def queryset(self, request):
"""
First semi-working draft of category-based permissions. It will allow permissions to be set per category
effectively hiding the content the user has no permission to see/change.
"""
# return cached queryset, if possible
if self._cached_queryset_request_id == id(request) and type(self._cached_queryset) != type(None):
return self._cached_queryset
q = super(NewmanModelAdmin, self).queryset(request)
# user category filter
qs = utils.user_category_filter(q, request.user)
# if self.model is licensed filter queryset
if License._meta.installed:
exclude_pks = License.objects.unapplicable_for_model(self.model)
qs_tmp = qs.exclude(pk__in=exclude_pks)
utils.copy_queryset_flags(qs_tmp, qs)
qs = qs_tmp
if request.user.is_superuser:
return qs
view_perm = self.opts.app_label + '.' + 'view_' + self.model._meta.module_name.lower()
change_perm = self.opts.app_label + '.' + 'change_' + self.model._meta.module_name.lower()
perms = (view_perm, change_perm,)
# return permission_filtered_model_qs(qs, request.user, perms)
qs_tmp = permission_filtered_model_qs(qs, request.user, perms)
utils.copy_queryset_flags(qs_tmp, qs)
# cache the result
self._cached_queryset_request_id = id(request)
self._cached_queryset = qs_tmp
return qs_tmp
def filter_func(fspec):
root_cats = Category.objects.filter(tree_parent__isnull=True)
qs = permission_filtered_model_qs(root_cats, fspec.user)
for cat in qs:
lookup_dict = dict()
lookup_dict[fspec.site_field_path] = cat.site.pk
link_text = '%s (%s)' % (cat.site.name, cat.site.domain)
link = (link_text, lookup_dict)
fspec.links.append(link)
return True
def restrict_field_categories(self, form, user, model):
if 'category' not in form.base_fields:
return
f = form.base_fields['category']
if hasattr(f.queryset, '_newman_filtered'):
return
view_perm = get_permission('view', model)
change_perm = get_permission('change', model)
perms = (view_perm, change_perm,)
qs = permission_filtered_model_qs(f.queryset, user, perms)
qs._newman_filtered = True #magic variable
f._set_queryset(qs)
def newman_index(self, request, extra_context=None):
def translate_and_upper(text):
return ugettext(text).upper()
"""
Displays the main Newman index page, without installed apps.
"""
data = {'sites': []}
try:
data['sites'] = get_user_config(request.user, newman_settings.CATEGORY_FILTER)
except KeyError:
data['sites'] = []
publishable_lookup_fields = {
'day': 'publish_from__day',
'month': 'publish_from__month',
'year': 'publish_from__year'
}
site_filter_form = SiteFilterForm(data=data, user=request.user)
if site_filter_form.sites_count == 1:
site_filter_form = None
cts = []
last_filters = {}
for model, model_admin in self._registry.items():
if has_model_list_permission(request.user, model) and model_admin.search_fields:
ct = ContentType.objects.get_for_model(model)
cts.append(ct)
# Load saved filter configurations for changelists
key = 'filter__%s__%s' % (ct.app_label, ct.model)
last_filter = AdminSetting.objects.filter(var=key, user=request.user)
if last_filter:
last_filters[key] = '?%s' % json_decode(last_filter[0].value)
future_qs = Publishable.objects.select_related().filter(publish_from__gt=datetime.datetime.now()).order_by('publish_from', 'category__tree_path')
future_qs_perm = permission_filtered_model_qs(future_qs, request.user)
future_publishables = user_category_filter(future_qs_perm, request.user)
cts.sort( lambda a, b: cmp(translate_and_upper(a.name), translate_and_upper(b.name)) )
context = {
'title': _('Site administration'),
'site_filter_form': site_filter_form,
'searchable_content_types': cts,
'last_filters': last_filters,
'future_publishables': future_publishables,
'publishable_lookup_fields': publishable_lookup_fields,
'show_calendar': has_model_list_permission(request.user, Publishable),
}
context.update(extra_context or {})
return render_to_response('newman/newman-index.html', context,
context_instance=template.RequestContext(request)
)
def test_only_viewable_articles_retrieved(self):
# article1
accessible_article = Article.objects.create(title=u'Testable rabbit', slug='testable-rabbit', description='Perex', category=self.nested_first_level_two)
accessible_article.authors.add(self.author)
accessible_article.save()
inaccessible_article = Article.objects.create(title='Lost rabbit', slug='testable-rabbit', description='Perex', category=self.nested_first_level)
inaccessible_article.authors.add(self.author)
inaccessible_article.save()
# test
filtered_qs = permission_filtered_model_qs(
Article.objects.all(),
self.user,
['articles.view_article', 'articles.change_article']
)
available_articles = list(filtered_qs.all())
tools.assert_equals(accessible_article, available_articles[0])
tools.assert_equals(1, len(available_articles))
def get_queryset(self):
# Avoid a circular import.
from django.contrib.contenttypes.models import ContentType
user = self.form._magic_user
if self.instance is None:
return self.model._default_manager.empty()
out = self.model._default_manager.filter(**{
self.ct_field.name: ContentType.objects.get_for_model(self.instance),
self.ct_fk_field.name: self.instance.pk,
})
if user.is_superuser:
return out
# filtering -- view permitted categories only
cfield = model_category_fk_value(self.model)
if not cfield:
return out
# self.instance .. Article, self.model .. Placement (in GenericInlineFormSet for Placement Inline)
view_perm = get_permission('view', self.model)
change_perm = get_permission('change', self.model)
perms = (view_perm, change_perm,)
qs = permission_filtered_model_qs(out, user, perms)
qs = utils.user_category_filter(qs, user)
return qs
def get_queryset(self):
user = self.form._magic_user
if not hasattr(self, '_queryset'):
if self.queryset is not None:
qs = self.queryset
else:
qs = self.model._default_manager.get_query_set()
# category based permissions
if not user.is_superuser:
category_fk = model_category_fk(self.model)
if category_fk:
# in ListingInlineOptions: self.instance .. Placement instance, self.model .. Listing
view_perm = get_permission('view', self.model)
change_perm = get_permission('change', self.model)
perms = (view_perm, change_perm,)
qs = permission_filtered_model_qs(qs, user, perms)
# user filtered categories
qs = utils.user_category_filter(qs, user)
if self.max_num > 0:
self._queryset = qs[:self.max_num]
else:
self._queryset = qs
return self._queryset
