def get_queryset(self):
user = self.form._magic_user
if not hasattr(self, '_queryset'):
if self.queryset is not None:
qs = self.queryset
else:
qs = self.model._default_manager.get_query_set()
# category based permissions
if not user.is_superuser:
category_fk = model_category_fk(self.model)
if category_fk:
# in ListingInlineOptions: self.instance .. Placement instance, self.model .. Listing
view_perm = get_permission('view', self.model)
change_perm = get_permission('change', self.model)
perms = (
view_perm,
change_perm,
)
qs = permission_filtered_model_qs(qs, user, perms)
# user filtered categories
qs = utils.user_category_filter(qs, user)
if self.max_num > 0:
self._queryset = qs[:self.max_num]
else:
self._queryset = qs
return self._queryset
def restrict_field_categories(self, form, user, model):
if 'category' not in form.base_fields:
return
f = form.base_fields['category']
if hasattr(f.queryset, '_newman_filtered'):
return
view_perm = get_permission('view', model)
change_perm = get_permission('change', model)
perms = (view_perm, change_perm,)
qs = permission_filtered_model_qs(f.queryset, user, perms)
qs._newman_filtered = True #magic variable
f._set_queryset(qs)
def _get_queryset(self):
if hasattr(self._queryset, '_newman_filtered'):
return self._queryset
view_perm = get_permission('view', self.model)
change_perm = get_permission('change', self.model)
perms = (view_perm, change_perm,)
qs = permission_filtered_model_qs(self._queryset, self.user, perms)
# user category filter
qs = utils.user_category_filter(qs, self.user)
qs._newman_filtered = True #magic variable
self._set_queryset(qs)
return self._queryset
def full_clean(self):
super(BaseGenericInlineFormSet, self).full_clean()
cfield = model_category_fk(self.instance)
if not cfield:
return
#cat = model_category_fk_value(self.instance)
# next part is category-based permissions (only for objects with category field)
def add_field_error(form, field_name, message):
err_list = ErrorList( (message,) )
form._errors[field_name] = err_list
user = self.form._magic_user
# Adding new object
for form in self.extra_forms:
change_perm = get_permission('change', form.instance)
if not form.has_changed():
continue
if cfield.name not in form.changed_data:
continue
add_perm = get_permission('add', form.instance)
if not has_object_permission(user, form.instance, change_perm):
self._non_form_errors = _('Creating objects is not permitted.')
continue
c = form.cleaned_data[cfield.name]
if not has_category_permission(user, c, add_perm):
add_field_error( form, cfield.name, _('Category not permitted') )
# Changing existing object
for form in self.initial_forms:
change_perm = get_permission('change', form.instance)
delete_perm = get_permission('delete', form.instance)
if self.can_delete and hasattr(form, 'cleaned_data') and form.cleaned_data[DELETION_FIELD_NAME]:
if not has_object_permission(user, form.instance, delete_perm):
self._non_form_errors = _('Object deletion is not permitted.')
continue
if model_category_fk(form.instance) is not None and not has_category_permission(user, form.instance.category, delete_perm):
self._non_form_errors = _('Object deletion is not permitted.')
continue
if cfield.name not in form.changed_data:
continue
if not has_object_permission(user, form.instance, change_perm):
self._non_form_errors = _('Object change is not permitted.')
continue
c = form.cleaned_data[cfield.name]
if not has_category_permission(user, c, change_perm):
add_field_error( form, cfield.name, _('Category not permitted') )
def clean(self, value):
cvalue = super(CategoryChoiceField, self).clean(value)
return cvalue
# TODO unable to realize if field was modified or not (when user has view permission a hits Save.)
# Permissions checks are placed in FormSets for now. CategoryChoiceField restricts category
# choices at the moment.
# next part is category-based permissions (only for objects with category field)
# attempt: to do role-permission checks here (add new and change permissions checking)
# Adding new object
#TODO check wheter field was modified or not.
add_perm = get_permission('add', self.model)
if not has_category_permission(self.user, cvalue, add_perm):
raise ValidationError(_('Category not permitted'))
# Changing existing object
change_perm = get_permission('change', self.model)
if not has_category_permission(self.user, cvalue, change_perm):
raise ValidationError(_('Category not permitted'))
return cvalue
def clean(self, value):
cvalue = super(CategoryChoiceField, self).clean(value)
return cvalue
# TODO unable to realize if field was modified or not (when user has view permission a hits Save.)
# Permissions checks are placed in FormSets for now. CategoryChoiceField restricts category
# choices at the moment.
# next part is category-based permissions (only for objects with category field)
# attempt: to do role-permission checks here (add new and change permissions checking)
# Adding new object
#TODO check wheter field was modified or not.
add_perm = get_permission('add', self.model)
if not has_category_permission(self.user, cvalue, add_perm):
raise ValidationError(_('Category not permitted'))
# Changing existing object
change_perm = get_permission('change', self.model)
if not has_category_permission(self.user, cvalue, change_perm):
raise ValidationError(_('Category not permitted'))
return cvalue
def get_queryset(self):
# Avoid a circular import.
from django.contrib.contenttypes.models import ContentType
user = self.form._magic_user
if self.instance is None:
return self.model._default_manager.empty()
out = self.model._default_manager.filter(**{
self.ct_field.name: ContentType.objects.get_for_model(self.instance),
self.ct_fk_field.name: self.instance.pk,
})
if user.is_superuser:
return out
# filtering -- view permitted categories only
cfield = model_category_fk_value(self.model)
if not cfield:
return out
# self.instance .. Article, self.model .. Placement (in GenericInlineFormSet for Placement Inline)
view_perm = get_permission('view', self.model)
change_perm = get_permission('change', self.model)
perms = (view_perm, change_perm,)
qs = permission_filtered_model_qs(out, user, perms)
qs = utils.user_category_filter(qs, user)
return qs
def get_queryset(self):
user = self.form._magic_user
if not hasattr(self, '_queryset'):
if self.queryset is not None:
qs = self.queryset
else:
qs = self.model._default_manager.get_query_set()
# category based permissions
if not user.is_superuser:
category_fk = model_category_fk(self.model)
if category_fk:
# in ListingInlineOptions: self.instance .. Placement instance, self.model .. Listing
view_perm = get_permission('view', self.model)
change_perm = get_permission('change', self.model)
perms = (view_perm, change_perm,)
qs = permission_filtered_model_qs(qs, user, perms)
# user filtered categories
qs = utils.user_category_filter(qs, user)
if self.max_num > 0:
self._queryset = qs[:self.max_num]
else:
self._queryset = qs
return self._queryset