platform: comparison src/ldt/ldt/security/utils.py

equal deleted inserted replaced

-:e00779f0dcba
+:c0c161736794
 from django.conf import settings
 from django.contrib.contenttypes.models import ContentType
-from django.contrib.auth.models import Group
 from guardian.core import ObjectPermissionChecker
-from guardian.shortcuts import assign, remove_perm
+from guardian.shortcuts import assign, remove_perm, get_users_with_perms, get_groups_with_perms
 try:
 from threading import local
 except ImportError:
 from django.utils._threading_local import local
 else:
 obj.change = False
 return obj_list
-def assign_object_to_groups(object, permissions):
+def assign_object_to_groups(object, read_list, write_list, owner):
 name = object.__class__.__name__.lower()
-for elem in permissions:
-group = Group.objects.get(id=elem['group'])
+old_users = get_users_with_perms(object).exclude(id=owner.id)
-if elem['share']:
+old_groups = get_groups_with_perms(object)
-assign('view_%s' % name, group, object)
-if elem['perms'] == 'write':
+for elem in read_list:
-assign('change_%s' % name, group, object)
+assign('view_%s' % name, elem, object)
-else:
+if elem in write_list:
-remove_perm('change_%s' % name, group, object)
+assign('change_%s' % name, elem, object)
 else:
-remove_perm('view_%s' % name, group, object)
+remove_perm('change_%s' % name, elem, object)
-remove_perm('change_%s' % name, group, object)
+def remove_perms(new_list, old_list, obj, name):
+for e in old_list:
+if e not in new_list:
+remove_perm('view_%s' % name, e, obj)
+remove_perm('change_%s' % name, e, obj)
+remove_perms(read_list, old_users, object, name)
+remove_perms(read_list, old_groups, object, name)
 def get_perm_form(groups, formset):
 perm_list = []
 for group in groups:
 perm_list.append({'share': False, 'perms': 'read', 'group': group.id })

changeset 268	c0c161736794
parent 265	491d057cbfd2
child 269	4b8042fc3d33