def assign_perm(self, perm, group, obj): """ Assigns permission with given ``perm`` for an instance ``obj`` and ``group``. """ if getattr(obj, 'pk', None) is None: raise ObjectNotPersisted("Object %s needs to be persisted first" % obj) ctype = ContentType.objects.get_for_model(obj) permission = Permission.objects.get(content_type=ctype, codename=perm) kwargs = {'permission': permission, 'group': group} if self.is_generic(): kwargs['content_type'] = ctype kwargs['object_pk'] = obj.pk else: kwargs['content_object'] = obj obj_perm, created = self.get_or_create(**kwargs) # Add to cache check = ObjectPermissionChecker(group) key = check.get_local_cache_key(obj) cache_perms = cache.get(key) if cache_perms is not None and perm not in cache_perms: cache_perms.append(perm) cache.set(key, cache_perms) User = get_user_model() users = User.objects.filter(groups = group) for user in users: check = ObjectPermissionChecker(user) key = check.get_local_cache_key(obj) cache.delete(key) return obj_perm
def remove_perm(self, perm, user, obj): """ Removes permission ``perm`` for an instance ``obj`` and given ``user``. Please note that we do NOT fetch object permission from database - we use ``Queryset.delete`` method for removing it. Main implication of this is that ``post_delete`` signals would NOT be fired. """ if getattr(obj, 'pk', None) is None: raise ObjectNotPersisted("Object %s needs to be persisted first" % obj) filters = { 'permission__codename': perm, 'permission__content_type': ContentType.objects.get_for_model(obj), 'user': user, } if self.is_generic(): filters['object_pk'] = obj.pk else: filters['content_object__pk'] = obj.pk self.filter(**filters).delete() #Remove for cache check = ObjectPermissionChecker(user) key = check.get_local_cache_key(obj) cache_perms = cache.get(key) if cache_perms is not None and perm in cache_perms: cache_index = 0 for cache_perm in cache_perms: if perm == cache_perm: cache_perms.pop(cache_index) break cache_index += 1 cache.set(key, cache_perms)
def remove_perm(self, perm, group, obj): """ Removes permission ``perm`` for an instance ``obj`` and given ``group``. """ if getattr(obj, 'pk', None) is None: raise ObjectNotPersisted("Object %s needs to be persisted first" % obj) filters = { 'permission__codename': perm, 'permission__content_type': ContentType.objects.get_for_model(obj), 'group': group, } if self.is_generic(): filters['object_pk'] = obj.pk else: filters['content_object__pk'] = obj.pk self.filter(**filters).delete() #Remove for cache check = ObjectPermissionChecker(group) key = check.get_local_cache_key(obj) cache_perms = cache.get(key) if cache_perms is not None and perm in cache_perms: cache_index = 0 for cache_perm in cache_perms: if perm == cache_perm: cache_perms.pop(cache_index) break cache_index += 1 cache.set(key, cache_perms) User = get_user_model() users = User.objects.filter(groups = group) for user in users: check = ObjectPermissionChecker(user) key = check.get_local_cache_key(obj) cache.delete(key)