# HG changeset patch # User Simon Descarpentries # Date 1380792212 -7200 # Node ID 9bac72438057971d498c30b393f0c9f0bc34e234 # Parent f7bb1f72b85c2baddcedc8685d0598da8fa83764# Parent 18ac07f35974c88930ddf769ebb37ed7c873fd8b Merge diff -r f7bb1f72b85c -r 9bac72438057 src/cm/security.py --- a/src/cm/security.py Thu Oct 03 11:10:40 2013 +0200 +++ b/src/cm/security.py Thu Oct 03 11:23:32 2013 +0200 @@ -391,6 +391,45 @@ return _check_local_perm return _dec - + +def has_global_perm_or_perm_on_text(global_perm_name, perm_name, must_be_logged_in=False, redirect_field_name=REDIRECT_FIELD_NAME, api=False): + def _dec(view_func): + def _check_global_or_local_perm(request, *args, **kwargs): + if must_be_logged_in and not is_authenticated(request): + if not api: + raise UnauthorizedException('Should be logged in') + else: + return rc.FORBIDDEN + + if has_perm(request, global_perm_name, text=None): + return view_func(request, *args, **kwargs) + + if cm_settings.NO_SECURITY: + return view_func(request, *args, **kwargs) + if 'key' in kwargs: + text = get_object_or_404(Text, key=kwargs['key']) + else: + raise Exception('no security check possible') + + # in api, the view has an object as first parameter, request is args[0] + if not api: + req = request + else: + req = args[0] + if has_perm(req, perm_name, text=text): + return view_func(request, *args, **kwargs) + + if not api: + raise UnauthorizedException('No perm %s' % perm_name) + else: + return rc.FORBIDDEN + + raise UnauthorizedException('No global perm %s nor local perm %s' %(global_perm_name, perm_name)) + + _check_global_or_local_perm.__doc__ = view_func.__doc__ + _check_global_or_local_perm.__dict__ = view_func.__dict__ + + return _check_global_or_local_perm + return _dec diff -r f7bb1f72b85c -r 9bac72438057 src/cm/templates/site/layout/base_text.html --- a/src/cm/templates/site/layout/base_text.html Thu Oct 03 11:10:40 2013 +0200 +++ b/src/cm/templates/site/layout/base_text.html Thu Oct 03 11:23:32 2013 +0200 @@ -20,7 +20,10 @@ {% block content %} {% include "site/macros/text_actions.html" %} -

{{ text.get_title }}

+

+ {% if CONF.f_get_logo_url %}
logo
{% endif %} + {{ text.get_title }} +

{% include "site/macros/text_meta.html" %} {% include "site/macros/text_tabs.html" %} diff -r f7bb1f72b85c -r 9bac72438057 src/cm/templates/site/layout/base_workspace.html --- a/src/cm/templates/site/layout/base_workspace.html Thu Oct 03 11:10:40 2013 +0200 +++ b/src/cm/templates/site/layout/base_workspace.html Thu Oct 03 11:23:32 2013 +0200 @@ -13,7 +13,7 @@ {% nb_users as nb_users %}

{% if CONF.f_get_logo_url %} -
+
logo
{% endif %} {% if CONF.workspace_name %} diff -r f7bb1f72b85c -r 9bac72438057 src/cm/templates/site/layout/footer.html --- a/src/cm/templates/site/layout/footer.html Thu Oct 03 11:10:40 2013 +0200 +++ b/src/cm/templates/site/layout/footer.html Thu Oct 03 11:23:32 2013 +0200 @@ -6,7 +6,7 @@ {% blocktrans %}Contact{% endblocktrans %} · - Powered by + Powered by Co-ment logo · {% blocktrans %}Help{% endblocktrans %} diff -r f7bb1f72b85c -r 9bac72438057 src/cm/urls.py --- a/src/cm/urls.py Thu Oct 03 11:10:40 2013 +0200 +++ b/src/cm/urls.py Thu Oct 03 11:23:32 2013 +0200 @@ -141,13 +141,15 @@ if settings.DEBUG: urlpatterns += patterns('', - (r'^site_media/(?P.*)$', 'django.views.static.serve', {'document_root': settings.MEDIA_ROOT}), - - (r'^cmmedia/(?P.*)$', 'django.views.static.serve', {'document_root': 'src/cm/media/'}), - (r'^robots.txt$', 'django.views.static.serve', {'document_root': 'src/cm/media/', 'path':'robots.txt'}), - (r'^favicon.ico$', 'django.views.static.serve', {'document_root': 'src/cm/media/', 'path':'favicon.ico'}), - -) + (r'^site_media/(?P.*)$', 'django.views.static.serve', {'document_root': settings.MEDIA_ROOT}), + (r'^cmmedia/(?P.*)$', 'django.views.static.serve', {'document_root': 'src/cm/media/'}), + (r'^robots.txt$', 'django.views.static.serve', {'document_root': 'src/cm/media/', 'path':'robots.txt'}), + (r'^favicon.ico$', 'django.views.static.serve', {'document_root': 'src/cm/media/', 'path':'favicon.ico'}), + ) +else: + urlpatterns += patterns('', + (r'^site_media/(?P.*)$', 'django.views.static.serve', {'document_root': settings.MEDIA_ROOT}), + ) js_info_dict = { 'packages': ('cm', ), diff -r f7bb1f72b85c -r 9bac72438057 src/cm/views/user.py --- a/src/cm/views/user.py Thu Oct 03 11:10:40 2013 +0200 +++ b/src/cm/views/user.py Thu Oct 03 11:23:32 2013 +0200 @@ -20,7 +20,7 @@ from django.views.generic.list_detail import object_list from django.contrib.auth.decorators import login_required from cm.views import get_keys_from_dict -from cm.security import has_global_perm +from cm.security import has_global_perm, has_global_perm_or_perm_on_text from cm.exception import UnauthorizedException from cm.cm_settings import SHOW_EMAILS_IN_ADMIN from tagging.models import Tag @@ -202,22 +202,21 @@ class UserProfileForm(ModelForm): class Meta: model = UserProfile - fields = ('allow_contact', 'preferred_language', 'is_suspended', 'tags') + fields = ('is_suspended', 'tags') class MyUserProfileForm(ModelForm): class Meta: model = UserProfile - fields = ('allow_contact', 'preferred_language', 'tags') + fields = ('tags',) class UserProfileAddForm(ModelForm): class Meta: model = UserProfile - fields = ('preferred_language', 'tags') + fields = ('tags',) class UserProfileRegisterForm(ModelForm): class Meta: model = UserProfile - fields = ('preferred_language', ) class UserAddForm(forms.Form): note = forms.CharField(label=ugettext_lazy(u'Note'), @@ -228,20 +227,20 @@ SEPARATORS_RE = re.compile('[;,\n]+') -@has_global_perm('can_manage_workspace') +@has_global_perm_or_perm_on_text('can_manage_workspace', 'can_manage_text') def user_mass_add(request, key=None): return user_add(request, key=key, mass=True) -@has_global_perm('can_manage_workspace') +@has_global_perm_or_perm_on_text('can_manage_workspace', 'can_manage_text') def user_add(request, key=None, mass=False): text = get_text_by_keys_or_404(key) if key else None if request.method == 'POST': userform = UserForm(request.POST) if not mass else MassUserForm(request.POST) - userroleform = UserRoleForm(request.POST) + userroleform = UserRoleForm(request.POST) if not(key) else None noteform = UserAddForm(request.POST) userprofileform = UserProfileAddForm(request.POST) localroleform = UserRoleTextForm(request.POST, prefix="local") if key else None - if userform.is_valid() and userroleform.is_valid() and noteform.is_valid() and userprofileform.is_valid() and (not localroleform or localroleform.is_valid()): + if userform.is_valid() and (not userroleform or userroleform.is_valid()) and noteform.is_valid() and userprofileform.is_valid() and (not localroleform or localroleform.is_valid()): data = userform.cleaned_data data.update(userprofileform.cleaned_data) data.update(noteform.cleaned_data) @@ -251,9 +250,10 @@ for email in [s.strip() for s in SEPARATORS_RE.split(emails)]: if email and not User.objects.filter(email__iexact=email) and email not in email_created: user = UserProfile.objects.create_inactive_user(email, True, **data) - userrole = UserRole.objects.create(user=user, role=userroleform.cleaned_data['role'], text=None) if key: localuserrole = UserRole.objects.create(user=user, role=localroleform.cleaned_data['role'], text=text) + else: + userrole = UserRole.objects.create(user=user, role=userroleform.cleaned_data['role'], text=None) email_created.add(email) register_activity(request, "user_created", user=user) display_message(request, ungettext(u'%(nb_users)d user added', u'%(nb_users)d users added', len(email_created)) % {'nb_users': len(email_created)}) @@ -263,8 +263,8 @@ return HttpResponseRedirect(reverse('user')) else: userform = UserForm() if not mass else MassUserForm() - userroleform = UserRoleForm() - userprofileform = UserProfileAddForm({'preferred_language' : request.LANGUAGE_CODE}) + userroleform = UserRoleForm() if not(key) else None + userprofileform = UserProfileAddForm() noteform = UserAddForm() localroleform = UserRoleTextForm(prefix="local") if key else None @@ -594,6 +594,6 @@ return HttpResponseRedirect(reverse('index')) else: userform = UserForm() - userprofileaddform = UserProfileRegisterForm({'preferred_language' : request.LANGUAGE_CODE}) + userprofileaddform = UserProfileRegisterForm() return render_to_response('site/register.html', {'forms':[userform, userprofileaddform]}, context_instance=RequestContext(request))