def can_edit(cls, field):
request = field.request
obj = field.obj
can_edit = False
edit_permission = 'edit'
if request.user.is_anonymous():
pass
elif request.user.is_superuser:
can_edit = True
else:
if not getattr(request, 'cache_edit_inline', None):
request.cache_edit_inline = {}
if not isinstance(obj, BaseContent):
if isinstance(obj, BaseCategory):
edit_permission = 'manage_category'
if isinstance(obj, Menu):
obj = obj.get_section()
else:
obj = None
if obj in request.cache_edit_inline:
can_edit = request.cache_edit_inline.get(obj)
else:
can_edit = has_permission(obj, request.user, edit_permission)
request.cache_edit_inline[obj] = can_edit
return can_edit
def get_publishers(content):
""" Get users who may publish a content """
from merengue.perms import utils as perms_api
return [
u for u in User.objects.filter(is_staff=True)
if perms_api.has_permission(content, u, 'can_published')
]
def microsite_url(request, microsite_slug, url):
microsite = get_object_or_404(MicroSite, slug=microsite_slug)
has_view = perms_api.has_permission(microsite, request.user, 'view')
if not has_view:
raise PermissionDenied
urlconf = getattr(request, "urlconf", settings.ROOT_URLCONF)
urlresolvers.set_urlconf(urlconf)
index_prefix = request.get_full_path().index(microsite_slug)
prefix = request.get_full_path()[:index_prefix + len(microsite_slug) + 1]
resolver = urlresolvers.RegexURLResolver(r'^%s' % prefix, urlconf)
newurl = request.path_info
try:
callback, callback_args, callback_kwargs = resolver.resolve(
newurl)
except urlresolvers.Resolver404, e:
if settings.APPEND_SLASH and (not newurl.endswith('/')):
newurl = newurl + '/'
if settings.DEBUG and request.method == 'POST':
raise RuntimeError((""
"You called this URL via POST, but the URL doesn't end "
"in a slash and you have APPEND_SLASH set. Django can't "
"redirect to the slash URL while maintaining POST data. "
"Change your form to point to %s (note the trailing "
"slash), or set APPEND_SLASH=False in your Django "
"settings.") % newurl)
return HttpResponseRedirect(newurl)
raise e
def forum_comment_add(request, forum_slug, thread_slug, parent_id=None):
thread = get_object_or_404(Thread,
slug=thread_slug,
forum__slug=forum_slug)
if thread.closed:
raise Http404
if request.POST:
form = CaptchaForumThreadCommentForm(user=request.user,
data=request.POST)
else:
if request.is_ajax():
return forum_comment_form(request, thread, parent_id)
else:
return forum_comment_form(
request,
thread,
parent_id,
template='forum/forum_comment_preview.html')
if form.is_valid():
new_comment = form.save(commit=False)
new_comment.ip_address = request.META.get('REMOTE_ADDR', None)
new_comment.user = request.user
new_comment.thread = thread
if parent_id:
new_comment.parent = get_object_or_404(ForumThreadComment,
id=int(parent_id))
new_comment.save()
if request.user and not request.user.is_anonymous():
request.user.message_set.create(
message=_("Your message has been posted successfully."))
if request.is_ajax():
moderation = request.user and (
request.user.is_superuser or has_permission(
thread.forum, request.user, 'moderate_forum'))
is_auth = request.user and request.user.is_authenticated()
return render_to_response(
'forum/thread_comment.html', {
'thread': thread,
'parent_id': parent_id,
'is_moderated': moderation,
'actions': (moderation or not thread.closed) and is_auth,
'comment': new_comment
},
context_instance=RequestContext(request))
else:
return HttpResponseRedirect(thread.get_absolute_url())
else:
template = 'forum/forum_comment_preview.html'
if request.is_ajax():
template = 'forum/forum_comment_add.html'
return forum_comment_form(request,
thread,
parent_id,
template=template,
form=form)
def thread_view(request, forum_slug, thread_slug, original_context=None):
thread = get_object_or_404(Thread, slug=thread_slug, forum__slug=forum_slug)
is_moderated = request.user and (request.user.is_superuser or has_permission(thread.forum, request.user, 'moderate_forum'))
is_auth = request.user and request.user.is_authenticated()
comments = thread.forumthreadcomment_set.filter(parent__isnull=True).order_by('date_submitted')
if not is_moderated:
comments = comments.filter(banned=False)
return content_view(request, thread, extra_context={'comments': comments,
'can_comment': not thread.closed and is_auth})
def can_create_new_thread(request, content):
user = request.user
if not user:
login_url = '%s?next=%s' % (get_login_url(),
request.get_full_path())
return HttpResponseRedirect(login_url)
elif not has_permission(content, user, 'edit'):
send_info(request, ugettext('You don\'t have permission to create a new thread'))
return HttpResponseRedirect(content.get_absolute_url())
return None
def can_create_new_thread(request, content):
user = request.user
if not user:
login_url = '%s?next=%s' % (get_login_url(), request.get_full_path())
return HttpResponseRedirect(login_url)
elif not has_permission(content, user, 'edit'):
send_info(
request,
ugettext('You don\'t have permission to create a new thread'))
return HttpResponseRedirect(content.get_absolute_url())
return None
def forum_comment_delete(request, comment_id):
comment = get_object_or_404(ForumThreadComment, id=comment_id)
content = comment.thread
if request.user and not (request.user.is_superuser or has_permission(comment.thread.forum, request.user, 'moderate_forum')):
return HttpResponseRedirect(content.get_absolute_url())
comment.delete()
if request.is_ajax():
json = simplejson.dumps({'is_deleted': True}, ensure_ascii=False)
return HttpResponse(json, 'text/javascript')
else:
return HttpResponseRedirect(content.get_absolute_url())
def forum_comment_delete(request, comment_id):
comment = get_object_or_404(ForumThreadComment, id=comment_id)
content = comment.thread
if request.user and not (request.user.is_superuser or has_permission(
comment.thread.forum, request.user, 'moderate_forum')):
return HttpResponseRedirect(content.get_absolute_url())
comment.delete()
if request.is_ajax():
json = simplejson.dumps({'is_deleted': True}, ensure_ascii=False)
return HttpResponse(json, 'text/javascript')
else:
return HttpResponseRedirect(content.get_absolute_url())
def forum_comment_change_visibity(request, comment_id, publish=True):
""" Change visibility status for a comment """
comment = get_object_or_404(ForumThreadComment, id=comment_id)
thread = comment.thread
if request.user and not (request.user.is_superuser or has_permission(comment.thread.forum, request.user, 'moderate_forum')):
return HttpResponseRedirect(thread.get_absolute_url())
comment.banned = not comment.banned
comment.save()
if request.is_ajax():
json = simplejson.dumps({'is_public': not comment.banned}, ensure_ascii=False)
return HttpResponse(json, 'text/javascript')
else:
return HttpResponseRedirect(thread.get_absolute_url())
def forum_comment_change_visibity(request, comment_id, publish=True):
""" Change visibility status for a comment """
comment = get_object_or_404(ForumThreadComment, id=comment_id)
thread = comment.thread
if request.user and not (request.user.is_superuser or has_permission(
comment.thread.forum, request.user, 'moderate_forum')):
return HttpResponseRedirect(thread.get_absolute_url())
comment.banned = not comment.banned
comment.save()
if request.is_ajax():
json = simplejson.dumps({'is_public': not comment.banned},
ensure_ascii=False)
return HttpResponse(json, 'text/javascript')
else:
return HttpResponseRedirect(thread.get_absolute_url())
def thread_comment(context, comment):
is_moderated = context['request'] and\
context['request'].user and\
(context['request'].user.is_superuser or has_permission(comment.thread.forum, context['request'].user, 'moderate_forum'))
is_auth = (context['request'] and context['request'].user and context['request'].user.is_authenticated())
children_comments = comment.children.all().order_by('date_submitted')
if not is_moderated:
children_comments = children_comments.filter(banned=False)
return {'thread': comment.thread,
'comment': comment,
'is_moderated': is_moderated,
'actions': (is_moderated or not comment.thread.closed) and is_auth,
'MEDIA_URL': context['MEDIA_URL'],
'request': context['request'],
'children_comments': children_comments,
}
def render(self, context):
if not self.obj:
obj = context.get("obj") or context.get("content")
else:
obj = self.obj.resolve(context)
request = context.get("request")
permission = self.permission.resolve(context, True)
if obj:
has_perm = has_permission(obj, request.user, permission)
else:
has_perm = has_global_permission(request.user, permission)
if has_perm:
return self.nodelist_true.render(context)
else:
if self.nodelist_false:
return self.nodelist_false.render(context)
return ''
def thread_view(request, forum_slug, thread_slug, original_context=None):
thread = get_object_or_404(Thread,
slug=thread_slug,
forum__slug=forum_slug)
is_moderated = request.user and (
request.user.is_superuser
or has_permission(thread.forum, request.user, 'moderate_forum'))
is_auth = request.user and request.user.is_authenticated()
comments = thread.forumthreadcomment_set.filter(
parent__isnull=True).order_by('date_submitted')
if not is_moderated:
comments = comments.filter(banned=False)
return content_view(request,
thread,
extra_context={
'comments': comments,
'can_comment': not thread.closed and is_auth
})
def render(self, context):
if not self.obj:
obj = context.get("obj") or context.get("content")
else:
obj = self.obj.resolve(context)
request = context.get("request")
permission = self.permission.resolve(context, True)
if obj:
has_perm = has_permission(obj, request.user, permission)
else:
has_perm = has_global_permission(request.user, permission)
if has_perm:
return self.nodelist_true.render(context)
else:
if self.nodelist_false:
return self.nodelist_false.render(context)
return ''
def forum_comment_add(request, forum_slug, thread_slug, parent_id=None):
thread = get_object_or_404(Thread, slug=thread_slug, forum__slug=forum_slug)
if thread.closed:
raise Http404
if request.POST:
form = CaptchaForumThreadCommentForm(user=request.user, data=request.POST)
else:
if request.is_ajax():
return forum_comment_form(request, thread, parent_id)
else:
return forum_comment_form(request, thread, parent_id,
template='forum/forum_comment_preview.html')
if form.is_valid():
new_comment = form.save(commit=False)
new_comment.ip_address = request.META.get('REMOTE_ADDR', None)
new_comment.user = request.user
new_comment.thread = thread
if parent_id:
new_comment.parent = get_object_or_404(ForumThreadComment, id=int(parent_id))
new_comment.save()
if request.user and not request.user.is_anonymous():
request.user.message_set.create(message=_("Your message has been posted successfully."))
if request.is_ajax():
moderation = request.user and (request.user.is_superuser or has_permission(thread.forum, request.user, 'moderate_forum'))
is_auth = request.user and request.user.is_authenticated()
return render_to_response('forum/thread_comment.html',
{'thread': thread,
'parent_id': parent_id,
'is_moderated': moderation,
'actions': (moderation or not thread.closed) and is_auth,
'comment': new_comment},
context_instance=RequestContext(request))
else:
return HttpResponseRedirect(thread.get_absolute_url())
else:
template = 'forum/forum_comment_preview.html'
if request.is_ajax():
template = 'forum/forum_comment_add.html'
return forum_comment_form(request, thread, parent_id, template=template, form=form)
def thread_comment(context, comment):
is_moderated = context['request'] and\
context['request'].user and\
(context['request'].user.is_superuser or has_permission(comment.thread.forum, context['request'].user, 'moderate_forum'))
is_auth = (context['request'] and context['request'].user
and context['request'].user.is_authenticated())
children_comments = comment.children.all().order_by('date_submitted')
if not is_moderated:
children_comments = children_comments.filter(banned=False)
return {
'thread': comment.thread,
'comment': comment,
'is_moderated': is_moderated,
'actions': (is_moderated or not comment.thread.closed) and is_auth,
'MEDIA_URL': context['MEDIA_URL'],
'request': context['request'],
'children_comments': children_comments,
}
def get_allowed_transitions(self, user, obj):
"""Returns all allowed transitions for passed object and user.
"""
from merengue.perms.utils import has_permission
transitions = []
for transition in self.transitions.all():
permission = transition.permission
if permission is None:
transitions.append(transition)
else:
# First we try to get the objects specific has_permission
# method (in case the object inherits from the PermissionBase
# class).
try:
if obj.has_permission(user, permission.codename):
transitions.append(transition)
except AttributeError:
if has_permission(obj, user,
permission.codename):
transitions.append(transition)
return transitions
def _permission_required(user, *args, **kwargs):
return has_permission(obj=None, user=user, codename=codename, roles=None)
def can_delete(self, user):
""" Returns if the user can delete this content """
from merengue.perms.utils import has_permission
return has_permission(self, user, 'delete')
def _permission_required(user, *args, **kwargs):
return has_permission(obj=None,
user=user,
codename=codename,
roles=None)
def can_edit(self, user):
""" Returns if the user can edit this content """
from merengue.perms.utils import has_permission
return has_permission(self, user, 'edit')
def editable_by_user(self, user):
from merengue.perms.utils import has_permission
for content in self:
if has_permission(content, user, 'edit'):
yield content
def get_publishers(content):
""" Get users who may publish a content """
from merengue.perms import utils as perms_api
return [u for u in User.objects.filter(is_staff=True) if perms_api.has_permission(content, u, 'can_published')]
def editable_by_user(self, user):
from merengue.perms.utils import has_permission
for content in self:
if has_permission(content, user, 'edit'):
yield content