def wrapped_view_func(request, *args, **kwargs):
# Ensure that the user is authenticated
if not request.user.is_authenticated():
raise PermissionDenied
# Get the required role and the user's role
required_role = Role.get_role(role)
user_role = Role.get_role(request.user.role)
if not user_role.supersedes(required_role):
raise PermissionDenied
return view_func(request, *args, **kwargs)
class AccountUpdateForm(forms.ModelForm):
role = forms.ChoiceField(choices=Role.get_roles())
class Meta:
model = Account
fields = ('email', 'first_name', 'last_name', 'role')
def __init__(self, *args, **kwargs):
self.account = kwargs.pop('account', None)
super(AccountUpdateForm, self).__init__(*args, **kwargs)
if self.account and hasattr(self.account, 'role'):
# If you are not an admin you can't see roles
if self.account.role < Account.ADMINISTRATOR:
del self.fields['role']
else:
# If you are an administrator or up you can change roles for
# appropriate level
self.fields['role'].choices = [
choice for choice in self.fields['role'].choices
if choice[0] <= self.account.role
]
else:
raise Exception('You must provide an account to this form.')
def test_list_roles(self):
roles = Role.list_roles()
self.assertEquals(len(roles), 4)
self.assertTrue(self.role_1.slug in roles)
self.assertTrue(self.role_2.slug in roles)
self.assertTrue(self.role_3.slug in roles)
self.assertTrue(self.role_4.slug in roles)
def test_get_roles(self):
roles = Role.get_roles()
self.assertEquals(len(roles), 4)
self.assertTrue((self.role_1.slug, self.role_1) in roles)
self.assertTrue((self.role_2.slug, self.role_2) in roles)
self.assertTrue((self.role_3.slug, self.role_3) in roles)
self.assertTrue((self.role_4.slug, self.role_4) in roles)
def get_required_role(self):
if self.role:
return Role.get_role(self.role)
else:
raise ImproperlyConfigured(
"Views which inherit from MinimumRoleRequiredMixin must have a \"role\" member."
)
def process_request(self, request):
if not request.user.is_authenticated():
return
user_role = Role.get_role(request.user.role)
admin_role = Role.get_role(MELLOW_ADMIN_ROLE)
if user_role.supersedes(admin_role):
if '__impersonate' in request.GET:
request.session['impersonate_id'] = int(
request.GET['__impersonate'])
elif '__unimpersonate' in request.GET:
if 'impersonate_id' in request.session:
del request.session['impersonate_id']
if 'impersonate_id' in request.session:
request.impersonator = request.user
request.user = Account.objects.get(
pk=request.session['impersonate_id'])
def test_set_roles(self):
mellow_roles = [
('superadmin', 'Super Administrator'),
('admin', 'Administrator', 'superadmin'),
('user', 'User', 'admin'),
('client', 'Client', 'admin'),
]
Role.set_roles(mellow_roles)
roles = Role.list_roles()
# Test role name list
self.assertEquals(len(roles), 4)
self.assertTrue('superadmin' in roles)
self.assertTrue('admin' in roles)
self.assertTrue('user' in roles)
self.assertTrue('client' in roles)
# Test role relationships
self.assertEquals(Role.get_role(slug='superadmin').parent, None)
self.assertEquals(Role.get_role(slug='admin').parent.slug, 'superadmin')
self.assertEquals(Role.get_role(slug='user').parent.slug, 'admin')
self.assertEquals(Role.get_role(slug='client').parent.slug, 'admin')
def test_default_settings(self):
roles = Role.list_roles()
self.assertEquals(len(roles), 3)
self.assertTrue('superadmin' in roles)
self.assertTrue('admin' in roles)
self.assertTrue('user' in roles)
def __init__(self, *args, **kwargs):
super(CreateUnactivatedAccountForm, self).__init__(*args, **kwargs)
self.fields['role'] = forms.ChoiceField(choices=Role.get_roles())
from django.conf import settings
from mellow.roles import Role
# Role tree
DEFAULT_MELLOW_ROLES = [
(
'superadmin',
'Super Administrator',
),
('admin', 'Administrator', 'superadmin'),
('user', 'User', 'admin'),
]
MELLOW_ROLES = getattr(settings, 'MELLOW_ROLES', DEFAULT_MELLOW_ROLES)
Role.set_roles(MELLOW_ROLES)
# Account creation role permission
MELLOW_ADMIN_ROLE = getattr(settings, 'MELLOW_MINIMUM_ACCOUNT_CREATE_ROLE',
'admin')
def setUp(self):
Role.clear_roles()
self.role_1 = RoleFactory.create()
self.role_2 = RoleFactory.create(parent=self.role_1)
self.role_3 = RoleFactory.create(parent=self.role_1)
self.role_4 = RoleFactory.create(parent=self.role_3)
def test_get_required_role(self):
view = MinimumRoleRequiredView()
self.assertTrue(view.get_required_role(), Role.get_role(slug='admin'))
def get_user_role(self, request):
return Role.get_role(request.user.role)
def get_role(self):
return Role.get_role(self.role)
class Account(AbstractBaseUser):
role = models.CharField(max_length=255, choices=Role.get_roles())
email = models.EmailField(max_length=255, unique=True)
first_name = models.CharField(max_length=255)
last_name = models.CharField(max_length=255)
objects = AccountManager()
USERNAME_FIELD = 'email'
REQUIRED_FIELDS = ['first_name', 'last_name']
is_superuser = models.BooleanField(
'superuser status',
default=False,
help_text='Designates that this user has all permissions without '
'explicitly assigning them.')
is_staff = models.BooleanField(
default=False,
help_text='Designates whether the user can log into this admin site.')
is_active = models.BooleanField(
default=True,
help_text='Designates whether this user should be treated as active. '
'Unselect this instead of deleting accounts.')
groups = models.ManyToManyField(
Group,
verbose_name='groups',
blank=True,
help_text='The groups this user belongs to. A user will '
'get all permissions granted to each of '
'their groups.',
related_name="user_set",
related_query_name="user")
date_joined = models.DateTimeField(default=timezone.now)
activation_key = models.CharField(max_length=40,
default=make_activation_key)
objects = AccountManager()
def __str__(self):
return self.get_full_name()
def get_role(self):
return Role.get_role(self.role)
def get_username(self):
return self.email
def get_short_name(self):
return self.first_name
def get_full_name(self):
return '%s %s' % (self.first_name, self.last_name)
def send_activation_email(self, domain, applications, total_documents):
#if self.role == Account.CLIENT:
# applications = LoanApplication.objects.filter(client=self.client, status=LoanApplication.PENDING)
# total_documents = ApplicationDocument.objects.filter(application__client=self.client).count()
send_templated_mail(template_name='new_client_password_link',
from_email=ADMIN_EMAIL_SENDER,
recipient_list=[self.email],
context={
'domain': domain,
'account': self,
'applications': applications,
'total_documents': total_documents,
})
"""