Пример #1
0
    def get_queryset(self):
        user = self.form._magic_user
        if not hasattr(self, '_queryset'):
            if self.queryset is not None:
                qs = self.queryset
            else:
                qs = self.model._default_manager.get_query_set()
            # category based permissions
            if not user.is_superuser:
                category_fk = model_category_fk(self.model)
                if category_fk:
                    # in ListingInlineOptions: self.instance .. Placement instance, self.model .. Listing
                    view_perm = get_permission('view', self.model)
                    change_perm = get_permission('change', self.model)
                    perms = (
                        view_perm,
                        change_perm,
                    )
                    qs = permission_filtered_model_qs(qs, user, perms)
            # user filtered categories
            qs = utils.user_category_filter(qs, user)

            if self.max_num > 0:
                self._queryset = qs[:self.max_num]
            else:
                self._queryset = qs
        return self._queryset
Пример #2
0
 def restrict_field_categories(self, form, user, model):
     if 'category' not in form.base_fields:
         return
     f = form.base_fields['category']
     if hasattr(f.queryset, '_newman_filtered'):
         return
     view_perm = get_permission('view', model)
     change_perm = get_permission('change', model)
     perms = (view_perm, change_perm,)
     qs = permission_filtered_model_qs(f.queryset, user, perms)
     qs._newman_filtered = True #magic variable
     f._set_queryset(qs)
Пример #3
0
 def _get_queryset(self):
     if hasattr(self._queryset, '_newman_filtered'):
         return self._queryset
     view_perm = get_permission('view', self.model)
     change_perm = get_permission('change', self.model)
     perms = (view_perm, change_perm,)
     qs = permission_filtered_model_qs(self._queryset, self.user, perms)
     # user category filter
     qs = utils.user_category_filter(qs, self.user)
     qs._newman_filtered = True #magic variable
     self._set_queryset(qs)
     return self._queryset
Пример #4
0
    def full_clean(self):
        super(BaseGenericInlineFormSet, self).full_clean()
        cfield = model_category_fk(self.instance)
        if not cfield:
            return
        #cat = model_category_fk_value(self.instance)

        # next part is category-based permissions (only for objects with category field)
        def add_field_error(form, field_name, message):
                err_list = ErrorList( (message,) )
                form._errors[field_name] = err_list
        user = self.form._magic_user

        # Adding new object
        for form in self.extra_forms:
            change_perm = get_permission('change', form.instance)
            if not form.has_changed():
                continue
            if cfield.name not in form.changed_data:
                continue
            add_perm = get_permission('add', form.instance)
            if not has_object_permission(user, form.instance, change_perm):
                self._non_form_errors = _('Creating objects is not permitted.')
                continue
            c = form.cleaned_data[cfield.name]
            if not has_category_permission(user, c, add_perm):
                add_field_error( form, cfield.name, _('Category not permitted') )

        # Changing existing object
        for form in self.initial_forms:
            change_perm = get_permission('change', form.instance)
            delete_perm = get_permission('delete', form.instance)
            if self.can_delete and hasattr(form, 'cleaned_data') and form.cleaned_data[DELETION_FIELD_NAME]:
                if not has_object_permission(user, form.instance, delete_perm):
                    self._non_form_errors = _('Object deletion is not permitted.')
                    continue
                if model_category_fk(form.instance) is not None and not has_category_permission(user, form.instance.category, delete_perm):
                    self._non_form_errors = _('Object deletion is not permitted.')
                    continue
            if cfield.name not in form.changed_data:
                continue
            if not has_object_permission(user, form.instance, change_perm):
                self._non_form_errors = _('Object change is not permitted.')
                continue
            c = form.cleaned_data[cfield.name]
            if not has_category_permission(user, c, change_perm):
                add_field_error( form, cfield.name, _('Category not permitted') )
Пример #5
0
 def clean(self, value):
     cvalue = super(CategoryChoiceField, self).clean(value)
     return cvalue
     # TODO unable to realize if field was modified or not (when user has view permission a hits Save.)
     #      Permissions checks are placed in FormSets for now. CategoryChoiceField restricts category
     #      choices at the moment.
     # next part is category-based permissions (only for objects with category field)
     # attempt: to do role-permission checks here (add new and change permissions checking)
     # Adding new object
     #TODO check wheter field was modified or not.
     add_perm = get_permission('add', self.model)
     if not has_category_permission(self.user, cvalue, add_perm):
         raise ValidationError(_('Category not permitted'))
     # Changing existing object
     change_perm = get_permission('change', self.model)
     if not has_category_permission(self.user, cvalue, change_perm):
         raise ValidationError(_('Category not permitted'))
     return cvalue
Пример #6
0
 def clean(self, value):
     cvalue = super(CategoryChoiceField, self).clean(value)
     return cvalue
     # TODO unable to realize if field was modified or not (when user has view permission a hits Save.)
     #      Permissions checks are placed in FormSets for now. CategoryChoiceField restricts category
     #      choices at the moment.
     # next part is category-based permissions (only for objects with category field)
     # attempt: to do role-permission checks here (add new and change permissions checking)
     # Adding new object
     #TODO check wheter field was modified or not.
     add_perm = get_permission('add', self.model)
     if not has_category_permission(self.user, cvalue, add_perm):
         raise ValidationError(_('Category not permitted'))
     # Changing existing object
     change_perm = get_permission('change', self.model)
     if not has_category_permission(self.user, cvalue, change_perm):
         raise ValidationError(_('Category not permitted'))
     return cvalue
Пример #7
0
 def get_queryset(self):
     # Avoid a circular import.
     from django.contrib.contenttypes.models import ContentType
     user = self.form._magic_user
     if self.instance is None:
         return self.model._default_manager.empty()
     out = self.model._default_manager.filter(**{
         self.ct_field.name: ContentType.objects.get_for_model(self.instance),
         self.ct_fk_field.name: self.instance.pk,
     })
     if user.is_superuser:
         return out
     # filtering -- view permitted categories only
     cfield = model_category_fk_value(self.model)
     if not cfield:
         return out
     # self.instance .. Article, self.model .. Placement (in GenericInlineFormSet for Placement Inline)
     view_perm = get_permission('view', self.model)
     change_perm = get_permission('change', self.model)
     perms = (view_perm, change_perm,)
     qs = permission_filtered_model_qs(out, user, perms)
     qs = utils.user_category_filter(qs, user)
     return qs
Пример #8
0
    def get_queryset(self):
        user = self.form._magic_user
        if not hasattr(self, '_queryset'):
            if self.queryset is not None:
                qs = self.queryset
            else:
                qs = self.model._default_manager.get_query_set()
            # category based permissions
            if not user.is_superuser:
                category_fk = model_category_fk(self.model)
                if category_fk:
                    # in ListingInlineOptions: self.instance .. Placement instance, self.model .. Listing
                    view_perm = get_permission('view', self.model)
                    change_perm = get_permission('change', self.model)
                    perms = (view_perm, change_perm,)
                    qs = permission_filtered_model_qs(qs, user, perms)
            # user filtered categories
            qs = utils.user_category_filter(qs, user)

            if self.max_num > 0:
                self._queryset = qs[:self.max_num]
            else:
                self._queryset = qs
        return self._queryset