| author | cavaliet |
| Thu, 02 Jan 2014 14:47:27 +0100 | |
| changeset 1272 | ca0317f9ed0f |
| parent 503 | 4be5eba42451 |
| child 1363 | a8f354a9b8e4 |
| permissions | -rw-r--r-- |
|
239
352be36c9fd7
Moved code about group security into a separate module
verrierj
parents:
diff
changeset
|
1 |
from django.db.models import Manager |
|
352be36c9fd7
Moved code about group security into a separate module
verrierj
parents:
diff
changeset
|
2 |
from guardian.shortcuts import get_objects_for_user |
|
350
c6953232099f
Anonymous users can see pages even if they are not logged in + factor code to decrease number of SQL requests
verrierj
parents:
245
diff
changeset
|
3 |
from ldt.security import get_current_user, get_anonymous_user |
|
239
352be36c9fd7
Moved code about group security into a separate module
verrierj
parents:
diff
changeset
|
4 |
|
|
352be36c9fd7
Moved code about group security into a separate module
verrierj
parents:
diff
changeset
|
5 |
class SafeManager(Manager): |
| 245 | 6 |
use_for_related_fields = True |
|
239
352be36c9fd7
Moved code about group security into a separate module
verrierj
parents:
diff
changeset
|
7 |
|
| 503 | 8 |
def __init__(self, check_perm=False): |
| 242 | 9 |
super(SafeManager, self).__init__() |
10 |
self.check_perm = check_perm |
|
| 245 | 11 |
|
| 242 | 12 |
def get_query_set(self): |
|
350
c6953232099f
Anonymous users can see pages even if they are not logged in + factor code to decrease number of SQL requests
verrierj
parents:
245
diff
changeset
|
13 |
|
| 242 | 14 |
if not self.check_perm: |
| 245 | 15 |
return super(SafeManager, self).get_query_set() |
|
350
c6953232099f
Anonymous users can see pages even if they are not logged in + factor code to decrease number of SQL requests
verrierj
parents:
245
diff
changeset
|
16 |
|
| 503 | 17 |
user = get_current_user() |
|
350
c6953232099f
Anonymous users can see pages even if they are not logged in + factor code to decrease number of SQL requests
verrierj
parents:
245
diff
changeset
|
18 |
|
| 503 | 19 |
if not user: |
| 245 | 20 |
raise AttributeError("No user is attached to the current thread.") |
| 241 | 21 |
|
| 503 | 22 |
if not user.is_authenticated(): |
23 |
user = get_anonymous_user() |
|
|
350
c6953232099f
Anonymous users can see pages even if they are not logged in + factor code to decrease number of SQL requests
verrierj
parents:
245
diff
changeset
|
24 |
|
| 242 | 25 |
perm_name = '%s.view_%s' % (self.model._meta.app_label, self.model.__name__.lower()) |
|
239
352be36c9fd7
Moved code about group security into a separate module
verrierj
parents:
diff
changeset
|
26 |
|
| 503 | 27 |
user_objects = get_objects_for_user(user, perm_name, klass=self.model.objects) |
|
350
c6953232099f
Anonymous users can see pages even if they are not logged in + factor code to decrease number of SQL requests
verrierj
parents:
245
diff
changeset
|
28 |
|
| 245 | 29 |
return user_objects |