mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-07-05 02:09:13 +00:00
Code Issues 32 Releases Wiki Activity

[per-object-permissions] Added "Edit Row Level Permissions" link on change_form if object has row level permissions enabled

Browse Source 
[per-object-permissions] Modified the row level permissions edit page so the URL is based off of the object instead of being part of the auth 

git-svn-id: http://code.djangoproject.com/svn/django/branches/per-object-permissions@3616 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
Christopher Long 2006-08-19 17:53:48 +00:00
parent 9f115aa7ea
commit b5cbbf58c0
5 changed files with 92 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
django/contrib/admin/templates/admin/change_form.html
View File

@ -18,6 +18,7 @@
{% block content %}<div id="content-main"> {% block content %}<div id="content-main">
{% if change %}{% if not is_popup %} {% if change %}{% if not is_popup %}
<ul class="object-tools"><li><a href="history/" class="historylink">{% trans "History" %}</a></li> <ul class="object-tools"><li><a href="history/" class="historylink">{% trans "History" %}</a></li>
{% if has_row_level_permissions %}<li><a href="row_level_permissions/" class="rowlevelpermissions">{% trans "Edit Row Level Permissions" %}</a></li>{% endif %}
{% if has_absolute_url %}<li><a href="../../../r/{{ content_type_id }}/{{ object_id }}/" class="viewsitelink">{% trans "View on site" %}</a></li>{% endif%} {% if has_absolute_url %}<li><a href="../../../r/{{ content_type_id }}/{{ object_id }}/" class="viewsitelink">{% trans "View on site" %}</a></li>{% endif%}
</ul> </ul>
{% endif %}{% endif %} {% endif %}{% endif %}

30
django/contrib/admin/templates/admin/row_level_permission.html
View File

@ -17,8 +17,9 @@
{{ title|escape }} {{ title|escape }}
</div> </div>
{% endblock %} {% endblock %}
{% block content %}<div id="content-main"> {% block content %}
<div id="changelist">
<div id="content-main">
{% if_has_perm "auth.add_rowlevelpermission" %} {% if_has_perm "auth.add_rowlevelpermission" %}
<h2>{% trans "Add Permissions" %}</h2> <h2>{% trans "Add Permissions" %}</h2>
@ -66,7 +67,7 @@
{% if_has_perm "auth.change_rowlevelpermission" %} {% if_has_perm "auth.change_rowlevelpermission" %}
<h2>{% trans "Current Permissions" %}</h2> <h2>{% trans "Current Permissions" %}</h2>
<table id="current-rlpTable"> <table id="current-rlpTable">
{% if rlp_form_list %} {% if rlp_forms %}
<tr class="header"> <tr class="header">
<th id="select_header"></th> <th id="select_header"></th>
<th id="owner_header"> <th id="owner_header">
@ -84,10 +85,16 @@
</tr> </tr>
<TBODY> <TBODY>
{% load row_level_permission %} {% load row_level_permission %}
{% for o in rlp_form_list %} {% for x in rlp_forms %}
<tr>
<th colspan=5>
{{ x.0 }}
</th>
</tr>
{% for o in x.1 %}
<tr id="editRLP-{{ o.rlp.id }}"> <tr id="editRLP-{{ o.rlp.id }}">
<!--<td colspan="5">--> <!--<td colspan="5">-->
<form id="editRLPForm-{{ o.rlp.id }}" class="editRLPForm" method="POST" name="editRLPForm-{{ o.rlp.id }}" action="../../../auth/row_level_permission/{% objref o.rlp %}/change/"> <form id="editRLPForm-{{ o.rlp.id }}" class="editRLPForm" method="POST" name="editRLPForm-{{ o.rlp.id }}" action="change/{% objref o.rlp %}/">
<!--<table> <!--<table>
<tr>--> <tr>-->
<td> <td>
@ -107,7 +114,8 @@
<input id="cancelButton-{{ o.rlp.id }}" type="reset" value="{% trans 'Reset' %}"/> <input id="cancelButton-{{ o.rlp.id }}" type="reset" value="{% trans 'Reset' %}"/>
<br/> <br/>
<!--<a href="../../../auth/row_level_permission/{% objref o.rlp %}/delete/" class="deleteLink" onclick="row_level_permission.deleteRLP('{% objref o.rlp %}'); return false;">{% trans 'Delete' %}</a> |--> <!--<a href="../../../auth/row_level_permission/{% objref o.rlp %}/delete/" class="deleteLink" onclick="row_level_permission.deleteRLP('{% objref o.rlp %}'); return false;">{% trans 'Delete' %}</a> |-->
<a href="../../../auth/row_level_permission/{% objref o.rlp %}/delete/" class="deletelink">{% trans 'Delete' %}</a> | <!--<a href="../../../auth/row_level_permission/{% objref o.rlp %}/delete/" class="deletelink">{% trans 'Delete' %}</a> | -->
<a href="delete/{% objref o.rlp %}" class="deletelink">{% trans 'Delete' %}</a> |
<a href="javascript:row_level_permission.copyToNew({{ o.rlp.id }})" class="copyToNewLink">{% trans 'Copy to New' %}</a> <a href="javascript:row_level_permission.copyToNew({{ o.rlp.id }})" class="copyToNewLink">{% trans 'Copy to New' %}</a>
</td> </td>
<!--</tr> <!--</tr>
@ -116,14 +124,12 @@
</td> </td>
</tr> </tr>
{% endfor %} {% endfor %}
{% endfor %}
<tr align="right"> <tr align="right">
<td colspan="5"> <td colspan="5">
<form id="apply_selected_form" method="POST" name="apply_selected_form" onsubmit="row_level_permission.apply_selected(); return false;"> Commands:
<input id="apply_selected_button" type="submit" value="{% trans 'Apply Selected' %}" /> <a href="javascript:row_level_permission.apply_selected();">Apply Selected</a> |
</form> <a href="javascript:alert('Not yet working');" class="deletelink">Delete Selected</a>
<form id="delete_selected_form" method="POST" name="delete_selected_form" onsubmit="alert('Not yet working'); return false;">
<input id="delete_selected_button" type="submit" value="{% trans 'Delete Selected' %}" />
</form>
</td> </td>
</tr> </tr>
{% if is_paginated %} {% if is_paginated %}

5
django/contrib/admin/urls.py
View File

@ -41,8 +41,11 @@ urlpatterns = patterns('',
('^([^/]+)/([^/]+)/add/$', 'django.contrib.admin.views.main.add_stage'), ('^([^/]+)/([^/]+)/add/$', 'django.contrib.admin.views.main.add_stage'),
('^([^/]+)/([^/]+)/(.+)/history/$', 'django.contrib.admin.views.main.history'), ('^([^/]+)/([^/]+)/(.+)/history/$', 'django.contrib.admin.views.main.history'),
('^([^/]+)/([^/]+)/(.+)/delete/$', 'django.contrib.admin.views.main.delete_stage'), ('^([^/]+)/([^/]+)/(.+)/delete/$', 'django.contrib.admin.views.main.delete_stage'),
('^([^/]+)/([^/]+)/(.+)/row_level_permissions/$', 'django.contrib.admin.views.row_level_permissions.edit_row_level_permissions'), ('^([^/]+)/([^/]+)/(.+)/row_level_permissions/$', 'django.contrib.admin.views.row_level_permissions.view_row_level_permissions'),
('^([^/]+)/([^/]+)/(.+)/row_level_permissions/add/$', 'django.contrib.admin.views.row_level_permissions.add_row_level_permission'), ('^([^/]+)/([^/]+)/(.+)/row_level_permissions/add/$', 'django.contrib.admin.views.row_level_permissions.add_row_level_permission'),
('^([^/]+)/([^/]+)/(.+)/row_level_permissions/delete/(.+)/(.+)/([^/]+)/$', 'django.contrib.admin.views.row_level_permissions.delete_row_level_permission'),
('^([^/]+)/([^/]+)/(.+)/row_level_permissions/change/(.+)/(.+)/([^/]+)/$', 'django.contrib.admin.views.row_level_permissions.change_row_level_permission'),
('^([^/]+)/([^/]+)/(.+)/$', 'django.contrib.admin.views.main.change_stage'), ('^([^/]+)/([^/]+)/(.+)/$', 'django.contrib.admin.views.main.change_stage'),
) )

1
django/contrib/admin/views/main.py
View File

@ -203,6 +203,7 @@ def render_change_form(model, manipulator, context, add=False, change=False, for
'has_change_permission': context['perms'][app_label][opts.get_change_permission()], 'has_change_permission': context['perms'][app_label][opts.get_change_permission()],
'has_file_field': opts.has_field_type(models.FileField), 'has_file_field': opts.has_field_type(models.FileField),
'has_absolute_url': hasattr(model, 'get_absolute_url'), 'has_absolute_url': hasattr(model, 'get_absolute_url'),
'has_row_level_permissions':opts.row_level_permissions,
'auto_populated_fields': auto_populated_fields, 'auto_populated_fields': auto_populated_fields,
'bound_field_sets': bound_field_sets, 'bound_field_sets': bound_field_sets,
'first_form_field_id': first_form_field_id, 'first_form_field_id': first_form_field_id,

94
django/contrib/admin/views/row_level_permissions.py
View File

@ -3,17 +3,19 @@ from django import forms, template
from django.shortcuts import render_to_response, get_object_or_404 from django.shortcuts import render_to_response, get_object_or_404
from django.http import Http404, HttpResponse, HttpResponseRedirect from django.http import Http404, HttpResponse, HttpResponseRedirect
from django.contrib.contenttypes.models import ContentType from django.contrib.contenttypes.models import ContentType
from django.contrib.auth.models import RowLevelPermission from django.contrib.auth.models import RowLevelPermission, User, Group
from django.contrib.admin.views import main
from django.db import models from django.db import models
from django.contrib.admin.row_level_perm_manipulator import AddRLPManipulator, ChangeRLPManipulator from django.contrib.admin.row_level_perm_manipulator import AddRLPManipulator, ChangeRLPManipulator
from django.core.exceptions import ImproperlyConfigured, ObjectDoesNotExist, PermissionDenied from django.core.exceptions import ImproperlyConfigured, ObjectDoesNotExist, PermissionDenied
from django.core.paginator import ObjectPaginator, InvalidPage from django.core.paginator import ObjectPaginator, InvalidPage
import simplejson from django.contrib.admin.views.main import unquote, quote
from django.contrib.admin.views.decorators import staff_member_required
from django.views.decorators.cache import never_cache
def edit_row_level_permissions(request, app_label, model_name, object_id):
def view_row_level_permissions(request, app_label, model_name, object_id):
model = models.get_model(app_label, model_name) model = models.get_model(app_label, model_name)
object_id = main.unquote(object_id) object_id = unquote(object_id)
model_ct = ContentType.objects.get_for_model(model) model_ct = ContentType.objects.get_for_model(model)
model_instance = get_object_or_404(model, pk=object_id) model_instance = get_object_or_404(model, pk=object_id)
@ -52,15 +54,34 @@ def edit_row_level_permissions(request, app_label, model_name, object_id):
add_rlp_manip = AddRLPManipulator(model_instance, model_ct) add_rlp_manip = AddRLPManipulator(model_instance, model_ct)
edit_rlp_manip = ChangeRLPManipulator(model_ct) edit_rlp_manip = ChangeRLPManipulator(model_ct)
new_rlp_form = forms.FormWrapper(add_rlp_manip, rlp_new_data, rlp_errors) new_rlp_form = forms.FormWrapper(add_rlp_manip, rlp_new_data, rlp_errors)
empty_rlp_form = forms.FormWrapper(edit_rlp_manip, rlp_new_data, rlp_errors)
rlp_form_list = [] user_rlp_form_list = []
other_rlp_form_list = []
group_rlp_form_list = []
group_ct = model_ct = ContentType.objects.get_for_model(Group)
user_ct = model_ct = ContentType.objects.get_for_model(User)
for r in rlp_list: for r in rlp_list:
owner_val = str(r.owner_ct)+"-"+str(r.owner_id) owner_val = str(r.owner_ct)+"-"+str(r.owner_id)
data = {'id':r.id, 'owner':owner_val, 'perm':r.permission.id, 'negative':r.negative} data = {'id':r.id, 'owner':owner_val, 'perm':r.permission.id, 'negative':r.negative}
rlp_form_list.append({'form':forms.FormWrapper(edit_rlp_manip, data, rlp_errors), 'rlp':r})
if r.owner_ct.id is user_ct.id:
user_rlp_form_list.append({'form':forms.FormWrapper(edit_rlp_manip, data, rlp_errors), 'rlp':r})
elif r.owner_ct.id is group_ct.id:
group_rlp_form_list.append({'form':forms.FormWrapper(edit_rlp_manip, data, rlp_errors), 'rlp':r})
else:
other_rlp_form_list.append({'form':forms.FormWrapper(edit_rlp_manip, data, rlp_errors), 'rlp':r})
rlp_forms = []
if user_rlp_form_list:
rlp_forms.append((_('Users'), user_rlp_form_list,))
if group_rlp_form_list:
rlp_forms.append((_('Groups'), group_rlp_form_list,))
if other_rlp_form_list:
rlp_forms.append((_('Other'), other_rlp_form_list,))
rlp_context = {'new_rlp_form':new_rlp_form, rlp_context = {'new_rlp_form':new_rlp_form,
'rlp_form_list':rlp_form_list, 'rlp_forms':rlp_forms, }
'empty_rlp_form':empty_rlp_form,}
c.update(rlp_context) c.update(rlp_context)
@ -69,13 +90,24 @@ def edit_row_level_permissions(request, app_label, model_name, object_id):
"admin/%s/row_level_permission.html" % opts.app_label, "admin/%s/row_level_permission.html" % opts.app_label,
"admin/row_level_permission.html"], context_instance=c) "admin/row_level_permission.html"], context_instance=c)
def delete_row_level_permission(request, ct_id, rlp_id, hash): view_row_level_permissions = staff_member_required(never_cache(view_row_level_permissions))
def delete_row_level_permission(request, app_label, model_name, object_id, ct_id, rlp_id, hash):
msg = {} msg = {}
if utils.verify_objref_hash(ct_id, rlp_id, hash): if utils.verify_objref_hash(ct_id, rlp_id, hash):
model = models.get_model(app_label, model_name)
object_id = unquote(object_id)
model_ct = ContentType.objects.get_for_model(model)
model_instance = get_object_or_404(model, pk=object_id)
rlp = get_object_or_404(RowLevelPermission, pk=rlp_id) rlp = get_object_or_404(RowLevelPermission, pk=rlp_id)
ct = rlp.model_ct ct = rlp.model_ct
obj = rlp.model obj = rlp.model
if model_instance.id is not obj.id:
raise PermissionDenied
if not request.user.has_perm(rlp._meta.app_label + '.' + rlp._meta.get_delete_permission()): if not request.user.has_perm(rlp._meta.app_label + '.' + rlp._meta.get_delete_permission()):
raise PermissionDenied raise PermissionDenied
if not request.user.has_perm(obj._meta.app_label + '.' + obj._meta.get_change_permission(), object=obj): if not request.user.has_perm(obj._meta.app_label + '.' + obj._meta.get_change_permission(), object=obj):
@ -86,13 +118,13 @@ def delete_row_level_permission(request, ct_id, rlp_id, hash):
else: else:
msg = { 'result':False, 'text': _("row level permission not found (bad hash)" )} msg = { 'result':False, 'text': _("row level permission not found (bad hash)" )}
request.user.message_set.create(message=result['text']) request.user.message_set.create(message=msg['text'])
return HttpResponseRedirect("../") return HttpResponseRedirect("../../../../")
# return HttpResponseRedirect("%s?rlp_result=%s&rlp_msg=%s" % (request.META["HTTP_REFERER"], str(msg["result"]), main.quote(msg["text"]))) # return HttpResponseRedirect("%s?rlp_result=%s&rlp_msg=%s" % (request.META["HTTP_REFERER"], str(msg["result"]), main.quote(msg["text"])))
#return main.change_stage(request, main.quote(obj._meta.app_label), main.quote(obj._meta.object_name), #return main.change_stage(request, main.quote(obj._meta.app_label), main.quote(obj._meta.object_name),
# main.quote(str(obj.id)), extra_context={"row_level_perm_msg":msg,}) # main.quote(str(obj.id)), extra_context={"row_level_perm_msg":msg,})
delete_row_level_permission = staff_member_required(never_cache(delete_row_level_permission))
def add_row_level_permission(request, app_label, model_name, object_id): def add_row_level_permission(request, app_label, model_name, object_id):
msg = {} msg = {}
@ -103,7 +135,7 @@ def add_row_level_permission(request, app_label, model_name, object_id):
return HttpResponseRedirect("/edit/%s/%s" % (obj_type, object_id)) return HttpResponseRedirect("/edit/%s/%s" % (obj_type, object_id))
model = models.get_model(app_label, model_name) model = models.get_model(app_label, model_name)
object_id = main.unquote(object_id) object_id = unquote(object_id)
ct = ContentType.objects.get_for_model(model) ct = ContentType.objects.get_for_model(model)
obj = get_object_or_404(model, pk=object_id) obj = get_object_or_404(model, pk=object_id)
@ -141,10 +173,10 @@ def add_row_level_permission(request, app_label, model_name, object_id):
#return main.change_stage(request, main.quote(obj._meta.app_label), main.quote(obj._meta.object_name), #return main.change_stage(request, main.quote(obj._meta.app_label), main.quote(obj._meta.object_name),
# main.quote(str(obj.id)), extra_context={"row_level_perm_msg":msg,}) # main.quote(str(obj.id)), extra_context={"row_level_perm_msg":msg,})
return HttpResponseRedirect("../") return HttpResponseRedirect("../")
add_row_level_permission = staff_member_required(never_cache(add_row_level_permission))
def change_row_level_permission(request, ct_id, rlp_id, hash): def change_row_level_permission(request, app_label, model_name, object_id, ct_id, rlp_id, hash):
msg = {} msg = {}
ajax = request.GET.has_key("ajax")
if not request.POST: if not request.POST:
msg = { 'result':False, 'text': _("Only POSTs are allowed" )} msg = { 'result':False, 'text': _("Only POSTs are allowed" )}
@ -152,10 +184,14 @@ def change_row_level_permission(request, ct_id, rlp_id, hash):
msg = { 'result':False, 'text': _("row level permission not found (bad hash)" )} msg = { 'result':False, 'text': _("row level permission not found (bad hash)" )}
if msg.has_key("result"): if msg.has_key("result"):
if ajax:
return HttpResponse(simplejson.dumps(msg), 'text/javascript')
request.user.message_set.create(message=msg['text']) request.user.message_set.create(message=msg['text'])
return HttpResponseRedirect("/edit/%s/%s" % (obj_type, obj_id)) return HttpResponseRedirect('../../../../')
model = models.get_model(app_label, model_name)
object_id = unquote(object_id)
ct = ContentType.objects.get_for_model(model)
model_instance = get_object_or_404(model, pk=object_id)
rlp = get_object_or_404(RowLevelPermission, pk=rlp_id) rlp = get_object_or_404(RowLevelPermission, pk=rlp_id)
opts = rlp._meta opts = rlp._meta
@ -163,6 +199,9 @@ def change_row_level_permission(request, ct_id, rlp_id, hash):
raise PermissionDenied raise PermissionDenied
obj = rlp.model obj = rlp.model
if model_instance.id is not obj.id:
raise PermissionDenied
if not request.user.has_perm(rlp._meta.app_label + '.' + rlp._meta.get_change_permission(), object=obj): if not request.user.has_perm(rlp._meta.app_label + '.' + rlp._meta.get_change_permission(), object=obj):
raise PermissionDenied raise PermissionDenied
@ -178,9 +217,12 @@ def change_row_level_permission(request, ct_id, rlp_id, hash):
msg = {"result":False, "text":_("A row level permission already exists with the specified values")} msg = {"result":False, "text":_("A row level permission already exists with the specified values")}
else: else:
msg = {"result":True, "text":_("Row level permission has successfully been changed"), "id":rlp_id} msg = {"result":True, "text":_("Row level permission has successfully been changed"), "id":rlp_id}
if ajax:
return HttpResponse(simplejson.dumps(msg), 'text/javascript') request.user.message_set.create(message=msg['text'])
request.POST = {} return HttpResponseRedirect("../../../../")
return main.change_stage(request, main.quote(obj._meta.app_label), main.quote(obj._meta.object_name), # request.POST = {}
main.quote(str(obj.id)), extra_context={"row_level_perm_msg":msg,}) # return change_stage(request, main.quote(obj._meta.app_label), main.quote(obj._meta.object_name),
# main.quote(str(obj.id)), extra_context={"row_level_perm_msg":msg,})
change_row_level_permission = staff_member_required(never_cache(change_row_level_permission))