mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-07-05 02:09:13 +00:00
Code Issues 32 Releases Wiki Activity

[per-object-permissions] Updating admin interface of RLP to be on a separate page, not entirely working at this point

Browse Source 
[per-object-permissions] Changed global.css to apply styles to reset button

git-svn-id: http://code.djangoproject.com/svn/django/branches/per-object-permissions@3615 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
Christopher Long 2006-08-19 16:27:56 +00:00
parent da50848a71
commit 9f115aa7ea
6 changed files with 145 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
django/contrib/admin/media/css/global.css
View File

@ -90,6 +90,11 @@ input[type=submit], input[type=button], .submit-row input { background:white url
input[type=submit]:active, input[type=button]:active { background-image:url(../img/admin/nav-bg-reverse.gif); background-position:top; } input[type=submit]:active, input[type=button]:active { background-image:url(../img/admin/nav-bg-reverse.gif); background-position:top; }
input[type=submit].default, .submit-row input.default { border:2px solid #5b80b2; background:#7CA0C7 url(../img/admin/default-bg.gif) bottom repeat-x; font-weight:bold; color:white; } input[type=submit].default, .submit-row input.default { border:2px solid #5b80b2; background:#7CA0C7 url(../img/admin/default-bg.gif) bottom repeat-x; font-weight:bold; color:white; }
input[type=submit].default:active { background-image:url(../img/admin/default-bg-reverse.gif); background-position:top; } input[type=submit].default:active { background-image:url(../img/admin/default-bg-reverse.gif); background-position:top; }
/* RESET BUTTONS */
input[type=reset], input[type=button], .submit-row input { background:white url(../img/admin/nav-bg.gif) bottom repeat-x; padding:3px; color:black; border:1px solid #bbb; border-color:#ddd #aaa #aaa #ddd; }
input[type=reseet]:active, input[type=button]:active { background-image:url(../img/admin/nav-bg-reverse.gif); background-position:top; }
input[type=reset].default, .submit-row input.default { border:2px solid #5b80b2; background:#7CA0C7 url(../img/admin/default-bg.gif) bottom repeat-x; font-weight:bold; color:white; }
input[type=reset].default:active { background-image:url(../img/admin/default-bg-reverse.gif); background-position:top; }
/* MODULES */ /* MODULES */
.module { border:1px solid #ccc; margin-bottom:5px; background:white; } .module { border:1px solid #ccc; margin-bottom:5px; background:white; }

1
django/contrib/admin/row_level_perm_manipulator.py
View File

@ -116,7 +116,6 @@ class MultipleObjSelectField(forms.SelectField):
object_choice = [(MultipleObjSelectField.returnKey(o, ct=ct), str(o)) for o in obj_choices] object_choice = [(MultipleObjSelectField.returnKey(o, ct=ct), str(o)) for o in obj_choices]
choice_list.extend([(ct.name.title(), object_choice)]) choice_list.extend([(ct.name.title(), object_choice)])
#choice_list.extend([(MultipleObjSelectField.returnKey(o, ct=ct), str(o)+" ("+ct.name.title()+")") for o in obj_choices]) #choice_list.extend([(MultipleObjSelectField.returnKey(o, ct=ct), str(o)+" ("+ct.name.title()+")") for o in obj_choices])
print choice_list
super(MultipleObjSelectField, self).__init__(field_name, choices=choice_list, super(MultipleObjSelectField, self).__init__(field_name, choices=choice_list,
size=size, is_required=is_required, size=size, is_required=is_required,
validator_list=validator_list, validator_list=validator_list,

2
django/contrib/admin/templates/admin/change_form.html
View File

@ -66,11 +66,13 @@
</div> </div>
</form> </form>
{% comment %}
{% if new_rlp_form %} {% if new_rlp_form %}
<div id="row_level_perm_container"> <div id="row_level_perm_container">
{% include "admin/row_level_permission.html" %} {% include "admin/row_level_permission.html" %}
</div> </div>
{% endif %} {% endif %}
{% endcomment %}
</div> </div>
{% endblock %} {% endblock %}

47
django/contrib/admin/templates/admin/row_level_permission.html
View File

@ -1,13 +1,28 @@
{% load i18n admin_modify %} {% extends "admin/base_site.html" %}
{% load i18n admin_modify adminmedia auth %}
{% block extrahead %}{{ block.super }}
<script type="text/javascript" src="../../../jsi18n/"></script>
{% include_admin_script "js/row_level_permission.js" %} {% include_admin_script "js/row_level_permission.js" %}
{% for js in javascript_imports %}{% include_admin_script js %}{% endfor %}
{% endblock %}
<h1>{% trans "Row Level Permissions" %}</h1> {% block stylesheet %}{% admin_media_prefix %}css/forms.css{% endblock %}
<div id="rlpResults"> {% block coltype %}{% if ordered_objects %}colMS{% else %}colM{% endif %}{% endblock %}
{% block bodyclass %}{{ opts.app_label }}-{{ opts.object_name.lower }} change-form{% endblock %}
{% block userlinks %}<a href="../../../../doc/">{% trans 'Documentation' %}</a> / <a href="../../../../password_change/">{% trans 'Change password' %}</a> / <a href="../../../../logout/">{% trans 'Log out' %}</a>{% endblock %}
{% block breadcrumbs %}
<div class="breadcrumbs">
<a href="../../../../">{% trans "Home" %}</a> &rsaquo;
<a href="../../">{{ opts.verbose_name_plural|capfirst|escape }}</a> &rsaquo;
<a href="../">{{ original|truncatewords:"18"|escape }}</a> &rsaquo;
{{ title|escape }}
</div> </div>
{% endblock %}
{% block content %}<div id="content-main">
<div id="changelist">
{% if_has_perm "auth.add_rowlevelpermission" %}
<h2>{% trans "Add Permissions" %}</h2> <h2>{% trans "Add Permissions" %}</h2>
<form id="addRLPForm" method="POST" name="addRLPForm" action="../../../auth/row_level_permission/add/{{ content_type_id }}/{{ object_id }}/"> <form id="addRLPForm" method="POST" name="addRLPForm" action="add/">
<table id="add-rlpTable"> <table id="add-rlpTable">
<tr class="header"> <tr class="header">
<th> <th>
@ -46,7 +61,9 @@
</tr> </tr>
</table> </table>
</form> </form>
{% end_if_has_perm %}
{% if_has_perm "auth.change_rowlevelpermission" %}
<h2>{% trans "Current Permissions" %}</h2> <h2>{% trans "Current Permissions" %}</h2>
<table id="current-rlpTable"> <table id="current-rlpTable">
{% if rlp_form_list %} {% if rlp_form_list %}
@ -90,7 +107,7 @@
<input id="cancelButton-{{ o.rlp.id }}" type="reset" value="{% trans 'Reset' %}"/> <input id="cancelButton-{{ o.rlp.id }}" type="reset" value="{% trans 'Reset' %}"/>
<br/> <br/>
<!--<a href="../../../auth/row_level_permission/{% objref o.rlp %}/delete/" class="deleteLink" onclick="row_level_permission.deleteRLP('{% objref o.rlp %}'); return false;">{% trans 'Delete' %}</a> |--> <!--<a href="../../../auth/row_level_permission/{% objref o.rlp %}/delete/" class="deleteLink" onclick="row_level_permission.deleteRLP('{% objref o.rlp %}'); return false;">{% trans 'Delete' %}</a> |-->
<a href="../../../auth/row_level_permission/{% objref o.rlp %}/delete/" class="deleteLink">{% trans 'Delete' %}</a> | <a href="../../../auth/row_level_permission/{% objref o.rlp %}/delete/" class="deletelink">{% trans 'Delete' %}</a> |
<a href="javascript:row_level_permission.copyToNew({{ o.rlp.id }})" class="copyToNewLink">{% trans 'Copy to New' %}</a> <a href="javascript:row_level_permission.copyToNew({{ o.rlp.id }})" class="copyToNewLink">{% trans 'Copy to New' %}</a>
</td> </td>
<!--</tr> <!--</tr>
@ -104,10 +121,24 @@
<form id="apply_selected_form" method="POST" name="apply_selected_form" onsubmit="row_level_permission.apply_selected(); return false;"> <form id="apply_selected_form" method="POST" name="apply_selected_form" onsubmit="row_level_permission.apply_selected(); return false;">
<input id="apply_selected_button" type="submit" value="{% trans 'Apply Selected' %}" /> <input id="apply_selected_button" type="submit" value="{% trans 'Apply Selected' %}" />
</form> </form>
<form id="delete_selected_form" method="POST" name="delete_selected_form" onsubmit="alert('Not yet working'); return false;">
<input id="delete_selected_button" type="submit" value="{% trans 'Delete Selected' %}" />
</form>
</td> </td>
</tr> </tr>
{% if is_paginated %}
<tr align="right">
<td colspan="5">
{% if has_previous %} <a href="?page={{ previous }}"> &lt;&lt; </a> {% endif %} {% if has_next %} <a href="?page={{ next }}"> &gt;&gt; </a>{% endif %}
</td>
</tr>
{% endif %}
</TBODY> </TBODY>
</table> </table>
{% else %} {% else %}
<em>{% trans 'No row level permissions'%}</em> <em>{% trans 'No row level permissions'%}</em>
{% endif %} {% endif %}
{% end_if_has_perm %}
</div>
</div>
{% endblock %}

5
django/contrib/admin/urls.py
View File

@ -30,7 +30,8 @@ urlpatterns = patterns('',
#Row level permissions #Row level permissions
('^auth/row_level_permission/(?P<ct_id>\d+)/(?P<rlp_id>\d+)/(?P<hash>\w+)/delete/$', 'django.contrib.admin.views.row_level_permissions.delete_row_level_permission'), ('^auth/row_level_permission/(?P<ct_id>\d+)/(?P<rlp_id>\d+)/(?P<hash>\w+)/delete/$', 'django.contrib.admin.views.row_level_permissions.delete_row_level_permission'),
('^auth/row_level_permission/(?P<ct_id>\d+)/(?P<rlp_id>\d+)/(?P<hash>\w+)/change/$', 'django.contrib.admin.views.row_level_permissions.change_row_level_permission'), ('^auth/row_level_permission/(?P<ct_id>\d+)/(?P<rlp_id>\d+)/(?P<hash>\w+)/change/$', 'django.contrib.admin.views.row_level_permissions.change_row_level_permission'),
('^auth/row_level_permission/add/(?P<ct_id>\d+)/(?P<obj_id>\d+)/$', 'django.contrib.admin.views.row_level_permissions.add_row_level_permission'), ('^auth/row_level_permission/add/(?P<ct_id>\d+)/(?P<object_id>\d+)/$', 'django.contrib.admin.views.row_level_permissions.add_row_level_permission'),
('^auth/row_level_permission/view/(?P<ct_id>\d+)/(?P<object_id>\d+)/$', 'django.contrib.admin.views.row_level_permissions.edit_row_level_permissions'),
# "Add user" -- a special-case view # "Add user" -- a special-case view
('^auth/user/add/$', 'django.contrib.admin.views.auth.user_add_stage'), ('^auth/user/add/$', 'django.contrib.admin.views.auth.user_add_stage'),
@ -40,6 +41,8 @@ urlpatterns = patterns('',
('^([^/]+)/([^/]+)/add/$', 'django.contrib.admin.views.main.add_stage'), ('^([^/]+)/([^/]+)/add/$', 'django.contrib.admin.views.main.add_stage'),
('^([^/]+)/([^/]+)/(.+)/history/$', 'django.contrib.admin.views.main.history'), ('^([^/]+)/([^/]+)/(.+)/history/$', 'django.contrib.admin.views.main.history'),
('^([^/]+)/([^/]+)/(.+)/delete/$', 'django.contrib.admin.views.main.delete_stage'), ('^([^/]+)/([^/]+)/(.+)/delete/$', 'django.contrib.admin.views.main.delete_stage'),
('^([^/]+)/([^/]+)/(.+)/row_level_permissions/$', 'django.contrib.admin.views.row_level_permissions.edit_row_level_permissions'),
('^([^/]+)/([^/]+)/(.+)/row_level_permissions/add/$', 'django.contrib.admin.views.row_level_permissions.add_row_level_permission'),
('^([^/]+)/([^/]+)/(.+)/$', 'django.contrib.admin.views.main.change_stage'), ('^([^/]+)/([^/]+)/(.+)/$', 'django.contrib.admin.views.main.change_stage'),
) )

122
django/contrib/admin/views/row_level_permissions.py
View File

@ -1,47 +1,114 @@
from django.contrib.admin import utils from django.contrib.admin import utils
from django import forms, template
from django.shortcuts import render_to_response, get_object_or_404 from django.shortcuts import render_to_response, get_object_or_404
from django.http import Http404, HttpResponse, HttpResponseRedirect from django.http import Http404, HttpResponse, HttpResponseRedirect
from django.contrib.contenttypes.models import ContentType from django.contrib.contenttypes.models import ContentType
from django.contrib.auth.models import RowLevelPermission from django.contrib.auth.models import RowLevelPermission
from django.contrib.admin.views import main
from django.db import models
from django.contrib.admin.row_level_perm_manipulator import AddRLPManipulator, ChangeRLPManipulator from django.contrib.admin.row_level_perm_manipulator import AddRLPManipulator, ChangeRLPManipulator
from django.core.exceptions import ImproperlyConfigured, ObjectDoesNotExist, PermissionDenied from django.core.exceptions import ImproperlyConfigured, ObjectDoesNotExist, PermissionDenied
from django.core.paginator import ObjectPaginator, InvalidPage
import simplejson import simplejson
def edit_row_level_permissions(request, app_label, model_name, object_id):
model = models.get_model(app_label, model_name)
object_id = main.unquote(object_id)
model_ct = ContentType.objects.get_for_model(model)
model_instance = get_object_or_404(model, pk=object_id)
opts = model_instance._meta
if not opts.row_level_permissions:
raise Http404
if not request.user.has_perm(opts.app_label + '.' + opts.get_change_permission(), object=model_instance):
raise PermissionDenied
if not request.user.has_perm(RowLevelPermission._meta.app_label + '.' + RowLevelPermission._meta.get_change_permission()):
raise PermissionDenied
#TODO: For now takes the number per page from the model instance not the RLP object
paginator = ObjectPaginator(model_instance.row_level_permissions.order_by('owner_ct', 'owner_id'),
opts.admin.list_per_page)
page = int(request.GET.get('page', 0))
rlp_list = paginator.get_page(page)
c = template.RequestContext(request, {
'title': _('Edit Row Level Permissions'),
'object_id': object_id,
'content_type_id':model_ct.id,
'original': model_instance,
'opts':opts,
"is_paginated": paginator.has_next_page(0),
"has_next": paginator.has_next_page(page),
"has_previous": paginator.has_previous_page(page),
"page": page + 1,
"next": page + 1,
"previous": page - 1,
})
rlp_errors = rlp_new_data = {}
add_rlp_manip = AddRLPManipulator(model_instance, model_ct)
edit_rlp_manip = ChangeRLPManipulator(model_ct)
new_rlp_form = forms.FormWrapper(add_rlp_manip, rlp_new_data, rlp_errors)
empty_rlp_form = forms.FormWrapper(edit_rlp_manip, rlp_new_data, rlp_errors)
rlp_form_list = []
for r in rlp_list:
owner_val = str(r.owner_ct)+"-"+str(r.owner_id)
data = {'id':r.id, 'owner':owner_val, 'perm':r.permission.id, 'negative':r.negative}
rlp_form_list.append({'form':forms.FormWrapper(edit_rlp_manip, data, rlp_errors), 'rlp':r})
rlp_context = {'new_rlp_form':new_rlp_form,
'rlp_form_list':rlp_form_list,
'empty_rlp_form':empty_rlp_form,}
c.update(rlp_context)
return render_to_response([
"admin/%s/%s/row_level_permission.html" % (opts.app_label, opts.object_name.lower()),
"admin/%s/row_level_permission.html" % opts.app_label,
"admin/row_level_permission.html"], context_instance=c)
def delete_row_level_permission(request, ct_id, rlp_id, hash): def delete_row_level_permission(request, ct_id, rlp_id, hash):
msg = {} msg = {}
ajax = request.GET.has_key("ajax")
if utils.verify_objref_hash(ct_id, rlp_id, hash): if utils.verify_objref_hash(ct_id, rlp_id, hash):
rlp = get_object_or_404(RowLevelPermission, pk=rlp_id) rlp = get_object_or_404(RowLevelPermission, pk=rlp_id)
ct = rlp.model_ct ct = rlp.model_ct
obj = rlp.model obj = rlp.model
opts = rlp._meta
if not request.user.has_perm(opts.app_label + '.' + opts.get_delete_permission()): if not request.user.has_perm(rlp._meta.app_label + '.' + rlp._meta.get_delete_permission()):
raise PermissionDenied raise PermissionDenied
if not request.user.has_perm(obj._meta.app_label + '.' + obj._meta.get_change_permission()): if not request.user.has_perm(obj._meta.app_label + '.' + obj._meta.get_change_permission(), object=obj):
raise PermissionDenied raise PermissionDenied
rlp.delete() rlp.delete()
msg = {"result":True, "text":_("Row level permission was successful deleted"), "id":rlp_id} msg = {"result":True, "text":_("Row level permission was successful deleted"), "id":rlp_id}
else: else:
msg = { 'result':False, 'text': _("row level permission not found (bad hash)" )} msg = { 'result':False, 'text': _("row level permission not found (bad hash)" )}
if ajax:
return HttpResponse(simplejson.dumps(msg), 'text/javascript')
request.user.message_set.create(message=msg['text'])
#return HttpResponseRedirect("/edit/%s/%s" % (ct.model, obj.id))
return HttpResponseRedirect("../../../../../../%s/%s/%s" % (obj._meta.app_label, obj._meta.module_name , str(obj.id)))
def add_row_level_permission(request, ct_id, obj_id): request.user.message_set.create(message=result['text'])
return HttpResponseRedirect("../")
# return HttpResponseRedirect("%s?rlp_result=%s&rlp_msg=%s" % (request.META["HTTP_REFERER"], str(msg["result"]), main.quote(msg["text"])))
#return main.change_stage(request, main.quote(obj._meta.app_label), main.quote(obj._meta.object_name),
# main.quote(str(obj.id)), extra_context={"row_level_perm_msg":msg,})
def add_row_level_permission(request, app_label, model_name, object_id):
msg = {} msg = {}
ajax = request.GET.has_key("ajax")
if not request.POST: if not request.POST:
msg = { 'result':False, 'text': _("Only POSTs are allowed" )} msg = { 'result':False, 'text': _("Only POSTs are allowed" )}
if ajax:
return HttpResponse(simplejson.dumps(msg), 'text/javascript')
request.user.message_set.create(message=msg['text'])
return HttpResponseRedirect("/edit/%s/%s" % (obj_type, obj_id))
ct = get_object_or_404(ContentType, pk=ct_id) request.user.message_set.create(message=msg['text'])
obj = get_object_or_404(ct.model_class(), pk=obj_id) return HttpResponseRedirect("/edit/%s/%s" % (obj_type, object_id))
if not request.user.has_perm(obj._meta.app_label + '.' + obj._meta.get_change_permission()):
model = models.get_model(app_label, model_name)
object_id = main.unquote(object_id)
ct = ContentType.objects.get_for_model(model)
obj = get_object_or_404(model, pk=object_id)
if not request.user.has_perm(obj._meta.app_label + '.' + obj._meta.get_change_permission(), object=obj):
raise PermissionDenied raise PermissionDenied
if not request.user.has_perm(RowLevelPermission._meta.app_label + '.' + RowLevelPermission._meta.get_add_permission()): if not request.user.has_perm(RowLevelPermission._meta.app_label + '.' + RowLevelPermission._meta.get_add_permission()):
@ -64,17 +131,16 @@ def add_row_level_permission(request, ct_id, obj_id):
msg = {"result":True, "text":_("Row level permission has successfully been added.")} msg = {"result":True, "text":_("Row level permission has successfully been added.")}
else: else:
msg = {"result":True, "text":_("Row level permissions have successfully been added.")} msg = {"result":True, "text":_("Row level permissions have successfully been added.")}
if not ajax:
request.user.message_set.create(message=msg['text'])
return HttpResponseRedirect("../../../../../%s/%s/%s" % (obj._meta.app_label, obj._meta.module_name , str(obj.id)))
resp_list = [] resp_list = []
for rlp in rlp_list: for rlp in rlp_list:
hash = utils.create_objref(rlp) hash = utils.create_objref(rlp)
resp_list.append({"id":rlp.id, "permission":rlp.permission.id, "hash":hash}) resp_list.append({"id":rlp.id, "permission":rlp.permission.id, "hash":hash})
msg["results"]=resp_list msg["results"]=resp_list
return HttpResponse(simplejson.dumps(msg), 'text/javascript')
#return main.change_stage(request, main.quote(obj._meta.app_label), main.quote(obj._meta.object_name),
# main.quote(str(obj.id)), extra_context={"row_level_perm_msg":msg,})
return HttpResponseRedirect("../")
def change_row_level_permission(request, ct_id, rlp_id, hash): def change_row_level_permission(request, ct_id, rlp_id, hash):
msg = {} msg = {}
@ -96,8 +162,8 @@ def change_row_level_permission(request, ct_id, rlp_id, hash):
if not request.user.has_perm(opts.app_label + '.' + opts.get_add_permission()): if not request.user.has_perm(opts.app_label + '.' + opts.get_add_permission()):
raise PermissionDenied raise PermissionDenied
object_model = rlp.model_ct.model_class() obj = rlp.model
if not request.user.has_perm(object_model._meta.app_label + '.' + object_model._meta.get_change_permission()): if not request.user.has_perm(rlp._meta.app_label + '.' + rlp._meta.get_change_permission(), object=obj):
raise PermissionDenied raise PermissionDenied
manip = ChangeRLPManipulator() manip = ChangeRLPManipulator()
@ -114,5 +180,7 @@ def change_row_level_permission(request, ct_id, rlp_id, hash):
msg = {"result":True, "text":_("Row level permission has successfully been changed"), "id":rlp_id} msg = {"result":True, "text":_("Row level permission has successfully been changed"), "id":rlp_id}
if ajax: if ajax:
return HttpResponse(simplejson.dumps(msg), 'text/javascript') return HttpResponse(simplejson.dumps(msg), 'text/javascript')
request.user.message_set.create(message=msg['text'])
return HttpResponseRedirect("../../../../../../%s/%s/%s" % (object_model._meta.app_label, object_model._meta.module_name , str(rlp.model_id))) request.POST = {}
return main.change_stage(request, main.quote(obj._meta.app_label), main.quote(obj._meta.object_name),
main.quote(str(obj.id)), extra_context={"row_level_perm_msg":msg,})