| author | verrierj |
| Thu, 02 Feb 2012 12:48:30 +0100 | |
| changeset 503 | 4be5eba42451 |
| parent 384 | 0e410517b311 |
| child 517 | 2ae1a476a69d |
| permissions | -rw-r--r-- |
|
350
c6953232099f
Anonymous users can see pages even if they are not logged in + factor code to decrease number of SQL requests
verrierj
parents:
239
diff
changeset
|
1 |
from django.conf import settings |
|
c6953232099f
Anonymous users can see pages even if they are not logged in + factor code to decrease number of SQL requests
verrierj
parents:
239
diff
changeset
|
2 |
from django.contrib.contenttypes.models import ContentType |
|
c6953232099f
Anonymous users can see pages even if they are not logged in + factor code to decrease number of SQL requests
verrierj
parents:
239
diff
changeset
|
3 |
from django.contrib.auth.models import User |
|
c6953232099f
Anonymous users can see pages even if they are not logged in + factor code to decrease number of SQL requests
verrierj
parents:
239
diff
changeset
|
4 |
from django.core.signals import request_started |
|
c6953232099f
Anonymous users can see pages even if they are not logged in + factor code to decrease number of SQL requests
verrierj
parents:
239
diff
changeset
|
5 |
|
|
c6953232099f
Anonymous users can see pages even if they are not logged in + factor code to decrease number of SQL requests
verrierj
parents:
239
diff
changeset
|
6 |
try: |
|
c6953232099f
Anonymous users can see pages even if they are not logged in + factor code to decrease number of SQL requests
verrierj
parents:
239
diff
changeset
|
7 |
from threading import local |
|
c6953232099f
Anonymous users can see pages even if they are not logged in + factor code to decrease number of SQL requests
verrierj
parents:
239
diff
changeset
|
8 |
except ImportError: |
|
c6953232099f
Anonymous users can see pages even if they are not logged in + factor code to decrease number of SQL requests
verrierj
parents:
239
diff
changeset
|
9 |
from django.utils._threading_local import local |
|
c6953232099f
Anonymous users can see pages even if they are not logged in + factor code to decrease number of SQL requests
verrierj
parents:
239
diff
changeset
|
10 |
|
|
c6953232099f
Anonymous users can see pages even if they are not logged in + factor code to decrease number of SQL requests
verrierj
parents:
239
diff
changeset
|
11 |
_thread_locals = local() |
|
c6953232099f
Anonymous users can see pages even if they are not logged in + factor code to decrease number of SQL requests
verrierj
parents:
239
diff
changeset
|
12 |
|
|
c6953232099f
Anonymous users can see pages even if they are not logged in + factor code to decrease number of SQL requests
verrierj
parents:
239
diff
changeset
|
13 |
# The function that protect models is called on the first |
|
c6953232099f
Anonymous users can see pages even if they are not logged in + factor code to decrease number of SQL requests
verrierj
parents:
239
diff
changeset
|
14 |
# HTTP request sent to the server (see function protect_models_request |
|
c6953232099f
Anonymous users can see pages even if they are not logged in + factor code to decrease number of SQL requests
verrierj
parents:
239
diff
changeset
|
15 |
# in this file), and can not be called in this file directly |
|
c6953232099f
Anonymous users can see pages even if they are not logged in + factor code to decrease number of SQL requests
verrierj
parents:
239
diff
changeset
|
16 |
# because of circular import. |
|
c6953232099f
Anonymous users can see pages even if they are not logged in + factor code to decrease number of SQL requests
verrierj
parents:
239
diff
changeset
|
17 |
# |
|
c6953232099f
Anonymous users can see pages even if they are not logged in + factor code to decrease number of SQL requests
verrierj
parents:
239
diff
changeset
|
18 |
# To protect models from command line, use set_current_user(my_user) |
|
c6953232099f
Anonymous users can see pages even if they are not logged in + factor code to decrease number of SQL requests
verrierj
parents:
239
diff
changeset
|
19 |
# and protect_models(). |
|
c6953232099f
Anonymous users can see pages even if they are not logged in + factor code to decrease number of SQL requests
verrierj
parents:
239
diff
changeset
|
20 |
|
|
c6953232099f
Anonymous users can see pages even if they are not logged in + factor code to decrease number of SQL requests
verrierj
parents:
239
diff
changeset
|
21 |
_models_are_protected = False |
|
c6953232099f
Anonymous users can see pages even if they are not logged in + factor code to decrease number of SQL requests
verrierj
parents:
239
diff
changeset
|
22 |
|
|
c6953232099f
Anonymous users can see pages even if they are not logged in + factor code to decrease number of SQL requests
verrierj
parents:
239
diff
changeset
|
23 |
def get_current_user(): |
|
c6953232099f
Anonymous users can see pages even if they are not logged in + factor code to decrease number of SQL requests
verrierj
parents:
239
diff
changeset
|
24 |
return getattr(_thread_locals, 'user', None) |
|
c6953232099f
Anonymous users can see pages even if they are not logged in + factor code to decrease number of SQL requests
verrierj
parents:
239
diff
changeset
|
25 |
|
|
c6953232099f
Anonymous users can see pages even if they are not logged in + factor code to decrease number of SQL requests
verrierj
parents:
239
diff
changeset
|
26 |
def set_current_user(user): |
|
c6953232099f
Anonymous users can see pages even if they are not logged in + factor code to decrease number of SQL requests
verrierj
parents:
239
diff
changeset
|
27 |
_thread_locals.user = user |
|
c6953232099f
Anonymous users can see pages even if they are not logged in + factor code to decrease number of SQL requests
verrierj
parents:
239
diff
changeset
|
28 |
|
|
c6953232099f
Anonymous users can see pages even if they are not logged in + factor code to decrease number of SQL requests
verrierj
parents:
239
diff
changeset
|
29 |
def del_current_user(): |
|
c6953232099f
Anonymous users can see pages even if they are not logged in + factor code to decrease number of SQL requests
verrierj
parents:
239
diff
changeset
|
30 |
del _thread_locals.user |
|
c6953232099f
Anonymous users can see pages even if they are not logged in + factor code to decrease number of SQL requests
verrierj
parents:
239
diff
changeset
|
31 |
|
|
c6953232099f
Anonymous users can see pages even if they are not logged in + factor code to decrease number of SQL requests
verrierj
parents:
239
diff
changeset
|
32 |
def get_anonymous_user(): |
|
c6953232099f
Anonymous users can see pages even if they are not logged in + factor code to decrease number of SQL requests
verrierj
parents:
239
diff
changeset
|
33 |
if hasattr(get_anonymous_user, 'anonymous_user'): |
|
c6953232099f
Anonymous users can see pages even if they are not logged in + factor code to decrease number of SQL requests
verrierj
parents:
239
diff
changeset
|
34 |
return get_anonymous_user.anonymous_user |
|
c6953232099f
Anonymous users can see pages even if they are not logged in + factor code to decrease number of SQL requests
verrierj
parents:
239
diff
changeset
|
35 |
|
|
c6953232099f
Anonymous users can see pages even if they are not logged in + factor code to decrease number of SQL requests
verrierj
parents:
239
diff
changeset
|
36 |
get_anonymous_user.anonymous_user = User.objects.get(id=settings.ANONYMOUS_USER_ID) |
|
c6953232099f
Anonymous users can see pages even if they are not logged in + factor code to decrease number of SQL requests
verrierj
parents:
239
diff
changeset
|
37 |
return get_anonymous_user.anonymous_user |
|
c6953232099f
Anonymous users can see pages even if they are not logged in + factor code to decrease number of SQL requests
verrierj
parents:
239
diff
changeset
|
38 |
|
| 384 | 39 |
def get_current_user_or_admin(): |
40 |
current = get_current_user() |
|
41 |
if current: |
|
42 |
return current |
|
43 |
admin = User.objects.filter(is_superuse=True)[0] |
|
44 |
return admin |
|
45 |
||
|
350
c6953232099f
Anonymous users can see pages even if they are not logged in + factor code to decrease number of SQL requests
verrierj
parents:
239
diff
changeset
|
46 |
def protect_models(): |
|
c6953232099f
Anonymous users can see pages even if they are not logged in + factor code to decrease number of SQL requests
verrierj
parents:
239
diff
changeset
|
47 |
cls_list = get_models_to_protect() |
|
c6953232099f
Anonymous users can see pages even if they are not logged in + factor code to decrease number of SQL requests
verrierj
parents:
239
diff
changeset
|
48 |
if cls_list: |
|
c6953232099f
Anonymous users can see pages even if they are not logged in + factor code to decrease number of SQL requests
verrierj
parents:
239
diff
changeset
|
49 |
for cls in get_models_to_protect(): |
| 503 | 50 |
protect_model(cls) |
|
350
c6953232099f
Anonymous users can see pages even if they are not logged in + factor code to decrease number of SQL requests
verrierj
parents:
239
diff
changeset
|
51 |
|
|
c6953232099f
Anonymous users can see pages even if they are not logged in + factor code to decrease number of SQL requests
verrierj
parents:
239
diff
changeset
|
52 |
_models_are_protected = True |
|
c6953232099f
Anonymous users can see pages even if they are not logged in + factor code to decrease number of SQL requests
verrierj
parents:
239
diff
changeset
|
53 |
|
|
c6953232099f
Anonymous users can see pages even if they are not logged in + factor code to decrease number of SQL requests
verrierj
parents:
239
diff
changeset
|
54 |
def unprotect_models(): |
|
c6953232099f
Anonymous users can see pages even if they are not logged in + factor code to decrease number of SQL requests
verrierj
parents:
239
diff
changeset
|
55 |
for cls in get_models_to_protect(): |
| 503 | 56 |
unprotect_model(cls) |
|
350
c6953232099f
Anonymous users can see pages even if they are not logged in + factor code to decrease number of SQL requests
verrierj
parents:
239
diff
changeset
|
57 |
|
|
c6953232099f
Anonymous users can see pages even if they are not logged in + factor code to decrease number of SQL requests
verrierj
parents:
239
diff
changeset
|
58 |
_models_are_protected = False |
|
c6953232099f
Anonymous users can see pages even if they are not logged in + factor code to decrease number of SQL requests
verrierj
parents:
239
diff
changeset
|
59 |
|
|
c6953232099f
Anonymous users can see pages even if they are not logged in + factor code to decrease number of SQL requests
verrierj
parents:
239
diff
changeset
|
60 |
def get_models_to_protect(): |
|
c6953232099f
Anonymous users can see pages even if they are not logged in + factor code to decrease number of SQL requests
verrierj
parents:
239
diff
changeset
|
61 |
if hasattr(get_models_to_protect, 'cls_list'): |
|
c6953232099f
Anonymous users can see pages even if they are not logged in + factor code to decrease number of SQL requests
verrierj
parents:
239
diff
changeset
|
62 |
return get_models_to_protect.cls_list |
|
c6953232099f
Anonymous users can see pages even if they are not logged in + factor code to decrease number of SQL requests
verrierj
parents:
239
diff
changeset
|
63 |
|
|
c6953232099f
Anonymous users can see pages even if they are not logged in + factor code to decrease number of SQL requests
verrierj
parents:
239
diff
changeset
|
64 |
cls_list = [] |
|
c6953232099f
Anonymous users can see pages even if they are not logged in + factor code to decrease number of SQL requests
verrierj
parents:
239
diff
changeset
|
65 |
for cls_name in settings.USE_GROUP_PERMISSIONS: |
|
c6953232099f
Anonymous users can see pages even if they are not logged in + factor code to decrease number of SQL requests
verrierj
parents:
239
diff
changeset
|
66 |
cls_type = ContentType.objects.get(model=cls_name.lower()) |
|
c6953232099f
Anonymous users can see pages even if they are not logged in + factor code to decrease number of SQL requests
verrierj
parents:
239
diff
changeset
|
67 |
cls_list.append(cls_type.model_class()) |
|
c6953232099f
Anonymous users can see pages even if they are not logged in + factor code to decrease number of SQL requests
verrierj
parents:
239
diff
changeset
|
68 |
get_models_to_protect.cls_list = cls_list |
|
c6953232099f
Anonymous users can see pages even if they are not logged in + factor code to decrease number of SQL requests
verrierj
parents:
239
diff
changeset
|
69 |
|
|
c6953232099f
Anonymous users can see pages even if they are not logged in + factor code to decrease number of SQL requests
verrierj
parents:
239
diff
changeset
|
70 |
return cls_list |
|
c6953232099f
Anonymous users can see pages even if they are not logged in + factor code to decrease number of SQL requests
verrierj
parents:
239
diff
changeset
|
71 |
|
| 384 | 72 |
def protect_model(cls): |
73 |
if not hasattr(cls, 'unsafe_save'): |
|
74 |
cls.unsafe_save = cls.save |
|
75 |
cls.unsafe_delete = cls.delete |
|
76 |
class_name = cls.__name__.lower() |
|
77 |
cls.save = change_security(class_name)(cls.save) |
|
| 503 | 78 |
cls.delete = change_security(class_name)(cls.delete) |
79 |
cls.safe_objects.check_perm = True |
|
|
350
c6953232099f
Anonymous users can see pages even if they are not logged in + factor code to decrease number of SQL requests
verrierj
parents:
239
diff
changeset
|
80 |
|
| 384 | 81 |
def unprotect_model(cls): |
82 |
if hasattr(cls, 'unsafe_save'): |
|
83 |
cls.save = cls.unsafe_save |
|
84 |
cls.delete = cls.unsafe_delete |
|
85 |
del cls.unsafe_save |
|
86 |
del cls.unsafe_delete |
|
|
350
c6953232099f
Anonymous users can see pages even if they are not logged in + factor code to decrease number of SQL requests
verrierj
parents:
239
diff
changeset
|
87 |
cls.safe_objects.check_perm = False |
|
c6953232099f
Anonymous users can see pages even if they are not logged in + factor code to decrease number of SQL requests
verrierj
parents:
239
diff
changeset
|
88 |
|
|
c6953232099f
Anonymous users can see pages even if they are not logged in + factor code to decrease number of SQL requests
verrierj
parents:
239
diff
changeset
|
89 |
def change_security(cls_name): |
|
c6953232099f
Anonymous users can see pages even if they are not logged in + factor code to decrease number of SQL requests
verrierj
parents:
239
diff
changeset
|
90 |
def wrapper(func): |
|
c6953232099f
Anonymous users can see pages even if they are not logged in + factor code to decrease number of SQL requests
verrierj
parents:
239
diff
changeset
|
91 |
def wrapped(self, *args, **kwargs): |
| 384 | 92 |
|
|
350
c6953232099f
Anonymous users can see pages even if they are not logged in + factor code to decrease number of SQL requests
verrierj
parents:
239
diff
changeset
|
93 |
if self.pk and not get_current_user().has_perm('change_%s' % cls_name, self): |
|
c6953232099f
Anonymous users can see pages even if they are not logged in + factor code to decrease number of SQL requests
verrierj
parents:
239
diff
changeset
|
94 |
raise AttributeError('User %s is not allowed to change object %s' % (get_current_user(), self)) |
|
c6953232099f
Anonymous users can see pages even if they are not logged in + factor code to decrease number of SQL requests
verrierj
parents:
239
diff
changeset
|
95 |
|
|
c6953232099f
Anonymous users can see pages even if they are not logged in + factor code to decrease number of SQL requests
verrierj
parents:
239
diff
changeset
|
96 |
return func(self, *args, **kwargs) |
|
c6953232099f
Anonymous users can see pages even if they are not logged in + factor code to decrease number of SQL requests
verrierj
parents:
239
diff
changeset
|
97 |
return wrapped |
|
c6953232099f
Anonymous users can see pages even if they are not logged in + factor code to decrease number of SQL requests
verrierj
parents:
239
diff
changeset
|
98 |
return wrapper |
|
c6953232099f
Anonymous users can see pages even if they are not logged in + factor code to decrease number of SQL requests
verrierj
parents:
239
diff
changeset
|
99 |
|
|
c6953232099f
Anonymous users can see pages even if they are not logged in + factor code to decrease number of SQL requests
verrierj
parents:
239
diff
changeset
|
100 |
|
|
c6953232099f
Anonymous users can see pages even if they are not logged in + factor code to decrease number of SQL requests
verrierj
parents:
239
diff
changeset
|
101 |
def protect_models_request(sender, **kwargs): |
|
c6953232099f
Anonymous users can see pages even if they are not logged in + factor code to decrease number of SQL requests
verrierj
parents:
239
diff
changeset
|
102 |
if not _models_are_protected: |
|
c6953232099f
Anonymous users can see pages even if they are not logged in + factor code to decrease number of SQL requests
verrierj
parents:
239
diff
changeset
|
103 |
protect_models() |
|
c6953232099f
Anonymous users can see pages even if they are not logged in + factor code to decrease number of SQL requests
verrierj
parents:
239
diff
changeset
|
104 |
|
|
c6953232099f
Anonymous users can see pages even if they are not logged in + factor code to decrease number of SQL requests
verrierj
parents:
239
diff
changeset
|
105 |
request_started.connect(protect_models_request) |
|
c6953232099f
Anonymous users can see pages even if they are not logged in + factor code to decrease number of SQL requests
verrierj
parents:
239
diff
changeset
|
106 |