|
1
|
|
|
# coding=utf-8 |
|
2
|
|
|
""" |
|
3
|
|
|
Permission logic module for group based permission system |
|
4
|
|
|
""" |
|
5
|
|
|
from permission.conf import settings |
|
6
|
|
|
from permission.logics.base import PermissionLogic |
|
7
|
|
|
from permission.compat import is_authenticated |
|
8
|
|
|
|
|
9
|
|
|
|
|
10
|
|
|
class GroupInPermissionLogic(PermissionLogic): |
|
11
|
|
|
""" |
|
12
|
|
|
Permission logic class for group based permission system |
|
13
|
|
|
""" |
|
14
|
|
|
def __init__(self, |
|
15
|
|
|
group_names, |
|
16
|
|
|
any_permission=None, |
|
17
|
|
|
add_permission=None, |
|
18
|
|
|
change_permission=None, |
|
19
|
|
|
delete_permission=None): # noqa |
|
20
|
|
|
""" |
|
21
|
|
|
Constructor |
|
22
|
|
|
|
|
23
|
|
|
Parameters |
|
24
|
|
|
---------- |
|
25
|
|
|
group_names : string or list |
|
26
|
|
|
A group name list of this permission logic treat |
|
27
|
|
|
any_permission : boolean |
|
28
|
|
|
True for give any permission to the user_obj |
|
29
|
|
|
Default value will be taken from |
|
30
|
|
|
``PERMISSION_DEFAULT_GIPL_ANY_PERMISSION`` in |
|
31
|
|
|
settings. |
|
32
|
|
|
add_permission : boolean |
|
33
|
|
|
True for give add permission to the user_obj. |
|
34
|
|
|
It will be ignored if :attr:`any_permission` is True. |
|
35
|
|
|
Default value will be taken from |
|
36
|
|
|
``PERMISSION_DEFAULT_GIPL_ADD_PERMISSION`` in |
|
37
|
|
|
settings. |
|
38
|
|
|
change_permission : boolean |
|
39
|
|
|
True for give change permission of the specified object to the |
|
40
|
|
|
user_obj. |
|
41
|
|
|
It will be ignored if :attr:`any_permission` is True. |
|
42
|
|
|
Default value will be taken from |
|
43
|
|
|
``PERMISSION_DEFAULT_GIPL_CHANGE_PERMISSION`` in |
|
44
|
|
|
settings. |
|
45
|
|
|
delete_permission : boolean |
|
46
|
|
|
True for give delete permission of the specified object to the |
|
47
|
|
|
user_obj. |
|
48
|
|
|
It will be ignored if :attr:`any_permission` is True. |
|
49
|
|
|
Default value will be taken from |
|
50
|
|
|
``PERMISSION_DEFAULT_GIPL_DELETE_PERMISSION`` in |
|
51
|
|
|
settings. |
|
52
|
|
|
""" |
|
53
|
|
|
self.group_names = group_names |
|
54
|
|
|
if not isinstance(self.group_names, (list, tuple)): |
|
55
|
|
|
self.group_names = [self.group_names] |
|
56
|
|
|
self.any_permission = any_permission |
|
57
|
|
|
self.add_permission = add_permission |
|
58
|
|
|
self.change_permission = change_permission |
|
59
|
|
|
self.delete_permission = delete_permission |
|
60
|
|
|
|
|
61
|
|
|
if self.any_permission is None: |
|
62
|
|
|
self.any_permission = \ |
|
63
|
|
|
settings.PERMISSION_DEFAULT_GIPL_ANY_PERMISSION |
|
64
|
|
|
if self.add_permission is None: |
|
65
|
|
|
self.add_permission = \ |
|
66
|
|
|
settings.PERMISSION_DEFAULT_GIPL_ADD_PERMISSION |
|
67
|
|
|
if self.change_permission is None: |
|
68
|
|
|
self.change_permission = \ |
|
69
|
|
|
settings.PERMISSION_DEFAULT_GIPL_CHANGE_PERMISSION |
|
70
|
|
|
if self.delete_permission is None: |
|
71
|
|
|
self.delete_permission = \ |
|
72
|
|
|
settings.PERMISSION_DEFAULT_GIPL_DELETE_PERMISSION |
|
73
|
|
|
|
|
74
|
|
View Code Duplication |
def has_perm(self, user_obj, perm, obj=None): |
|
|
|
|
|
|
75
|
|
|
""" |
|
76
|
|
|
Check if user have permission (of object) |
|
77
|
|
|
|
|
78
|
|
|
If the user_obj is not authenticated, it return ``False``. |
|
79
|
|
|
|
|
80
|
|
|
If no object is specified, it return ``True`` when the corresponding |
|
81
|
|
|
permission was specified to ``True`` (changed from v0.7.0). |
|
82
|
|
|
This behavior is based on the django system. |
|
83
|
|
|
https://code.djangoproject.com/wiki/RowLevelPermissions |
|
84
|
|
|
|
|
85
|
|
|
If an object is specified, it will return ``True`` if the user is |
|
86
|
|
|
in group specified in ``group_names`` of this instance. |
|
87
|
|
|
This permission logic is used mainly for group based role permission |
|
88
|
|
|
system. |
|
89
|
|
|
You can change this behavior to set ``any_permission``, |
|
90
|
|
|
``add_permission``, ``change_permission``, or ``delete_permission`` |
|
91
|
|
|
attributes of this instance. |
|
92
|
|
|
|
|
93
|
|
|
Parameters |
|
94
|
|
|
---------- |
|
95
|
|
|
user_obj : django user model instance |
|
96
|
|
|
A django user model instance which be checked |
|
97
|
|
|
perm : string |
|
98
|
|
|
`app_label.codename` formatted permission string |
|
99
|
|
|
obj : None or django model instance |
|
100
|
|
|
None or django model instance for object permission |
|
101
|
|
|
|
|
102
|
|
|
Returns |
|
103
|
|
|
------- |
|
104
|
|
|
boolean |
|
105
|
|
|
Whether the specified user have specified permission (of specified |
|
106
|
|
|
object). |
|
107
|
|
|
""" |
|
108
|
|
|
if not is_authenticated(user_obj): |
|
109
|
|
|
return False |
|
110
|
|
|
# construct the permission full name |
|
111
|
|
|
add_permission = self.get_full_permission_string('add') |
|
112
|
|
|
change_permission = self.get_full_permission_string('change') |
|
113
|
|
|
delete_permission = self.get_full_permission_string('delete') |
|
114
|
|
|
if obj is None: |
|
115
|
|
|
if user_obj.groups.filter(name__in=self.group_names): |
|
116
|
|
|
if self.add_permission and perm == add_permission: |
|
117
|
|
|
return True |
|
118
|
|
|
if self.change_permission and perm == change_permission: |
|
119
|
|
|
return True |
|
120
|
|
|
if self.delete_permission and perm == delete_permission: |
|
121
|
|
|
return True |
|
122
|
|
|
return self.any_permission |
|
123
|
|
|
return False |
|
124
|
|
|
elif user_obj.is_active: |
|
125
|
|
|
if user_obj.groups.filter(name__in=self.group_names): |
|
126
|
|
|
if self.any_permission: |
|
127
|
|
|
# have any kind of permissions to the obj |
|
128
|
|
|
return True |
|
129
|
|
|
if (self.add_permission and |
|
130
|
|
|
perm == add_permission): |
|
131
|
|
|
return True |
|
132
|
|
|
if (self.change_permission and |
|
133
|
|
|
perm == change_permission): |
|
134
|
|
|
return True |
|
135
|
|
|
if (self.delete_permission and |
|
136
|
|
|
perm == delete_permission): |
|
137
|
|
|
return True |
|
138
|
|
|
return False |
|
139
|
|
|
|
lambdalisue /
django-permission
Loading history...