示例#1
0
def __get_users_and_groups(cls, obj=None):
    users = User.objects.all()
    groups = Group.objects.all()
    content_type = cerberus.get_class_content_type(cls)
    class_perms = cerberus.get_class_perms(cls)
    ucp = UserClassPermission.objects.filter(content_type=content_type)
    gcp = GroupClassPermission.objects.filter(content_type=content_type)
    group_class_perms = {}
    for g in groups:
        group_class_perms[g] = set()
        for perm in gcp.filter(group=g).values('codename'):
            group_class_perms[g].add(perm['codename'])
        g.class_perms = group_class_perms[g]
    for u in users:
        u.class_perms = {}
        u.class_perms_user_only = set()
        for perm in ucp.filter(user=u).values('codename'):
            u.class_perms[perm['codename']] = 'User permission on %s' % cls.__name__
            u.class_perms_user_only.add(perm['codename'])
        perms_set = set(u.class_perms)
        for g in u.groups.all():
            for nperm in (group_class_perms[g] - perms_set):
                u.class_perms[nperm] = 'Permission received from group: %s' % unicode(g)
        if u.is_superuser:
            for cls_perm in class_perms:
                u.class_perms[cls_perm] = 'User receives permission as superuser.'
    if obj is None:
        return (users, groups)
    uop = UserObjectPermission.objects.filter(content_type=content_type, object_pk=obj.pk)
    gop = GroupObjectPermission.objects.filter(content_type=content_type, object_pk=obj.pk)
    object_perms = cerberus.get_object_perms(cls)
    group_object_perms = {}
    for g in groups:
        # handle regular GroupObjectPermissions
        group_object_perms[g] = set()
        for perm in gop.filter(group=g).values('codename'):
            group_object_perms[g].add(perm['codename'])
        g.object_perms = group_object_perms[g]
        g.object_perms_group_only = group_object_perms[g]
        # handle group object perms inherited from class perms
        # TODO
    for u in users:
        # handle regular UserObjectPermissions
        u.object_perms_user_only = set()
        u.object_perms = {}
        for perm in uop.filter(user=u).values('codename'):
            u.object_perms_user_only.add(perm['codename'])
            u.object_perms[perm['codename']] = 'User permission on %s %s' % (cls.__name__, unicode(obj))
        for g in u.groups.all():
            for nperm in (group_object_perms[g] - perms_set):
                u.object_perms[nperm] = 'Permission received from group: %s' % unicode(g)
        if u.is_superuser:
            for obj_perm in object_perms:
                u.object_perms[obj_perm] = 'User receives permission as superuser.'
        # handle user object perms inherited from class perms
        # TODO
    return (users, groups)
示例#2
0
def permissions_view(request, clsname, obj_pk=None):
    (cls, obj, content_type) = __get_cls_obj_and_content_type(clsname, obj_pk)
    (users, groups) = __get_users_and_groups(cls, obj)
    class_perms = cerberus.get_class_perms(cls)
    object_perms = cerberus.get_object_perms(cls)
    if obj is None:
        return render_to_response('cerberus/class_perms_view.html',
                {'class_perms': class_perms,
                    'users': users, 'groups': groups,
                    'clsname': cls.__name__, 'class': cls},
                context_instance=RequestContext(request))
    return render_to_response('cerberus/object_perms_view.html',
            {'class_perms': class_perms, 'object_perms': object_perms,
                'users': users, 'groups': groups, 
                'clsname': cls.__name__, 'object': obj},
            context_instance=RequestContext(request))