mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-07-05 02:09:13 +00:00
Code Issues 32 Releases Wiki Activity

[per-object-permissions] Fixes problem with one-to-one relationships as the original code assumed every model had an id attribute, now uses "_get_pk_val()" to determine the model id.

Browse Source 
git-svn-id: http://code.djangoproject.com/svn/django/branches/per-object-permissions@3752 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
Christopher Long 2006-09-12 15:04:29 +00:00
parent e12c2f83e0
commit 00972e69b6
3 changed files with 11 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
django/contrib/admin/row_level_perm_manipulator.py
View File

@ -33,13 +33,14 @@ class ChangeRLPManipulator(forms.Manipulator):
model_ct = rlp.model_ct model_ct = rlp.model_ct
model = model_ct.get_object_for_this_type (pk=rlp.model_id) model = model_ct.get_object_for_this_type (pk=rlp.model_id)
model_id = rlp.model_id
perm = Permission.objects.get(pk=new_data['perm']) perm = Permission.objects.get(pk=new_data['perm'])
field_name_list = ('owner_ct', 'owner_id', 'model_ct', 'model_id', 'permission') field_name_list = ('owner_ct', 'owner_id', 'model_ct', 'model_id', 'permission')
field_data = owner_ct.id field_data = owner_ct.id
all_data = {'owner_id':owner.id, 'model_ct_id':model_ct.id, 'model_id':model.id, 'permission_id':perm.id} all_data = {'owner_id':owner.id, 'model_ct_id':model_ct.id, 'model_id':model_id, 'permission_id':perm.id}
manipulators.manipulator_validator_unique_together(field_name_list, self.opts, self, field_data, all_data) manipulators.manipulator_validator_unique_together(field_name_list, self.opts, self, field_data, all_data)
rlp.owner = owner rlp.owner = owner

6
django/contrib/admin/views/row_level_permissions.py
View File

@ -128,10 +128,8 @@ def delete_row_level_permission(request, app_label, model_name, object_id, ct_id
raise PermissionDenied raise PermissionDenied
if not request.user.has_perm(rlp._meta.app_label + '.' + rlp._meta.get_delete_permission()): if not request.user.has_perm(rlp._meta.app_label + '.' + rlp._meta.get_delete_permission()):
print "BAM"
raise PermissionDenied raise PermissionDenied
if not request.user.has_perm(obj._meta.app_label + '.' + obj._meta.get_change_permission(), object=obj): if not request.user.has_perm(obj._meta.app_label + '.' + obj._meta.get_change_permission(), object=obj):
print "BOOM"
raise PermissionDenied raise PermissionDenied
rlp.delete() rlp.delete()
@ -218,7 +216,9 @@ def change_row_level_permission(request, app_label, model_name, object_id, ct_id
raise PermissionDenied raise PermissionDenied
obj = rlp.model obj = rlp.model
if model_instance.id is not obj.id: model_id = model_instance._get_pk_val()
object_id = obj._get_pk_val()
if model_id is not object_id:
raise PermissionDenied raise PermissionDenied
if not request.user.has_perm(rlp._meta.app_label + '.' + rlp._meta.get_change_permission(), object=obj): if not request.user.has_perm(rlp._meta.app_label + '.' + rlp._meta.get_change_permission(), object=obj):

10
django/contrib/auth/models.py
View File

@ -54,8 +54,8 @@ class RowLevelPermissionManager(models.Manager):
permission = Permission.objects.get(codename__exact=permission, content_type=model_ct.id) permission = Permission.objects.get(codename__exact=permission, content_type=model_ct.id)
if model_ct != permission.content_type: if model_ct != permission.content_type:
raise TypeError, "Invalid value: Permission content type(%s) and object content type(%s) do not match" % (permission.content_type, type_ct) raise TypeError, "Invalid value: Permission content type(%s) and object content type(%s) do not match" % (permission.content_type, type_ct)
model_id = model_instance._get_pk_val()
rowLvlPerm = self.model(model_id=model_instance.id, model_ct=model_ct, rowLvlPerm = self.model(model_id=model_id, model_ct=model_ct,
owner_id=owner.id, owner_ct=ContentType.objects.get_for_model(owner), owner_id=owner.id, owner_ct=ContentType.objects.get_for_model(owner),
permission=permission, negative=negative) permission=permission, negative=negative)
rowLvlPerm.save() rowLvlPerm.save()
@ -287,7 +287,8 @@ class User(models.Model):
except Permission.DoesNotExist: except Permission.DoesNotExist:
return False return False
try: try:
row_level_perm=self.row_level_permissions_owned.get(model_id=object.id, model_id = object._get_pk_val()
row_level_perm=self.row_level_permissions_owned.get(model_id=model_id,
model_ct=object_ct.id, model_ct=object_ct.id,
permission=permission.id) permission=permission.id)
except RowLevelPermission.DoesNotExist: except RowLevelPermission.DoesNotExist:
@ -303,6 +304,7 @@ class User(models.Model):
#AND rlp."model_id"=%s #AND rlp."model_id"=%s
#AND rlp."model_ct_id"=%s #AND rlp."model_ct_id"=%s
#AND rlp."permission_id"=%s; #AND rlp."permission_id"=%s;
model_id = object._get_pk_val()
cursor = connection.cursor() cursor = connection.cursor()
sql = """ sql = """
SELECT rlp.%s SELECT rlp.%s
@ -322,7 +324,7 @@ class User(models.Model):
backend.quote_name('negative')) backend.quote_name('negative'))
cursor.execute(sql, [self.id, cursor.execute(sql, [self.id,
ContentType.objects.get_for_model(Group).id, ContentType.objects.get_for_model(Group).id,
object.id, model_id,
ContentType.objects.get_for_model(object).id, ContentType.objects.get_for_model(object).id,
permission.id,]) permission.id,])
row = cursor.fetchone() row = cursor.fetchone()