def handle(self, *args, **options): verbose = options.get("verbose", True) permissions = args ## Check if there are any assignments, optionally skip those? ## if the state is published, fix view perm XXX ## (or even better: properly define and consult workflow) for m in models.get_models(include_auto_created=True): if not issubclass(m, Content) or not type_registry.get(m.get_name()): continue for c in m.objects.all(): s = c.spoke() wf = s.workflow() state = c.state wfassignment = wf.permission_assignment.get(state) for permission in map(auth.Permission, permissions): classassignment = getattr(s, "permission_assignment", {}).get(permission) if not classassignment: continue assignments = RolePermission.assignments(c).filter(permission=permission) if assignments.count() == 0: if verbose: print c.title, s, "has no assignment for", permission for role in classassignment: RolePermission.assign(c, role, permission).save() if wfassignment and wfassignment.get(permission): s.update_perms(c, {permission: wfassignment[permission]})
def auth(self, handler, request, action): ## ## If post, handle/reset perm changes if request.method == "POST": existing = RolePermission.assignments(self.instance) assignments = request.POST.getlist('assignment') for e in existing: if "{0}/{1}".format(e.permission, e.role) not in assignments: e.delete() for assignment in assignments: perm, role = assignment.split('/', 1) RolePermission.assign(self.instance, Role(role), Permission(perm)).save() ctx = {'spoke':self} roles = Role.all() permissions = [] ## order roles, permissions (alphabetically?) for perm in Permission.all(): d = dict(perm=perm, roles=[]) perms_per_role = RolePermission.assignments( self.instance).filter( permission=perm.id, ).values_list('role', flat=True) r = [] for role in roles: r.append(dict(role=role, checked=role.id in perms_per_role)) d['roles'] = r permissions.append(d) ctx['roles'] = roles ctx['permissions'] = permissions return handler.template("wheelcms_axle/edit_permissions.html", **ctx)
def update_perms(instance, permdict): for permission, roles in permdict.iteritems(): RolePermission.clear(instance, permission) for role in roles: RolePermission.assign(instance, role, permission).save()
def assign_perms(instance, permdict): """ invoked by a signal handler upon creation: Set initial permissions """ for permission, roles in permdict.iteritems(): for role in roles: RolePermission.assign(instance, role, permission).save()