# HG changeset patch
# User verrierj
# Date 1321354876 -3600
# Node ID 352be36c9fd709493aa926f521209f594ecd3487
# Parent b738eb0717de5aa6d0617d32abdbb41762d48954
Moved code about group security into a separate module
diff -r b738eb0717de -r 352be36c9fd7 .project
--- a/.project Tue Nov 15 11:40:24 2011 +0100
+++ b/.project Tue Nov 15 12:01:16 2011 +0100
@@ -1,18 +1,18 @@
-
-
- platform
-
-
-
-
-
- org.python.pydev.PyDevBuilder
-
-
-
-
-
- org.python.pydev.pythonNature
- org.python.pydev.django.djangoNature
-
-
+
+
+ platform_group
+
+
+
+
+
+ org.python.pydev.PyDevBuilder
+
+
+
+
+
+ org.python.pydev.pythonNature
+ org.python.pydev.django.djangoNature
+
+
diff -r b738eb0717de -r 352be36c9fd7 src/ldt/ldt/security/__init__.py
diff -r b738eb0717de -r 352be36c9fd7 src/ldt/ldt/security/manager.py
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/src/ldt/ldt/security/manager.py Tue Nov 15 12:01:16 2011 +0100
@@ -0,0 +1,34 @@
+from django.db.models import Manager
+from guardian.core import ObjectPermissionChecker
+from guardian.shortcuts import get_objects_for_user
+
+class SafeManager(Manager):
+
+ def __init__(self, cls, user=None):
+ super(SafeManager, self).__init__()
+ self.model_name = cls.__name__.lower()
+ self.model = cls
+ if user:
+ self.check_perm_for(user)
+ else:
+ self.user = None
+ self.checker = None
+
+ def check_perm_for(self, user):
+ self.user = user
+ self.checker = ObjectPermissionChecker(self.user)
+
+ def stop_checking(self):
+ self.user = None
+ self.checker = None
+
+ def has_user(self):
+ return self.user != None
+
+ def get_query_set(self):
+ if not self.has_user():
+ raise AttributeError("A user has to be chosen to check permissions.")
+
+ user_objects = get_objects_for_user(self.user, 'ldt_utils.view_%s' % self.model_name)
+
+ return user_objects
\ No newline at end of file
diff -r b738eb0717de -r 352be36c9fd7 src/ldt/ldt/security/middleware.py
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/src/ldt/ldt/security/middleware.py Tue Nov 15 12:01:16 2011 +0100
@@ -0,0 +1,18 @@
+from django.conf import settings
+from django.core.exceptions import MiddlewareNotUsed
+from ldt.security.utils import protect_models, unprotect_models
+
+class SecurityMiddleware(object):
+
+ def __init__(self):
+ if not hasattr(settings, 'USE_GROUP_PERMISSIONS') or not settings.USE_GROUP_PERMISSIONS:
+ raise MiddlewareNotUsed()
+
+ # !! Will not work with concurrent requests
+ def process_request(self, request):
+ protect_models(request.user)
+
+ def process_response(self, request, response):
+ unprotect_models()
+
+ return response
\ No newline at end of file
diff -r b738eb0717de -r 352be36c9fd7 src/ldt/ldt/security/utils.py
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/src/ldt/ldt/security/utils.py Tue Nov 15 12:01:16 2011 +0100
@@ -0,0 +1,58 @@
+from django.conf import settings
+from django.contrib.contenttypes.models import ContentType
+from django.contrib.auth.models import Group
+from guardian.shortcuts import assign, remove_perm
+from manager import SafeManager
+
+def protect_models(user):
+ for cls in get_models_to_protect():
+ protect_model(cls, user)
+
+def unprotect_models():
+ for cls in get_models_to_protect():
+ unprotect_model(cls)
+
+def get_models_to_protect():
+ to_protect = []
+
+ for cls_name in settings.USE_GROUP_PERMISSIONS:
+ cls_type = ContentType.objects.get(app_label="ldt_utils", model=cls_name.lower())
+ to_protect.append(cls_type.model_class())
+ return to_protect
+
+def protect_model(cls, user):
+ cls.base_objects = cls.objects
+ cls.objects = SafeManager(cls, user)
+
+ cls.base_save = cls.save
+ cls.save = change_security(user, cls.__name__.lower())(cls.save)
+
+
+def unprotect_model(cls):
+ if hasattr(cls, 'base_objects'):
+ cls.objects = cls.base_objects
+ cls.save = cls.base_save
+ del cls.base_objects
+ del cls.base_save
+
+def change_security(user, cls_name):
+ def wrapper(func):
+ def wrapped(self, *args, **kwargs):
+
+ if self.pk and not user.has_perm('change_%s' % cls_name, self):
+ raise AttributeError('User %s is not allowed to change object %s' % (user, self))
+
+ return func(self, *args, **kwargs)
+ return wrapped
+ return wrapper
+
+def assign_project_to_groups(project, permissions):
+ for elem in permissions:
+ group = Group.objects.get(id=elem['group'])
+ if elem['share']:
+ assign('view_project', group, project)
+ if elem['perms'] == 'write':
+ assign('change_project', group, project)
+ else:
+ remove_perm('view_project', group, project)
+ remove_perm('change_project', group, project)
\ No newline at end of file
diff -r b738eb0717de -r 352be36c9fd7 web/ldtplatform/settings.py
--- a/web/ldtplatform/settings.py Tue Nov 15 11:40:24 2011 +0100
+++ b/web/ldtplatform/settings.py Tue Nov 15 12:01:16 2011 +0100
@@ -88,7 +88,7 @@
'django.contrib.messages.middleware.MessageMiddleware',
'django_openid_consumer.middleware.OpenIDMiddleware',
'ldt.ldt_utils.middleware.userprofile.LanguageMiddleware',
- 'ldt.ldt_utils.middleware.security.SecurityMiddleware',
+ 'ldt.security.middleware.SecurityMiddleware',
)
TEMPLATE_CONTEXT_PROCESSORS = (