def get_queryset(self): user = self.form._magic_user if not hasattr(self, '_queryset'): if self.queryset is not None: qs = self.queryset else: qs = self.model._default_manager.get_query_set() # category based permissions if not user.is_superuser: category_fk = model_category_fk(self.model) if category_fk: # in ListingInlineOptions: self.instance .. Placement instance, self.model .. Listing view_perm = get_permission('view', self.model) change_perm = get_permission('change', self.model) perms = ( view_perm, change_perm, ) qs = permission_filtered_model_qs(qs, user, perms) # user filtered categories qs = utils.user_category_filter(qs, user) if self.max_num > 0: self._queryset = qs[:self.max_num] else: self._queryset = qs return self._queryset
def get_queryset(self): # Avoid a circular import. from django.contrib.contenttypes.models import ContentType user = self.form._magic_user if self.instance is None: return self.model._default_manager.empty() out = self.model._default_manager.filter( **{ self.ct_field.name: ContentType.objects.get_for_model(self.instance), self.ct_fk_field.name: self.instance.pk, }) if user.is_superuser: return out # filtering -- view permitted categories only cfield = model_category_fk_value(self.model) if not cfield: return out # self.instance .. Article, self.model .. Placement (in GenericInlineFormSet for Placement Inline) view_perm = get_permission('view', self.model) change_perm = get_permission('change', self.model) perms = ( view_perm, change_perm, ) qs = permission_filtered_model_qs(out, user, perms) qs = utils.user_category_filter(qs, user) return qs
def full_clean(self): super(BaseGenericInlineFormSet, self).full_clean() cfield = model_category_fk(self.instance) if not cfield: return #cat = model_category_fk_value(self.instance) # next part is category-based permissions (only for objects with category field) def add_field_error(form, field_name, message): err_list = ErrorList((message, )) form._errors[field_name] = err_list user = self.form._magic_user # Adding new object for form in self.extra_forms: change_perm = get_permission('change', form.instance) if not form.has_changed(): continue if cfield.name not in form.changed_data: continue add_perm = get_permission('add', form.instance) if not has_object_permission(user, form.instance, change_perm): self._non_form_errors = _('Creating objects is not permitted.') continue c = form.cleaned_data[cfield.name] if not has_category_permission(user, c, add_perm): add_field_error(form, cfield.name, _('Category not permitted')) # Changing existing object for form in self.initial_forms: change_perm = get_permission('change', form.instance) delete_perm = get_permission('delete', form.instance) if self.can_delete and hasattr( form, 'cleaned_data') and form.cleaned_data[DELETION_FIELD_NAME]: if not has_object_permission(user, form.instance, delete_perm): self._non_form_errors = _( 'Object deletion is not permitted.') continue if model_category_fk( form.instance ) is not None and not has_category_permission( user, form.instance.category, delete_perm): self._non_form_errors = _( 'Object deletion is not permitted.') continue if cfield.name not in form.changed_data: continue if not has_object_permission(user, form.instance, change_perm): self._non_form_errors = _('Object change is not permitted.') continue c = form.cleaned_data[cfield.name] if not has_category_permission(user, c, change_perm): add_field_error(form, cfield.name, _('Category not permitted'))
def _get_queryset(self): if hasattr(self._queryset, '_newman_filtered'): return self._queryset view_perm = get_permission('view', self.model) change_perm = get_permission('change', self.model) perms = (view_perm, change_perm,) qs = permission_filtered_model_qs(self._queryset, self.user, perms) # user category filter qs = utils.user_category_filter(qs, self.user) qs._newman_filtered = True #magic variable self._set_queryset(qs) return self._queryset
def restrict_field_categories(self, form, user, model): if 'category' not in form.base_fields: return f = form.base_fields['category'] if hasattr(f.queryset, '_newman_filtered'): return view_perm = get_permission('view', model) change_perm = get_permission('change', model) perms = (view_perm, change_perm,) qs = permission_filtered_model_qs(f.queryset, user, perms) qs._newman_filtered = True #magic variable f._set_queryset(qs)
def _get_queryset(self): if hasattr(self._queryset, '_newman_filtered'): return self._queryset view_perm = get_permission('view', self.model) change_perm = get_permission('change', self.model) perms = ( view_perm, change_perm, ) qs = permission_filtered_model_qs(self._queryset, self.user, perms) # user category filter qs = utils.user_category_filter(qs, self.user) qs._newman_filtered = True #magic variable self._set_queryset(qs) return self._queryset
def restrict_field_categories(self, form, user, model): if 'category' not in form.base_fields: return f = form.base_fields['category'] if hasattr(f.queryset, '_newman_filtered'): return view_perm = get_permission('view', model) change_perm = get_permission('change', model) perms = ( view_perm, change_perm, ) qs = permission_filtered_model_qs(f.queryset, user, perms) qs._newman_filtered = True #magic variable f._set_queryset(qs)
def full_clean(self): super(BaseGenericInlineFormSet, self).full_clean() cfield = model_category_fk(self.instance) if not cfield: return #cat = model_category_fk_value(self.instance) # next part is category-based permissions (only for objects with category field) def add_field_error(form, field_name, message): err_list = ErrorList( (message,) ) form._errors[field_name] = err_list user = self.form._magic_user # Adding new object for form in self.extra_forms: change_perm = get_permission('change', form.instance) if not form.has_changed(): continue if cfield.name not in form.changed_data: continue add_perm = get_permission('add', form.instance) if not has_object_permission(user, form.instance, change_perm): self._non_form_errors = _('Creating objects is not permitted.') continue c = form.cleaned_data[cfield.name] if not has_category_permission(user, c, add_perm): add_field_error( form, cfield.name, _('Category not permitted') ) # Changing existing object for form in self.initial_forms: change_perm = get_permission('change', form.instance) delete_perm = get_permission('delete', form.instance) if self.can_delete and form.cleaned_data[DELETION_FIELD_NAME]: if not has_object_permission(user, form.instance, delete_perm): self._non_form_errors = _('Object deletion is not permitted.') continue if model_category_fk(form.instance) is not None and not has_category_permission(user, form.instance.category, delete_perm): self._non_form_errors = _('Object deletion is not permitted.') continue if cfield.name not in form.changed_data: continue if not has_object_permission(user, form.instance, change_perm): self._non_form_errors = _('Object change is not permitted.') continue c = form.cleaned_data[cfield.name] if not has_category_permission(user, c, change_perm): add_field_error( form, cfield.name, _('Category not permitted') )
def clean(self, value): cvalue = super(CategoryChoiceField, self).clean(value) return cvalue # TODO unable to realize if field was modified or not (when user has view permission a hits Save.) # Permissions checks are placed in FormSets for now. CategoryChoiceField restricts category # choices at the moment. # next part is category-based permissions (only for objects with category field) # attempt: to do role-permission checks here (add new and change permissions checking) # Adding new object #TODO check wheter field was modified or not. add_perm = get_permission('add', self.model) if not has_category_permission(self.user, cvalue, add_perm): raise ValidationError(_('Category not permitted')) # Changing existing object change_perm = get_permission('change', self.model) if not has_category_permission(self.user, cvalue, change_perm): raise ValidationError(_('Category not permitted')) return cvalue
def get_queryset(self): # Avoid a circular import. from django.contrib.contenttypes.models import ContentType user = self.form._magic_user if self.instance is None: return self.model._default_manager.empty() out = self.model._default_manager.filter(**{ self.ct_field.name: ContentType.objects.get_for_model(self.instance), self.ct_fk_field.name: self.instance.pk, }) if user.is_superuser: return out # filtering -- view permitted categories only cfield = model_category_fk_value(self.model) if not cfield: return out # self.instance .. Article, self.model .. Placement (in GenericInlineFormSet for Placement Inline) view_perm = get_permission('view', self.model) change_perm = get_permission('change', self.model) perms = (view_perm, change_perm,) qs = permission_filtered_model_qs(out, user, perms) qs = utils.user_category_filter(qs, user) return qs
def get_queryset(self): user = self.form._magic_user if not hasattr(self, '_queryset'): if self.queryset is not None: qs = self.queryset else: qs = self.model._default_manager.get_query_set() # category based permissions if not user.is_superuser: category_fk = model_category_fk(self.model) if category_fk: # in ListingInlineOptions: self.instance .. Placement instance, self.model .. Listing view_perm = get_permission('view', self.model) change_perm = get_permission('change', self.model) perms = (view_perm, change_perm,) qs = permission_filtered_model_qs(qs, user, perms) # user filtered categories qs = utils.user_category_filter(qs, user) if self.max_num > 0: self._queryset = qs[:self.max_num] else: self._queryset = qs return self._queryset