--- a/src/cm/security.py Thu Oct 03 11:10:40 2013 +0200
+++ b/src/cm/security.py Thu Oct 03 11:23:32 2013 +0200
@@ -391,6 +391,45 @@
return _check_local_perm
return _dec
-
+
+def has_global_perm_or_perm_on_text(global_perm_name, perm_name, must_be_logged_in=False, redirect_field_name=REDIRECT_FIELD_NAME, api=False):
+ def _dec(view_func):
+ def _check_global_or_local_perm(request, *args, **kwargs):
+ if must_be_logged_in and not is_authenticated(request):
+ if not api:
+ raise UnauthorizedException('Should be logged in')
+ else:
+ return rc.FORBIDDEN
+
+ if has_perm(request, global_perm_name, text=None):
+ return view_func(request, *args, **kwargs)
+
+ if cm_settings.NO_SECURITY:
+ return view_func(request, *args, **kwargs)
+ if 'key' in kwargs:
+ text = get_object_or_404(Text, key=kwargs['key'])
+ else:
+ raise Exception('no security check possible')
+
+ # in api, the view has an object as first parameter, request is args[0]
+ if not api:
+ req = request
+ else:
+ req = args[0]
+ if has_perm(req, perm_name, text=text):
+ return view_func(request, *args, **kwargs)
+
+ if not api:
+ raise UnauthorizedException('No perm %s' % perm_name)
+ else:
+ return rc.FORBIDDEN
+
+ raise UnauthorizedException('No global perm %s nor local perm %s' %(global_perm_name, perm_name))
+
+ _check_global_or_local_perm.__doc__ = view_func.__doc__
+ _check_global_or_local_perm.__dict__ = view_func.__dict__
+
+ return _check_global_or_local_perm
+ return _dec
--- a/src/cm/templates/site/layout/base_text.html Thu Oct 03 11:10:40 2013 +0200
+++ b/src/cm/templates/site/layout/base_text.html Thu Oct 03 11:23:32 2013 +0200
@@ -20,7 +20,10 @@
{% block content %}
{% include "site/macros/text_actions.html" %}
-<h1 class="main_title_text"><a class="title" href="{% url text-view text.key %}">{{ text.get_title }}</a></h1>
+<h1 class="main_title_text">
+ {% if CONF.f_get_logo_url %}<div><a title="{% blocktrans %}back to workspace{% endblocktrans %}" alt="logo" class="title" href="{% url index %}"><img src="{{ CONF.f_get_logo_url }}" alt="logo" /></a></div>{% endif %}
+ <a class="title" href="{% url text-view text.key %}">{{ text.get_title }}</a>
+</h1>
{% include "site/macros/text_meta.html" %}
{% include "site/macros/text_tabs.html" %}
--- a/src/cm/templates/site/layout/base_workspace.html Thu Oct 03 11:10:40 2013 +0200
+++ b/src/cm/templates/site/layout/base_workspace.html Thu Oct 03 11:23:32 2013 +0200
@@ -13,7 +13,7 @@
{% nb_users as nb_users %}
<h1 class="main_title">
{% if CONF.f_get_logo_url %}
-<div><img src="{{ CONF.f_get_logo_url }}"></img></div>
+<div><a title="{% blocktrans %}back to workspace{% endblocktrans %}" class="title" href="{% url index %}"><img src="{{ CONF.f_get_logo_url }}" alt="logo" /></a></div>
{% endif %}
{% if CONF.workspace_name %}
--- a/src/cm/templates/site/layout/footer.html Thu Oct 03 11:10:40 2013 +0200
+++ b/src/cm/templates/site/layout/footer.html Thu Oct 03 11:23:32 2013 +0200
@@ -6,7 +6,7 @@
<span class="navlinks navleft">
<a href="{% url contact %}">{% blocktrans %}Contact{% endblocktrans %}</a>
·
- <a id="comentlink" title="co-ment" href="http://www.co-ment.com">Powered by <img src="{{ CM_MEDIA_PREFIX }}img/logo-co-ment-50.png"></img></a>
+ <a id="comentlink" title="co-ment" href="http://www.co-ment.com">Powered by <img src="{{ CM_MEDIA_PREFIX }}img/logo-co-ment-50.png" alt='Co-ment logo' /></a>
·
<a href="{% url help %}">{% blocktrans %}Help{% endblocktrans %}</a>
--- a/src/cm/urls.py Thu Oct 03 11:10:40 2013 +0200
+++ b/src/cm/urls.py Thu Oct 03 11:23:32 2013 +0200
@@ -141,13 +141,15 @@
if settings.DEBUG:
urlpatterns += patterns('',
- (r'^site_media/(?P<path>.*)$', 'django.views.static.serve', {'document_root': settings.MEDIA_ROOT}),
-
- (r'^cmmedia/(?P<path>.*)$', 'django.views.static.serve', {'document_root': 'src/cm/media/'}),
- (r'^robots.txt$', 'django.views.static.serve', {'document_root': 'src/cm/media/', 'path':'robots.txt'}),
- (r'^favicon.ico$', 'django.views.static.serve', {'document_root': 'src/cm/media/', 'path':'favicon.ico'}),
-
-)
+ (r'^site_media/(?P<path>.*)$', 'django.views.static.serve', {'document_root': settings.MEDIA_ROOT}),
+ (r'^cmmedia/(?P<path>.*)$', 'django.views.static.serve', {'document_root': 'src/cm/media/'}),
+ (r'^robots.txt$', 'django.views.static.serve', {'document_root': 'src/cm/media/', 'path':'robots.txt'}),
+ (r'^favicon.ico$', 'django.views.static.serve', {'document_root': 'src/cm/media/', 'path':'favicon.ico'}),
+ )
+else:
+ urlpatterns += patterns('',
+ (r'^site_media/(?P<path>.*)$', 'django.views.static.serve', {'document_root': settings.MEDIA_ROOT}),
+ )
js_info_dict = {
'packages': ('cm', ),
--- a/src/cm/views/user.py Thu Oct 03 11:10:40 2013 +0200
+++ b/src/cm/views/user.py Thu Oct 03 11:23:32 2013 +0200
@@ -20,7 +20,7 @@
from django.views.generic.list_detail import object_list
from django.contrib.auth.decorators import login_required
from cm.views import get_keys_from_dict
-from cm.security import has_global_perm
+from cm.security import has_global_perm, has_global_perm_or_perm_on_text
from cm.exception import UnauthorizedException
from cm.cm_settings import SHOW_EMAILS_IN_ADMIN
from tagging.models import Tag
@@ -202,22 +202,21 @@
class UserProfileForm(ModelForm):
class Meta:
model = UserProfile
- fields = ('allow_contact', 'preferred_language', 'is_suspended', 'tags')
+ fields = ('is_suspended', 'tags')
class MyUserProfileForm(ModelForm):
class Meta:
model = UserProfile
- fields = ('allow_contact', 'preferred_language', 'tags')
+ fields = ('tags',)
class UserProfileAddForm(ModelForm):
class Meta:
model = UserProfile
- fields = ('preferred_language', 'tags')
+ fields = ('tags',)
class UserProfileRegisterForm(ModelForm):
class Meta:
model = UserProfile
- fields = ('preferred_language', )
class UserAddForm(forms.Form):
note = forms.CharField(label=ugettext_lazy(u'Note'),
@@ -228,20 +227,20 @@
SEPARATORS_RE = re.compile('[;,\n]+')
-@has_global_perm('can_manage_workspace')
+@has_global_perm_or_perm_on_text('can_manage_workspace', 'can_manage_text')
def user_mass_add(request, key=None):
return user_add(request, key=key, mass=True)
-@has_global_perm('can_manage_workspace')
+@has_global_perm_or_perm_on_text('can_manage_workspace', 'can_manage_text')
def user_add(request, key=None, mass=False):
text = get_text_by_keys_or_404(key) if key else None
if request.method == 'POST':
userform = UserForm(request.POST) if not mass else MassUserForm(request.POST)
- userroleform = UserRoleForm(request.POST)
+ userroleform = UserRoleForm(request.POST) if not(key) else None
noteform = UserAddForm(request.POST)
userprofileform = UserProfileAddForm(request.POST)
localroleform = UserRoleTextForm(request.POST, prefix="local") if key else None
- if userform.is_valid() and userroleform.is_valid() and noteform.is_valid() and userprofileform.is_valid() and (not localroleform or localroleform.is_valid()):
+ if userform.is_valid() and (not userroleform or userroleform.is_valid()) and noteform.is_valid() and userprofileform.is_valid() and (not localroleform or localroleform.is_valid()):
data = userform.cleaned_data
data.update(userprofileform.cleaned_data)
data.update(noteform.cleaned_data)
@@ -251,9 +250,10 @@
for email in [s.strip() for s in SEPARATORS_RE.split(emails)]:
if email and not User.objects.filter(email__iexact=email) and email not in email_created:
user = UserProfile.objects.create_inactive_user(email, True, **data)
- userrole = UserRole.objects.create(user=user, role=userroleform.cleaned_data['role'], text=None)
if key:
localuserrole = UserRole.objects.create(user=user, role=localroleform.cleaned_data['role'], text=text)
+ else:
+ userrole = UserRole.objects.create(user=user, role=userroleform.cleaned_data['role'], text=None)
email_created.add(email)
register_activity(request, "user_created", user=user)
display_message(request, ungettext(u'%(nb_users)d user added', u'%(nb_users)d users added', len(email_created)) % {'nb_users': len(email_created)})
@@ -263,8 +263,8 @@
return HttpResponseRedirect(reverse('user'))
else:
userform = UserForm() if not mass else MassUserForm()
- userroleform = UserRoleForm()
- userprofileform = UserProfileAddForm({'preferred_language' : request.LANGUAGE_CODE})
+ userroleform = UserRoleForm() if not(key) else None
+ userprofileform = UserProfileAddForm()
noteform = UserAddForm()
localroleform = UserRoleTextForm(prefix="local") if key else None
@@ -594,6 +594,6 @@
return HttpResponseRedirect(reverse('index'))
else:
userform = UserForm()
- userprofileaddform = UserProfileRegisterForm({'preferred_language' : request.LANGUAGE_CODE})
+ userprofileaddform = UserProfileRegisterForm()
return render_to_response('site/register.html', {'forms':[userform, userprofileaddform]}, context_instance=RequestContext(request))