# HG changeset patch
# User verrierj
# Date 1320932836 -3600
# Node ID 2c37496369dbf02971d5e253d970abe743dc0066
# Parent 8d8a59ef2b063a4ee5b40b93546290f0ee44ecb3
Moved manager from init file to security
diff -r 8d8a59ef2b06 -r 2c37496369db src/ldt/ldt/ldt_utils/__init__.py
--- a/src/ldt/ldt/ldt_utils/__init__.py Tue Nov 08 15:35:15 2011 +0100
+++ b/src/ldt/ldt/ldt_utils/__init__.py Thu Nov 10 14:47:16 2011 +0100
@@ -1,70 +1,2 @@
-from django.conf import settings
-from django.db.models import Manager
-from models import Project
-from guardian.core import ObjectPermissionChecker
-from guardian.shortcuts import get_objects_for_user, assign
-
VERSION = (0, 1)
-VERSION_STR = unicode(".".join(map(lambda i:"%02d" % (i,), VERSION)))
-
-def protect_class(cls, user):
- cls.base_objects = cls.objects
- cls.objects = SafeManager(cls, user)
-
- cls.base_save = cls.save
- cls.save = save_security(user, cls.__name__.lower())(cls.save)
-
-def unprotect_class(cls):
-
- if hasattr(Project, 'base_objects'):
- cls.objects = cls.base_objects
- cls.save = cls.base_save
- del cls.base_objects
- del cls.base_save
-
-class SafeManager(Manager):
-
- def __init__(self, cls, user=None):
- super(SafeManager, self).__init__()
- self.model_name = cls.__name__.lower()
- self.model = cls
- if user:
- self.check_perm_for(user)
- else:
- self.user = None
- self.checker = None
-
- def check_perm_for(self, user):
- self.user = user
- self.checker = ObjectPermissionChecker(self.user)
-
- def stop_checking(self):
- self.user = None
- self.checker = None
-
- def has_user(self):
- return self.user != None
-
- def get_query_set(self):
- if not self.has_user():
- raise AttributeError("A user has to be chosen to check permissions.")
-
- user_projects = get_objects_for_user(self.user, 'ldt_utils.view_%s' % self.model_name)
-
- return user_projects
-
-
-def save_security(user, cls_name):
- def wrapper(func):
- def wrapped(self, *args, **kwargs):
-
- if self.pk and not user.has_perm('change_%s' % cls_name, self):
- raise AttributeError('User %s does not have sufficient permissions to change object %s' % (user, self))
-
- return func(self, *args, **kwargs)
- return wrapped
-
- return wrapper
-
-
-
\ No newline at end of file
+VERSION_STR = unicode(".".join(map(lambda i:"%02d" % (i,), VERSION)))
\ No newline at end of file
diff -r 8d8a59ef2b06 -r 2c37496369db src/ldt/ldt/ldt_utils/middleware/security.py
--- a/src/ldt/ldt/ldt_utils/middleware/security.py Tue Nov 08 15:35:15 2011 +0100
+++ b/src/ldt/ldt/ldt_utils/middleware/security.py Thu Nov 10 14:47:16 2011 +0100
@@ -1,34 +1,18 @@
from django.conf import settings
-from ldt.ldt_utils import protect_class, unprotect_class
-from ldt.ldt_utils.models import Project, Content
from django.core.exceptions import MiddlewareNotUsed
+from ldt.ldt_utils.security import protect_models, unprotect_models
class SecurityMiddleware(object):
def __init__(self):
if not hasattr(settings, 'USE_GROUP_PERMISSIONS') or not settings.USE_GROUP_PERMISSIONS:
- raise MiddlewareNotUsed() # Disable middleware
-
- # This is not thread-safe :
- # It is not granted that the middleware is atomic with the view,
- # so maybe the middleware chose will not be the one used in
- # the view afterwards
+ raise MiddlewareNotUsed()
- def process_request(self, request):
-
- if settings.USE_GROUP_PERMISSIONS == 'all':
- protect_class(Project, request.user)
- protect_class(Content, request.user)
-
- for cls_name in settings.USE_GROUP_PERMISSIONS.split(' '):
- if cls_name == 'Project':
- protect_class(Project, request.user)
- elif cls_name == 'Content':
- protect_class(Content, request.user)
-
+ # !! Will not work with concurrent requests
+ def process_request(self, request):
+ protect_models(request.user)
def process_response(self, request, response):
- unprotect_class(Project)
- unprotect_class(Content)
+ unprotect_models()
return response
\ No newline at end of file
diff -r 8d8a59ef2b06 -r 2c37496369db src/ldt/ldt/ldt_utils/security.py
--- a/src/ldt/ldt/ldt_utils/security.py Tue Nov 08 15:35:15 2011 +0100
+++ b/src/ldt/ldt/ldt_utils/security.py Thu Nov 10 14:47:16 2011 +0100
@@ -1,5 +1,82 @@
+from django.conf import settings
+from django.db.models import Manager
from django.contrib.auth.models import Group
-from guardian.shortcuts import assign, remove_perm
+from django.contrib.contenttypes.models import ContentType
+from guardian.shortcuts import assign, remove_perm, get_objects_for_user
+from guardian.core import ObjectPermissionChecker
+
+def protect_models(user):
+ for cls in get_models_to_protect():
+ protect_model(cls, user)
+
+def unprotect_models():
+ for cls in get_models_to_protect():
+ unprotect_model(cls)
+
+def get_models_to_protect():
+ to_protect = []
+
+ for cls_name in settings.USE_GROUP_PERMISSIONS:
+ cls_type = ContentType.objects.get(app_label="ldt_utils", model=cls_name.lower())
+ to_protect.append(cls_type.model_class())
+ return to_protect
+
+def protect_model(cls, user):
+ cls.base_objects = cls.objects
+ cls.objects = SafeManager(cls, user)
+
+ cls.base_save = cls.save
+ cls.save = save_security(user, cls.__name__.lower())(cls.save)
+
+def unprotect_model(cls):
+ if hasattr(cls, 'base_objects'):
+ cls.objects = cls.base_objects
+ cls.save = cls.base_save
+ del cls.base_objects
+ del cls.base_save
+
+class SafeManager(Manager):
+
+ def __init__(self, cls, user=None):
+ super(SafeManager, self).__init__()
+ self.model_name = cls.__name__.lower()
+ self.model = cls
+ if user:
+ self.check_perm_for(user)
+ else:
+ self.user = None
+ self.checker = None
+
+ def check_perm_for(self, user):
+ self.user = user
+ self.checker = ObjectPermissionChecker(self.user)
+
+ def stop_checking(self):
+ self.user = None
+ self.checker = None
+
+ def has_user(self):
+ return self.user != None
+
+ def get_query_set(self):
+ if not self.has_user():
+ raise AttributeError("A user has to be chosen to check permissions.")
+
+ user_objects = get_objects_for_user(self.user, 'ldt_utils.view_%s' % self.model_name)
+
+ return user_objects
+
+def save_security(user, cls_name):
+ def wrapper(func):
+ def wrapped(self, *args, **kwargs):
+
+ if self.pk and not user.has_perm('change_%s' % cls_name, self):
+ raise AttributeError('User %s is not allowed to change object %s' % (user, self))
+
+ return func(self, *args, **kwargs)
+ return wrapped
+
+ return wrapper
def assign_project_to_groups(project, permissions):
for elem in permissions:
@@ -10,4 +87,4 @@
assign('change_project', group, project)
else:
remove_perm('view_project', group, project)
- remove_perm('change_project', group, project)
+ remove_perm('change_project', group, project)
\ No newline at end of file
diff -r 8d8a59ef2b06 -r 2c37496369db src/ldt/ldt/ldt_utils/templates/ldt/ldt_utils/create_group.html
--- a/src/ldt/ldt/ldt_utils/templates/ldt/ldt_utils/create_group.html Tue Nov 08 15:35:15 2011 +0100
+++ b/src/ldt/ldt/ldt_utils/templates/ldt/ldt_utils/create_group.html Thu Nov 10 14:47:16 2011 +0100
@@ -31,13 +31,35 @@
$("#check_projects").attr('title', uncheck_all);
$("#check_projects").change(function () {
+ var members_checkboxes = $("input[name=members_list]");
+
if ($("#check_projects").is(":checked")) {
- $(".cellcheckbox input").attr('checked', 'true');
+ members_checkboxes.attr('checked', 'true');
$("#check_projects").attr('title', uncheck_all );
} else {
- $(".cellcheckbox input").removeAttr('checked');
+ members_checkboxes.removeAttr('checked');
$("#check_projects").attr('title', check_all);
}
+
+ members_checkboxes.trigger("change");
+ });
+
+ $("input[name=admin_list]").change(function () {
+ var line = $(this).closest('tr');
+ var is_member = $('input[name=members_list]', line)
+
+ if ($(this).is(':checked') && !is_member.is(':checked')) {
+ is_member.attr('checked', 'checked');
+ }
+ });
+
+ $("input[name=members_list]").change(function () {
+ var line = $(this).closest('tr');
+ var is_admin = $('input[name=admin_list]', line)
+
+ if (!$(this).is(':checked') && is_admin.is(':checked')) {
+ is_admin.prop('checked', false);
+ }
});
});
@@ -69,50 +91,21 @@
-
+
- {% for user in user_list %}
-
- |
- {{ user.username }} |
-
- {% endfor %}
+ {% for user in user_list %}
+ |
+ {{ user.username }} |
+ |
+
+ {% endfor %}
-
-
-
-
-
-
+
{% if group_id %}
diff -r 8d8a59ef2b06 -r 2c37496369db src/ldt/ldt/ldt_utils/templates/ldt/ldt_utils/create_ldt.html
--- a/src/ldt/ldt/ldt_utils/templates/ldt/ldt_utils/create_ldt.html Tue Nov 08 15:35:15 2011 +0100
+++ b/src/ldt/ldt/ldt_utils/templates/ldt/ldt_utils/create_ldt.html Thu Nov 10 14:47:16 2011 +0100
@@ -18,7 +18,6 @@