# HG changeset patch # User verrierj # Date 1321443289 -3600 # Node ID 8649bd4f2443f49a7826218691e0a5f339973c1f # Parent a46cb257d8eedd2b2dc24481a619fa71628bb43b Moved threadlocals to utils diff -r a46cb257d8ee -r 8649bd4f2443 src/ldt/ldt/security/manager.py --- a/src/ldt/ldt/security/manager.py Tue Nov 15 12:47:13 2011 +0100 +++ b/src/ldt/ldt/security/manager.py Wed Nov 16 12:34:49 2011 +0100 @@ -1,6 +1,6 @@ from django.db.models import Manager -from guardian.core import ObjectPermissionChecker from guardian.shortcuts import get_objects_for_user +from utils import get_current_user class SafeManager(Manager): @@ -9,22 +9,25 @@ if user: self.check_perm_for(user) else: - self.user = None + self.user = get_current_user() def check_perm_for(self, user): self.user = user - self.checker = ObjectPermissionChecker(self.user) def stop_checking(self): self.user = None def has_user(self): return self.user != None - + def get_query_set(self): if not self.has_user(): - raise AttributeError("A user has to be chosen to check permissions.") + return super(SafeManager, self).get_query_set() + # raise AttributeError("A user has to be chosen to check permissions.") + + perm_name = 'ldt_utils.view_%s' % self.model.__name__.lower() - user_objects = get_objects_for_user(self.user, 'ldt_utils.view_%s' % self.model_name) + # call parent query_set below + user_objects = get_objects_for_user(self.user, perm_name) - return user_objects \ No newline at end of file + return user_objects diff -r a46cb257d8ee -r 8649bd4f2443 src/ldt/ldt/security/middleware.py --- a/src/ldt/ldt/security/middleware.py Tue Nov 15 12:47:13 2011 +0100 +++ b/src/ldt/ldt/security/middleware.py Wed Nov 16 12:34:49 2011 +0100 @@ -1,24 +1,19 @@ from django.conf import settings from django.core.exceptions import MiddlewareNotUsed -from ldt.security.utils import protect_models, unprotect_models +from ldt.security.utils import protect_models, unprotect_models, _thread_locals -try: - from threading import local -except ImportError: - from django.utils._threading_local import local - -_thread_locals = local() - class SecurityMiddleware(object): def __init__(self): if not hasattr(settings, 'USE_GROUP_PERMISSIONS') or not settings.USE_GROUP_PERMISSIONS: raise MiddlewareNotUsed() - def process_request(self, request): - protect_models(request.user) + def process_request(self, request): + _thread_locals.user = request.user + protect_models() def process_response(self, request, response): unprotect_models() - + del _thread_locals.user + return response \ No newline at end of file diff -r a46cb257d8ee -r 8649bd4f2443 src/ldt/ldt/security/utils.py --- a/src/ldt/ldt/security/utils.py Tue Nov 15 12:47:13 2011 +0100 +++ b/src/ldt/ldt/security/utils.py Wed Nov 16 12:34:49 2011 +0100 @@ -3,45 +3,64 @@ from django.contrib.auth.models import Group from guardian.shortcuts import assign, remove_perm -def protect_models(user): - for cls in get_models_to_protect(): +try: + from threading import local +except ImportError: + from django.utils._threading_local import local + +_thread_locals = local() + +def get_current_user(): + return getattr(_thread_locals, 'user', None) + +def protect_models(): + user = get_current_user() + for cls in ToProtect.get_models(): protect_model(cls, user) def unprotect_models(): - for cls in get_models_to_protect(): + for cls in ToProtect.get_models(): unprotect_model(cls) -def get_models_to_protect(): - to_protect = [] +class ToProtect(object): + + @staticmethod + def get_models(): + if hasattr(ToProtect, 'cls_list'): + return ToProtect.cls_list - for cls_name in settings.USE_GROUP_PERMISSIONS: - cls_type = ContentType.objects.get(app_label="ldt_utils", model=cls_name.lower()) - to_protect.append(cls_type.model_class()) - return to_protect + cls_list = [] + for cls_name in settings.USE_GROUP_PERMISSIONS: + cls_type = ContentType.objects.get(app_label='ldt_utils', model=cls_name.lower()) + cls_list.append(cls_type.model_class()) + ToProtect.cls_list = cls_list + + return cls_list def protect_model(cls, user): cls.safe_objects.check_perm_for(user) - - cls.base_save = cls.save - cls.base_delete = cls.delete + + cls.old_save = cls.save + cls.old_delete = cls.delete class_name = cls.__name__.lower() - cls.save = change_security(user, class_name)(cls.save) - cls.delete = change_security(user, class_name)(cls.delete) + cls.save = change_security(class_name)(cls.save) + cls.delete = change_security(class_name)(cls.delete) def unprotect_model(cls): - if hasattr(cls, 'base_save'): - cls.save = cls.base_save - cls.delete = cls.base_delete - del cls.base_save - del cls.base_delete + if hasattr(cls, 'old_save'): + cls.save = cls.old_save + cls.delete = cls.old_delete + del cls.old_save + del cls.old_delete -def change_security(user, cls_name): +def change_security(cls_name): def wrapper(func): def wrapped(self, *args, **kwargs): - + user = get_current_user() + if self.pk and not user.has_perm('change_%s' % cls_name, self): raise AttributeError('User %s is not allowed to change object %s' % (user, self)) - + return func(self, *args, **kwargs) return wrapped return wrapper @@ -55,4 +74,5 @@ assign('change_project', group, project) else: remove_perm('view_project', group, project) - remove_perm('change_project', group, project) \ No newline at end of file + remove_perm('change_project', group, project) + \ No newline at end of file