From 64be2e2881fe39857fc70478198b86cc13b0ec24 Mon Sep 17 00:00:00 2001
From: Christopher Long <indirecthit@gmail.com>
Date: Mon, 28 Aug 2006 19:53:26 +0000
Subject: [PATCH] [per-object-permissions] New method: get_model_list in the
 RowLevelPermission manager. This returns a list of ids for the given model
 that the user has the given permission on. It should work better then doing
 something like has_perm or {% if_has_perm %} [per-object-permissions]
 Modified the change_list to use get_model_list instead of the current
 checking each perm. Note: this method has not been tested extensively, and
 might cause some problems

git-svn-id: http://code.djangoproject.com/svn/django/branches/per-object-permissions@3674 bcc190cf-cafb-0310-a4f2-bffc1f526a37
---
 django/contrib/admin/templatetags/admin_list.py |  6 +-----
 django/contrib/admin/views/main.py              | 14 +++++++++-----
 django/contrib/auth/models.py                   | 16 ++++++++++++++++
 3 files changed, 26 insertions(+), 10 deletions(-)

diff --git a/django/contrib/admin/templatetags/admin_list.py b/django/contrib/admin/templatetags/admin_list.py
index 70a8179ab0..430fe2781c 100644
--- a/django/contrib/admin/templatetags/admin_list.py
+++ b/django/contrib/admin/templatetags/admin_list.py
@@ -105,11 +105,7 @@ def items_for_result(cl, result):
     first = True
     pk = cl.lookup_opts.pk.attname
     #If show_all_rows is set to False, then we have to check the permission on the object
-    if not cl.opts.admin.show_all_rows:
-        if not cl.user.has_perm(cl.opts.app_label + "." + cl.opts.get_change_permission(), object=result):
-            return
-        #Update the count
-        cl.result_count = cl.result_count +1
+
     for field_name in cl.lookup_opts.admin.list_display:
         row_class = ''
         try:
diff --git a/django/contrib/admin/views/main.py b/django/contrib/admin/views/main.py
index 9b091b28da..6c075f82c6 100644
--- a/django/contrib/admin/views/main.py
+++ b/django/contrib/admin/views/main.py
@@ -651,10 +651,8 @@ class ChangeList(object):
         #This is set to 0 if show_all_rows is false, checking of which rows to be shown
         #is done later in the result_list tag at which point it will calculate the correct
         #number of rows shown
-        if self.opts.admin.show_all_rows:
-            self.result_count = result_count
-        else:
-            self.result_count = 0
+        
+        self.result_count = result_count
         self.full_result_count = full_result_count
         self.result_list = result_list
         self.can_show_all = can_show_all
@@ -692,7 +690,13 @@ class ChangeList(object):
         return order_field, order_type
 
     def get_query_set(self):
-        qs = self.manager.get_query_set()
+        if (not self.opts.admin.show_all_rows) and self.opts.row_level_permissions and (not self.user.has_perm(self.opts.app_label + "."+self.opts.get_change_permission()):
+            from django.contrib.auth.models import RowLevelPermission
+            qs = self.manager.filter(id__in=RowLevelPermission.objects.get_model_list(self.user, 
+                                                                                      self.model, 
+                                                                                      self.opts.get_change_permission()))
+        else:
+            qs = self.manager.get_query_set()
         lookup_params = self.params.copy() # a dictionary of the query string
         for i in (ALL_VAR, ORDER_VAR, ORDER_TYPE_VAR, SEARCH_VAR, IS_POPUP_VAR):
             if lookup_params.has_key(i):
diff --git a/django/contrib/auth/models.py b/django/contrib/auth/models.py
index cf5580c09c..5f04239a2b 100644
--- a/django/contrib/auth/models.py
+++ b/django/contrib/auth/models.py
@@ -71,6 +71,22 @@ class RowLevelPermissionManager(models.Manager):
             delete_str = "delete_%s" % (model_ct.model)
             ret_dict[delete_str]=self.create_row_level_permission(model_instance, owner, delete_str, negative=negDel)
         return ret_dict    
+    
+    def get_model_list(self,user, model, perm):
+        model_ct=ContentType.objects.get_for_model(model)
+        if isinstance(perm, str):
+            perm = Permission.objects.get(codename__exact=perm, content_type=model_ct.id)
+        user_model_ids = RowLevelPermission.objects.filter(owner_ct=ContentType.objects.get_for_model(User), 
+                                          owner_id=user.id, permission=perm.id, 
+                                          model_ct=model_ct
+                                          ).values('model_id')   
+        user_group_list = [g['id'] for g in user.groups.select_related().values('id')]
+        group_model_ids = RowLevelPermission.objects.filter(owner_ct=ContentType.objects.get_for_model(Group).id,
+                                          owner_id__in=user_group_list,
+                                          model_ct = model_ct
+                                          ).values('model_id')
+        id_list = [o['model_id'] for o in user_model_ids] + [o['model_id'] for o in group_model_ids]
+        return id_list
 
 class RowLevelPermission(models.Model):
     """