def has_perm(self, user, action):
if action == ACTION_CREATE:
return _has_perm(user, Ctnr.objects.get(name='test_ctnr'),
action=action, obj_class=self.model)
elif action in (ACTION_UPDATE, ACTION_DELETE):
return _has_perm(user, Ctnr.objects.get(name='test_ctnr'),
action=action, obj=self.test_obj)
def add_object(request, ctnr_pk):
"""Add object to container."""
acting_user = request.user
ctnr = Ctnr.objects.get(id=ctnr_pk)
pk = request.POST.get('obj_pk', '')
name = request.POST.get('obj', '')
obj_type = request.POST.get('obj_type', '')
if obj_type == 'user':
if _has_perm(acting_user, ctnr, ACTION_UPDATE, obj_class=CtnrUser):
return add_user(request, ctnr, name)
else:
messages.error(
request, 'You do not have permission to perform this action')
return HttpResponse(json.dumps({'success': False}))
else:
if _has_perm(acting_user, ctnr, ACTION_UPDATE, obj_class=Ctnr):
Klass = get_model('cyder', obj_type)
if pk == 'null':
try:
if Klass.__name__ == 'Range':
return HttpResponse(
json.dumps(
{'error': 'Please select a valid range'}))
obj = Klass.objects.get(name=name)
except Klass.DoesNotExist:
return HttpResponse(
json.dumps({
'error':
'{0} is not a valid {1}'.format(name, obj_type)
}))
else:
obj = Klass.objects.get(id=pk)
m2m = getattr(ctnr, (obj_type + 's'), None)
if m2m is None:
return HttpResponse(
json.dumps({
'error':
'{0} is not related to {1}'.format(obj_type, ctnr)
}))
else:
if obj in m2m.all():
return HttpResponse(
json.dumps({
'error':
'{0} already exists in {1}'.format(
name, str(ctnr))
}))
m2m.add(obj)
else:
messages.error(
request, 'You do not have permission to perform this action')
return HttpResponse(json.dumps({'success': 'true'}))
def has_perm(self, user, action):
if action == ACTION_CREATE:
return _has_perm(user,
Ctnr.objects.get(name='test_ctnr'),
action=action,
obj_class=self.model)
elif action in (ACTION_UPDATE, ACTION_DELETE):
return _has_perm(user,
Ctnr.objects.get(name='test_ctnr'),
action=action,
obj=self.test_obj)
def add_object(request, ctnr_pk):
"""Add object to container."""
acting_user = request.user
ctnr = Ctnr.objects.get(id=ctnr_pk)
pk = request.POST.get('obj_pk', '')
name = request.POST.get('obj', '')
obj_type = request.POST.get('obj_type', '')
if obj_type == 'user':
if _has_perm(acting_user, ctnr, ACTION_UPDATE, obj_class=CtnrUser):
return add_user(request, ctnr, name)
else:
messages.error(request,
'You do not have permission to perform this action')
return HttpResponse(json.dumps({'success': False}))
else:
if _has_perm(acting_user, ctnr, ACTION_UPDATE, obj_class=Ctnr):
Klass = get_model('cyder', obj_type)
if pk == 'null':
try:
if Klass.__name__ == 'Range':
return HttpResponse(json.dumps({
'error': 'Please select a valid range'}))
obj = Klass.objects.get(name=name)
except Klass.DoesNotExist:
return HttpResponse(
json.dumps({'error': '{0} is not a valid {1}'.format(
name, obj_type)}))
else:
obj = Klass.objects.get(id=pk)
m2m = getattr(ctnr, (obj_type + 's'), None)
if m2m is None:
return HttpResponse(json.dumps({
'error': '{0} is not related to {1}'.format(
obj_type, ctnr)}))
else:
if obj in m2m.all():
return HttpResponse(json.dumps({
'error': '{0} already exists in {1}'.format(
name, str(ctnr))}))
m2m.add(obj)
else:
messages.error(request,
'You do not have permission to perform this action')
return HttpResponse(json.dumps({'success': 'true'}))
def remove_object(request, ctnr_pk):
if not request.POST:
return redirect(request.META.get('HTTP_REFERER', ''))
acting_user = request.user
obj_type = request.POST.get('obj_type', None)
obj_pk = request.POST.get('pk', None)
ctnr = Ctnr.objects.get(id=ctnr_pk)
return_status = {}
if _has_perm(acting_user, ctnr, ACTION_UPDATE, obj_class=Ctnr):
Klass = get_model('cyder', obj_type)
obj = Klass.objects.get(id=obj_pk)
m2m = getattr(ctnr, (obj_type + 's'), None)
if m2m is None:
return_status['error'] = (
'{0} is not related to {1}'.format(obj_type, ctnr))
else:
if obj in m2m.all():
try:
m2m.remove(obj)
return_status['success'] = True
except ValidationError, e:
return_status['error'] = "; ".join(e.messages)
else:
return_status['error'] = (
'{0} does not exist in {1}'.format(str(obj), ctnr))
def update_user(request, ctnr_pk):
if not request.POST:
return redirect(request.META.get('HTTP_REFERER', ''))
ctnr = Ctnr.objects.get(id=ctnr_pk)
user_pk = request.POST.get('pk', None)
return_status = {}
if request.user.get_profile().id != int(user_pk):
if _has_perm(request.user, ctnr, ACTION_UPDATE, obj_class=CtnrUser):
cu_qs = CtnrUser.objects.filter(ctnr_id=ctnr_pk, user_id=user_pk)
if cu_qs.exists():
ctnr_user = cu_qs.get()
if request.POST.get('action', None) == 'obj_remove':
ctnr_user.delete()
else:
lvl = request.POST.get('lvl', None)
if (ctnr_user.level + int(lvl)) in range(0, 3):
ctnr_user.level += int(lvl)
ctnr_user.save()
return_status['success'] = True
else:
return_status['error'] = (
'That user does not exist inside this container')
else:
return_status['error'] = (
'You do not have permission to perform this action')
else:
return_status['error'] = 'You can not edit your own permissions'
return HttpResponse(json.dumps(return_status))
def remove_object(request, ctnr_pk):
if not request.POST:
return redirect(request.META.get('HTTP_REFERER', ''))
acting_user = request.user
obj_type = request.POST.get('obj_type', None)
obj_pk = request.POST.get('pk', None)
ctnr = Ctnr.objects.get(id=ctnr_pk)
return_status = {}
if _has_perm(acting_user, ctnr, ACTION_UPDATE, obj_class=Ctnr):
Klass = get_model('cyder', obj_type)
obj = Klass.objects.get(id=obj_pk)
m2m = getattr(ctnr, (obj_type + 's'), None)
if m2m is None:
return_status['error'] = (
'{0} is not related to {1}'.format(obj_type, ctnr))
else:
if obj in m2m.all():
m2m.remove(obj)
return_status['success'] = True
else:
return_status['error'] = (
'{0} does not exist in {1}'.format(str(obj), ctnr))
else:
return_status['error'] = (
'You do not have permission to perform this action')
return HttpResponse(json.dumps(return_status))
def remove_object(request, ctnr_pk):
if not request.POST:
return redirect(request.META.get('HTTP_REFERER', ''))
acting_user = request.user
obj_type = request.POST.get('obj_type', None)
obj_pk = request.POST.get('pk', None)
ctnr = Ctnr.objects.get(id=ctnr_pk)
return_status = {}
if _has_perm(acting_user, ctnr, ACTION_UPDATE, obj_class=Ctnr):
Klass = get_model('cyder', obj_type)
obj = Klass.objects.get(id=obj_pk)
m2m = getattr(ctnr, (obj_type + 's'), None)
if m2m is None:
return_status['error'] = ('{0} is not related to {1}'.format(
obj_type, ctnr))
else:
if obj in m2m.all():
m2m.remove(obj)
return_status['success'] = True
else:
return_status['error'] = ('{0} does not exist in {1}'.format(
str(obj), ctnr))
else:
return_status['error'] = (
'You do not have permission to perform this action')
return HttpResponse(json.dumps(return_status))
def update_user(request, ctnr_pk):
if not request.POST:
return redirect(request.META.get('HTTP_REFERER', ''))
ctnr = Ctnr.objects.get(id=ctnr_pk)
user_pk = request.POST.get('pk', None)
return_status = {}
if request.user.get_profile().id != int(user_pk):
if _has_perm(request.user, ctnr, ACTION_UPDATE, obj_class=CtnrUser):
cu_qs = CtnrUser.objects.filter(ctnr_id=ctnr_pk, user_id=user_pk)
if cu_qs.exists():
ctnr_user = cu_qs.get()
if request.POST.get('action', None) == 'obj_remove':
ctnr_user.delete()
else:
lvl = request.POST.get('lvl', None)
if (ctnr_user.level + int(lvl)) in range(0, 3):
ctnr_user.level += int(lvl)
ctnr_user.save()
return_status['success'] = True
else:
return_status['error'] = (
'That user does not exist inside this container')
else:
return_status['error'] = (
'You do not have permission to perform this action')
else:
return_status['error'] = 'You can not edit your own permissions'
return HttpResponse(json.dumps(return_status))
def remove_object(request, ctnr_pk):
if not request.POST:
return redirect(request.META.get('HTTP_REFERER', ''))
acting_user = request.user
obj_type = request.POST.get('obj_type', None)
obj_pk = request.POST.get('pk', None)
ctnr = Ctnr.objects.get(id=ctnr_pk)
return_status = {}
if _has_perm(acting_user, ctnr, ACTION_UPDATE, obj_class=Ctnr):
Klass = get_model('cyder', obj_type)
obj = Klass.objects.get(id=obj_pk)
m2m = getattr(ctnr, (obj_type + 's'), None)
if m2m is None:
return_status['error'] = ('{0} is not related to {1}'.format(
obj_type, ctnr))
else:
if obj in m2m.all():
try:
m2m.remove(obj)
return_status['success'] = True
except ValidationError, e:
return_status['error'] = "; ".join(e.messages)
else:
return_status['error'] = ('{0} does not exist in {1}'.format(
str(obj), ctnr))
