| author | ymh <ymh.work@gmail.com> |
| Sun, 23 Aug 2015 22:37:27 +0200 | |
| changeset 1414 | 9c76c7eea3fd |
| parent 1363 | a8f354a9b8e4 |
| permissions | -rw-r--r-- |
|
239
352be36c9fd7
Moved code about group security into a separate module
verrierj
parents:
diff
changeset
|
1 |
from django.db.models import Manager |
|
352be36c9fd7
Moved code about group security into a separate module
verrierj
parents:
diff
changeset
|
2 |
from guardian.shortcuts import get_objects_for_user |
|
350
c6953232099f
Anonymous users can see pages even if they are not logged in + factor code to decrease number of SQL requests
verrierj
parents:
245
diff
changeset
|
3 |
from ldt.security import get_current_user, get_anonymous_user |
|
239
352be36c9fd7
Moved code about group security into a separate module
verrierj
parents:
diff
changeset
|
4 |
|
|
352be36c9fd7
Moved code about group security into a separate module
verrierj
parents:
diff
changeset
|
5 |
class SafeManager(Manager): |
| 245 | 6 |
use_for_related_fields = True |
|
239
352be36c9fd7
Moved code about group security into a separate module
verrierj
parents:
diff
changeset
|
7 |
|
| 503 | 8 |
def __init__(self, check_perm=False): |
| 242 | 9 |
super(SafeManager, self).__init__() |
10 |
self.check_perm = check_perm |
|
| 245 | 11 |
|
|
1363
a8f354a9b8e4
Changed json.py to ldt_json.py due to import problem with python json module that now replace django simplejon + started replacing "mimetype" in httpresponses (deprecated) with "content-type" + added fields to forms that didn't declare fields as it's now required by django
durandn
parents:
503
diff
changeset
|
12 |
def get_queryset(self): |
|
350
c6953232099f
Anonymous users can see pages even if they are not logged in + factor code to decrease number of SQL requests
verrierj
parents:
245
diff
changeset
|
13 |
|
| 242 | 14 |
if not self.check_perm: |
|
1363
a8f354a9b8e4
Changed json.py to ldt_json.py due to import problem with python json module that now replace django simplejon + started replacing "mimetype" in httpresponses (deprecated) with "content-type" + added fields to forms that didn't declare fields as it's now required by django
durandn
parents:
503
diff
changeset
|
15 |
return super(SafeManager, self).get_queryset() |
|
350
c6953232099f
Anonymous users can see pages even if they are not logged in + factor code to decrease number of SQL requests
verrierj
parents:
245
diff
changeset
|
16 |
|
| 503 | 17 |
user = get_current_user() |
|
350
c6953232099f
Anonymous users can see pages even if they are not logged in + factor code to decrease number of SQL requests
verrierj
parents:
245
diff
changeset
|
18 |
|
| 503 | 19 |
if not user: |
| 245 | 20 |
raise AttributeError("No user is attached to the current thread.") |
| 241 | 21 |
|
| 503 | 22 |
if not user.is_authenticated(): |
23 |
user = get_anonymous_user() |
|
|
350
c6953232099f
Anonymous users can see pages even if they are not logged in + factor code to decrease number of SQL requests
verrierj
parents:
245
diff
changeset
|
24 |
|
| 242 | 25 |
perm_name = '%s.view_%s' % (self.model._meta.app_label, self.model.__name__.lower()) |
|
239
352be36c9fd7
Moved code about group security into a separate module
verrierj
parents:
diff
changeset
|
26 |
|
| 503 | 27 |
user_objects = get_objects_for_user(user, perm_name, klass=self.model.objects) |
|
350
c6953232099f
Anonymous users can see pages even if they are not logged in + factor code to decrease number of SQL requests
verrierj
parents:
245
diff
changeset
|
28 |
|
| 245 | 29 |
return user_objects |