def queryset(self, request): """ First semi-working draft of category-based permissions. It will allow permissions to be set per category effectively hiding the content the user has no permission to see/change. """ # return cached queryset, if possible if self._cached_queryset_request_id == id(request) and type(self._cached_queryset) != type(None): return self._cached_queryset q = super(NewmanModelAdmin, self).queryset(request) # user category filter qs = utils.user_category_filter(q, request.user) # if self.model is licensed filter queryset if License._meta.installed: exclude_pks = License.objects.unapplicable_for_model(self.model) qs_tmp = qs.exclude(pk__in=exclude_pks) utils.copy_queryset_flags(qs_tmp, qs) qs = qs_tmp if request.user.is_superuser: return qs view_perm = self.opts.app_label + '.' + 'view_' + self.model._meta.module_name.lower() change_perm = self.opts.app_label + '.' + 'change_' + self.model._meta.module_name.lower() perms = (view_perm, change_perm,) # return permission_filtered_model_qs(qs, request.user, perms) qs_tmp = permission_filtered_model_qs(qs, request.user, perms) utils.copy_queryset_flags(qs_tmp, qs) # cache the result self._cached_queryset_request_id = id(request) self._cached_queryset = qs_tmp return qs_tmp
def filter_func(fspec): root_cats = Category.objects.filter(tree_parent__isnull=True) qs = permission_filtered_model_qs(root_cats, fspec.user) for cat in qs: lookup_dict = dict() lookup_dict[fspec.site_field_path] = cat.site.pk link_text = '%s (%s)' % (cat.site.name, cat.site.domain) link = (link_text, lookup_dict) fspec.links.append(link) return True
def restrict_field_categories(self, form, user, model): if 'category' not in form.base_fields: return f = form.base_fields['category'] if hasattr(f.queryset, '_newman_filtered'): return view_perm = get_permission('view', model) change_perm = get_permission('change', model) perms = (view_perm, change_perm,) qs = permission_filtered_model_qs(f.queryset, user, perms) qs._newman_filtered = True #magic variable f._set_queryset(qs)
def newman_index(self, request, extra_context=None): def translate_and_upper(text): return ugettext(text).upper() """ Displays the main Newman index page, without installed apps. """ data = {'sites': []} try: data['sites'] = get_user_config(request.user, newman_settings.CATEGORY_FILTER) except KeyError: data['sites'] = [] publishable_lookup_fields = { 'day': 'publish_from__day', 'month': 'publish_from__month', 'year': 'publish_from__year' } site_filter_form = SiteFilterForm(data=data, user=request.user) if site_filter_form.sites_count == 1: site_filter_form = None cts = [] last_filters = {} for model, model_admin in self._registry.items(): if has_model_list_permission(request.user, model) and model_admin.search_fields: ct = ContentType.objects.get_for_model(model) cts.append(ct) # Load saved filter configurations for changelists key = 'filter__%s__%s' % (ct.app_label, ct.model) last_filter = AdminSetting.objects.filter(var=key, user=request.user) if last_filter: last_filters[key] = '?%s' % json_decode(last_filter[0].value) future_qs = Publishable.objects.select_related().filter(publish_from__gt=datetime.datetime.now()).order_by('publish_from', 'category__tree_path') future_qs_perm = permission_filtered_model_qs(future_qs, request.user) future_publishables = user_category_filter(future_qs_perm, request.user) cts.sort( lambda a, b: cmp(translate_and_upper(a.name), translate_and_upper(b.name)) ) context = { 'title': _('Site administration'), 'site_filter_form': site_filter_form, 'searchable_content_types': cts, 'last_filters': last_filters, 'future_publishables': future_publishables, 'publishable_lookup_fields': publishable_lookup_fields, 'show_calendar': has_model_list_permission(request.user, Publishable), } context.update(extra_context or {}) return render_to_response('newman/newman-index.html', context, context_instance=template.RequestContext(request) )
def test_only_viewable_articles_retrieved(self): # article1 accessible_article = Article.objects.create(title=u'Testable rabbit', slug='testable-rabbit', description='Perex', category=self.nested_first_level_two) accessible_article.authors.add(self.author) accessible_article.save() inaccessible_article = Article.objects.create(title='Lost rabbit', slug='testable-rabbit', description='Perex', category=self.nested_first_level) inaccessible_article.authors.add(self.author) inaccessible_article.save() # test filtered_qs = permission_filtered_model_qs( Article.objects.all(), self.user, ['articles.view_article', 'articles.change_article'] ) available_articles = list(filtered_qs.all()) tools.assert_equals(accessible_article, available_articles[0]) tools.assert_equals(1, len(available_articles))
def get_queryset(self): # Avoid a circular import. from django.contrib.contenttypes.models import ContentType user = self.form._magic_user if self.instance is None: return self.model._default_manager.empty() out = self.model._default_manager.filter(**{ self.ct_field.name: ContentType.objects.get_for_model(self.instance), self.ct_fk_field.name: self.instance.pk, }) if user.is_superuser: return out # filtering -- view permitted categories only cfield = model_category_fk_value(self.model) if not cfield: return out # self.instance .. Article, self.model .. Placement (in GenericInlineFormSet for Placement Inline) view_perm = get_permission('view', self.model) change_perm = get_permission('change', self.model) perms = (view_perm, change_perm,) qs = permission_filtered_model_qs(out, user, perms) qs = utils.user_category_filter(qs, user) return qs
def get_queryset(self): user = self.form._magic_user if not hasattr(self, '_queryset'): if self.queryset is not None: qs = self.queryset else: qs = self.model._default_manager.get_query_set() # category based permissions if not user.is_superuser: category_fk = model_category_fk(self.model) if category_fk: # in ListingInlineOptions: self.instance .. Placement instance, self.model .. Listing view_perm = get_permission('view', self.model) change_perm = get_permission('change', self.model) perms = (view_perm, change_perm,) qs = permission_filtered_model_qs(qs, user, perms) # user filtered categories qs = utils.user_category_filter(qs, user) if self.max_num > 0: self._queryset = qs[:self.max_num] else: self._queryset = qs return self._queryset