return True
return False
def can_view_child_basic_profile(self, child):
ac = self.get_ac(child)
if ac:
return True
required_access = child.basic_prof_privacy
if self.has_required_access(child, required_access):
return True
return False
def can_view_child_extended_profile(self, child):
ac = self.get_ac(child)
if ac:
return True
required_access = child.ext_prof_privacy
if self.has_required_access(child, required_access):
return True
return False
authority.register(Child, ChildPermission)
authority.register(User, UserPermission)
import authority
from kitsune.forums.models import Forum
class ForumPermission(authority.permissions.BasePermission):
label = 'forums_forum'
checks = ('thread_edit', 'thread_sticky', 'thread_locked', 'thread_delete',
'post_edit', 'post_delete', 'thread_move', 'view_in', 'post_in')
# view_in: view the forum, its threads, and its posts
# post_in: make new threads and posts in a forum
authority.register(Forum, ForumPermission)
# Modelos a los que se les asocia permisos
from models import Pas
import logging
log = logging.getLogger('galotecnia')
class PasPermission(permissions.BasePermission):
label = 'paspermission'
check = ('is_pas',)
def asignar_recurso(self):
try:
profile = self.user.get_profile()
except PersonaPerfil.DoesNotExist:
# Si no tiene perfil no sabemos que tipo de persona es
# por lo tanto, denegamos el acceso
log.error(u"No existe perfil asociado al usuario %s" % self.user.username)
return False
try:
pas = profile.pas
except Pas.DoesNotExist:
log.debug(u"El usuario %s no puede acceder a la informacion de porteria" % self.user.username)
return False
# TODO: Si hay mas personas que pueden asignar recursos, incluir aqui
return True
authority.register(Pas, PasPermission)
def can_delete_post(self, post):
# Admin can delete post
return is_admin(self.user)
class TopicPermission(PostPermission):
label = 'topic_permission'
checks = 'can_toggle_pin'
def can_toggle_pin(self, topic):
# Only admin can pin topic
return is_admin(self.user)
class VotePermission(permissions.BasePermission):
label = 'vote_permission'
checks = ('can_create_vote', )
def can_create_vote(self, post):
# Authenticated user can create vote
return True
authority.register(Forum, ForumPermission)
authority.register(Vote, VotePermission)
authority.register(Post, PostPermission)
authority.register(Topic, TopicPermission)
if any_team and not team:
user_teams = project.team_set.filter(
Q(coordinators=self.user)|
Q(members=self.user)|
Q(reviewers=self.user)
).distinct()
if user_teams:
return True
return False
submit_translations.short_description = _("Is allowed to submit "
"translations to this project")
def private(self, project=None):
"""Test if a user has access to a private project."""
if project:
if project.private:
# To avoid doing all the checks below!
if self.user.is_anonymous():
return False
# Maintainers, writers (submitters, coordinators, members)
return self.maintain(project) or \
self.submit_translations(project, any_team=True) or\
self.proofread(project, any_team=True)
else:
# The project is public so let them continue
return True
return False
private.short_description=_('Is allowed to browse this private project')
authority.register(Project, ProjectPermission)
import authority
from authority import permissions
from django.contrib.auth.models import User
from django.contrib.auth.models import Group
from django.core.exceptions import ObjectDoesNotExist
from .models import Country
class CountryPermission(permissions.BasePermission):
label = "country_permission"
checks = ("has_country_affiliation",)
def has_country_affiliation(self, user, country):
# allow staff and superusers to see all countries
if user.is_staff() or user.is_superuser():
return True
try:
profile = user.get_profile()
if profile.country:
# if the user declared affiliation with a country
# during registration, allow them to view it
if profile.country == country:
return True
except ObjectDoesNotExist:
pass
return False
authority.register(Country, CountryPermission)
print "yay, you can review this flatpage!"
return flatpage(request, url)
Or the same view using the decorator permission_required::
@permission_required('flatpage_permission.review_flatpage',
('flatpages.flatpage', 'url__contains', 'url'))
def review_flatpage(request, url):
print "yay, you can review this flatpage!"
return flatpage(request, url)
Or you can use this permission in your templates like this::
{% ifhasperm "flatpage_permission.review_flatpage" request.user flatpage %}
Yes, you are allowed to review flatpage '{{ flatpage }}', aren't you?
{% else %}
Nope, sorry. You aren't allowed to review this flatpage.
{% endifhasperm %}
"""
label = 'flatpage_permission'
checks = ('review', 'top_secret')
def top_secret(self, flatpage=None, lala=None):
if flatpage and flatpage.registration_required:
return self.browse_flatpage(obj=flatpage)
return False
top_secret.short_description=_('Is allowed to see top secret flatpages')
authority.register(FlatPage, FlatPagePermission)
from forums.models import Forum
import authority
class ForumPermission(authority.permissions.BasePermission):
label = 'forums_forum'
checks = ('thread_edit', 'thread_sticky', 'thread_locked', 'thread_delete',
'post_edit', 'post_delete', 'thread_move', 'view_in', 'post_in')
# view_in: view the forum, its threads, and its posts
# post_in: make new threads and posts in a forum
authority.register(Forum, ForumPermission)
user_teams = project.team_set.filter(
Q(coordinators=self.user) | Q(members=self.user)
| Q(reviewers=self.user)).distinct()
if user_teams:
return True
return False
submit_translations.short_description = _("Is allowed to submit "
"translations to this project")
def private(self, project=None):
"""Test if a user has access to a private project."""
if project:
if project.private:
# To avoid doing all the checks below!
if self.user.is_anonymous():
return False
# Maintainers, writers (submitters, coordinators, members)
return self.maintain(project) or \
self.submit_translations(project, any_team=True) or\
self.proofread(project, any_team=True)
else:
# The project is public so let them continue
return True
return False
private.short_description = _('Is allowed to browse this private project')
authority.register(Project, ProjectPermission)
from django.test import TestCase
from django.contrib.auth.models import User
from django.contrib.auth.models import Permission as DjangoPermission
import authority
from authority import permissions
from authority.models import Permission
from authority.exceptions import NotAModel, UnsavedModelInstance
class UserPermission(permissions.BasePermission):
checks = ('browse',)
label = 'user_permission'
authority.register(User, UserPermission)
class BehaviourTest(TestCase):
"""
self.user will be given:
- django permission add_user (test_add)
- authority to delete_user which is him (test_delete)
This permissions are given in the test case and not in the fixture, for
later reference.
"""
fixtures = ['tests.json',]
def setUp(self):
self.user = User.objects.get(username='******')
self.check = UserPermission(self.user)
def test_no_permission(self):
self.assertFalse(self.check.add_user())
return False
def can_view_child_basic_profile(self, child):
ac = self.get_ac(child)
if ac:
return True
required_access = child.basic_prof_privacy
if self.has_required_access(child, required_access):
return True
return False
def can_view_child_extended_profile(self, child):
ac = self.get_ac(child)
if ac:
return True
required_access = child.ext_prof_privacy
if self.has_required_access(child, required_access):
return True
return False
authority.register(Child, ChildPermission)
authority.register(User, UserPermission)
import authority
from authority import permissions
from characters.models import Sheet
from chronicles.models import Chronicle, ChronicleMember
class SheetPermission(permissions.BasePermission):
label = 'sheet_permission'
check = ('fullview', 'change', 'delete', 'list', 'history',)
authority.register(Sheet, SheetPermission)
def can_something_sheet(request, sheet, role, checkperm, user=None, infodump=False):
if user is None:
user = request.user
if user == sheet.player:
if infodump:
return (True, "Sheet owner")
else:
return True
for chronicle in Chronicle.objects.all():
chronicle_sheets = chronicle.content_objects(Sheet)
try:
chronicle_sheets.get(id=sheet.id)
cm = ChronicleMember.objects.get(user=user, chronicle=chronicle)
if role == cm.membership_role:
if infodump:
return (True, "%s in %s" % (cm.get_membership_role_display(), cm.chronicle.name))
else:
return True
import authority
from authority import permissions
from contests.models import ContestStandingTable
# Assume all user must be authenticated before check this permission
from vnoiusers.user_util import is_admin
class ContestPermission(permissions.BasePermission):
label = 'contest_permission'
check = 'can_crawl_contest'
def can_crawl_contest(self):
# Admin can crawl contest
return is_admin(self.user)
authority.register(ContestStandingTable, ContestPermission)
try:
profesor = profile.profesor
except Profesor.DoesNotExist:
try:
pas = profile.pas
except Pas.DoesNotExist:
log.debug(u"El usuario %s no puede reservar recursos" % self.user.username)
return False
return True
def asignar_recurso(self, recurso = None):
if recurso and not recurso.actualmenteDisponible:
log.debug(u"El recurso %s no esta disponible actualmente")
return False
try:
profile = self.user.get_profile()
except PersonaPerfil.DoesNotExist:
# Si no tiene perfil no sabemos que tipo de persona es
# por lo tanto, denegamos el acceso
log.error(u"No existe perfil asociado al usuario %s" % self.user.username)
return False
try:
pas = profile.pas
except Pas.DoesNotExist:
log.debug(u"El usuario %s no puede asignar el recursos" % self.user.username)
return False
return True
authority.register(Recurso, RecursoPermission)
if method != 'POST':
return True
# right to change all the pages
if self.change_page():
return True
if lang:
# try the global language permission first
perm = self.user.has_perm(
'pages.can_manage_%s' % lang.replace('-', '_')
)
if perm:
return True
# then per object permission
perm_func = getattr(self, 'manage (%s)_page' % lang)
if perm_func(page):
return True
# last hierarchic permissions because it's more expensive
perm_func = getattr(self, 'manage hierarchy_page')
if perm_func(page):
return True
else:
for ancestor in page.get_ancestors():
if perm_func(ancestor):
return True
# everything else failed, no permissions
return False
authority.register(Page, PagePermission)
return False
# Usuario profesor
for ga in alumno.grupoaulaalumno_set.exclude(grupo__seccion = 'Pendientes'):
log.debug("GrupoAulas para el alumno: %s", ga)
jefe = profesor.jefeestudios_set.all()
for j in jefe:
if j.nivel == ga.grupo.curso.ciclo.nivel:
return True
coordinador = profesor.coordinadorciclo_set.all()
for c in coordinador:
if c.ciclo == ga.grupo.curso.ciclo:
return True
tutor = profesor.tutor_set.all()
for t in tutor:
if t.grupo == ga.grupo:
return True
try:
if asignatura:
clase = Horario.objects.get(grupo = ga.grupo, profesor = profesor, asignatura = asignatura)
else:
clase = Horario.objects.get(grupo = ga.grupo, profesor = profesor)
return True
except Horario.DoesNotExist:
log.error(u"El profesor %s no tiene privilegios para acceder a %s" % (profesor, alumno))
return False
return False
authority.register(Alumno, AlumnoPermission)
authority.register(GrupoAula, GrupoAulaPermission)
__author__ = 'mpetyx'
import authority
from authority import permissions
from django.contrib.flatpages.models import FlatPage
class FlatpagePermission(permissions.BasePermission):
label = 'flatpage_permission'
authority.register(FlatPage, FlatpagePermission)
from authority.models import Permission
from authority.exceptions import NotAModel, UnsavedModelInstance
from authority.compat import get_user_model
# Load the form
from authority.forms import UserPermissionForm # noqa
User = get_user_model()
FIXTURES = ['tests_custom.json']
QUERY = Q(email="*****@*****.**")
class UserPermission(permissions.BasePermission):
checks = ('browse',)
label = 'user_permission'
authority.register(User, UserPermission)
class GroupPermission(permissions.BasePermission):
checks = ('browse',)
label = 'group_permission'
authority.register(Group, GroupPermission)
class DjangoPermissionChecksTestCase(TestCase):
"""
Django permission objects have certain methods that are always present,
test those here.
self.user will be given:
- django permission add_user (test_add)
import authority
from authority import permissions
from .models import Band
class BandPermission(permissions.BasePermission):
label = 'band_permission'
checks = ('add', 'change', 'manage')
authority.register(Band, BandPermission)
# right to change all the pages
if self.change_page():
return True
if lang:
# try the global language permission first
perm = self.user.has_perm('pages.can_manage_%s' %
lang.replace('-', '_'))
if perm:
return True
# then per object permission
try:
perm_func = getattr(self, 'manage (%s)_page' % lang)
if perm_func(page):
return True
except:
return False
# last hierarchic permissions because it's more expensive
perm_func = getattr(self, 'manage hierarchy_page')
if perm_func(page):
return True
else:
for ancestor in page.get_ancestors():
if perm_func(ancestor):
return True
# everything else failed, no permissions
return False
authority.register(Page, PagePermission)
from authority import permissions
# Modelos a los que se les asocia permisos
from models import Padre
import logging
log = logging.getLogger('galotecnia')
class PadrePermission(permissions.BasePermission):
label = 'padres_permission'
check = ('check_padre', )
def check_padre(self):
try:
profile = self.user.get_profile()
except PersonaPerfil.DoesNotExist:
# Si no tiene perfil no sabemos que tipo de persona es
# por lo tanto, denegamos el acceso
log.error(u"No existe el perfil asociado al usuario %s" % self.user.username)
return False
try:
padre = profile.padre
except Padre.DoesNotExist:
log.debug(u"El usuario %s no puede ver los recursos" % self.user.username)
return False
return True
authority.register(Padre, PadrePermission)
