def test_permissions(self):
"""Test the permissions lightly."""
from pages.permissions import PagePermission
admin = User.objects.get(username='******')
page = self.new_page()
pp = PagePermission(user=page.author)
self.assertTrue(pp.check('change', page=page, method='GET'))
self.assertTrue(pp.check('change', page=page, method='POST'))
staff = User.objects.get(username='******')
pp = PagePermission(user=staff)
# weird because nonstaff?
self.assertTrue(pp.check('change', page=page, method='GET',
lang='en-us'))
self.assertFalse(pp.check('change', page=page, method='POST',
lang='en-us'))
self.assertFalse(pp.check('delete', page=page, method='POST',
lang='en-us'))
self.assertFalse(pp.check('add', page=page, method='POST',
lang='en-us'))
self.assertFalse(pp.check('freeze', page=page, method='POST',
lang='en-us'))
self.assertFalse(pp.check('doesnotexist', page=page, method='POST',
lang='en-us'))
self.assertFalse(pp.check('publish', page=page, method='POST',
lang='en-us'))
def list_pages(self, request, template_name=None, extra_context=None):
"""List root pages"""
if not admin.site.has_permission(request):
return admin.site.login(request)
language = get_language_from_request(request)
query = request.POST.get('q', '').strip()
if query:
page_ids = list(
set([
c.page.pk
for c in Content.objects.filter(body__icontains=query)
]))
pages = Page.objects.filter(pk__in=page_ids)
else:
pages = Page.objects.filter(parent__isnull=True)
if settings.PAGE_HIDE_SITES:
pages = pages.filter(sites=settings.SITE_ID)
perms = PagePermission(request.user)
context = {
'can_publish': perms.check('publish'),
'language': language,
'name': _("page"),
'pages': pages,
'opts': self.model._meta,
'q': query
}
context.update(extra_context or {})
change_list = self.changelist_view(request, context)
return change_list
def has_change_permission(self, request, obj=None):
"""Return ``True`` if the current user has permission
to change the page."""
lang = get_language_from_request(request)
return PagePermission(request.user).check('change',
page=obj,
lang=lang,
method=request.method)
def change_status(request, page_id):
"""
Switch the status of a page.
"""
perm = PagePermission(request.user).check('change', method='POST')
if perm and request.method == 'POST':
page = Page.objects.get(pk=page_id)
page.status = int(request.POST['status'])
page.save()
return HttpResponse(unicode(page.status))
raise Http404
def delete_content(request, page_id, language_id):
page = get_object_or_404(Page, pk=page_id)
perm = PagePermission(request.user).check('delete', page=page,
lang=language_id, method='POST')
if not perm:
raise Http404
for c in Content.objects.filter(page=page, language=language_id):
c.delete()
destination = request.REQUEST.get('next', request.META.get('HTTP_REFERER',
'/admin/pages/page/%s/' % page_id))
return HttpResponseRedirect(destination)
def list_pages_ajax(request, invalid_move=False):
"""Render pages table for ajax function."""
language = get_language_from_request(request)
pages = Page.objects.root()
perms = PagePermission(request.user)
context = {
'can_publish': perms.check('publish'),
'invalid_move': invalid_move,
'language': language,
'pages': pages,
}
return render_to_response("admin/pages/page/change_list_table.html",
context,
context_instance=RequestContext(request))
def sub_menu(request, page_id):
"""Render the children of the requested page with the sub_menu
template."""
page = Page.objects.get(id=page_id)
pages = page.children.all()
page_languages = settings.PAGE_LANGUAGES
perms = PagePermission(request.user)
return render_to_response("admin/pages/page/sub_menu.html", {
'can_publish': perms.check('publish'),
'page': page,
'pages': pages,
'page_languages': page_languages,
},
context_instance=RequestContext(request))
def modify_content(request, page_id, content_type, language_id):
"""Modify the content of a page."""
page = get_object_or_404(Page, pk=page_id)
perm = PagePermission(request.user).check('change', page=page,
lang=language_id, method='POST')
if perm and request.method == 'POST':
content = request.POST.get('content', False)
if not content:
raise Http404
page = Page.objects.get(pk=page_id)
if settings.PAGE_CONTENT_REVISION:
Content.objects.create_content_if_changed(page, language_id,
content_type, content)
else:
Content.objects.set_or_create_content(page, language_id,
content_type, content)
page.invalidate()
# to update last modification date
page.save()
return HttpResponse('ok')
raise Http404
def get_fieldsets(self, request, obj=None):
"""
Add fieldsets of placeholders to the list of already
existing fieldsets.
"""
general_fields = list(self.general_fields)
perms = PagePermission(request.user)
# some ugly business to remove freeze_date
# from the field list
general_module = {
'fields': list(self.general_fields),
'classes': ('module-general', ),
}
default_fieldsets = list(self.fieldsets)
if not perms.check('freeze'):
general_module['fields'].remove('freeze_date')
if not perms.check('publish'):
general_module['fields'].remove('status')
default_fieldsets[0][1] = general_module
placeholder_fieldsets = []
template = get_template_from_request(request, obj)
for placeholder in get_placeholders(template):
if placeholder.name not in self.mandatory_placeholders:
placeholder_fieldsets.append(placeholder.name)
additional_fieldsets = []
additional_fieldsets.append((_('Content'), {
'fields': placeholder_fieldsets,
'classes': ('module-content', ),
}))
return default_fieldsets + additional_fieldsets
def has_add_permission(self, request):
"""Return ``True`` if the current user has permission to add a new
page."""
lang = get_language_from_request(request)
return PagePermission(request.user).check('add', lang=lang)