def has_change_permission(self, request, obj=None): """ Returns True if the given request has permission to change the given Django model instance. If `obj` is None, this should return True if the given request has permission to change *any* object of the given type. If request is GET type, at least view_permission is needed. In case of POST request change permission is needed. """ cfield = model_category_fk_value(obj) if obj is None or not cfield: if request.method == 'POST': return super(NewmanModelAdmin, self).has_change_permission(request, obj) else: return self.has_model_view_permission(request, obj) opts = self.opts change_perm = '%s.%s' % ( opts.app_label, opts.get_change_permission() ) view_perm = '%s.view_%s' % ( opts.app_label, opts.object_name.lower() ) can_view = has_category_permission( request.user, cfield, view_perm ) can_change = has_category_permission( request.user, cfield, change_perm ) if request.method == 'POST' and can_change: return True elif request.method == 'GET' and (can_view or can_change): return True return False
def has_change_permission(self, request, obj=None): """ Returns True if the given request has permission to change the given Django model instance. If `obj` is None, this should return True if the given request has permission to change *any* object of the given type. If request is GET type, at least view_permission is needed. In case of POST request change permission is needed. """ cfield = model_category_fk_value(obj) if obj is None or not cfield: if request.method == 'POST': return super(NewmanModelAdmin, self).has_change_permission(request, obj) else: return self.has_model_view_permission(request, obj) opts = self.opts change_perm = '%s.%s' % (opts.app_label, opts.get_change_permission()) view_perm = '%s.view_%s' % (opts.app_label, opts.object_name.lower()) can_view = has_category_permission(request.user, cfield, view_perm) can_change = has_category_permission(request.user, cfield, change_perm) if request.method == 'POST' and can_change: return True elif request.method == 'GET' and (can_view or can_change): return True return False
def get_queryset(self): # Avoid a circular import. from django.contrib.contenttypes.models import ContentType user = self.form._magic_user if self.instance is None: return self.model._default_manager.empty() out = self.model._default_manager.filter( **{ self.ct_field.name: ContentType.objects.get_for_model(self.instance), self.ct_fk_field.name: self.instance.pk, }) if user.is_superuser: return out # filtering -- view permitted categories only cfield = model_category_fk_value(self.model) if not cfield: return out # self.instance .. Article, self.model .. Placement (in GenericInlineFormSet for Placement Inline) view_perm = get_permission('view', self.model) change_perm = get_permission('change', self.model) perms = ( view_perm, change_perm, ) qs = permission_filtered_model_qs(out, user, perms) qs = utils.user_category_filter(qs, user) return qs
def get_queryset(self): # Avoid a circular import. from django.contrib.contenttypes.models import ContentType user = self.form._magic_user if self.instance is None: return self.model._default_manager.empty() out = self.model._default_manager.filter(**{ self.ct_field.name: ContentType.objects.get_for_model(self.instance), self.ct_fk_field.name: self.instance.pk, }) if user.is_superuser: return out # filtering -- view permitted categories only cfield = model_category_fk_value(self.model) if not cfield: return out # self.instance .. Article, self.model .. Placement (in GenericInlineFormSet for Placement Inline) view_perm = get_permission('view', self.model) change_perm = get_permission('change', self.model) perms = (view_perm, change_perm,) qs = permission_filtered_model_qs(out, user, perms) qs = utils.user_category_filter(qs, user) return qs
def test_model_category_fk_value_parent_category_value(self): self.assert_equals(self.nested_first_level, model_category_fk_value(self.nested_second_level))