def and_permission(self, account, membership): folder = self.get_permission_object() self.object = folder target = get_object_or_404(self.get_queryset(), slug=self.request.POST.get('target_slug')) return not folder.protected and target.can_add_folders and has_object_permission( membership, target, PERMISSIONS.add)
def build_children(self, node, activate_slug): children = node.children.filter(protected=False) membership = self.request.user.get_membership( get_current_account(self.request)) # QUESTION: What is common import name for ugettext (__ here)? BTW, should I use u')' to keep it Unicode? result = [] for child in children: is_requested_node = child.slug == activate_slug is_selectable = has_object_permission(membership, child, PERMISSIONS.add) if is_selectable: result.append({ 'id': child.slug, 'text': text_type(child.name) + (' ' + _('(current)') if is_requested_node else ''), 'icon': 'fa fa-folder-o folder-icon' if is_requested_node else 'fa fa-folder folder-icon', 'children': not child.is_leaf_node(), }) return result
def has_permission(context, model, permission, obj=None): """ :param model: 'app_label.model' """ membership = context['current_membership'] return (shortcuts.has_role_permission(membership, model, permission) or shortcuts.has_object_permission(membership, obj, permission))
def _find_document_and_check_can_view(self, pk): # No filtering by folder here as any document id, for current account is alright document = self.get_queryset().get(pk=int(pk)) if not has_object_permission(self.get_current_membership(), document, PERMISSIONS.view): raise PermissionDenied() return document
def and_permission(self, account, membership): target = get_object_or_404(Folder, account=account, slug=self.request.POST.get('target_slug')) self.target = target return target.can_add_files and has_object_permission( membership, target, PERMISSIONS.add)
def check_permissions(self, request): super(RestPermissionMixin, self).check_permissions(request) # Manual handling of @login_required to return proper response for API usage (not a redirect) if not request.user.is_authenticated: self.permission_denied(request) account = get_current_account_for_url(request, self.kwargs['url']) membership = request.user.get_membership(account) if hasattr(self, 'get_model_permission'): # Support dynamic permissions model, permission = self.get_model_permission(request) else: model, permission = self.permission obj = self.get_permission_object() if (self.and_permission(account, membership) and ((has_role_permission(membership, model, permission) or has_object_permission(membership, obj, permission)) or self.or_permission(account, membership))): return # Soft land folder urls to root folder instead of 403 if 'folders/' in request.path: self.permission_denied(request, "No access to this folder")
def and_permission(self, account, membership): document = get_object_or_404(self.get_queryset(), id=self.kwargs['document_id']) self.document = document if document.folder and document.folder.special_field and document.account == get_current_account( self.request): return True if not document.downloadable: return False return has_object_permission(membership, document, PERMISSIONS.view)
def and_permission(self, account, membership): # View only explicitly allowed folders (usually RolePermission view means can view all) try: return self.action in ['list', 'create', 'lookup' ] or has_object_permission( membership, self.get_object(), PERMISSIONS.view) except Http404: return True # Ok.. you've got access to nothing. except: return False
def dispatch(self, request, *args, **kwargs): account = get_current_account(request) membership = request.user.get_membership(account) model, permission = self.permission obj = self.get_permission_object() if (self.and_permission(account, membership) and ((has_role_permission(membership, model, permission) or has_object_permission(membership, obj, permission)) or self.or_permission(account, membership))): return super(PermissionMixin, self).dispatch(request, *args, **kwargs) # Soft land folder urls to root folder instead of 403 if 'folders/' in request.path: return redirect('folders:rootfolder_detail', url=account.url) raise PermissionDenied()
def and_permission(self, account, membership): # View only explicitly allowed folders (usually RolePermission view means can view all) return has_object_permission(membership, self.get_object(), PERMISSIONS.view)
def and_permission(self, account, membership): document = get_object_or_404(self.get_queryset(), id=self.kwargs['document_id']) self.document = document return has_object_permission(membership, document, PERMISSIONS.view)