|
1
|
|
|
# coding=utf-8 |
|
2
|
|
|
""" |
|
3
|
|
|
permission_required decorator for generic classbased/functionbased view |
|
4
|
|
|
""" |
|
5
|
|
|
from functools import wraps |
|
6
|
|
|
from django.http import HttpRequest |
|
7
|
|
|
from django.utils.decorators import available_attrs |
|
8
|
|
|
from django.core.exceptions import PermissionDenied |
|
9
|
|
|
from permission.decorators.utils import redirect_to_login |
|
10
|
|
|
|
|
11
|
|
|
|
|
12
|
|
|
def permission_required(perm, queryset=None, |
|
13
|
|
|
login_url=None, raise_exception=False): |
|
14
|
|
|
""" |
|
15
|
|
|
Permission check decorator for classbased/functionbased generic view |
|
16
|
|
|
|
|
17
|
|
|
This decorator works as method or function decorator |
|
18
|
|
|
DO NOT use ``method_decorator`` or whatever while this decorator will use |
|
19
|
|
|
``self`` argument for method of classbased generic view. |
|
20
|
|
|
|
|
21
|
|
|
Parameters |
|
22
|
|
|
---------- |
|
23
|
|
|
perm : string |
|
24
|
|
|
A permission string |
|
25
|
|
|
queryset_or_model : queryset or model |
|
26
|
|
|
A queryset or model for finding object. |
|
27
|
|
|
With classbased generic view, ``None`` for using view default queryset. |
|
28
|
|
|
When the view does not define ``get_queryset``, ``queryset``, |
|
29
|
|
|
``get_object``, or ``object`` then ``obj=None`` is used to check |
|
30
|
|
|
permission. |
|
31
|
|
|
With functional generic view, ``None`` for using passed queryset. |
|
32
|
|
|
When non queryset was passed then ``obj=None`` is used to check |
|
33
|
|
|
permission. |
|
34
|
|
|
|
|
35
|
|
|
Examples |
|
36
|
|
|
-------- |
|
37
|
|
|
>>> # As method decorator |
|
38
|
|
|
>>> class UpdateAuthUserView(UpdateView): |
|
39
|
|
|
>>> @permission_required('auth.change_user') |
|
40
|
|
|
>>> def dispatch(self, request, *args, **kwargs): |
|
41
|
|
|
... pass |
|
42
|
|
|
>>> # As function decorator |
|
43
|
|
|
>>> @permission_required('auth.change_user') |
|
44
|
|
|
>>> def update_auth_user(request, *args, **kwargs): |
|
45
|
|
|
... pass |
|
46
|
|
|
""" |
|
47
|
|
|
def wrapper(view_method): |
|
48
|
|
|
@wraps(view_method, assigned=available_attrs(view_method)) |
|
49
|
|
|
def inner(self, request=None, *args, **kwargs): |
|
50
|
|
|
if isinstance(self, HttpRequest): |
|
51
|
|
|
from permission.decorators.functionbase import \ |
|
52
|
|
|
permission_required as decorator |
|
53
|
|
|
# this is a functional view not classbased view. |
|
54
|
|
|
decorator = decorator(perm, queryset, |
|
55
|
|
|
login_url, raise_exception) |
|
56
|
|
|
decorator = decorator(view_method) |
|
57
|
|
|
if not request: |
|
58
|
|
|
args = list(args) |
|
59
|
|
|
args.insert(0, request) |
|
60
|
|
|
request = self |
|
61
|
|
|
return decorator(request, *args, **kwargs) |
|
62
|
|
|
else: |
|
63
|
|
|
from permission.decorators.classbase import \ |
|
64
|
|
|
get_object_from_classbased_instance |
|
65
|
|
|
# get object |
|
66
|
|
|
obj = get_object_from_classbased_instance( |
|
67
|
|
|
self, queryset, request, *args, **kwargs |
|
68
|
|
|
) |
|
69
|
|
|
|
|
70
|
|
|
if not request.user.has_perm(perm, obj=obj): |
|
71
|
|
|
if raise_exception: |
|
72
|
|
|
raise PermissionDenied |
|
73
|
|
|
else: |
|
74
|
|
|
return redirect_to_login(request, login_url) |
|
75
|
|
|
return view_method(self, request, *args, **kwargs) |
|
76
|
|
|
return inner |
|
77
|
|
|
return wrapper |
|
78
|
|
|
|
lambdalisue /
django-permission
