_equivalent_fields())).values_list('id', flat=True)
else:
ids = [f.id]
return ids
return get_cached_value('standardfield_ids-%s-%s-%s' % (field, standard, equiv),
get_ids,
model_dependencies=[Field])
def standardfield_ids(field, standard='dc', equiv=False):
def get_ids():
f = Field.objects.get(standard__prefix=standard, name=field)
if equiv:
ids = Field.objects.filter(Q(id=f.id) | Q(id__in=f.get_equivalent_fields())).values_list('id', flat=True)
else:
ids = [f.id]
return ids
return get_cached_value('standardfield_ids-%s-%s-%s' % (field, standard, equiv),
get_ids,
model_dependencies=[Field])
def title(self):
def get_title():
titlefields = standardfield_ids('title', equiv=True)
titles = self.fieldvalue_set.filter(
field__in=titlefields,
owner=None,
context_type=None,
hidden=False)
return titles[0].value if titles else None
return get_cached_value('record-%d-title' % self.id,
get_title,
model_dependencies=[Field, FieldValue],
) if self.id else None
def identifier(self):
def get_identifier():
idfields = standardfield_ids('identifier', equiv=True)
identifiers = self.fieldvalue_set.filter(
field__in=idfields,
owner=None,
context_type=None,
hidden=False)
return identifiers[0].value if identifiers else None
return get_cached_value('record-%d-identifiers' % self.id,
get_identifier,
model_dependencies=[Field, FieldValue],
) if self.id else None
def title(self):
def get_title():
titlefields = standardfield_ids('title', equiv=True)
titles = self.fieldvalue_set.filter(
field__in=titlefields,
owner=None,
context_type=None,
hidden=False)
return titles[0].value if titles else None
return get_cached_value('record-%d-title' % self.id,
get_title,
model_dependencies=[Field, FieldValue],
) if self.id else None
def get_effective_permissions_and_restrictions(user,
model_instance,
assume_authenticated=False):
user = user or AnonymousUser()
if user.is_superuser:
return (True, True, True, None)
owner = getattr(model_instance, 'owner', None)
if owner and owner == user:
return (True, True, True, None)
model_type = ContentType.objects.get_for_model(model_instance)
key = "get_effective_permissions_and_restrictions-%d-%d-%d" % (
user.id or 0,
model_type.id,
model_instance.id,
)
def calculate():
if not user.is_anonymous():
q = Q(user=user) | Q(
usergroup__in=ExtendedGroup.objects.get_extra_groups(
user, assume_authenticated)) | Q(
usergroup__in=user.groups.all())
else:
q = Q(usergroup__in=ExtendedGroup.objects.get_extra_groups(
user)) | Q(user=None, usergroup=None)
aclist = AccessControl.objects.filter(q,
object_id=model_instance.id,
content_type__pk=model_type.id)
def default_restrictions_precedences(a, b):
if a and b:
return a if a > b else b
else:
return None
def reduce_aclist(list):
def combine(a, b):
if a == False or (a == True and b == None): return a
else: return b
read = write = manage = None
restrictions = None
for ac in list:
read = combine(ac.read, read)
write = combine(ac.write, write)
manage = combine(ac.manage, manage)
r = ac.restrictions or dict()
if restrictions == None:
restrictions = r
continue
for key in set(restrictions.keys()) | set(r.keys()):
func = restriction_precedences.get(
key, default_restrictions_precedences)
restrictions[key] = func(restrictions.get(key), r.get(key))
restrictions = dict(
(k, v) for k, v in restrictions.iteritems() if v)
return (read, write, manage, restrictions or dict())
user_aclist = filter(lambda a: a.user, aclist)
if user_aclist:
return reduce_aclist(user_aclist)
else:
return reduce_aclist(filter(lambda a: a.usergroup, aclist))
return get_cached_value(
key, calculate, model_dependencies=[model_type, AccessControl, User])