lambdalisue /
django-permission
| @@ 10-136 (lines=127) @@ | ||
| 7 | from permission.utils.field_lookup import field_lookup |
|
| 8 | ||
| 9 | ||
| 10 | class CollaboratorsPermissionLogic(PermissionLogic): |
|
| 11 | """ |
|
| 12 | Permission logic class for collaborators based permission system |
|
| 13 | """ |
|
| 14 | def __init__(self, |
|
| 15 | field_name=None, |
|
| 16 | any_permission=None, |
|
| 17 | change_permission=None, |
|
| 18 | delete_permission=None): |
|
| 19 | """ |
|
| 20 | Constructor |
|
| 21 | ||
| 22 | Parameters |
|
| 23 | ---------- |
|
| 24 | field_name : string |
|
| 25 | A field name of object which store the collaborators as django |
|
| 26 | relational fields for django user model. |
|
| 27 | You can specify the related object with '__' like django queryset |
|
| 28 | filter. |
|
| 29 | Default value will be taken from |
|
| 30 | ``PERMISSION_DEFAULT_COLLABORATORS_PERMISSION_LOGIC_FIELD_NAME`` in |
|
| 31 | settings. |
|
| 32 | any_permission : boolean |
|
| 33 | True for give any permission of the specified object to the |
|
| 34 | collaborators. |
|
| 35 | Default value will be taken from |
|
| 36 | ``PERMISSION_DEFAULT_COLLABORATORS_PERMISSION_LOGIC_ANY_PERMISSION`` |
|
| 37 | in settings. |
|
| 38 | change_permission : boolean |
|
| 39 | True for give change permission of the specified object to the |
|
| 40 | collaborators. |
|
| 41 | It will be ignored if :attr:`any_permission` is True. |
|
| 42 | Default value will be taken from |
|
| 43 | ``PERMISSION_DEFAULT_COLLABORATORS_PERMISSION_LOGIC_CHANGE_PERMISSION`` |
|
| 44 | in settings. |
|
| 45 | delete_permission : boolean |
|
| 46 | True for give delete permission of the specified object to the |
|
| 47 | collaborators. |
|
| 48 | It will be ignored if :attr:`any_permission` is True. |
|
| 49 | Default value will be taken from |
|
| 50 | ``PERMISSION_DEFAULT_COLLABORATORS_PERMISSION_LOGIC_DELETE_PERMISSION`` |
|
| 51 | in settings. |
|
| 52 | """ |
|
| 53 | self.field_name = field_name |
|
| 54 | self.any_permission = any_permission |
|
| 55 | self.change_permission = change_permission |
|
| 56 | self.delete_permission = delete_permission |
|
| 57 | ||
| 58 | if self.field_name is None: |
|
| 59 | self.field_name = \ |
|
| 60 | settings.PERMISSION_DEFAULT_CPL_FIELD_NAME |
|
| 61 | if self.any_permission is None: |
|
| 62 | self.any_permission = \ |
|
| 63 | settings.PERMISSION_DEFAULT_CPL_ANY_PERMISSION |
|
| 64 | if self.change_permission is None: |
|
| 65 | self.change_permission = \ |
|
| 66 | settings.PERMISSION_DEFAULT_CPL_CHANGE_PERMISSION |
|
| 67 | if self.delete_permission is None: |
|
| 68 | self.delete_permission = \ |
|
| 69 | settings.PERMISSION_DEFAULT_CPL_DELETE_PERMISSION |
|
| 70 | ||
| 71 | def has_perm(self, user_obj, perm, obj=None): |
|
| 72 | """ |
|
| 73 | Check if user have permission (of object) |
|
| 74 | ||
| 75 | If the user_obj is not authenticated, it return ``False``. |
|
| 76 | ||
| 77 | If no object is specified, it return ``True`` when the corresponding |
|
| 78 | permission was specified to ``True`` (changed from v0.7.0). |
|
| 79 | This behavior is based on the django system. |
|
| 80 | https://code.djangoproject.com/wiki/RowLevelPermissions |
|
| 81 | ||
| 82 | ||
| 83 | If an object is specified, it will return ``True`` if the user is |
|
| 84 | found in ``field_name`` of the object (e.g. ``obj.collaborators``). |
|
| 85 | So once the object store the user as a collaborator in |
|
| 86 | ``field_name`` attribute (default: ``collaborators``), the collaborator |
|
| 87 | can change or delete the object (you can change this behavior to set |
|
| 88 | ``any_permission``, ``change_permission`` or ``delete_permission`` |
|
| 89 | attributes of this instance). |
|
| 90 | ||
| 91 | Parameters |
|
| 92 | ---------- |
|
| 93 | user_obj : django user model instance |
|
| 94 | A django user model instance which be checked |
|
| 95 | perm : string |
|
| 96 | `app_label.codename` formatted permission string |
|
| 97 | obj : None or django model instance |
|
| 98 | None or django model instance for object permission |
|
| 99 | ||
| 100 | Returns |
|
| 101 | ------- |
|
| 102 | boolean |
|
| 103 | Whether the specified user have specified permission (of specified |
|
| 104 | object). |
|
| 105 | """ |
|
| 106 | if not user_obj.is_authenticated(): |
|
| 107 | return False |
|
| 108 | # construct the permission full name |
|
| 109 | change_permission = self.get_full_permission_string('change') |
|
| 110 | delete_permission = self.get_full_permission_string('delete') |
|
| 111 | if obj is None: |
|
| 112 | # object permission without obj should return True |
|
| 113 | # Ref: https://code.djangoproject.com/wiki/RowLevelPermissions |
|
| 114 | if self.any_permission: |
|
| 115 | return True |
|
| 116 | if self.change_permission and perm == change_permission: |
|
| 117 | return True |
|
| 118 | if self.delete_permission and perm == delete_permission: |
|
| 119 | return True |
|
| 120 | return False |
|
| 121 | elif user_obj.is_active: |
|
| 122 | # get collaborator queryset |
|
| 123 | collaborators = field_lookup(obj, self.field_name) |
|
| 124 | if hasattr(collaborators, 'all'): |
|
| 125 | collaborators = collaborators.all() |
|
| 126 | if user_obj in collaborators: |
|
| 127 | if self.any_permission: |
|
| 128 | # have any kind of permissions to the obj |
|
| 129 | return True |
|
| 130 | if (self.change_permission and |
|
| 131 | perm == change_permission): |
|
| 132 | return True |
|
| 133 | if (self.delete_permission and |
|
| 134 | perm == delete_permission): |
|
| 135 | return True |
|
| 136 | return False |
|
| 137 | ||
| @@ 10-132 (lines=123) @@ | ||
| 7 | from permission.utils.field_lookup import field_lookup |
|
| 8 | ||
| 9 | ||
| 10 | class AuthorPermissionLogic(PermissionLogic): |
|
| 11 | """ |
|
| 12 | Permission logic class for author based permission system |
|
| 13 | """ |
|
| 14 | def __init__(self, |
|
| 15 | field_name=None, |
|
| 16 | any_permission=None, |
|
| 17 | change_permission=None, |
|
| 18 | delete_permission=None): |
|
| 19 | """ |
|
| 20 | Constructor |
|
| 21 | ||
| 22 | Parameters |
|
| 23 | ---------- |
|
| 24 | field_name : string |
|
| 25 | A field name of object which store the author as django user model. |
|
| 26 | You can specify the related object with '__' like django queryset |
|
| 27 | filter. |
|
| 28 | Default value will be taken from |
|
| 29 | ``PERMISSION_DEFAULT_APL_FIELD_NAME`` in |
|
| 30 | settings. |
|
| 31 | any_permission : boolean |
|
| 32 | True for give any permission of the specified object to the author |
|
| 33 | Default value will be taken from |
|
| 34 | ``PERMISSION_DEFAULT_APL_ANY_PERMISSION`` in |
|
| 35 | settings. |
|
| 36 | change_permission : boolean |
|
| 37 | True for give change permission of the specified object to the |
|
| 38 | author. |
|
| 39 | It will be ignored if :attr:`any_permission` is True. |
|
| 40 | Default value will be taken from |
|
| 41 | ``PERMISSION_DEFAULT_APL_CHANGE_PERMISSION`` in |
|
| 42 | settings. |
|
| 43 | delete_permission : boolean |
|
| 44 | True for give delete permission of the specified object to the |
|
| 45 | author. |
|
| 46 | It will be ignored if :attr:`any_permission` is True. |
|
| 47 | Default value will be taken from |
|
| 48 | ``PERMISSION_DEFAULT_APL_DELETE_PERMISSION`` in |
|
| 49 | settings. |
|
| 50 | """ |
|
| 51 | self.field_name = field_name |
|
| 52 | self.any_permission = any_permission |
|
| 53 | self.change_permission = change_permission |
|
| 54 | self.delete_permission = delete_permission |
|
| 55 | ||
| 56 | if self.field_name is None: |
|
| 57 | self.field_name = \ |
|
| 58 | settings.PERMISSION_DEFAULT_APL_FIELD_NAME |
|
| 59 | if self.any_permission is None: |
|
| 60 | self.any_permission = \ |
|
| 61 | settings.PERMISSION_DEFAULT_APL_ANY_PERMISSION |
|
| 62 | if self.change_permission is None: |
|
| 63 | self.change_permission = \ |
|
| 64 | settings.PERMISSION_DEFAULT_APL_CHANGE_PERMISSION |
|
| 65 | if self.delete_permission is None: |
|
| 66 | self.delete_permission = \ |
|
| 67 | settings.PERMISSION_DEFAULT_APL_DELETE_PERMISSION |
|
| 68 | ||
| 69 | def has_perm(self, user_obj, perm, obj=None): |
|
| 70 | """ |
|
| 71 | Check if user have permission (of object) |
|
| 72 | ||
| 73 | If the user_obj is not authenticated, it return ``False``. |
|
| 74 | ||
| 75 | If no object is specified, it return ``True`` when the corresponding |
|
| 76 | permission was specified to ``True`` (changed from v0.7.0). |
|
| 77 | This behavior is based on the django system. |
|
| 78 | https://code.djangoproject.com/wiki/RowLevelPermissions |
|
| 79 | ||
| 80 | If an object is specified, it will return ``True`` if the user is |
|
| 81 | specified in ``field_name`` of the object (e.g. ``obj.author``). |
|
| 82 | So once user create an object and the object store who is the author in |
|
| 83 | ``field_name`` attribute (default: ``author``), the author can change |
|
| 84 | or delete the object (you can change this behavior to set |
|
| 85 | ``any_permission``, ``change_permissino`` or ``delete_permission`` |
|
| 86 | attributes of this instance). |
|
| 87 | ||
| 88 | Parameters |
|
| 89 | ---------- |
|
| 90 | user_obj : django user model instance |
|
| 91 | A django user model instance which be checked |
|
| 92 | perm : string |
|
| 93 | `app_label.codename` formatted permission string |
|
| 94 | obj : None or django model instance |
|
| 95 | None or django model instance for object permission |
|
| 96 | ||
| 97 | Returns |
|
| 98 | ------- |
|
| 99 | boolean |
|
| 100 | Whether the specified user have specified permission (of specified |
|
| 101 | object). |
|
| 102 | """ |
|
| 103 | if not user_obj.is_authenticated(): |
|
| 104 | return False |
|
| 105 | # construct the permission full name |
|
| 106 | change_permission = self.get_full_permission_string('change') |
|
| 107 | delete_permission = self.get_full_permission_string('delete') |
|
| 108 | # check if the user is authenticated |
|
| 109 | if obj is None: |
|
| 110 | # object permission without obj should return True |
|
| 111 | # Ref: https://code.djangoproject.com/wiki/RowLevelPermissions |
|
| 112 | if self.any_permission: |
|
| 113 | return True |
|
| 114 | if self.change_permission and perm == change_permission: |
|
| 115 | return True |
|
| 116 | if self.delete_permission and perm == delete_permission: |
|
| 117 | return True |
|
| 118 | return False |
|
| 119 | elif user_obj.is_active: |
|
| 120 | # get author instance |
|
| 121 | author = field_lookup(obj, self.field_name) |
|
| 122 | if author == user_obj: |
|
| 123 | if self.any_permission: |
|
| 124 | # have any kind of permissions to the obj |
|
| 125 | return True |
|
| 126 | if (self.change_permission and |
|
| 127 | perm == change_permission): |
|
| 128 | return True |
|
| 129 | if (self.delete_permission and |
|
| 130 | perm == delete_permission): |
|
| 131 | return True |
|
| 132 | return False |
|
| 133 | ||
