|
1
|
|
|
# coding=utf-8 |
|
2
|
|
|
""" |
|
3
|
|
|
Permission logic module to manage users' self-modifications |
|
4
|
|
|
""" |
|
5
|
|
|
from permission.conf import settings |
|
6
|
|
|
from permission.logics.base import PermissionLogic |
|
7
|
|
|
|
|
8
|
|
|
|
|
9
|
|
|
class OneselfPermissionLogic(PermissionLogic): |
|
10
|
|
|
""" |
|
11
|
|
|
Permission logic class to manage users' self-modifications |
|
12
|
|
|
|
|
13
|
|
|
Written by quasiyoke. |
|
14
|
|
|
https://github.com/lambdalisue/django-permission/pull/27 |
|
15
|
|
|
""" |
|
16
|
|
|
def __init__(self, |
|
17
|
|
|
any_permission=None, |
|
18
|
|
|
change_permission=None, |
|
19
|
|
|
delete_permission=None): |
|
20
|
|
|
""" |
|
21
|
|
|
Constructor |
|
22
|
|
|
|
|
23
|
|
|
Parameters |
|
24
|
|
|
---------- |
|
25
|
|
|
any_permission : boolean |
|
26
|
|
|
True for give any permission of the user to himself. |
|
27
|
|
|
Default value will be taken from |
|
28
|
|
|
``PERMISSION_DEFAULT_OSPL_ANY_PERMISSION`` in |
|
29
|
|
|
settings. |
|
30
|
|
|
change_permission : boolean |
|
31
|
|
|
True for give change permission of the user to himself. |
|
32
|
|
|
It will be ignored if :attr:`any_permission` is True. |
|
33
|
|
|
Default value will be taken from |
|
34
|
|
|
``PERMISSION_DEFAULT_OSPL_CHANGE_PERMISSION`` in |
|
35
|
|
|
settings. |
|
36
|
|
|
delete_permission : boolean |
|
37
|
|
|
True for give delete permission of the user to himself. |
|
38
|
|
|
It will be ignored if :attr:`any_permission` is True. |
|
39
|
|
|
Default value will be taken from |
|
40
|
|
|
``PERMISSION_DEFAULT_OSPL_DELETE_PERMISSION`` in |
|
41
|
|
|
settings. |
|
42
|
|
|
""" |
|
43
|
|
|
self.any_permission = any_permission |
|
44
|
|
|
self.change_permission = change_permission |
|
45
|
|
|
self.delete_permission = delete_permission |
|
46
|
|
|
|
|
47
|
|
|
if self.any_permission is None: |
|
48
|
|
|
self.any_permission = \ |
|
49
|
|
|
settings.PERMISSION_DEFAULT_OSPL_ANY_PERMISSION |
|
50
|
|
|
if self.change_permission is None: |
|
51
|
|
|
self.change_permission = \ |
|
52
|
|
|
settings.PERMISSION_DEFAULT_OSPL_CHANGE_PERMISSION |
|
53
|
|
|
if self.delete_permission is None: |
|
54
|
|
|
self.delete_permission = \ |
|
55
|
|
|
settings.PERMISSION_DEFAULT_OSPL_DELETE_PERMISSION |
|
56
|
|
|
|
|
57
|
|
|
def has_perm(self, user_obj, perm, obj=None): |
|
58
|
|
|
""" |
|
59
|
|
|
Check if user have permission of himself |
|
60
|
|
|
|
|
61
|
|
|
If the user_obj is not authenticated, it return ``False``. |
|
62
|
|
|
|
|
63
|
|
|
If no object is specified, it return ``True`` when the corresponding |
|
64
|
|
|
permission was specified to ``True`` (changed from v0.7.0). |
|
65
|
|
|
This behavior is based on the django system. |
|
66
|
|
|
https://code.djangoproject.com/wiki/RowLevelPermissions |
|
67
|
|
|
|
|
68
|
|
|
If an object is specified, it will return ``True`` if the object is the |
|
69
|
|
|
user. |
|
70
|
|
|
So users can change or delete themselves (you can change this behavior |
|
71
|
|
|
to set ``any_permission``, ``change_permissino`` or |
|
72
|
|
|
``delete_permission`` attributes of this instance). |
|
73
|
|
|
|
|
74
|
|
|
Parameters |
|
75
|
|
|
---------- |
|
76
|
|
|
user_obj : django user model instance |
|
77
|
|
|
A django user model instance which be checked |
|
78
|
|
|
perm : string |
|
79
|
|
|
`app_label.codename` formatted permission string |
|
80
|
|
|
obj : None or django model instance |
|
81
|
|
|
None or django model instance for object permission |
|
82
|
|
|
|
|
83
|
|
|
Returns |
|
84
|
|
|
------- |
|
85
|
|
|
boolean |
|
86
|
|
|
Whether the specified user have specified permission (of specified |
|
87
|
|
|
object). |
|
88
|
|
|
""" |
|
89
|
|
|
if not user_obj.is_authenticated(): |
|
90
|
|
|
return False |
|
91
|
|
|
# construct the permission full name |
|
92
|
|
|
change_permission = self.get_full_permission_string('change') |
|
93
|
|
|
delete_permission = self.get_full_permission_string('delete') |
|
94
|
|
|
# check if the user is authenticated |
|
95
|
|
|
if obj is None: |
|
96
|
|
|
# object permission without obj should return True |
|
97
|
|
|
# Ref: https://code.djangoproject.com/wiki/RowLevelPermissions |
|
98
|
|
|
if self.any_permission: |
|
99
|
|
|
return True |
|
100
|
|
|
if self.change_permission and perm == change_permission: |
|
101
|
|
|
return True |
|
102
|
|
|
if self.delete_permission and perm == delete_permission: |
|
103
|
|
|
return True |
|
104
|
|
|
return False |
|
105
|
|
|
elif user_obj.is_active: |
|
106
|
|
|
# check if the user trying to interact with himself |
|
107
|
|
|
if obj == user_obj: |
|
108
|
|
|
if self.any_permission: |
|
109
|
|
|
# have any kind of permissions to himself |
|
110
|
|
|
return True |
|
111
|
|
|
if (self.change_permission and |
|
112
|
|
|
perm == change_permission): |
|
113
|
|
|
return True |
|
114
|
|
|
if (self.delete_permission and |
|
115
|
|
|
perm == delete_permission): |
|
116
|
|
|
return True |
|
117
|
|
|
return False |
|
118
|
|
|
|
lambdalisue /
django-permission
