def and_permission(self, account, membership):
folder = self.get_permission_object()
self.object = folder
target = get_object_or_404(self.get_queryset(),
slug=self.request.POST.get('target_slug'))
return not folder.protected and target.can_add_folders and has_object_permission(
membership, target, PERMISSIONS.add)
def build_children(self, node, activate_slug):
children = node.children.filter(protected=False)
membership = self.request.user.get_membership(
get_current_account(self.request))
# QUESTION: What is common import name for ugettext (__ here)? BTW, should I use u')' to keep it Unicode?
result = []
for child in children:
is_requested_node = child.slug == activate_slug
is_selectable = has_object_permission(membership, child,
PERMISSIONS.add)
if is_selectable:
result.append({
'id':
child.slug,
'text':
text_type(child.name) +
(' ' + _('(current)') if is_requested_node else ''),
'icon':
'fa fa-folder-o folder-icon'
if is_requested_node else 'fa fa-folder folder-icon',
'children':
not child.is_leaf_node(),
})
return result
def has_permission(context, model, permission, obj=None):
"""
:param model: 'app_label.model'
"""
membership = context['current_membership']
return (shortcuts.has_role_permission(membership, model, permission)
or shortcuts.has_object_permission(membership, obj, permission))
def _find_document_and_check_can_view(self, pk):
# No filtering by folder here as any document id, for current account is alright
document = self.get_queryset().get(pk=int(pk))
if not has_object_permission(self.get_current_membership(), document,
PERMISSIONS.view):
raise PermissionDenied()
return document
def and_permission(self, account, membership):
target = get_object_or_404(Folder,
account=account,
slug=self.request.POST.get('target_slug'))
self.target = target
return target.can_add_files and has_object_permission(
membership, target, PERMISSIONS.add)
def check_permissions(self, request):
super(RestPermissionMixin, self).check_permissions(request)
# Manual handling of @login_required to return proper response for API usage (not a redirect)
if not request.user.is_authenticated:
self.permission_denied(request)
account = get_current_account_for_url(request, self.kwargs['url'])
membership = request.user.get_membership(account)
if hasattr(self,
'get_model_permission'): # Support dynamic permissions
model, permission = self.get_model_permission(request)
else:
model, permission = self.permission
obj = self.get_permission_object()
if (self.and_permission(account, membership)
and ((has_role_permission(membership, model, permission)
or has_object_permission(membership, obj, permission))
or self.or_permission(account, membership))):
return
# Soft land folder urls to root folder instead of 403
if 'folders/' in request.path:
self.permission_denied(request, "No access to this folder")
def and_permission(self, account, membership):
document = get_object_or_404(self.get_queryset(),
id=self.kwargs['document_id'])
self.document = document
if document.folder and document.folder.special_field and document.account == get_current_account(
self.request):
return True
if not document.downloadable:
return False
return has_object_permission(membership, document, PERMISSIONS.view)
def and_permission(self, account, membership):
# View only explicitly allowed folders (usually RolePermission view means can view all)
try:
return self.action in ['list', 'create', 'lookup'
] or has_object_permission(
membership, self.get_object(),
PERMISSIONS.view)
except Http404:
return True # Ok.. you've got access to nothing.
except:
return False
def dispatch(self, request, *args, **kwargs):
account = get_current_account(request)
membership = request.user.get_membership(account)
model, permission = self.permission
obj = self.get_permission_object()
if (self.and_permission(account, membership)
and ((has_role_permission(membership, model, permission)
or has_object_permission(membership, obj, permission))
or self.or_permission(account, membership))):
return super(PermissionMixin,
self).dispatch(request, *args, **kwargs)
# Soft land folder urls to root folder instead of 403
if 'folders/' in request.path:
return redirect('folders:rootfolder_detail', url=account.url)
raise PermissionDenied()
def and_permission(self, account, membership):
# View only explicitly allowed folders (usually RolePermission view means can view all)
return has_object_permission(membership, self.get_object(),
PERMISSIONS.view)
def and_permission(self, account, membership):
document = get_object_or_404(self.get_queryset(), id=self.kwargs['document_id'])
self.document = document
return has_object_permission(membership, document, PERMISSIONS.view)
