Пример #1
0
 def test_util_has_perm_or_owns_sanity(self):
     """Sanity check for access.has_perm_or_owns."""
     me = User.objects.get(pk=118533)
     my_t = Thread.objects.filter(creator=me)[0]
     other_t = Thread.objects.exclude(creator=me)[0]
     perm = 'forums_forum.thread_edit_forum'
     allowed = access.has_perm_or_owns(me, perm, my_t, self.forum_1)
     eq_(allowed, True)
     allowed = access.has_perm_or_owns(me, perm, other_t, self.forum_1)
     eq_(allowed, False)
Пример #2
0
 def test_util_has_perm_or_owns_sanity(self):
     """Sanity check for access.has_perm_or_owns."""
     me = User.objects.get(pk=118533)
     my_t = Thread.objects.filter(creator=me)[0]
     other_t = Thread.objects.exclude(creator=me)[0]
     perm = 'forums_forum.thread_edit_forum'
     allowed = access.has_perm_or_owns(me, perm, my_t, self.forum_1)
     eq_(allowed, True)
     allowed = access.has_perm_or_owns(me, perm, other_t, self.forum_1)
     eq_(allowed, False)
Пример #3
0
def has_perm_or_owns(context, perm, obj, perm_obj, field_name='creator'):
    """
    Check if the user has a permission or owns the object.

    Ownership is determined by comparing perm_obj.field_name to the user in
    context.
    """
    user = context['request'].user
    return access.has_perm_or_owns(user, perm, obj, perm_obj, field_name)
Пример #4
0
        def _wrapped_view(request, *args, **kwargs):
            # based on authority/decorators.py
            user = request.user
            if user.is_authenticated():
                obj = _resolve_lookup(obj_lookup, kwargs)
                perm_obj = _resolve_lookup(perm_obj_lookup, kwargs)
                granted = access.has_perm_or_owns(user, perm, obj, perm_obj, owner_attr)
                if granted or user.has_perm(perm):
                    return view_func(request, *args, **kwargs)

            # In all other cases, permission denied
            return HttpResponseForbidden()
Пример #5
0
        def _wrapped_view(request, *args, **kwargs):
            # based on authority/decorators.py
            user = request.user
            if user.is_authenticated():
                obj = _resolve_lookup(obj_lookup, kwargs)
                perm_obj = _resolve_lookup(perm_obj_lookup, kwargs)
                granted = access.has_perm_or_owns(user, perm, obj, perm_obj,
                                                  owner_attr)
                if granted or user.has_perm(perm):
                    return view_func(request, *args, **kwargs)

            # In all other cases, permission denied
            return HttpResponseForbidden()