# HG changeset patch # User verrierj # Date 1323697737 -3600 # Node ID d16ec14aaf2915526cdfa84b3c99de32cdc6d40a # Parent a4bc2e19186ca924bf49da871780648a736de3e3 Add methods to set user in current thread diff -r a4bc2e19186c -r d16ec14aaf29 src/ldt/ldt/ldt_utils/views.py --- a/src/ldt/ldt/ldt_utils/views.py Mon Dec 12 12:57:38 2011 +0100 +++ b/src/ldt/ldt/ldt_utils/views.py Mon Dec 12 14:48:57 2011 +0100 @@ -1326,7 +1326,7 @@ checker = ObjectPermissionChecker(request.user) if not checker.has_perm('change_group', group): - form_status = 'saved' + form_status = 'none' return render_to_response("ldt/ldt_utils/create_group.html", {'form_status' : form_status}, context_instance=RequestContext(request)) query = Q(id=settings.ANONYMOUS_USER_ID) | Q(id=request.user.id) | Q(is_superuser=True) @@ -1368,8 +1368,7 @@ remove_perm('change_group', user, group) group.save() - form_status = 'saved' - + form_status = 'saved' else: form = GroupAddForm(initial={'name':unicode(group.name)}) @@ -1377,4 +1376,3 @@ return render_to_response("ldt/ldt_utils/create_group.html", {'group_id' : group_id, 'form' : form, 'form_status' : form_status, 'elem_list' : user_list, 'member_list': member_list, 'admin_list': admin_list, 'is_owner_group': is_owner_group}, context_instance=RequestContext(request)) - diff -r a4bc2e19186c -r d16ec14aaf29 src/ldt/ldt/security/middleware.py --- a/src/ldt/ldt/security/middleware.py Mon Dec 12 12:57:38 2011 +0100 +++ b/src/ldt/ldt/security/middleware.py Mon Dec 12 14:48:57 2011 +0100 @@ -1,17 +1,17 @@ -from ldt.security.utils import protect_models, unprotect_models, _thread_locals +from ldt.security.utils import protect_models, unprotect_models, _thread_locals, set_current_user, del_current_user class SecurityMiddleware(object): def process_request(self, request): if not hasattr(_thread_locals, 'user'): - _thread_locals.user = request.user + set_current_user(request.user) protect_models() def process_response(self, request, response): if hasattr(_thread_locals, 'user'): unprotect_models() - del _thread_locals.user + del_current_user() return response \ No newline at end of file diff -r a4bc2e19186c -r d16ec14aaf29 src/ldt/ldt/security/utils.py --- a/src/ldt/ldt/security/utils.py Mon Dec 12 12:57:38 2011 +0100 +++ b/src/ldt/ldt/security/utils.py Mon Dec 12 14:48:57 2011 +0100 @@ -3,6 +3,7 @@ from guardian.core import ObjectPermissionChecker from guardian.shortcuts import assign, remove_perm, get_users_with_perms, get_groups_with_perms + try: from threading import local except ImportError: @@ -13,6 +14,12 @@ def get_current_user(): return getattr(_thread_locals, 'user', None) +def set_current_user(user): + _thread_locals.user = user + +def del_current_user(): + del _thread_locals.user + def protect_models(): cls_list = ToProtect.get_models() if cls_list: @@ -104,7 +111,7 @@ perm_name = "%s.change_%s" % (cls._meta.app_label, model_name) for obj in obj_list: - if not checker or checker.has_perm(perm_name, obj): + if checker and checker.has_perm(perm_name, obj): obj.change = True else: obj.change = False @@ -176,11 +183,11 @@ for u in members: if u == user: continue - u_dict = {'name': u.username, 'id': u.id, 'type': 'user'} + u_dict = {'name': u.username, 'id': u.id, 'type': 'user', 'change': False} if u in admin: u_dict['change'] = True member_list.append(u_dict) - admin_list = [{'name': e.username, 'id': e.id, 'type': 'user'} for e in admin] + admin_list = [{'name': e.username, 'id': e.id, 'type': 'user', 'change': False} for e in admin] return [member_list, admin_list]