def collections_user_has_any_permission_for(self, user, actions):
"""
Return a queryset of all collections in which the given user has
permission to perform any of the given actions
"""
if user.is_active and user.is_superuser:
# active superusers can perform any action (including unrecognised ones)
# in any collection
return Collection.objects.all()
elif not user_is_authenticated(user):
return Collection.objects.none()
elif 'change' in actions or 'delete' in actions:
# return collections which are covered by either 'add' or 'change' permissions
# (since collections with 'add' permissions can *potentially* contain instances
# they own and can therefore edit)
return self._collections_with_perm(user, ['add', 'change'])
elif 'add' in actions:
return self._collections_with_perm(user, ['add'])
else:
# action is not recognised, and so non-superusers
# cannot perform it on any existing collections
return Collection.objects.none()
def instances_user_has_any_permission_for(self, user, actions):
if user.is_active and user.is_superuser:
# active superusers can perform any action (including unrecognised ones)
# on any instance
return self.model.objects.all()
elif not user_is_authenticated(user):
return self.model.objects.none()
elif 'change' in actions or 'delete' in actions:
# return instances which are:
# - in (a descendant of) a collection for which they have 'change' permission
# - OR in (a descendant of) a collection for which they have 'add' permission,
# and are owned by them
change_perm_filter = Q(collection__in=list(
self._collections_with_perm(user, ['change'])))
add_perm_filter = Q(collection__in=list(
self._collections_with_perm(user, ['add']))) & Q(
**{self.owner_field_name: user})
return self.model.objects.filter(change_perm_filter
| add_perm_filter)
else:
# action is either not recognised, or is the 'add' action which is
# not meaningful for existing instances. As such, non-superusers
# cannot perform it on any existing instances.
return self.model.objects.none()
def instances_user_has_any_permission_for(self, user, actions):
"""
Return a queryset of all instances of this model for which the given user has
permission to perform any of the given actions
"""
if not (user.is_active and user_is_authenticated(user)):
return self.model.objects.none()
elif user.is_superuser:
return self.model.objects.all()
else:
# filter to just the collections with this permission
return self.model.objects.filter(collection__in=list(
self._collections_with_perm(user, actions)))
def collections_user_has_any_permission_for(self, user, actions):
"""
Return a queryset of all collections in which the given user has
permission to perform any of the given actions
"""
if user.is_active and user.is_superuser:
# active superusers can perform any action (including unrecognised ones)
# in any collection
return Collection.objects.all()
elif not user_is_authenticated(user):
return Collection.objects.none()
else:
return self._collections_with_perm(user, actions)
def login(request):
if user_is_authenticated(request.user) and request.user.has_perm(
'tuiuiuadmin.access_admin'):
return redirect('tuiuiuadmin_home')
else:
from django.contrib.auth import get_user_model
return auth_views.login(
request,
template_name='tuiuiuadmin/login.html',
authentication_form=forms.LoginForm,
extra_context={
'show_password_reset': password_reset_enabled(),
'username_field': get_user_model().USERNAME_FIELD,
},
)
def _check_perm(self, user, actions, collection=None):
"""
Equivalent to user.has_perm(self._get_permission_name(action)) on all listed actions,
but using GroupCollectionPermission rather than group.permissions.
If collection is specified, only consider GroupCollectionPermission records
that apply to that collection.
"""
if not (user.is_active and user_is_authenticated(user)):
return False
if user.is_superuser:
return True
collection_permissions = GroupCollectionPermission.objects.filter(
group__user=user,
permission__in=self._get_permission_objects_for_actions(actions),
)
if collection:
collection_permissions = collection_permissions.filter(
collection__in=collection.get_ancestors(inclusive=True))
return collection_permissions.exists()
def user_has_any_permission(self, user, actions):
return user_is_authenticated(user) and user.is_active