Exemplo n.º 1
0
def accessible_ids(user, queryset, read=True, write=False, manage=False):
    queryset = _get_queryset(queryset)
    key = 'accessible_ids-%d-%s-%d%d%d' % (user.id if user and user.id else 0,
                                           md5.new(str(queryset.query)).hexdigest(),
                                           read, write, manage)
    def get_ids():
        return list(filter_by_access(user, queryset, read, write, manage).values_list('id', flat=True))
    return get_cached_value(key, get_ids, model_dependencies=[queryset.model, AccessControl])
Exemplo n.º 2
0
def get_effective_permissions_and_restrictions(user, model_instance, assume_authenticated=False):
    from models import AccessControl, ExtendedGroup
    user = user or AnonymousUser()

    if user.is_superuser:
        return (True, True, True, None)
    owner = getattr(model_instance, 'owner', None)
    if owner and owner == user:
        return (True, True, True, None)

    model_type = ContentType.objects.get_for_model(model_instance)
    key = "get_effective_permissions_and_restrictions-%d-%d-%d" % (
        user.id or 0,
        model_type.id,
        model_instance.id,
    )

    def calculate():
        if not user.is_anonymous():
            q = Q(user=user) | Q(usergroup__in=ExtendedGroup.objects.get_extra_groups(user, assume_authenticated)) | Q(usergroup__in=user.groups.all())
        else:
            q = Q(usergroup__in=ExtendedGroup.objects.get_extra_groups(user)) | Q(user=None, usergroup=None)

        aclist = AccessControl.objects.filter(q, object_id=model_instance.id, content_type__pk=model_type.id)

        def default_restrictions_precedences(a, b):
            if a and b:
                return a if a > b else b
            else:
                return None

        def reduce_aclist(list):
            def combine(a, b):
                if a == False or (a == True and b == None): return a
                else: return b
            read = write = manage = None
            restrictions = None
            for ac in list:
                read = combine(ac.read, read)
                write = combine(ac.write, write)
                manage = combine(ac.manage, manage)
                r = ac.restrictions or dict()
                if restrictions == None:
                    restrictions = r
                    continue
                for key in set(restrictions.keys()) | set(r.keys()):
                    func = restriction_precedences.get(key, default_restrictions_precedences)
                    restrictions[key] = func(restrictions.get(key), r.get(key))
                restrictions = dict((k, v) for k, v in restrictions.iteritems() if v)
            return (read, write, manage, restrictions or dict())

        user_aclist = filter(lambda a: a.user, aclist)
        if user_aclist:
            return reduce_aclist(user_aclist)
        else:
            return reduce_aclist(filter(lambda a: a.usergroup, aclist))

    return get_cached_value(key, calculate, model_dependencies=[model_type, AccessControl, User])
Exemplo n.º 3
0
def standardfield_ids(field, standard='dc', equiv=False):
    def get_ids():
        f = Field.objects.get(standard__prefix=standard, name=field)
        if equiv:
            ids = Field.objects.filter(Q(id=f.id) | Q(id__in=f.get_equivalent_fields())).values_list('id', flat=True)
        else:
            ids = [f.id]
        return ids
    return get_cached_value('standardfield_ids-%s-%s-%s' % (field, standard, equiv),
                            get_ids,
                            model_dependencies=[Field])
Exemplo n.º 4
0
def standardfield_ids(field, standard='dc', equiv=False):
    def get_ids():
        f = Field.objects.get(standard__prefix=standard, name=field)
        if equiv:
            ids = Field.objects.filter(Q(id=f.id) | Q(id__in=f.get_equivalent_fields())).values_list('id', flat=True)
        else:
            ids = [f.id]
        return ids
    return get_cached_value('standardfield_ids-%s-%s-%s' % (field, standard, equiv),
                            get_ids,
                            model_dependencies=[Field])
Exemplo n.º 5
0
 def title(self):
     def get_title():
         titlefields = standardfield_ids('title', equiv=True)
         titles = self.fieldvalue_set.filter(
             field__in=titlefields,
             owner=None,
             context_type=None,
             hidden=False)
         return titles[0].value if titles else None
     return get_cached_value('record-%d-title' % self.id,
                             get_title,
                             model_dependencies=[Field, FieldValue],
                             ) if self.id else None
Exemplo n.º 6
0
 def identifier(self):
     def get_identifier():
         idfields = standardfield_ids('identifier', equiv=True)
         identifiers = self.fieldvalue_set.filter(
             field__in=idfields,
             owner=None,
             context_type=None,
             hidden=False)
         return identifiers[0].value if identifiers else None
     return get_cached_value('record-%d-identifiers' % self.id,
                             get_identifier,
                             model_dependencies=[Field, FieldValue],
                             ) if self.id else None
Exemplo n.º 7
0
 def title(self):
     def get_title():
         titlefields = standardfield_ids('title', equiv=True)
         titles = self.fieldvalue_set.filter(
             field__in=titlefields,
             owner=None,
             context_type=None,
             hidden=False)
         return titles[0].value if titles else None
     return get_cached_value('record-%d-title' % self.id,
                             get_title,
                             model_dependencies=[Field, FieldValue],
                             ) if self.id else None
Exemplo n.º 8
0
def get_effective_permissions_and_restrictions(user,
                                               model_instance,
                                               assume_authenticated=False):
    user = user or AnonymousUser()

    if user.is_superuser:
        return (True, True, True, None)
    owner = getattr(model_instance, 'owner', None)
    if owner and owner == user:
        return (True, True, True, None)

    model_type = ContentType.objects.get_for_model(model_instance)
    key = "get_effective_permissions_and_restrictions-%d-%d-%d" % (
        user.id or 0,
        model_type.id,
        model_instance.id,
    )

    def calculate():
        if not user.is_anonymous():
            q = Q(user=user) | Q(
                usergroup__in=ExtendedGroup.objects.get_extra_groups(
                    user, assume_authenticated)) | Q(
                        usergroup__in=user.groups.all())
        else:
            q = Q(usergroup__in=ExtendedGroup.objects.get_extra_groups(
                user)) | Q(user=None, usergroup=None)

        aclist = AccessControl.objects.filter(q,
                                              object_id=model_instance.id,
                                              content_type__pk=model_type.id)

        def default_restrictions_precedences(a, b):
            if a and b:
                return a if a > b else b
            else:
                return None

        def reduce_aclist(list):
            def combine(a, b):
                if a == False or (a == True and b == None): return a
                else: return b

            read = write = manage = None
            restrictions = None
            for ac in list:
                read = combine(ac.read, read)
                write = combine(ac.write, write)
                manage = combine(ac.manage, manage)
                r = ac.restrictions or dict()
                if restrictions == None:
                    restrictions = r
                    continue
                for key in set(restrictions.keys()) | set(r.keys()):
                    func = restriction_precedences.get(
                        key, default_restrictions_precedences)
                    restrictions[key] = func(restrictions.get(key), r.get(key))
                restrictions = dict(
                    (k, v) for k, v in restrictions.iteritems() if v)
            return (read, write, manage, restrictions or dict())

        user_aclist = filter(lambda a: a.user, aclist)
        if user_aclist:
            return reduce_aclist(user_aclist)
        else:
            return reduce_aclist(filter(lambda a: a.usergroup, aclist))

    return get_cached_value(
        key, calculate, model_dependencies=[model_type, AccessControl, User])