platform: src/ldt/ldt/ldt_utils/security.py@2c37496369db (annotated)

237 2c37496369db Moved manager from init file to security verrierj parents: 235 diff changeset	1	from django.conf import settings
2c37496369db Moved manager from init file to security verrierj parents: 235 diff changeset	2	from django.db.models import Manager
235 e5e5c4aeede9 User can leave groups and code is cleaner when updating project permissions verrierj parents: 232 diff changeset	3	from django.contrib.auth.models import Group
237 2c37496369db Moved manager from init file to security verrierj parents: 235 diff changeset	4	from django.contrib.contenttypes.models import ContentType
2c37496369db Moved manager from init file to security verrierj parents: 235 diff changeset	5	from guardian.shortcuts import assign, remove_perm, get_objects_for_user
2c37496369db Moved manager from init file to security verrierj parents: 235 diff changeset	6	from guardian.core import ObjectPermissionChecker
2c37496369db Moved manager from init file to security verrierj parents: 235 diff changeset	7
2c37496369db Moved manager from init file to security verrierj parents: 235 diff changeset	8	def protect_models(user):
2c37496369db Moved manager from init file to security verrierj parents: 235 diff changeset	9	for cls in get_models_to_protect():
2c37496369db Moved manager from init file to security verrierj parents: 235 diff changeset	10	protect_model(cls, user)
2c37496369db Moved manager from init file to security verrierj parents: 235 diff changeset	11
2c37496369db Moved manager from init file to security verrierj parents: 235 diff changeset	12	def unprotect_models():
2c37496369db Moved manager from init file to security verrierj parents: 235 diff changeset	13	for cls in get_models_to_protect():
2c37496369db Moved manager from init file to security verrierj parents: 235 diff changeset	14	unprotect_model(cls)
2c37496369db Moved manager from init file to security verrierj parents: 235 diff changeset	15
2c37496369db Moved manager from init file to security verrierj parents: 235 diff changeset	16	def get_models_to_protect():
2c37496369db Moved manager from init file to security verrierj parents: 235 diff changeset	17	to_protect = []
2c37496369db Moved manager from init file to security verrierj parents: 235 diff changeset	18
2c37496369db Moved manager from init file to security verrierj parents: 235 diff changeset	19	for cls_name in settings.USE_GROUP_PERMISSIONS:
2c37496369db Moved manager from init file to security verrierj parents: 235 diff changeset	20	cls_type = ContentType.objects.get(app_label="ldt_utils", model=cls_name.lower())
2c37496369db Moved manager from init file to security verrierj parents: 235 diff changeset	21	to_protect.append(cls_type.model_class())
2c37496369db Moved manager from init file to security verrierj parents: 235 diff changeset	22	return to_protect
2c37496369db Moved manager from init file to security verrierj parents: 235 diff changeset	23
2c37496369db Moved manager from init file to security verrierj parents: 235 diff changeset	24	def protect_model(cls, user):
2c37496369db Moved manager from init file to security verrierj parents: 235 diff changeset	25	cls.base_objects = cls.objects
2c37496369db Moved manager from init file to security verrierj parents: 235 diff changeset	26	cls.objects = SafeManager(cls, user)
2c37496369db Moved manager from init file to security verrierj parents: 235 diff changeset	27
2c37496369db Moved manager from init file to security verrierj parents: 235 diff changeset	28	cls.base_save = cls.save
2c37496369db Moved manager from init file to security verrierj parents: 235 diff changeset	29	cls.save = save_security(user, cls.__name__.lower())(cls.save)
2c37496369db Moved manager from init file to security verrierj parents: 235 diff changeset	30
2c37496369db Moved manager from init file to security verrierj parents: 235 diff changeset	31	def unprotect_model(cls):
2c37496369db Moved manager from init file to security verrierj parents: 235 diff changeset	32	if hasattr(cls, 'base_objects'):
2c37496369db Moved manager from init file to security verrierj parents: 235 diff changeset	33	cls.objects = cls.base_objects
2c37496369db Moved manager from init file to security verrierj parents: 235 diff changeset	34	cls.save = cls.base_save
2c37496369db Moved manager from init file to security verrierj parents: 235 diff changeset	35	del cls.base_objects
2c37496369db Moved manager from init file to security verrierj parents: 235 diff changeset	36	del cls.base_save
2c37496369db Moved manager from init file to security verrierj parents: 235 diff changeset	37
2c37496369db Moved manager from init file to security verrierj parents: 235 diff changeset	38	class SafeManager(Manager):
2c37496369db Moved manager from init file to security verrierj parents: 235 diff changeset	39
2c37496369db Moved manager from init file to security verrierj parents: 235 diff changeset	40	def __init__(self, cls, user=None):
2c37496369db Moved manager from init file to security verrierj parents: 235 diff changeset	41	super(SafeManager, self).__init__()
2c37496369db Moved manager from init file to security verrierj parents: 235 diff changeset	42	self.model_name = cls.__name__.lower()
2c37496369db Moved manager from init file to security verrierj parents: 235 diff changeset	43	self.model = cls
2c37496369db Moved manager from init file to security verrierj parents: 235 diff changeset	44	if user:
2c37496369db Moved manager from init file to security verrierj parents: 235 diff changeset	45	self.check_perm_for(user)
2c37496369db Moved manager from init file to security verrierj parents: 235 diff changeset	46	else:
2c37496369db Moved manager from init file to security verrierj parents: 235 diff changeset	47	self.user = None
2c37496369db Moved manager from init file to security verrierj parents: 235 diff changeset	48	self.checker = None
2c37496369db Moved manager from init file to security verrierj parents: 235 diff changeset	49
2c37496369db Moved manager from init file to security verrierj parents: 235 diff changeset	50	def check_perm_for(self, user):
2c37496369db Moved manager from init file to security verrierj parents: 235 diff changeset	51	self.user = user
2c37496369db Moved manager from init file to security verrierj parents: 235 diff changeset	52	self.checker = ObjectPermissionChecker(self.user)
2c37496369db Moved manager from init file to security verrierj parents: 235 diff changeset	53
2c37496369db Moved manager from init file to security verrierj parents: 235 diff changeset	54	def stop_checking(self):
2c37496369db Moved manager from init file to security verrierj parents: 235 diff changeset	55	self.user = None
2c37496369db Moved manager from init file to security verrierj parents: 235 diff changeset	56	self.checker = None
2c37496369db Moved manager from init file to security verrierj parents: 235 diff changeset	57
2c37496369db Moved manager from init file to security verrierj parents: 235 diff changeset	58	def has_user(self):
2c37496369db Moved manager from init file to security verrierj parents: 235 diff changeset	59	return self.user != None
2c37496369db Moved manager from init file to security verrierj parents: 235 diff changeset	60
2c37496369db Moved manager from init file to security verrierj parents: 235 diff changeset	61	def get_query_set(self):
2c37496369db Moved manager from init file to security verrierj parents: 235 diff changeset	62	if not self.has_user():
2c37496369db Moved manager from init file to security verrierj parents: 235 diff changeset	63	raise AttributeError("A user has to be chosen to check permissions.")
2c37496369db Moved manager from init file to security verrierj parents: 235 diff changeset	64
2c37496369db Moved manager from init file to security verrierj parents: 235 diff changeset	65	user_objects = get_objects_for_user(self.user, 'ldt_utils.view_%s' % self.model_name)
2c37496369db Moved manager from init file to security verrierj parents: 235 diff changeset	66
2c37496369db Moved manager from init file to security verrierj parents: 235 diff changeset	67	return user_objects
2c37496369db Moved manager from init file to security verrierj parents: 235 diff changeset	68
2c37496369db Moved manager from init file to security verrierj parents: 235 diff changeset	69	def save_security(user, cls_name):
2c37496369db Moved manager from init file to security verrierj parents: 235 diff changeset	70	def wrapper(func):
2c37496369db Moved manager from init file to security verrierj parents: 235 diff changeset	71	def wrapped(self, args, *kwargs):
2c37496369db Moved manager from init file to security verrierj parents: 235 diff changeset	72
2c37496369db Moved manager from init file to security verrierj parents: 235 diff changeset	73	if self.pk and not user.has_perm('change_%s' % cls_name, self):
2c37496369db Moved manager from init file to security verrierj parents: 235 diff changeset	74	raise AttributeError('User %s is not allowed to change object %s' % (user, self))
2c37496369db Moved manager from init file to security verrierj parents: 235 diff changeset	75
2c37496369db Moved manager from init file to security verrierj parents: 235 diff changeset	76	return func(self, args, *kwargs)
2c37496369db Moved manager from init file to security verrierj parents: 235 diff changeset	77	return wrapped
2c37496369db Moved manager from init file to security verrierj parents: 235 diff changeset	78
2c37496369db Moved manager from init file to security verrierj parents: 235 diff changeset	79	return wrapper
235 e5e5c4aeede9 User can leave groups and code is cleaner when updating project permissions verrierj parents: 232 diff changeset	80
e5e5c4aeede9 User can leave groups and code is cleaner when updating project permissions verrierj parents: 232 diff changeset	81	def assign_project_to_groups(project, permissions):
e5e5c4aeede9 User can leave groups and code is cleaner when updating project permissions verrierj parents: 232 diff changeset	82	for elem in permissions:
e5e5c4aeede9 User can leave groups and code is cleaner when updating project permissions verrierj parents: 232 diff changeset	83	group = Group.objects.get(id=elem['group'])
e5e5c4aeede9 User can leave groups and code is cleaner when updating project permissions verrierj parents: 232 diff changeset	84	if elem['share']:
e5e5c4aeede9 User can leave groups and code is cleaner when updating project permissions verrierj parents: 232 diff changeset	85	assign('view_project', group, project)
e5e5c4aeede9 User can leave groups and code is cleaner when updating project permissions verrierj parents: 232 diff changeset	86	if elem['perms'] == 'write':
e5e5c4aeede9 User can leave groups and code is cleaner when updating project permissions verrierj parents: 232 diff changeset	87	assign('change_project', group, project)
e5e5c4aeede9 User can leave groups and code is cleaner when updating project permissions verrierj parents: 232 diff changeset	88	else:
e5e5c4aeede9 User can leave groups and code is cleaner when updating project permissions verrierj parents: 232 diff changeset	89	remove_perm('view_project', group, project)
237 2c37496369db Moved manager from init file to security verrierj parents: 235 diff changeset	90	remove_perm('change_project', group, project)

author	verrierj
	Thu, 10 Nov 2011 14:47:16 +0100
changeset 237	2c37496369db
parent 235	e5e5c4aeede9
permissions	-rw-r--r--