Creating access app for permissions-related utils, decorators and helpers.

This commit is contained in:
Paul Craciunoiu 2010-06-01 16:35:09 -07:00
Родитель 44b81d8fee
Коммит fc1170454d
8 изменённых файлов: 62 добавлений и 59 удалений

17
apps/access/__init__.py Normal file
Просмотреть файл

@ -0,0 +1,17 @@
from authority import get_check
def has_perm_or_owns(user, perm, obj, perm_obj,
field_name='creator'):
"""
Given a user, a permission, an object (obj) and another object to check
permissions against (perm_obj), returns True if the user has perm on
obj.
"""
if user == getattr(obj, field_name):
return True
check = get_check(user, perm)
if not check:
return False
return check(perm_obj)

Просмотреть файл

@ -5,7 +5,7 @@ from django.db.models import Model, get_model
from django.http import HttpResponseForbidden from django.http import HttpResponseForbidden
from django.shortcuts import get_object_or_404 from django.shortcuts import get_object_or_404
from sumo import utils import access
def has_perm_or_owns_or_403(perm, field_name, lookup_obj, lookup_perm_obj, def has_perm_or_owns_or_403(perm, field_name, lookup_obj, lookup_perm_obj,
@ -37,7 +37,7 @@ def has_perm_or_owns_or_403(perm, field_name, lookup_obj, lookup_perm_obj,
'The argument %s needs to be a model.' % model) 'The argument %s needs to be a model.' % model)
obj = get_object_or_404(model_class, **{lookup: value}) obj = get_object_or_404(model_class, **{lookup: value})
params.append(obj) params.append(obj)
granted = utils.has_perm_or_owns(request.user, perm, granted = access.has_perm_or_owns(request.user, perm,
params[0], params[1], params[0], params[1],
field_name) field_name)
if granted or request.user.has_perm(perm): if granted or request.user.has_perm(perm):

30
apps/access/helpers.py Normal file
Просмотреть файл

@ -0,0 +1,30 @@
import authority
import jinja2
from jingo import register
import access
@register.function
@jinja2.contextfunction
def has_perm(context, perm, obj):
"""
Check if the user has a permission on a specific object.
Returns boolean.
"""
check = authority.get_check(context['request'].user, perm)
return check(obj)
@register.function
@jinja2.contextfunction
def has_perm_or_owns(context, perm, obj, perm_obj, field_name='creator'):
"""
Check if the user has a permission or owns the object.
Ownership is determined by comparing perm_obj.field_name to the user in
context.
"""
return access.has_perm_or_owns(context['request'].user, perm, obj,
perm_obj, field_name)

Просмотреть файл

@ -1,12 +1,12 @@
from nose.tools import eq_
import test_utils
from django.test import TestCase from django.test import TestCase
from django.contrib.auth.models import User from django.contrib.auth.models import User
from sumo.helpers import has_perm, has_perm_or_owns from nose.tools import eq_
import test_utils
import access
from .helpers import has_perm, has_perm_or_owns
from sumo.urlresolvers import reverse from sumo.urlresolvers import reverse
from sumo import utils
from forums.models import Forum, Thread from forums.models import Forum, Thread
@ -143,7 +143,7 @@ class ForumTestPermissions(TestCase):
my_t = Thread.objects.filter(creator=me)[0] my_t = Thread.objects.filter(creator=me)[0]
other_t = Thread.objects.exclude(creator=me)[0] other_t = Thread.objects.exclude(creator=me)[0]
perm = 'forums_forum.thread_edit_forum' perm = 'forums_forum.thread_edit_forum'
allowed = utils.has_perm_or_owns(me, perm, my_t, self.forum_1) allowed = access.has_perm_or_owns(me, perm, my_t, self.forum_1)
eq_(allowed, True) eq_(allowed, True)
allowed = utils.has_perm_or_owns(me, perm, other_t, self.forum_1) allowed = access.has_perm_or_owns(me, perm, other_t, self.forum_1)
eq_(allowed, False) eq_(allowed, False)

Просмотреть файл

@ -9,7 +9,7 @@ from django.views.decorators.http import require_POST
import jingo import jingo
from authority.decorators import permission_required_or_403 from authority.decorators import permission_required_or_403
from sumo.decorators import has_perm_or_owns_or_403 from access.decorators import has_perm_or_owns_or_403
from sumo.urlresolvers import reverse from sumo.urlresolvers import reverse
from sumo.utils import paginate from sumo.utils import paginate
from .models import Forum, Thread, Post from .models import Forum, Thread, Post

Просмотреть файл

@ -11,11 +11,9 @@ from tower import ugettext_lazy as _lazy
from babel import localedata from babel import localedata
from babel.dates import format_date, format_time, format_datetime from babel.dates import format_date, format_time, format_datetime
from pytz import timezone from pytz import timezone
import authority
from sumo.urlresolvers import reverse from .urlresolvers import reverse
from sumo.utils import urlencode from .utils import urlencode
from sumo import utils
class DateTimeFormatError(Exception): class DateTimeFormatError(Exception):
@ -191,28 +189,3 @@ def datetimeformat(context, value, format='shortdatetime'):
else: else:
# Unknown format # Unknown format
raise DateTimeFormatError raise DateTimeFormatError
@register.function
@jinja2.contextfunction
def has_perm(context, perm, obj):
"""
Check if the user has a permission on a specific object.
Returns boolean.
"""
check = authority.get_check(context['request'].user, perm)
return check(obj)
@register.function
@jinja2.contextfunction
def has_perm_or_owns(context, perm, obj, perm_obj, field_name='creator'):
"""
Check if the user has a permission or owns the object.
Ownership is determined by comparing perm_obj.field_name to the user in
context.
"""
return utils.has_perm_or_owns(context['request'].user, perm, obj,
perm_obj, field_name)

Просмотреть файл

@ -1,7 +1,5 @@
import urllib import urllib
from authority import get_check
from django.core import paginator from django.core import paginator
from django.utils.encoding import smart_str from django.utils.encoding import smart_str
@ -44,22 +42,6 @@ def urlencode(items):
return urllib.urlencode([(k, smart_str(v)) for k, v in items]) return urllib.urlencode([(k, smart_str(v)) for k, v in items])
def has_perm_or_owns(user, perm, obj, perm_obj,
field_name='creator'):
"""
Given a user, a permission, an object (obj) and another object to check
permissions against (perm_obj), returns True if the user has perm on
obj.
"""
if user == getattr(obj, field_name):
return True
check = get_check(user, perm)
if not check:
return False
return check(perm_obj)
class WikiParser(object): class WikiParser(object):
""" """
Wrapper for wikimarkup. Adds Kitsune-specific callbacks and setup. Wrapper for wikimarkup. Adds Kitsune-specific callbacks and setup.

Просмотреть файл

@ -160,6 +160,7 @@ INSTALLED_APPS = (
'jingo_minify', 'jingo_minify',
ROOT_PACKAGE, ROOT_PACKAGE,
'authority', 'authority',
'access',
'sumo', 'sumo',
'search', 'search',
'forums', 'forums',