lambdalisue /
django-permission
| Conditions | 7 |
| Total Lines | 66 |
| Lines | 0 |
| Ratio | 0 % |
Small methods make your code easier to understand, in particular if combined with a good name. Besides, if your method is small, finding a good name is usually much easier.
For example, if you find yourself adding comments to a method's body, this is usually a good sign to extract the commented part to a new method, and use the comment as a starting point when coming up with a good name for this new method.
Commonly applied refactorings include:
If many parameters/temporary variables are present:
| 1 | # coding=utf-8 |
||
| 12 | def permission_required(perm, queryset=None, |
||
| 13 | login_url=None, raise_exception=False): |
||
| 14 | """ |
||
| 15 | Permission check decorator for classbased/functionbased generic view |
||
| 16 | |||
| 17 | This decorator works as method or function decorator |
||
| 18 | DO NOT use ``method_decorator`` or whatever while this decorator will use |
||
| 19 | ``self`` argument for method of classbased generic view. |
||
| 20 | |||
| 21 | Parameters |
||
| 22 | ---------- |
||
| 23 | perm : string |
||
| 24 | A permission string |
||
| 25 | queryset_or_model : queryset or model |
||
| 26 | A queryset or model for finding object. |
||
| 27 | With classbased generic view, ``None`` for using view default queryset. |
||
| 28 | When the view does not define ``get_queryset``, ``queryset``, |
||
| 29 | ``get_object``, or ``object`` then ``obj=None`` is used to check |
||
| 30 | permission. |
||
| 31 | With functional generic view, ``None`` for using passed queryset. |
||
| 32 | When non queryset was passed then ``obj=None`` is used to check |
||
| 33 | permission. |
||
| 34 | |||
| 35 | Examples |
||
| 36 | -------- |
||
| 37 | >>> # As method decorator |
||
| 38 | >>> class UpdateAuthUserView(UpdateView): |
||
| 39 | >>> @permission_required('auth.change_user') |
||
| 40 | >>> def dispatch(self, request, *args, **kwargs): |
||
| 41 | ... pass |
||
| 42 | >>> # As function decorator |
||
| 43 | >>> @permission_required('auth.change_user') |
||
| 44 | >>> def update_auth_user(request, *args, **kwargs): |
||
| 45 | ... pass |
||
| 46 | """ |
||
| 47 | def wrapper(view_method): |
||
| 48 | @wraps(view_method, assigned=available_attrs(view_method)) |
||
| 49 | def inner(self, request=None, *args, **kwargs): |
||
| 50 | if isinstance(self, HttpRequest): |
||
| 51 | from permission.decorators.functionbase import \ |
||
| 52 | permission_required as decorator |
||
| 53 | # this is a functional view not classbased view. |
||
| 54 | decorator = decorator(perm, queryset, |
||
| 55 | login_url, raise_exception) |
||
| 56 | decorator = decorator(view_method) |
||
| 57 | if not request: |
||
| 58 | args = list(args) |
||
| 59 | args.insert(0, request) |
||
| 60 | request = self |
||
| 61 | return decorator(request, *args, **kwargs) |
||
| 62 | else: |
||
| 63 | from permission.decorators.classbase import \ |
||
| 64 | get_object_from_classbased_instance |
||
| 65 | # get object |
||
| 66 | obj = get_object_from_classbased_instance( |
||
| 67 | self, queryset, request, *args, **kwargs |
||
| 68 | ) |
||
| 69 | |||
| 70 | if not request.user.has_perm(perm, obj=obj): |
||
| 71 | if raise_exception: |
||
| 72 | raise PermissionDenied |
||
| 73 | else: |
||
| 74 | return redirect_to_login(request, login_url) |
||
| 75 | return view_method(self, request, *args, **kwargs) |
||
| 76 | return inner |
||
| 77 | return wrapper |
||
| 78 |
