From e8ea76b4c7285d641d7b6c298ac9c0ce282c8bc9 Mon Sep 17 00:00:00 2001 From: Christopher Long Date: Mon, 7 Aug 2006 17:28:16 +0000 Subject: [PATCH] [per-object-permissions] Fixed RLP perm checking so it now accepts the string app_label.perm_codename format correctly. git-svn-id: http://code.djangoproject.com/svn/django/branches/per-object-permissions@3531 bcc190cf-cafb-0310-a4f2-bffc1f526a37 --- django/contrib/auth/models.py | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/django/contrib/auth/models.py b/django/contrib/auth/models.py index 029ffa2cc0..bef13f4862 100644 --- a/django/contrib/auth/models.py +++ b/django/contrib/auth/models.py @@ -49,9 +49,9 @@ class Permission(models.Model): class RowLevelPermissionManager(models.Manager): def create_row_level_permission(self, model_instance, owner, permission, negative=False): + model_ct=ContentType.objects.get_for_model(model_instance) if isinstance(permission, str): - permission = Permission.objects.get(codename__exact=permission) - model_ct=ContentType.objects.get_for_model(model_instance) + permission = Permission.objects.get(codename__exact=permission, content_type=model_ct.id) if model_ct != permission.content_type: raise TypeError, "Invalid value: Permission content type(%s) and object content type(%s) do not match" % (permission.content_type, type_ct) @@ -111,7 +111,7 @@ class Group(models.Model): """ name = models.CharField(_('name'), maxlength=80, unique=True) permissions = models.ManyToManyField(Permission, verbose_name=_('permissions'), blank=True, filter_interface=models.HORIZONTAL) - row_level_permissions_owned = models.GenericRelation(RowLevelPermission, object_id_field="owner_id", content_type_field="owner_ct", related_name="owner") + row_level_permissions_owned = models.GenericRelation(RowLevelPermission, object_id_field="owner_id", content_type_field="owner_ct", related_name="group") class Meta: verbose_name = _('group') verbose_name_plural = _('groups') @@ -260,11 +260,15 @@ class User(models.Model): return self._perm_cache def check_row_level_permission(self, permission, object): + object_ct=ContentType.objects.get_for_model(object) if isinstance(permission, str): - permission = Permission.objects.get(codename__exact=permission) + try: + permission = Permission.objects.get(codename__exact=permission, content_type=object_ct.id) + except Permission.DoesNotExist: + return False try: row_level_perm=self.row_level_permissions_owned.get(model_id=object.id, - model_ct=ContentType.objects.get_for_model(object).id, + model_ct=object_ct.id, permission=permission.id) except RowLevelPermission.DoesNotExist: return self.check_group_row_level_permissions(permission, object) @@ -302,6 +306,7 @@ class User(models.Model): ContentType.objects.get_for_model(object).id, permission.id,]) row = cursor.fetchone() + if row is None: return None return not row[0] @@ -314,7 +319,8 @@ class User(models.Model): if self.is_superuser: return True if object and object._meta.row_level_permissions: - row_level_permission = self.check_row_level_permission(perm, object) + permission_str = perm[perm.index('.')+1:] + row_level_permission = self.check_row_level_permission(permission_str, object) if row_level_permission is not None: return row_level_permission return perm in self.get_all_permissions()