mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-07-05 02:09:13 +00:00
Code Issues 32 Releases Wiki Activity

per-object-permissions: Made some code-formatting changes

Browse Source 
git-svn-id: http://code.djangoproject.com/svn/django/branches/per-object-permissions@4100 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
Adrian Holovaty 2006-11-25 05:18:33 +00:00
parent 1b54fc3aba
commit 6fab0ffcad
7 changed files with 141 additions and 205 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
django/contrib/admin/media/js/row_level_permission.js
View File

@ -1,6 +1,5 @@
var row_level_permission = {
copyToNew: function (id)
{
copyToNew: function (id) {
var newForm = document.getElementById("addRLPForm");
var form = document.getElementById("editRLPForm-"+id);
newForm.owner.selectedIndex = form.owner.selectedIndex;
@ -8,22 +7,20 @@ var row_level_permission = {
newForm.negative.checked = form.negative.checked;
},
apply_selected: function ()
{
apply_selected: function () {
var eleList = document.getElementsByName("apply_checkbox");
var formList = [];
for(var i=0; eleList.length; i++)
for (var i=0; eleList.length; i++)
{
var ele = eleList[i];
if(ele.tagName == "INPUT") {
if(ele.checked) {
if (ele.tagName == "INPUT") {
if (ele.checked) {
ele.form.submit();
}
}
}
return false;
},
init: function() {
}

32
django/contrib/admin/row_level_perm_manipulator.py
View File

@ -18,10 +18,9 @@ class ChangeRLPManipulator(forms.Manipulator):
MultipleObjSelectField(field_name="owner", obj_list=obj_list),
forms.SelectField(field_name="perm", choices=perm_list),
forms.CheckboxField(field_name="negative"),
)
)
def save(self, new_data):
rlp = RowLevelPermission.objects.get(pk=new_data['id'])
self.original_object = rlp
@ -37,10 +36,9 @@ class ChangeRLPManipulator(forms.Manipulator):
perm = Permission.objects.get(pk=new_data['perm'])
field_name_list = ('owner_ct', 'owner_id', 'model_ct', 'model_id', 'permission')
field_data = owner_ct.id
all_data = {'owner_id':owner.id, 'model_ct_id':model_ct.id, 'model_id':model_id, 'permission_id':perm.id}
all_data = {'owner_id': owner.id, 'model_ct_id': model_ct.id, 'model_id': model_id, 'permission_id': perm.id}
manipulators.manipulator_validator_unique_together(field_name_list, self.opts, self, field_data, all_data)
rlp.owner = owner
@ -60,10 +58,9 @@ class AddRLPManipulator(ChangeRLPManipulator):
MultipleObjSelectField(field_name="owner", obj_list=obj_list, default_text=_("Select an option")),
forms.SelectMultipleField(field_name="perm", choices=perm_list, size=3),
forms.CheckboxField(field_name="negative"),
)
)
def save(self, new_data):
owner = MultipleObjSelectField.returnObject(new_data['owner'])
self.manager = RowLevelPermission._default_manager
@ -71,14 +68,14 @@ class AddRLPManipulator(ChangeRLPManipulator):
ct = ContentType.objects.get_for_model(owner)
rlp_list = []
for i in new_data.getlist('perm'):
for i in new_data.getlist('perm'):
perm = Permission.objects.get(pk=i)
#Check that the new row level perms are unique
# Check that the new row level perms are unique.
field_name_list = ('owner_ct', 'owner_id', 'model_ct', 'model_id', 'permission')
field_data = ct.id
model_id = self.obj_instance._get_pk_val()
all_data = {'owner_id':owner.id, 'model_ct_id':self.ct.id, 'model_id':model_id, 'permission_id':perm.id}
all_data = {'owner_id': owner.id, 'model_ct_id': self.ct.id, 'model_id': model_id, 'permission_id': perm.id}
manipulators.manipulator_validator_unique_together(field_name_list, self.opts, self, field_data, all_data)
rlp = RowLevelPermission.objects.create_row_level_permission(self.obj_instance, owner, perm, negative=new_data['negative'])
@ -106,20 +103,18 @@ class MultipleObjSelectField(forms.SelectField):
parameter for the content type (ct), if you have already determined the content type and want to save on
db queries.
"""
def __init__(self, field_name, obj_list=None,
default_text=None, size=1, is_required=False, validator_list=None,
member_name=None):
def __init__(self, field_name, obj_list=None, default_text=None, size=1,
is_required=False, validator_list=None, member_name=None):
choice_list = []
self.default_text = default_text
#Loop through the object list and create the list to be displayed
# Loop through the object list and create the list to be displayed
for obj, obj_choices in obj_list:
ct = ContentType.objects.get_for_model(obj)
object_choice = [(MultipleObjSelectField.returnKey(o, ct=ct), str(o)) for o in obj_choices]
choice_list.extend([(ct.name.title(), object_choice)])
super(MultipleObjSelectField, self).__init__(field_name, choices=choice_list,
size=size, is_required=is_required,
validator_list=validator_list,
member_name=member_name)
size=size, is_required=is_required, validator_list=validator_list, member_name=member_name)
def render(self, data):
from django.utils.html import escape
output = ['<select id="%s" class="v%s%s" name="%s" size="%s">' % \
@ -153,10 +148,7 @@ class MultipleObjSelectField(forms.SelectField):
def returnKey(obj, ct=None):
if not ct:
ct = ContentType.objects.get_for_model(obj.__class__)
return ct.app_label+"/"+ct.model+"/"+str(obj.id)
return ct.app_label + "/" + ct.model + "/" + str(obj.id)
returnObject = staticmethod(returnObject)
returnKey = staticmethod(returnKey)

15
django/contrib/admin/utils.py
View File

@ -101,21 +101,18 @@ if docutils_is_available:
for name, urlbase in ROLES.items():
create_reference_role(name, urlbase)
#Based off work by Ian Holsman
#http://svn.zyons.python-hosting.com/trunk/zilbo/common/utils/misc.py
# Based off work by Ian Holsman
# http://svn.zyons.python-hosting.com/trunk/zilbo/common/utils/misc.py
import sha
from django.conf import settings
from django.contrib.contenttypes.models import ContentType
def verify_objref_hash( content_type_id, object_id, hash ):
def verify_objref_hash(content_type_id, object_id, hash_):
hash_match = sha.new("%s/%s" % (content_type_id, object_id) + settings.SECRET_KEY).hexdigest()
if hash == hash_match:
return True
else:
return False
return hash_ == hash_match
def create_objref(object):
content_type_id = ContentType.objects.get_for_model( object ).id
content_type_id = ContentType.objects.get_for_model(object).id
object_id = object.id
return "%s/%d/%s" % ( content_type_id, object_id, sha.new("%s/%d" % (content_type_id, object_id) + settings.SECRET_KEY).hexdigest())
return "%s/%d/%s" % (content_type_id, object_id, sha.new("%s/%d" % (content_type_id, object_id) + settings.SECRET_KEY).hexdigest())

95
django/contrib/auth/models.py
View File

@ -49,46 +49,41 @@ class Permission(models.Model):
class RowLevelPermissionManager(models.Manager):
def create_row_level_permission(self, model_instance, owner, permission, negative=False):
model_ct=ContentType.objects.get_for_model(model_instance)
model_ct = ContentType.objects.get_for_model(model_instance)
if isinstance(permission, str):
permission = Permission.objects.get(codename__exact=permission, content_type=model_ct.id)
permission = Permission.objects.get(codename=permission, content_type=model_ct.id)
if model_ct != permission.content_type:
raise TypeError, "Invalid value: Permission content type(%s) and object content type(%s) do not match" % (permission.content_type, type_ct)
raise TypeError, "Permission content type (%s) and object content type (%s) do not match" % (permission.content_type, type_ct)
model_id = model_instance._get_pk_val()
rowLvlPerm = self.model(model_id=model_id, model_ct=model_ct,
owner_id=owner.id, owner_ct=ContentType.objects.get_for_model(owner),
permission=permission, negative=negative)
rowLvlPerm.save()
return rowLvlPerm
row_lvl_perm = self.model(model_id=model_id, model_ct=model_ct, owner_id=owner.id,
owner_ct=ContentType.objects.get_for_model(owner),
permission=permission, negative=negative)
row_lvl_perm.save()
return row_lvl_perm
def create_default_row_permissions(self, model_instance, owner, change=True, delete=True, negChange=False, negDel=False):
ret_dict = {}
model_ct = ContentType.objects.get_for_model(model_instance)
if change:
change_str = "change_%s" % (model_ct.model)
ret_dict[change_str]=self.create_row_level_permission(model_instance, owner, change_str, negative=negChange)
ret_dict[change_str] = self.create_row_level_permission(model_instance, owner, change_str, negative=negChange)
if delete:
delete_str = "delete_%s" % (model_ct.model)
ret_dict[delete_str]=self.create_row_level_permission(model_instance, owner, delete_str, negative=negDel)
ret_dict[delete_str] = self.create_row_level_permission(model_instance, owner, delete_str, negative=negDel)
return ret_dict
def get_model_list(self,user, model, perm):
model_ct=ContentType.objects.get_for_model(model)
def get_model_list(self, user, model, perm):
model_ct = ContentType.objects.get_for_model(model)
if isinstance(perm, str):
perm = Permission.objects.get(codename__exact=perm, content_type=model_ct.id)
user_model_ids = RowLevelPermission.objects.filter(owner_ct=ContentType.objects.get_for_model(User),
owner_id=user.id, permission=perm.id,
model_ct=model_ct
).values('model_id')
owner_id=user.id, permission=perm.id, model_ct=model_ct).values('model_id')
id_list = [o['model_id'] for o in user_model_ids]
user_group_list = [g['id'] for g in user.groups.select_related().values('id')]
if user_group_list:
group_model_ids = RowLevelPermission.objects.filter(owner_ct=ContentType.objects.get_for_model(Group).id,
owner_id__in=user_group_list,
model_ct = model_ct
).values('model_id')
id_list=id_list + [o['model_id'] for o in group_model_ids]
owner_id__in=user_group_list, model_ct = model_ct).values('model_id')
id_list = id_list + [o['model_id'] for o in group_model_ids]
return id_list
class RowLevelPermission(models.Model):
@ -96,7 +91,6 @@ class RowLevelPermission(models.Model):
Similiar to permissions but works on instances of objects instead of types.
This uses generic relations to minimize the number of tables, and connects to the
permissions table using a many to one relation.
"""
model_id = models.PositiveIntegerField("'Model' ID")
model_ct = models.ForeignKey(ContentType, verbose_name="'Model' content type", related_name="model_ct")
@ -104,10 +98,8 @@ class RowLevelPermission(models.Model):
owner_ct = models.ForeignKey(ContentType, verbose_name="'Owner' content type", related_name="owner_ct")
negative = models.BooleanField()
permission = models.ForeignKey(Permission)
model = models.GenericForeignKey(fk_field='model_id', ct_field='model_ct')
owner = models.GenericForeignKey(fk_field='owner_id', ct_field='owner_ct')
objects = RowLevelPermissionManager()
class Meta:
@ -124,7 +116,6 @@ class RowLevelPermission(models.Model):
def __repr__(self):
return "%s | %s:%s | %s:%s" % (self.permission, self.owner_ct, self.owner, self.model_ct, self.model)
class Group(models.Model):
"""Groups are a generic way of categorizing users to apply permissions, or some other label, to those users. A user can belong to any number of groups.
@ -283,30 +274,21 @@ class User(models.Model):
return self._perm_cache
def check_row_level_permission(self, permission, object):
object_ct=ContentType.objects.get_for_model(object)
object_ct = ContentType.objects.get_for_model(object)
if isinstance(permission, str):
try:
permission = Permission.objects.get(codename__exact=permission, content_type=object_ct.id)
permission = Permission.objects.get(codename=permission, content_type=object_ct.id)
except Permission.DoesNotExist:
return False
try:
model_id = object._get_pk_val()
row_level_perm=self.row_level_permissions_owned.get(model_id=model_id,
model_ct=object_ct.id,
permission=permission.id)
row_level_perm = self.row_level_permissions_owned.get(model_id=model_id,
model_ct=object_ct.id, permission=permission.id)
except RowLevelPermission.DoesNotExist:
return self.check_group_row_level_permissions(permission, object)
return not row_level_perm.negative
def check_group_row_level_permissions(self, permission, object):
#SELECT rlp."negative"
#FROM "auth_user_groups" ug, "auth_rowlevelpermission" rlp
#WHERE rlp."owner_id"=ug."group_id"
#AND ug."user_id"=%s
#AND rlp."owner_ct_id"=%s
#AND rlp."model_id"=%s
#AND rlp."model_ct_id"=%s
#AND rlp."permission_id"=%s;
model_id = object._get_pk_val()
cursor = connection.cursor()
sql = """
@ -331,12 +313,10 @@ class User(models.Model):
ContentType.objects.get_for_model(object).id,
permission.id,])
row = cursor.fetchone()
if row is None:
return None
return not row[0]
def has_perm(self, perm, object=None):
"Returns True if the user has the specified permission."
if not self.is_active:
@ -344,7 +324,7 @@ class User(models.Model):
if self.is_superuser:
return True
if object and object._meta.row_level_permissions:
#Since we use the content type for row level perms, we don't need the application name
# Since we use the content type for row level perms, we don't need the application name.
permission_str = perm[perm.index('.')+1:]
row_level_permission = self.check_row_level_permission(permission_str, object)
if row_level_permission is not None:
@ -377,20 +357,11 @@ class User(models.Model):
else:
permission = perm
count = self.row_level_permissions_owned.filter(model_ct=model_ct.id, permission=permission.id).count()
if count>0:
if count > 0:
return True
return self.contains_group_row_level_perms(permission, model_ct)
def contains_group_row_level_perms(self, perm, ct):
#SELECT COUNT(*)
#FROM "auth_user_groups" ug, "auth_rowlevelpermission" rlp, "django_content_type" ct
#WHERE rlp."owner_id" = ug."group_id"
#AND ug."user_id"=%s
#AND rlp."negative" = False
#AND rlp."owner_ct_id" = %s
#AND rlp."model_ct_id" = %s
cursor = connection.cursor()
sql = """
SELECT COUNT(*)
@ -408,7 +379,7 @@ class User(models.Model):
backend.quote_name('model_ct_id'), backend.quote_name('permission_id'))
cursor.execute(sql, [self.id, False, ContentType.objects.get_for_model(Group).id, ct.id, perm.id])
count = int(cursor.fetchone()[0])
return (count>0)
return count > 0
def has_module_perms(self, app_label):
"Returns True if the user has any permissions in the given app label."
@ -416,18 +387,11 @@ class User(models.Model):
return False
if self.is_superuser:
return True
if bool(len([p for p in self.get_all_permissions() if p[:p.index('.')] == app_label])):
if [p for p in self.get_all_permissions() if p[:p.index('.')] == app_label]:
return True
return self.has_module_row_level_perms(app_label)
def has_module_row_level_perms(self, app_label):
#SELECT COUNT(*)
#FROM "django_content_type" ct, "auth_rowlevelpermission" rlp
#WHERE rlp."model_ct_id" = ct."id"
#AND ct."app_label"=%s
#AND rlp."negative" = False
#AND rlp."owner_ct_id" = %s
#AND rlp."owner_id" = %s
cursor = connection.cursor()
sql = """
SELECT COUNT(*)
@ -443,23 +407,13 @@ class User(models.Model):
backend.quote_name('app_label'),
backend.quote_name('owner_ct_id'),
backend.quote_name('owner_id'),backend.quote_name('negative'), )
#import pdb
#pdb.set_trace()
cursor.execute(sql, [app_label, ContentType.objects.get_for_model(User).id, self.id, False])
count = int(cursor.fetchone()[0])
if count>0:
if count > 0:
return True
return self.has_module_group_row_level_perms(app_label)
def has_module_group_row_level_perms(self, app_label):
#SELECT COUNT(*)
#FROM "auth_user_groups" ug, "auth_rowlevelpermission" rlp, "django_content_type" ct
#WHERE rlp."owner_id" = ug."group_id"
#AND ug."user_id"=%s
#AND rlp."model_ct_id" = ct."id"
#AND ct."app_label"=%s
#AND rlp."negative" = False
#AND rlp."owner_ct_id" = %s
cursor = connection.cursor()
sql = """
SELECT COUNT(*)
@ -480,7 +434,6 @@ class User(models.Model):
count = int(cursor.fetchone()[0])
return (count>0)
def get_and_delete_messages(self):
messages = []
for m in self.message_set.all():

24
django/contrib/auth/templatetags/auth.py
View File

@ -6,19 +6,17 @@ register = template.Library()
def if_has_perm(parser, token):
"""
TODO: Update document
Checks permission on the given user. Will check
row level permissions if an object is given.
Note: Perm name should be in the format of [app_label].[perm codename]
Checks permission on the given user. Checks row-level permissions if an
object is given.
Perm name should be in the format [app_label].[perm codename].
"""
tokens = token.split_contents()
if len(tokens)<2:
raise template.TemplateSyntaxError, "%r tag requires at least 1 arguments" % tokens[0]
if len(tokens)>4:
if len(tokens) < 2:
raise template.TemplateSyntaxError, "%r tag requires at least 1 argument" % tokens[0]
if len(tokens) > 4:
raise template.TemplateSyntaxError, "%r tag should have no more then 3 arguments" % tokens[0]
nodelist_true = parser.parse(('else', 'end_'+tokens[0],))
@ -31,14 +29,14 @@ def if_has_perm(parser, token):
object_var = None
not_flag = False
if tokens[1] is "not":
if tokens[1] == "not":
not_flag = True
permission=tokens[2]
if len(tokens)>3:
permission = tokens[2]
if len(tokens) > 3:
object_var = parser.compile_filter(tokens[3])
else:
permission=tokens[1]
if len(tokens)>2:
permission = tokens[1]
if len(tokens) > 2:
object_var = parser.compile_filter(tokens[2])
if not (permission[0] == permission[-1] and permission[0] in ('"', "'")):

1
django/db/models/manipulators.py
View File

@ -233,7 +233,6 @@ class AutomaticManipulator(forms.Manipulator):
new_rel_obj.delete()
self.fields_deleted.append('%s "%s"' % (related.opts.verbose_name, old_rel_obj))
# Save the order, if applicable.
if self.change and self.opts.get_ordered_objects():
order = new_data['order_'] and map(int, new_data['order_'].split(',')) or []