def has_perm(self, user, perm, obj=None):
if not user.is_authenticated() or perm not in self.grants:
return False
if obj is None:
return True
elif user.is_active and field_lookup(
user, self.user_attr) == field_lookup(obj, self.obj_attr):
return True
return False
def has_perm(self, user, perm, obj=None):
if not user.is_authenticated() or perm not in self.grants:
return False
if obj is None:
return True
elif user.is_active and field_lookup(
user, self.user_attr) == field_lookup(obj, self.obj_attr):
return True
return False
def has_perm(self, user_obj, perm, obj=None):
"""
Check if user have `view` permission (of object) based on the
``pub_state`` and ``author`` of the instance.
If no object is specified, it always return ``True``.
If an object is specified, it will return ``True`` when the
``pub_state`` of the instance is:
- 'public' | Anyone can see this obj
- 'protected' | Seele, Nerv, Children can see this obj
- 'draft' | Nobody but the obj author can see this obj
Parameters
----------
user_obj : django user model instance
A django user model instance which be checked
perm : string
`app_label.codename` formatted permission string
obj : None or django model instance
None or django model instance for object permission
Returns
-------
boolean
Wheter the specified user have specified permission (of specified
object).
"""
# construct the permission name
permission_name = self.get_full_permission_string('view')
# everybody have a potential to see the model
if obj is None:
return perm == permission_name
if perm == permission_name:
author = field_lookup(obj, self.author_field_name)
pub_state = field_lookup(obj, self.pub_state_field_name)
if pub_state == 'public':
# if pub_state is public, everyone see this object
return True
elif pub_state == 'protected':
# if pub_state is protected, users who logged in and role isn't
# wille see this object
return user_obj.is_authenticated() and user_obj.is_member
elif pub_state == 'draft':
# if pub_state is draft, Only author can see this object.
return author == user_obj
return False
def test_field_lookup_multiple_bridge_author_username(self):
field_value = field_lookup(self.model,
'multiple_bridge__author__username')
field_value = list(field_value)
expected_value = [x.username for x in (self.bridge2.author,
self.bridge3.author)]
self.assertEqual(field_value, expected_value)
def has_perm(self, user_obj, perm, obj=None):
# User must be logged in
if not user_obj.is_authenticated():
return False
# See if we can handle that perm
if perm not in self.perms and perm not in self.denied:
return False
# if there isn't an object, that means we're looking for a module permission.
# We don't do that.
if obj is None:
return False
# If your account has been disabled, too bad.
if not user_obj.is_active:
return False
# get all authorized_users in the object
if not hasattr(self.field_name, '__iter__'):
self.field_name = [self.field_name]
for lookup in self.field_name:
authorized_users = field_lookup(obj, lookup)
if hasattr(authorized_users, 'all'):
authorized_users = authorized_users.all()
if user_obj == authorized_users or \
(hasattr(authorized_users, '__iter__') and user_obj in authorized_users):
if perm in self.denied:
raise PermissionDenied()
return True
def test_field_lookup_multiple_bridge_author_username(self):
field_value = field_lookup(self.model,
'multiple_bridge__author__username')
field_value = list(field_value)
expected_value = [
x.username for x in (self.bridge2.author, self.bridge3.author)
]
self.assertEqual(field_value, expected_value)
def test_field_lookup_multiple_bridge_editors__name(self):
field_value = field_lookup(self.model,
'multiple_bridge__editors__username')
field_value = list(map(list, field_value))
expected_value1 = [x.username for x in self.bridge2.editors.iterator()]
expected_value2 = [x.username for x in self.bridge3.editors.iterator()]
expected_value = [expected_value1, expected_value2]
self.assertEqual(field_value, expected_value)
def test_field_lookup_multiple_bridge_editors__name(self):
field_value = field_lookup(self.model,
'multiple_bridge__editors__username')
field_value = list(map(list, field_value))
expected_value1 = [x.username for x in self.bridge2.editors.iterator()]
expected_value2 = [x.username for x in self.bridge3.editors.iterator()]
expected_value = [expected_value1, expected_value2]
self.assertEqual(field_value, expected_value)
def has_perm(self, user, perm, obj=None):
if not user.is_authenticated() or not user.is_active:
return False
if obj is None:
method = perm.split(".")[1].split("_")[0]
return method in ('change', 'delete')
else:
bar = field_lookup(obj, self.field_name)
return user.has_perm(perm, bar)
def test_field_lookup_multiple_bridge_editors(self):
field_value = list(field_lookup(self.model,
'multiple_bridge__editors'))
field_value = [
[repr(x) for x in field_value[0].iterator()],
[repr(x) for x in field_value[1].iterator()],
]
expected_value1 = [repr(x) for x in self.bridge2.editors.iterator()]
expected_value2 = [repr(x) for x in self.bridge3.editors.iterator()]
expected_value = [expected_value1, expected_value2]
self.assertEqual(field_value, expected_value)
def test_field_lookup_multiple_bridge_editors(self):
field_value = list(field_lookup(self.model,
'multiple_bridge__editors'))
field_value = [
[repr(x) for x in field_value[0].iterator()],
[repr(x) for x in field_value[1].iterator()],
]
expected_value1 = [repr(x) for x in self.bridge2.editors.iterator()]
expected_value2 = [repr(x) for x in self.bridge3.editors.iterator()]
expected_value = [expected_value1, expected_value2]
self.assertEqual(field_value, expected_value)
def has_perm(self, user, perm, obj=None):
if not user.is_authenticated() or not user.is_active:
return False
if DEBUG:
print("Logic: ", perm, obj)
if obj is None:
method = perm.split(".")[1].split("_")[0]
return method in ('change', 'delete')
else:
bar = field_lookup(obj, self.field_name)
return user.has_perm(perm, bar)
return False
def has_perm(self, user, perm, obj):
# non authenticated users cannot gain access through dynamic conditions
if not user.is_authenticated() or perm not in self.grants:
return False
if obj is None:
return True
else:
conditions = field_lookup(obj, self.condition_field).split(',')
# any of the following conditions can be true
for cond in conditions:
if self.check_dynamic_condition(user, cond):
return True
return False
def has_perm(self, user, perm, obj):
# non authenticated users cannot gain access through dynamic conditions
if not user.is_authenticated() or perm not in self.grants:
return False
if obj is None:
return True
else:
conditions = field_lookup(obj, self.condition_field).split(',')
# any of the following conditions can be true
for cond in conditions:
if self.check_dynamic_condition(user, cond):
return True
return False
def has_perm(self, user_obj, perm, obj=None):
# User must be logged in
if not user_obj.is_authenticated:
logger.debug("%s not signed in" % user_obj)
return False
# See if we can handle that perm
if perm not in self.perms and perm not in self.denied:
logger.debug("%s - permission not recognized" % perm)
return False
# if there isn't an object, that means we're looking for a module permission.
# We don't do that.
if obj is None:
logger.debug(
"%s - has_perm called without model instance; denying permission"
% perm)
return False
# If your account has been disabled, too bad.
if not user_obj.is_active:
logger.debug("%s is not an active user" % user_obj)
return False
# get all authorized_users in the object
if isinstance(self.field_name, string_types):
self.field_name = [self.field_name]
for lookup in self.field_name:
authorized_users = field_lookup(obj, lookup)
# break out of a generator expression
if hasattr(authorized_users, '__iter__'):
authorized_users = list(authorized_users)
else:
authorized_users = [authorized_users]
for user in authorized_users:
if hasattr(user, 'all'):
authorized_users.extend(user.all())
authorized_users.remove(user)
if (user_obj in authorized_users):
if perm in self.denied:
logger.debug("%s - DENIED for %s in lookup '%s'" %
(perm, user_obj, lookup))
raise PermissionDenied()
logger.debug("%s - GRANTED for %s in lookup '%s'" %
(perm, user_obj, lookup))
return True
def has_perm(self, user_obj, perm, obj=None):
# User must be logged in
if not user_obj.is_authenticated:
logger.debug("%s not signed in" % user_obj)
return False
# See if we can handle that perm
if perm not in self.perms and perm not in self.denied:
logger.debug("%s - permission not recognized" % perm)
return False
# if there isn't an object, that means we're looking for a module permission.
# We don't do that.
if obj is None:
logger.debug("%s - has_perm called without model instance; denying permission" % perm)
return False
# If your account has been disabled, too bad.
if not user_obj.is_active:
logger.debug("%s is not an active user" % user_obj)
return False
# get all authorized_users in the object
if isinstance(self.field_name, string_types):
self.field_name = [self.field_name]
for lookup in self.field_name:
authorized_users = field_lookup(obj, lookup)
# break out of a generator expression
if hasattr(authorized_users, '__iter__'):
authorized_users = list(authorized_users)
else:
authorized_users = [authorized_users]
for user in authorized_users:
if hasattr(user, 'all'):
authorized_users.extend(user.all())
authorized_users.remove(user)
if (user_obj in authorized_users):
if perm in self.denied:
logger.debug("%s - DENIED for %s in lookup '%s'" % (perm, user_obj, lookup))
raise PermissionDenied()
logger.debug("%s - GRANTED for %s in lookup '%s'" % (perm, user_obj, lookup))
return True
def test_field_lookup_editors(self):
field_value = field_lookup(self.model, 'editors')
field_value = (x for x in field_value.iterator())
expected_value = map(repr, (self.editor1, self.editor2))
self.assertQuerysetEqual(field_value, expected_value)
def test_field_lookup_single_bridge_editors_username(self):
field_value = list(
field_lookup(self.model, 'single_bridge__editors__username'))
expected_value = [x.username for x in self.bridge1.editors.iterator()]
self.assertEqual(field_value, expected_value)
def test_field_lookup_multiple_bridge_author(self):
field_value = field_lookup(self.model, 'multiple_bridge__author')
expected_value = list(
map(repr, (self.bridge2.author, self.bridge3.author)))
self.assertQuerysetEqual(field_value, expected_value)
def test_field_lookup_single_bridge_author_username(self):
field_value = field_lookup(self.model,
'single_bridge__author__username')
self.assertEqual(field_value, self.bridge1.author.username)
def test_field_lookup_single_bridge_editors(self):
field_value = field_lookup(self.model, 'single_bridge__editors')
field_value = (x for x in field_value.iterator())
expected_value = list(map(repr, self.bridge1.editors.iterator()))
self.assertQuerysetEqual(field_value, expected_value)
def accessor(fieldname):
""" returns an accessor function for fieldname
where fieldname can be a '_' seperated django field name
"""
return lambda x: field_lookup(x, fieldname)
def test_field_lookup_single_bridge_editors_username(self):
field_value = list(field_lookup(self.model,
'single_bridge__editors__username'))
expected_value = [x.username for x in self.bridge1.editors.iterator()]
self.assertEqual(field_value, expected_value)
def test_field_lookup_author(self):
field_value = field_lookup(self.model, 'author')
self.assertEqual(field_value, self.author)
def test_field_lookup_author_username(self):
field_value = field_lookup(self.model, 'author__username')
self.assertEqual(field_value, self.author.username)
def has_perm(self, user_obj, perm, obj=None):
"""
Check if user have permission (of object)
If the user_obj is not authenticated, it return ``False``.
If no object is specified, it return ``True`` when the corresponding
permission was specified to ``True`` (changed from v0.7.0).
This behavior is based on the django system.
https://code.djangoproject.com/wiki/RowLevelPermissions
If an object is specified, it will return ``True`` if the user is
found in ``field_name`` of the object (e.g. ``obj.collaborators``).
So once the object store the user as a collaborator in
``field_name`` attribute (default: ``collaborators``), the collaborator
can change or delete the object (you can change this behavior to set
``any_permission``, ``change_permission`` or ``delete_permission``
attributes of this instance).
Parameters
----------
user_obj : django user model instance
A django user model instance which be checked
perm : string
`app_label.codename` formatted permission string
obj : None or django model instance
None or django model instance for object permission
Returns
-------
boolean
Whether the specified user have specified permission (of specified
object).
"""
if not is_authenticated(user_obj):
return False
# construct the permission full name
change_permission = self.get_full_permission_string('change')
delete_permission = self.get_full_permission_string('delete')
if obj is None:
# object permission without obj should return True
# Ref: https://code.djangoproject.com/wiki/RowLevelPermissions
if self.any_permission:
return True
if self.change_permission and perm == change_permission:
return True
if self.delete_permission and perm == delete_permission:
return True
return False
elif user_obj.is_active:
# get collaborator queryset
collaborators = field_lookup(obj, self.field_name)
if hasattr(collaborators, 'all'):
collaborators = collaborators.all()
if user_obj in collaborators:
if self.any_permission:
# have any kind of permissions to the obj
return True
if (self.change_permission and
perm == change_permission):
return True
if (self.delete_permission and
perm == delete_permission):
return True
return False
def test_field_lookup_editors_username(self):
field_value = list(field_lookup(self.model, 'editors__username'))
expected_value = [x.username for x in
(self.editor1, self.editor2)]
self.assertEqual(field_value, expected_value)
def test_field_lookup_single_bridge_author_username(self):
field_value = field_lookup(self.model,
'single_bridge__author__username')
self.assertEqual(field_value, self.bridge1.author.username)
def has_perm(self, user_obj, perm, obj=None):
"""
Check if user have permission (of object)
If the user_obj is not authenticated, it return ``False``.
If no object is specified, it return ``True`` when the corresponding
permission was specified to ``True`` (changed from v0.7.0).
This behavior is based on the django system.
https://code.djangoproject.com/wiki/RowLevelPermissions
If an object is specified, it will return ``True`` if the user is
specified in ``field_name`` of the object (e.g. ``obj.author``).
So once user create an object and the object store who is the author in
``field_name`` attribute (default: ``author``), the author can change
or delete the object (you can change this behavior to set
``any_permission``, ``change_permissino`` or ``delete_permission``
attributes of this instance).
Parameters
----------
user_obj : django user model instance
A django user model instance which be checked
perm : string
`app_label.codename` formatted permission string
obj : None or django model instance
None or django model instance for object permission
Returns
-------
boolean
Wheter the specified user have specified permission (of specified
object).
"""
if not user_obj.is_authenticated():
return False
# construct the permission full name
change_permission = self.get_full_permission_string('change')
delete_permission = self.get_full_permission_string('delete')
# check if the user is authenticated
if obj is None:
# object permission without obj should return True
# Ref: https://code.djangoproject.com/wiki/RowLevelPermissions
if self.any_permission:
return True
if self.change_permission and perm == change_permission:
return True
if self.delete_permission and perm == delete_permission:
return True
return False
elif user_obj.is_active:
# get author instance
author = field_lookup(obj, self.field_name)
if author == user_obj:
if self.any_permission:
# have any kind of permissions to the obj
return True
if (self.change_permission and
perm == change_permission):
return True
if (self.delete_permission and
perm == delete_permission):
return True
return False
def test_field_lookup_single_bridge_editors(self):
field_value = field_lookup(self.model, 'single_bridge__editors')
field_value = (x for x in field_value.iterator())
expected_value = list(map(repr, self.bridge1.editors.iterator()))
self.assertQuerysetEqual(field_value, expected_value)
def test_field_lookup_author_username(self):
field_value = field_lookup(self.model, 'author__username')
self.assertEqual(field_value, self.author.username)
def test_field_lookup_editors(self):
field_value = field_lookup(self.model, 'editors')
field_value = (x for x in field_value.iterator())
expected_value = map(repr, (self.editor1, self.editor2))
self.assertQuerysetEqual(field_value, expected_value)
def test_field_lookup_author(self):
field_value = field_lookup(self.model, 'author')
self.assertEqual(field_value, self.author)
def test_field_lookup_editors_username(self):
field_value = list(field_lookup(self.model, 'editors__username'))
expected_value = [x.username for x in (self.editor1, self.editor2)]
self.assertEqual(field_value, expected_value)
def accessor(fieldname):
""" returns an accessor function for fieldname
where fieldname can be a '_' seperated django field name
"""
return lambda x: field_lookup(x, fieldname)
def test_field_lookup_multiple_bridge_author(self):
field_value = field_lookup(self.model, 'multiple_bridge__author')
expected_value = list(map(repr, (self.bridge2.author,
self.bridge3.author)))
self.assertQuerysetEqual(field_value, expected_value)
