def has_perm(self, user, action): if action == ACTION_CREATE: return _has_perm(user, Ctnr.objects.get(name='test_ctnr'), action=action, obj_class=self.model) elif action in (ACTION_UPDATE, ACTION_DELETE): return _has_perm(user, Ctnr.objects.get(name='test_ctnr'), action=action, obj=self.test_obj)
def add_object(request, ctnr_pk): """Add object to container.""" acting_user = request.user ctnr = Ctnr.objects.get(id=ctnr_pk) pk = request.POST.get('obj_pk', '') name = request.POST.get('obj', '') obj_type = request.POST.get('obj_type', '') if obj_type == 'user': if _has_perm(acting_user, ctnr, ACTION_UPDATE, obj_class=CtnrUser): return add_user(request, ctnr, name) else: messages.error( request, 'You do not have permission to perform this action') return HttpResponse(json.dumps({'success': False})) else: if _has_perm(acting_user, ctnr, ACTION_UPDATE, obj_class=Ctnr): Klass = get_model('cyder', obj_type) if pk == 'null': try: if Klass.__name__ == 'Range': return HttpResponse( json.dumps( {'error': 'Please select a valid range'})) obj = Klass.objects.get(name=name) except Klass.DoesNotExist: return HttpResponse( json.dumps({ 'error': '{0} is not a valid {1}'.format(name, obj_type) })) else: obj = Klass.objects.get(id=pk) m2m = getattr(ctnr, (obj_type + 's'), None) if m2m is None: return HttpResponse( json.dumps({ 'error': '{0} is not related to {1}'.format(obj_type, ctnr) })) else: if obj in m2m.all(): return HttpResponse( json.dumps({ 'error': '{0} already exists in {1}'.format( name, str(ctnr)) })) m2m.add(obj) else: messages.error( request, 'You do not have permission to perform this action') return HttpResponse(json.dumps({'success': 'true'}))
def add_object(request, ctnr_pk): """Add object to container.""" acting_user = request.user ctnr = Ctnr.objects.get(id=ctnr_pk) pk = request.POST.get('obj_pk', '') name = request.POST.get('obj', '') obj_type = request.POST.get('obj_type', '') if obj_type == 'user': if _has_perm(acting_user, ctnr, ACTION_UPDATE, obj_class=CtnrUser): return add_user(request, ctnr, name) else: messages.error(request, 'You do not have permission to perform this action') return HttpResponse(json.dumps({'success': False})) else: if _has_perm(acting_user, ctnr, ACTION_UPDATE, obj_class=Ctnr): Klass = get_model('cyder', obj_type) if pk == 'null': try: if Klass.__name__ == 'Range': return HttpResponse(json.dumps({ 'error': 'Please select a valid range'})) obj = Klass.objects.get(name=name) except Klass.DoesNotExist: return HttpResponse( json.dumps({'error': '{0} is not a valid {1}'.format( name, obj_type)})) else: obj = Klass.objects.get(id=pk) m2m = getattr(ctnr, (obj_type + 's'), None) if m2m is None: return HttpResponse(json.dumps({ 'error': '{0} is not related to {1}'.format( obj_type, ctnr)})) else: if obj in m2m.all(): return HttpResponse(json.dumps({ 'error': '{0} already exists in {1}'.format( name, str(ctnr))})) m2m.add(obj) else: messages.error(request, 'You do not have permission to perform this action') return HttpResponse(json.dumps({'success': 'true'}))
def remove_object(request, ctnr_pk): if not request.POST: return redirect(request.META.get('HTTP_REFERER', '')) acting_user = request.user obj_type = request.POST.get('obj_type', None) obj_pk = request.POST.get('pk', None) ctnr = Ctnr.objects.get(id=ctnr_pk) return_status = {} if _has_perm(acting_user, ctnr, ACTION_UPDATE, obj_class=Ctnr): Klass = get_model('cyder', obj_type) obj = Klass.objects.get(id=obj_pk) m2m = getattr(ctnr, (obj_type + 's'), None) if m2m is None: return_status['error'] = ( '{0} is not related to {1}'.format(obj_type, ctnr)) else: if obj in m2m.all(): try: m2m.remove(obj) return_status['success'] = True except ValidationError, e: return_status['error'] = "; ".join(e.messages) else: return_status['error'] = ( '{0} does not exist in {1}'.format(str(obj), ctnr))
def update_user(request, ctnr_pk): if not request.POST: return redirect(request.META.get('HTTP_REFERER', '')) ctnr = Ctnr.objects.get(id=ctnr_pk) user_pk = request.POST.get('pk', None) return_status = {} if request.user.get_profile().id != int(user_pk): if _has_perm(request.user, ctnr, ACTION_UPDATE, obj_class=CtnrUser): cu_qs = CtnrUser.objects.filter(ctnr_id=ctnr_pk, user_id=user_pk) if cu_qs.exists(): ctnr_user = cu_qs.get() if request.POST.get('action', None) == 'obj_remove': ctnr_user.delete() else: lvl = request.POST.get('lvl', None) if (ctnr_user.level + int(lvl)) in range(0, 3): ctnr_user.level += int(lvl) ctnr_user.save() return_status['success'] = True else: return_status['error'] = ( 'That user does not exist inside this container') else: return_status['error'] = ( 'You do not have permission to perform this action') else: return_status['error'] = 'You can not edit your own permissions' return HttpResponse(json.dumps(return_status))
def remove_object(request, ctnr_pk): if not request.POST: return redirect(request.META.get('HTTP_REFERER', '')) acting_user = request.user obj_type = request.POST.get('obj_type', None) obj_pk = request.POST.get('pk', None) ctnr = Ctnr.objects.get(id=ctnr_pk) return_status = {} if _has_perm(acting_user, ctnr, ACTION_UPDATE, obj_class=Ctnr): Klass = get_model('cyder', obj_type) obj = Klass.objects.get(id=obj_pk) m2m = getattr(ctnr, (obj_type + 's'), None) if m2m is None: return_status['error'] = ( '{0} is not related to {1}'.format(obj_type, ctnr)) else: if obj in m2m.all(): m2m.remove(obj) return_status['success'] = True else: return_status['error'] = ( '{0} does not exist in {1}'.format(str(obj), ctnr)) else: return_status['error'] = ( 'You do not have permission to perform this action') return HttpResponse(json.dumps(return_status))
def remove_object(request, ctnr_pk): if not request.POST: return redirect(request.META.get('HTTP_REFERER', '')) acting_user = request.user obj_type = request.POST.get('obj_type', None) obj_pk = request.POST.get('pk', None) ctnr = Ctnr.objects.get(id=ctnr_pk) return_status = {} if _has_perm(acting_user, ctnr, ACTION_UPDATE, obj_class=Ctnr): Klass = get_model('cyder', obj_type) obj = Klass.objects.get(id=obj_pk) m2m = getattr(ctnr, (obj_type + 's'), None) if m2m is None: return_status['error'] = ('{0} is not related to {1}'.format( obj_type, ctnr)) else: if obj in m2m.all(): m2m.remove(obj) return_status['success'] = True else: return_status['error'] = ('{0} does not exist in {1}'.format( str(obj), ctnr)) else: return_status['error'] = ( 'You do not have permission to perform this action') return HttpResponse(json.dumps(return_status))
def remove_object(request, ctnr_pk): if not request.POST: return redirect(request.META.get('HTTP_REFERER', '')) acting_user = request.user obj_type = request.POST.get('obj_type', None) obj_pk = request.POST.get('pk', None) ctnr = Ctnr.objects.get(id=ctnr_pk) return_status = {} if _has_perm(acting_user, ctnr, ACTION_UPDATE, obj_class=Ctnr): Klass = get_model('cyder', obj_type) obj = Klass.objects.get(id=obj_pk) m2m = getattr(ctnr, (obj_type + 's'), None) if m2m is None: return_status['error'] = ('{0} is not related to {1}'.format( obj_type, ctnr)) else: if obj in m2m.all(): try: m2m.remove(obj) return_status['success'] = True except ValidationError, e: return_status['error'] = "; ".join(e.messages) else: return_status['error'] = ('{0} does not exist in {1}'.format( str(obj), ctnr))