Пример #1
0
    def collections_user_has_any_permission_for(self, user, actions):
        """
        Return a queryset of all collections in which the given user has
        permission to perform any of the given actions
        """
        if user.is_active and user.is_superuser:
            # active superusers can perform any action (including unrecognised ones)
            # in any collection
            return Collection.objects.all()

        elif not user_is_authenticated(user):
            return Collection.objects.none()

        elif 'change' in actions or 'delete' in actions:
            # return collections which are covered by either 'add' or 'change' permissions
            # (since collections with 'add' permissions can *potentially* contain instances
            # they own and can therefore edit)
            return self._collections_with_perm(user, ['add', 'change'])

        elif 'add' in actions:
            return self._collections_with_perm(user, ['add'])

        else:
            # action is not recognised, and so non-superusers
            # cannot perform it on any existing collections
            return Collection.objects.none()
Пример #2
0
    def instances_user_has_any_permission_for(self, user, actions):
        if user.is_active and user.is_superuser:
            # active superusers can perform any action (including unrecognised ones)
            # on any instance
            return self.model.objects.all()
        elif not user_is_authenticated(user):
            return self.model.objects.none()
        elif 'change' in actions or 'delete' in actions:
            # return instances which are:
            # - in (a descendant of) a collection for which they have 'change' permission
            # - OR in (a descendant of) a collection for which they have 'add' permission,
            #   and are owned by them

            change_perm_filter = Q(collection__in=list(
                self._collections_with_perm(user, ['change'])))

            add_perm_filter = Q(collection__in=list(
                self._collections_with_perm(user, ['add']))) & Q(
                    **{self.owner_field_name: user})

            return self.model.objects.filter(change_perm_filter
                                             | add_perm_filter)
        else:
            # action is either not recognised, or is the 'add' action which is
            # not meaningful for existing instances. As such, non-superusers
            # cannot perform it on any existing instances.
            return self.model.objects.none()
Пример #3
0
 def instances_user_has_any_permission_for(self, user, actions):
     """
     Return a queryset of all instances of this model for which the given user has
     permission to perform any of the given actions
     """
     if not (user.is_active and user_is_authenticated(user)):
         return self.model.objects.none()
     elif user.is_superuser:
         return self.model.objects.all()
     else:
         # filter to just the collections with this permission
         return self.model.objects.filter(collection__in=list(
             self._collections_with_perm(user, actions)))
Пример #4
0
    def collections_user_has_any_permission_for(self, user, actions):
        """
        Return a queryset of all collections in which the given user has
        permission to perform any of the given actions
        """
        if user.is_active and user.is_superuser:
            # active superusers can perform any action (including unrecognised ones)
            # in any collection
            return Collection.objects.all()

        elif not user_is_authenticated(user):
            return Collection.objects.none()

        else:
            return self._collections_with_perm(user, actions)
Пример #5
0
def login(request):
    if user_is_authenticated(request.user) and request.user.has_perm(
            'tuiuiuadmin.access_admin'):
        return redirect('tuiuiuadmin_home')
    else:
        from django.contrib.auth import get_user_model
        return auth_views.login(
            request,
            template_name='tuiuiuadmin/login.html',
            authentication_form=forms.LoginForm,
            extra_context={
                'show_password_reset': password_reset_enabled(),
                'username_field': get_user_model().USERNAME_FIELD,
            },
        )
Пример #6
0
    def _check_perm(self, user, actions, collection=None):
        """
        Equivalent to user.has_perm(self._get_permission_name(action)) on all listed actions,
        but using GroupCollectionPermission rather than group.permissions.
        If collection is specified, only consider GroupCollectionPermission records
        that apply to that collection.
        """
        if not (user.is_active and user_is_authenticated(user)):
            return False

        if user.is_superuser:
            return True

        collection_permissions = GroupCollectionPermission.objects.filter(
            group__user=user,
            permission__in=self._get_permission_objects_for_actions(actions),
        )

        if collection:
            collection_permissions = collection_permissions.filter(
                collection__in=collection.get_ancestors(inclusive=True))

        return collection_permissions.exists()
Пример #7
0
 def user_has_any_permission(self, user, actions):
     return user_is_authenticated(user) and user.is_active