зеркало из https://github.com/mozilla/kitsune.git
Creating access app for permissions-related utils, decorators and helpers.
This commit is contained in:
Родитель
44b81d8fee
Коммит
fc1170454d
|
@ -0,0 +1,17 @@
|
||||||
|
from authority import get_check
|
||||||
|
|
||||||
|
|
||||||
|
def has_perm_or_owns(user, perm, obj, perm_obj,
|
||||||
|
field_name='creator'):
|
||||||
|
"""
|
||||||
|
Given a user, a permission, an object (obj) and another object to check
|
||||||
|
permissions against (perm_obj), returns True if the user has perm on
|
||||||
|
obj.
|
||||||
|
"""
|
||||||
|
if user == getattr(obj, field_name):
|
||||||
|
return True
|
||||||
|
|
||||||
|
check = get_check(user, perm)
|
||||||
|
if not check:
|
||||||
|
return False
|
||||||
|
return check(perm_obj)
|
|
@ -5,7 +5,7 @@ from django.db.models import Model, get_model
|
||||||
from django.http import HttpResponseForbidden
|
from django.http import HttpResponseForbidden
|
||||||
from django.shortcuts import get_object_or_404
|
from django.shortcuts import get_object_or_404
|
||||||
|
|
||||||
from sumo import utils
|
import access
|
||||||
|
|
||||||
|
|
||||||
def has_perm_or_owns_or_403(perm, field_name, lookup_obj, lookup_perm_obj,
|
def has_perm_or_owns_or_403(perm, field_name, lookup_obj, lookup_perm_obj,
|
||||||
|
@ -37,7 +37,7 @@ def has_perm_or_owns_or_403(perm, field_name, lookup_obj, lookup_perm_obj,
|
||||||
'The argument %s needs to be a model.' % model)
|
'The argument %s needs to be a model.' % model)
|
||||||
obj = get_object_or_404(model_class, **{lookup: value})
|
obj = get_object_or_404(model_class, **{lookup: value})
|
||||||
params.append(obj)
|
params.append(obj)
|
||||||
granted = utils.has_perm_or_owns(request.user, perm,
|
granted = access.has_perm_or_owns(request.user, perm,
|
||||||
params[0], params[1],
|
params[0], params[1],
|
||||||
field_name)
|
field_name)
|
||||||
if granted or request.user.has_perm(perm):
|
if granted or request.user.has_perm(perm):
|
|
@ -0,0 +1,30 @@
|
||||||
|
import authority
|
||||||
|
import jinja2
|
||||||
|
from jingo import register
|
||||||
|
|
||||||
|
import access
|
||||||
|
|
||||||
|
|
||||||
|
@register.function
|
||||||
|
@jinja2.contextfunction
|
||||||
|
def has_perm(context, perm, obj):
|
||||||
|
"""
|
||||||
|
Check if the user has a permission on a specific object.
|
||||||
|
|
||||||
|
Returns boolean.
|
||||||
|
"""
|
||||||
|
check = authority.get_check(context['request'].user, perm)
|
||||||
|
return check(obj)
|
||||||
|
|
||||||
|
|
||||||
|
@register.function
|
||||||
|
@jinja2.contextfunction
|
||||||
|
def has_perm_or_owns(context, perm, obj, perm_obj, field_name='creator'):
|
||||||
|
"""
|
||||||
|
Check if the user has a permission or owns the object.
|
||||||
|
|
||||||
|
Ownership is determined by comparing perm_obj.field_name to the user in
|
||||||
|
context.
|
||||||
|
"""
|
||||||
|
return access.has_perm_or_owns(context['request'].user, perm, obj,
|
||||||
|
perm_obj, field_name)
|
|
@ -1,12 +1,12 @@
|
||||||
from nose.tools import eq_
|
|
||||||
import test_utils
|
|
||||||
|
|
||||||
from django.test import TestCase
|
from django.test import TestCase
|
||||||
from django.contrib.auth.models import User
|
from django.contrib.auth.models import User
|
||||||
|
|
||||||
from sumo.helpers import has_perm, has_perm_or_owns
|
from nose.tools import eq_
|
||||||
|
import test_utils
|
||||||
|
|
||||||
|
import access
|
||||||
|
from .helpers import has_perm, has_perm_or_owns
|
||||||
from sumo.urlresolvers import reverse
|
from sumo.urlresolvers import reverse
|
||||||
from sumo import utils
|
|
||||||
from forums.models import Forum, Thread
|
from forums.models import Forum, Thread
|
||||||
|
|
||||||
|
|
||||||
|
@ -143,7 +143,7 @@ class ForumTestPermissions(TestCase):
|
||||||
my_t = Thread.objects.filter(creator=me)[0]
|
my_t = Thread.objects.filter(creator=me)[0]
|
||||||
other_t = Thread.objects.exclude(creator=me)[0]
|
other_t = Thread.objects.exclude(creator=me)[0]
|
||||||
perm = 'forums_forum.thread_edit_forum'
|
perm = 'forums_forum.thread_edit_forum'
|
||||||
allowed = utils.has_perm_or_owns(me, perm, my_t, self.forum_1)
|
allowed = access.has_perm_or_owns(me, perm, my_t, self.forum_1)
|
||||||
eq_(allowed, True)
|
eq_(allowed, True)
|
||||||
allowed = utils.has_perm_or_owns(me, perm, other_t, self.forum_1)
|
allowed = access.has_perm_or_owns(me, perm, other_t, self.forum_1)
|
||||||
eq_(allowed, False)
|
eq_(allowed, False)
|
|
@ -9,7 +9,7 @@ from django.views.decorators.http import require_POST
|
||||||
import jingo
|
import jingo
|
||||||
from authority.decorators import permission_required_or_403
|
from authority.decorators import permission_required_or_403
|
||||||
|
|
||||||
from sumo.decorators import has_perm_or_owns_or_403
|
from access.decorators import has_perm_or_owns_or_403
|
||||||
from sumo.urlresolvers import reverse
|
from sumo.urlresolvers import reverse
|
||||||
from sumo.utils import paginate
|
from sumo.utils import paginate
|
||||||
from .models import Forum, Thread, Post
|
from .models import Forum, Thread, Post
|
||||||
|
|
|
@ -11,11 +11,9 @@ from tower import ugettext_lazy as _lazy
|
||||||
from babel import localedata
|
from babel import localedata
|
||||||
from babel.dates import format_date, format_time, format_datetime
|
from babel.dates import format_date, format_time, format_datetime
|
||||||
from pytz import timezone
|
from pytz import timezone
|
||||||
import authority
|
|
||||||
|
|
||||||
from sumo.urlresolvers import reverse
|
from .urlresolvers import reverse
|
||||||
from sumo.utils import urlencode
|
from .utils import urlencode
|
||||||
from sumo import utils
|
|
||||||
|
|
||||||
|
|
||||||
class DateTimeFormatError(Exception):
|
class DateTimeFormatError(Exception):
|
||||||
|
@ -191,28 +189,3 @@ def datetimeformat(context, value, format='shortdatetime'):
|
||||||
else:
|
else:
|
||||||
# Unknown format
|
# Unknown format
|
||||||
raise DateTimeFormatError
|
raise DateTimeFormatError
|
||||||
|
|
||||||
|
|
||||||
@register.function
|
|
||||||
@jinja2.contextfunction
|
|
||||||
def has_perm(context, perm, obj):
|
|
||||||
"""
|
|
||||||
Check if the user has a permission on a specific object.
|
|
||||||
|
|
||||||
Returns boolean.
|
|
||||||
"""
|
|
||||||
check = authority.get_check(context['request'].user, perm)
|
|
||||||
return check(obj)
|
|
||||||
|
|
||||||
|
|
||||||
@register.function
|
|
||||||
@jinja2.contextfunction
|
|
||||||
def has_perm_or_owns(context, perm, obj, perm_obj, field_name='creator'):
|
|
||||||
"""
|
|
||||||
Check if the user has a permission or owns the object.
|
|
||||||
|
|
||||||
Ownership is determined by comparing perm_obj.field_name to the user in
|
|
||||||
context.
|
|
||||||
"""
|
|
||||||
return utils.has_perm_or_owns(context['request'].user, perm, obj,
|
|
||||||
perm_obj, field_name)
|
|
||||||
|
|
|
@ -1,7 +1,5 @@
|
||||||
import urllib
|
import urllib
|
||||||
|
|
||||||
from authority import get_check
|
|
||||||
|
|
||||||
from django.core import paginator
|
from django.core import paginator
|
||||||
from django.utils.encoding import smart_str
|
from django.utils.encoding import smart_str
|
||||||
|
|
||||||
|
@ -44,22 +42,6 @@ def urlencode(items):
|
||||||
return urllib.urlencode([(k, smart_str(v)) for k, v in items])
|
return urllib.urlencode([(k, smart_str(v)) for k, v in items])
|
||||||
|
|
||||||
|
|
||||||
def has_perm_or_owns(user, perm, obj, perm_obj,
|
|
||||||
field_name='creator'):
|
|
||||||
"""
|
|
||||||
Given a user, a permission, an object (obj) and another object to check
|
|
||||||
permissions against (perm_obj), returns True if the user has perm on
|
|
||||||
obj.
|
|
||||||
"""
|
|
||||||
if user == getattr(obj, field_name):
|
|
||||||
return True
|
|
||||||
|
|
||||||
check = get_check(user, perm)
|
|
||||||
if not check:
|
|
||||||
return False
|
|
||||||
return check(perm_obj)
|
|
||||||
|
|
||||||
|
|
||||||
class WikiParser(object):
|
class WikiParser(object):
|
||||||
"""
|
"""
|
||||||
Wrapper for wikimarkup. Adds Kitsune-specific callbacks and setup.
|
Wrapper for wikimarkup. Adds Kitsune-specific callbacks and setup.
|
||||||
|
|
|
@ -160,6 +160,7 @@ INSTALLED_APPS = (
|
||||||
'jingo_minify',
|
'jingo_minify',
|
||||||
ROOT_PACKAGE,
|
ROOT_PACKAGE,
|
||||||
'authority',
|
'authority',
|
||||||
|
'access',
|
||||||
'sumo',
|
'sumo',
|
||||||
'search',
|
'search',
|
||||||
'forums',
|
'forums',
|
||||||
|
|
Загрузка…
Ссылка в новой задаче