mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-07-04 17:59:13 +00:00
Code Issues 32 Releases Wiki Activity

[per-object-permissions] Added "Edit Row Level Permissions" link on change_form if object has row level permissions enabled

Browse Source 
[per-object-permissions] Modified the row level permissions edit page so the URL is based off of the object instead of being part of the auth 

git-svn-id: http://code.djangoproject.com/svn/django/branches/per-object-permissions@3616 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
Christopher Long 2006-08-19 17:53:48 +00:00
parent 9f115aa7ea
commit b5cbbf58c0
5 changed files with 92 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
django/contrib/admin/templates/admin/change_form.html
View File

@ -18,6 +18,7 @@
{% block content %}<div id="content-main">
{% if change %}{% if not is_popup %}
<ul class="object-tools"><li><a href="history/" class="historylink">{% trans "History" %}</a></li>
{% if has_row_level_permissions %}<li><a href="row_level_permissions/" class="rowlevelpermissions">{% trans "Edit Row Level Permissions" %}</a></li>{% endif %}
{% if has_absolute_url %}<li><a href="../../../r/{{ content_type_id }}/{{ object_id }}/" class="viewsitelink">{% trans "View on site" %}</a></li>{% endif%}
</ul>
{% endif %}{% endif %}

30
django/contrib/admin/templates/admin/row_level_permission.html
View File

@ -17,8 +17,9 @@
{{ title|escape }}
</div>
{% endblock %}
{% block content %}<div id="content-main">
<div id="changelist">
{% block content %}
<div id="content-main">
{% if_has_perm "auth.add_rowlevelpermission" %}
<h2>{% trans "Add Permissions" %}</h2>
@ -66,7 +67,7 @@
{% if_has_perm "auth.change_rowlevelpermission" %}
<h2>{% trans "Current Permissions" %}</h2>
<table id="current-rlpTable">
{% if rlp_form_list %}
{% if rlp_forms %}
<tr class="header">
<th id="select_header"></th>
<th id="owner_header">
@ -84,10 +85,16 @@
</tr>
<TBODY>
{% load row_level_permission %}
{% for o in rlp_form_list %}
{% for x in rlp_forms %}
<tr>
<th colspan=5>
{{ x.0 }}
</th>
</tr>
{% for o in x.1 %}
<tr id="editRLP-{{ o.rlp.id }}">
<!--<td colspan="5">-->
<form id="editRLPForm-{{ o.rlp.id }}" class="editRLPForm" method="POST" name="editRLPForm-{{ o.rlp.id }}" action="../../../auth/row_level_permission/{% objref o.rlp %}/change/">
<form id="editRLPForm-{{ o.rlp.id }}" class="editRLPForm" method="POST" name="editRLPForm-{{ o.rlp.id }}" action="change/{% objref o.rlp %}/">
<!--<table>
<tr>-->
<td>
@ -107,7 +114,8 @@
<input id="cancelButton-{{ o.rlp.id }}" type="reset" value="{% trans 'Reset' %}"/>
<br/>
<!--<a href="../../../auth/row_level_permission/{% objref o.rlp %}/delete/" class="deleteLink" onclick="row_level_permission.deleteRLP('{% objref o.rlp %}'); return false;">{% trans 'Delete' %}</a> |-->
<a href="../../../auth/row_level_permission/{% objref o.rlp %}/delete/" class="deletelink">{% trans 'Delete' %}</a> |
<!--<a href="../../../auth/row_level_permission/{% objref o.rlp %}/delete/" class="deletelink">{% trans 'Delete' %}</a> | -->
<a href="delete/{% objref o.rlp %}" class="deletelink">{% trans 'Delete' %}</a> |
<a href="javascript:row_level_permission.copyToNew({{ o.rlp.id }})" class="copyToNewLink">{% trans 'Copy to New' %}</a>
</td>
<!--</tr>
@ -116,14 +124,12 @@
</td>
</tr>
{% endfor %}
{% endfor %}
<tr align="right">
<td colspan="5">
<form id="apply_selected_form" method="POST" name="apply_selected_form" onsubmit="row_level_permission.apply_selected(); return false;">
<input id="apply_selected_button" type="submit" value="{% trans 'Apply Selected' %}" />
</form>
<form id="delete_selected_form" method="POST" name="delete_selected_form" onsubmit="alert('Not yet working'); return false;">
<input id="delete_selected_button" type="submit" value="{% trans 'Delete Selected' %}" />
</form>
Commands:
<a href="javascript:row_level_permission.apply_selected();">Apply Selected</a> |
<a href="javascript:alert('Not yet working');" class="deletelink">Delete Selected</a>
</td>
</tr>
{% if is_paginated %}

5
django/contrib/admin/urls.py
View File

@ -41,8 +41,11 @@ urlpatterns = patterns('',
('^([^/]+)/([^/]+)/add/$', 'django.contrib.admin.views.main.add_stage'),
('^([^/]+)/([^/]+)/(.+)/history/$', 'django.contrib.admin.views.main.history'),
('^([^/]+)/([^/]+)/(.+)/delete/$', 'django.contrib.admin.views.main.delete_stage'),
('^([^/]+)/([^/]+)/(.+)/row_level_permissions/$', 'django.contrib.admin.views.row_level_permissions.edit_row_level_permissions'),
('^([^/]+)/([^/]+)/(.+)/row_level_permissions/$', 'django.contrib.admin.views.row_level_permissions.view_row_level_permissions'),
('^([^/]+)/([^/]+)/(.+)/row_level_permissions/add/$', 'django.contrib.admin.views.row_level_permissions.add_row_level_permission'),
('^([^/]+)/([^/]+)/(.+)/row_level_permissions/delete/(.+)/(.+)/([^/]+)/$', 'django.contrib.admin.views.row_level_permissions.delete_row_level_permission'),
('^([^/]+)/([^/]+)/(.+)/row_level_permissions/change/(.+)/(.+)/([^/]+)/$', 'django.contrib.admin.views.row_level_permissions.change_row_level_permission'),
('^([^/]+)/([^/]+)/(.+)/$', 'django.contrib.admin.views.main.change_stage'),
)

1
django/contrib/admin/views/main.py
View File

@ -203,6 +203,7 @@ def render_change_form(model, manipulator, context, add=False, change=False, for
'has_change_permission': context['perms'][app_label][opts.get_change_permission()],
'has_file_field': opts.has_field_type(models.FileField),
'has_absolute_url': hasattr(model, 'get_absolute_url'),
'has_row_level_permissions':opts.row_level_permissions,
'auto_populated_fields': auto_populated_fields,
'bound_field_sets': bound_field_sets,
'first_form_field_id': first_form_field_id,

94
django/contrib/admin/views/row_level_permissions.py
View File

@ -3,17 +3,19 @@ from django import forms, template
from django.shortcuts import render_to_response, get_object_or_404
from django.http import Http404, HttpResponse, HttpResponseRedirect
from django.contrib.contenttypes.models import ContentType
from django.contrib.auth.models import RowLevelPermission
from django.contrib.admin.views import main
from django.contrib.auth.models import RowLevelPermission, User, Group
from django.db import models
from django.contrib.admin.row_level_perm_manipulator import AddRLPManipulator, ChangeRLPManipulator
from django.core.exceptions import ImproperlyConfigured, ObjectDoesNotExist, PermissionDenied
from django.core.paginator import ObjectPaginator, InvalidPage
import simplejson
from django.contrib.admin.views.main import unquote, quote
from django.contrib.admin.views.decorators import staff_member_required
from django.views.decorators.cache import never_cache
def edit_row_level_permissions(request, app_label, model_name, object_id):
def view_row_level_permissions(request, app_label, model_name, object_id):
model = models.get_model(app_label, model_name)
object_id = main.unquote(object_id)
object_id = unquote(object_id)
model_ct = ContentType.objects.get_for_model(model)
model_instance = get_object_or_404(model, pk=object_id)
@ -52,15 +54,34 @@ def edit_row_level_permissions(request, app_label, model_name, object_id):
add_rlp_manip = AddRLPManipulator(model_instance, model_ct)
edit_rlp_manip = ChangeRLPManipulator(model_ct)
new_rlp_form = forms.FormWrapper(add_rlp_manip, rlp_new_data, rlp_errors)
empty_rlp_form = forms.FormWrapper(edit_rlp_manip, rlp_new_data, rlp_errors)
rlp_form_list = []
user_rlp_form_list = []
other_rlp_form_list = []
group_rlp_form_list = []
group_ct = model_ct = ContentType.objects.get_for_model(Group)
user_ct = model_ct = ContentType.objects.get_for_model(User)
for r in rlp_list:
owner_val = str(r.owner_ct)+"-"+str(r.owner_id)
data = {'id':r.id, 'owner':owner_val, 'perm':r.permission.id, 'negative':r.negative}
rlp_form_list.append({'form':forms.FormWrapper(edit_rlp_manip, data, rlp_errors), 'rlp':r})
if r.owner_ct.id is user_ct.id:
user_rlp_form_list.append({'form':forms.FormWrapper(edit_rlp_manip, data, rlp_errors), 'rlp':r})
elif r.owner_ct.id is group_ct.id:
group_rlp_form_list.append({'form':forms.FormWrapper(edit_rlp_manip, data, rlp_errors), 'rlp':r})
else:
other_rlp_form_list.append({'form':forms.FormWrapper(edit_rlp_manip, data, rlp_errors), 'rlp':r})
rlp_forms = []
if user_rlp_form_list:
rlp_forms.append((_('Users'), user_rlp_form_list,))
if group_rlp_form_list:
rlp_forms.append((_('Groups'), group_rlp_form_list,))
if other_rlp_form_list:
rlp_forms.append((_('Other'), other_rlp_form_list,))
rlp_context = {'new_rlp_form':new_rlp_form,
'rlp_form_list':rlp_form_list,
'empty_rlp_form':empty_rlp_form,}
'rlp_forms':rlp_forms, }
c.update(rlp_context)
@ -69,13 +90,24 @@ def edit_row_level_permissions(request, app_label, model_name, object_id):
"admin/%s/row_level_permission.html" % opts.app_label,
"admin/row_level_permission.html"], context_instance=c)
def delete_row_level_permission(request, ct_id, rlp_id, hash):
view_row_level_permissions = staff_member_required(never_cache(view_row_level_permissions))
def delete_row_level_permission(request, app_label, model_name, object_id, ct_id, rlp_id, hash):
msg = {}
if utils.verify_objref_hash(ct_id, rlp_id, hash):
model = models.get_model(app_label, model_name)
object_id = unquote(object_id)
model_ct = ContentType.objects.get_for_model(model)
model_instance = get_object_or_404(model, pk=object_id)
rlp = get_object_or_404(RowLevelPermission, pk=rlp_id)
ct = rlp.model_ct
obj = rlp.model
if model_instance.id is not obj.id:
raise PermissionDenied
if not request.user.has_perm(rlp._meta.app_label + '.' + rlp._meta.get_delete_permission()):
raise PermissionDenied
if not request.user.has_perm(obj._meta.app_label + '.' + obj._meta.get_change_permission(), object=obj):
@ -86,13 +118,13 @@ def delete_row_level_permission(request, ct_id, rlp_id, hash):
else:
msg = { 'result':False, 'text': _("row level permission not found (bad hash)" )}
request.user.message_set.create(message=result['text'])
request.user.message_set.create(message=msg['text'])
return HttpResponseRedirect("../")
return HttpResponseRedirect("../../../../")
# return HttpResponseRedirect("%s?rlp_result=%s&rlp_msg=%s" % (request.META["HTTP_REFERER"], str(msg["result"]), main.quote(msg["text"])))
#return main.change_stage(request, main.quote(obj._meta.app_label), main.quote(obj._meta.object_name),
# main.quote(str(obj.id)), extra_context={"row_level_perm_msg":msg,})
delete_row_level_permission = staff_member_required(never_cache(delete_row_level_permission))
def add_row_level_permission(request, app_label, model_name, object_id):
msg = {}
@ -103,7 +135,7 @@ def add_row_level_permission(request, app_label, model_name, object_id):
return HttpResponseRedirect("/edit/%s/%s" % (obj_type, object_id))
model = models.get_model(app_label, model_name)
object_id = main.unquote(object_id)
object_id = unquote(object_id)
ct = ContentType.objects.get_for_model(model)
obj = get_object_or_404(model, pk=object_id)
@ -141,10 +173,10 @@ def add_row_level_permission(request, app_label, model_name, object_id):
#return main.change_stage(request, main.quote(obj._meta.app_label), main.quote(obj._meta.object_name),
# main.quote(str(obj.id)), extra_context={"row_level_perm_msg":msg,})
return HttpResponseRedirect("../")
add_row_level_permission = staff_member_required(never_cache(add_row_level_permission))
def change_row_level_permission(request, ct_id, rlp_id, hash):
def change_row_level_permission(request, app_label, model_name, object_id, ct_id, rlp_id, hash):
msg = {}
ajax = request.GET.has_key("ajax")
if not request.POST:
msg = { 'result':False, 'text': _("Only POSTs are allowed" )}
@ -152,10 +184,14 @@ def change_row_level_permission(request, ct_id, rlp_id, hash):
msg = { 'result':False, 'text': _("row level permission not found (bad hash)" )}
if msg.has_key("result"):
if ajax:
return HttpResponse(simplejson.dumps(msg), 'text/javascript')
request.user.message_set.create(message=msg['text'])
return HttpResponseRedirect("/edit/%s/%s" % (obj_type, obj_id))
return HttpResponseRedirect('../../../../')
model = models.get_model(app_label, model_name)
object_id = unquote(object_id)
ct = ContentType.objects.get_for_model(model)
model_instance = get_object_or_404(model, pk=object_id)
rlp = get_object_or_404(RowLevelPermission, pk=rlp_id)
opts = rlp._meta
@ -163,6 +199,9 @@ def change_row_level_permission(request, ct_id, rlp_id, hash):
raise PermissionDenied
obj = rlp.model
if model_instance.id is not obj.id:
raise PermissionDenied
if not request.user.has_perm(rlp._meta.app_label + '.' + rlp._meta.get_change_permission(), object=obj):
raise PermissionDenied
@ -178,9 +217,12 @@ def change_row_level_permission(request, ct_id, rlp_id, hash):
msg = {"result":False, "text":_("A row level permission already exists with the specified values")}
else:
msg = {"result":True, "text":_("Row level permission has successfully been changed"), "id":rlp_id}
if ajax:
return HttpResponse(simplejson.dumps(msg), 'text/javascript')
request.POST = {}
return main.change_stage(request, main.quote(obj._meta.app_label), main.quote(obj._meta.object_name),
main.quote(str(obj.id)), extra_context={"row_level_perm_msg":msg,})
request.user.message_set.create(message=msg['text'])
return HttpResponseRedirect("../../../../")
# request.POST = {}
# return change_stage(request, main.quote(obj._meta.app_label), main.quote(obj._meta.object_name),
# main.quote(str(obj.id)), extra_context={"row_level_perm_msg":msg,})
change_row_level_permission = staff_member_required(never_cache(change_row_level_permission))