def remove_all(role_class=None, obj=None):
"""
Remove all roles of the project.
If "role_class" is provided,
only the roles of "role_class"
will be affected.
If "obj" is provided, only
users for that object will
lose the role.
"""
query = UserRole.objects.all()
role = None
if role_class:
# Filtering by role class.
role = get_roleclass(role_class)
query = UserRole.objects.filter(role_class=role.get_class_name())
if obj:
# Filtering by object.
ct_obj = ContentType.objects.get_for_model(obj)
query = query.filter(content_type=ct_obj.id, object_id=obj.id)
# Check if object belongs
# to the role class.
check_my_model(role, obj)
# Cleaning the cache system.
for role_obj in query:
delete_from_cache(role_obj.user, role_obj.obj)
# Cleaning the database.
role_obj.delete()
def remove_roles(users_list, role_class=None, obj=None):
"""
Delete all RolePermission objects in the database
referencing the followling role_class to the
user.
If "obj" is provided, only the instances refencing
this object will be deleted.
"""
query = UserRole.objects.filter(user__in=users_list)
role = None
if role_class:
# Filtering by role class.
role = get_roleclass(role_class)
query = query.filter(role_class=role.get_class_name())
if obj:
# Filtering by object.
ct_obj = ContentType.objects.get_for_model(obj)
query = query.filter(content_type=ct_obj.id, object_id=obj.id)
# Check if object belongs
# to the role class.
check_my_model(role, obj)
# Cleaning the cache system.
for user in users_list:
delete_from_cache(user, obj)
# Cleaning the database.
query.delete()
def has_role(user, role_class=None, obj=None):
"""
Check if the "user" has any role
attached to him.
If "role_class" is provided, only
this role class will be counted.
If "obj" is provided, the search is
refined to look only at that object.
"""
query = UserRole.objects.filter(user=user)
role = None
if role_class:
# Filtering by role class.
role = get_roleclass(role_class)
query = query.filter(role_class=role.get_class_name(), user=user)
if obj:
# Filtering by object.
ct_obj = ContentType.objects.get_for_model(obj)
query = query.filter(content_type=ct_obj.id, object_id=obj.id)
# Check if object belongs
# to the role class.
check_my_model(role, obj)
return query.count() > 0
def get_objects(user, role_class=None, model=None):
"""
Return the list of objects attached
to a given user.
If "role_class" is provided, only the objects
which as registered in that role class will
be returned.
If "model" is provided, only the objects
of that model will be returned.
"""
query = UserRole.objects.filter(user=user)
role = None
if role_class:
# Filtering by role class.
role = get_roleclass(role_class)
query = query.filter(role_class=role.get_class_name())
if model:
# Filtering by model.
ct_obj = ContentType.objects.get_for_model(model)
query = query.filter(content_type=ct_obj.id)
# Check if object belongs
# to the role class.
check_my_model(role, model)
# TODO
result = set(ur_obj.obj for ur_obj in query)
# TODO
return list(result)
def get_users(role_class=None, obj=None):
"""
If "role_class" and "obj" is provided,
returns a QuerySet of users who has
this role class attached to the
object.
If only "role_class" is provided, returns
a QuerySet of users who has this role
class attached to any object.
If neither "role_class" or "obj" are provided,
returns all users of the project.
"""
role = None
kwargs = {}
if role_class:
# All users who have "role_class" attached to any object.
role = get_roleclass(role_class)
kwargs['roles__role_class'] = role.get_class_name()
if obj:
# All users who have any role attached to the object.
ct_obj = ContentType.objects.get_for_model(obj)
kwargs['roles__content_type'] = ct_obj.id
kwargs['roles__object_id'] = obj.id
# Check if object belongs
# to the role class.
check_my_model(role, obj)
# Return as a distinct QuerySet.
return get_user_model().objects.filter(**kwargs).distinct()
def assign_roles(users_list, role_class, obj=None):
"""
Create a RolePermission object in the database
referencing the followling role_class to the
user.
"""
users_set = set(users_list)
role = get_roleclass(role_class)
name = role.get_verbose_name()
# Check if object belongs
# to the role class.
check_my_model(role, obj)
# If no object is provided but the role needs specific models.
if not obj and role.models != ALL_MODELS:
raise InvalidRoleAssignment(
'The role "%s" must be assigned with a object.' % name)
# If a object is provided but the role does not needs a object.
if obj and role.models == ALL_MODELS:
raise InvalidRoleAssignment(
'The role "%s" must not be assigned with a object.' % name)
# Check if the model accepts multiple roles
# attached using the same User instance.
if obj and is_unique_together(obj):
for user in users_set:
has_user = get_roles(user=user, obj=obj)
if has_user:
raise InvalidRoleAssignment(
'The user "%s" already has a role attached '
'to the object "%s".' % (user, obj))
if role.unique is True:
# If the role is marked as unique but multiple users are provided.
if len(users_list) > 1:
raise InvalidRoleAssignment(
'Multiple users were provided using "%s", '
'but it is marked as unique.' % name)
# If the role is marked as unique but already has an user attached.
has_user = get_users(role_class=role, obj=obj)
if has_user:
raise InvalidRoleAssignment(
'The object "%s" already has a "%s" attached '
'and it is marked as unique.' % (obj, name))
for user in users_set:
ur_instance = UserRole(role_class=role.get_class_name(), user=user)
if obj:
ur_instance.obj = obj
ur_instance.save()
# Cleaning the cache system.
delete_from_cache(user, obj)
def get_user(role_class=None, obj=None):
"""
Get the User instance attached to the object.
Only one UserRole must exists and this relation
must be unique=True.
Returns None if there is no user attached
to the object.
"""
query = UserRole.objects.select_related('user').all()
role = None
if role_class:
# All users who have "role_class" attached to any object.
role = get_roleclass(role_class)
query = query.filter(role_class=role.get_class_name())
if obj:
# All users who have any role attached to the object.
ct_obj = ContentType.objects.get_for_model(obj)
query = query.filter(content_type=ct_obj.id, object_id=obj.id)
# Check if object belongs
# to the role class.
check_my_model(role, obj)
# Looking for a role class using unique=True
selected = list()
for ur_obj in query:
role = get_roleclass(ur_obj.role_class)
if role.unique is True:
selected.append(ur_obj.user)
users_set = set(selected)
if len(users_set) > 1:
raise NotAllowed('Multiple unique roles was found using '
'the function get_user. Use get_users '
'instead.')
if len(users_set) == 1:
return selected[0]
return None