--- a/src/ldt/ldt/ldt_utils/migrations/0005_add_permissions.py Wed Nov 30 17:37:42 2011 +0100
+++ b/src/ldt/ldt/ldt_utils/migrations/0005_add_permissions.py Thu Dec 01 14:49:10 2011 +0100
@@ -5,8 +5,9 @@
from django.db import models
from django.conf import settings
from django.contrib.auth.models import Group, User
-from ldt.ldt_utils.models import Project
+from ldt.ldt_utils.models import Project, Content
from guardian.shortcuts import assign
+from guardian.core import ObjectPermissionChecker
class Migration(DataMigration):
@@ -27,6 +28,11 @@
profile.is_regular = True
profile.save()
user.groups.add(everyone)
+
+ checker = ObjectPermissionChecker(user)
+ for content in Content.objects.all():
+ if checker.has_perm('view_content', content):
+ assign('view_media', user, content.media_obj)
def add_perm(self, orm, model_name):
--- a/src/ldt/ldt/ldt_utils/views.py Wed Nov 30 17:37:42 2011 +0100
+++ b/src/ldt/ldt/ldt_utils/views.py Thu Dec 01 14:49:10 2011 +0100
@@ -1007,7 +1007,6 @@
content_instance_val[k] = value
media_instance_val[k] = value
-
permission_formset = formset_factory(PermissionForm, extra=0)
content_form = ContentForm(content_instance_val, prefix="content", instance=instance_content)
media_form = MediaForm(media_instance_val, request.FILES, prefix="media", instance=instance_media)
@@ -1122,6 +1121,7 @@
mimetype = mimetypes.guess_type(cleaned_data['src'])
cleaned_data['mimetype_field'] = mimetype
media, created = Media.objects.get_or_create(src=cleaned_data['src'], defaults=cleaned_data) #@UndefinedVariable
+ assign('view_media', request.user, media)
else:
media = None
@@ -1132,9 +1132,9 @@
mimetype = cleaned_data.get('mimetype_field', None)
if not mimetype:
mimetype = mimetypes.guess_type(media.src)
- media.mimetype_field = mimetype
-
- media.save()
+ media.mimetype_field = mimetype
+ media.save()
+ assign('view_media', request.user, media)
if form_status != "error":
content_defaults = {}
@@ -1161,8 +1161,8 @@
initial = { 'media_input_type':"link"}
content_form = ContentForm(prefix="content", instance=instance_content, initial=initial)
- media_form = MediaForm(prefix="media", instance=instance_media)
-
+ media_form = MediaForm(prefix="media", instance=instance_media)
+
if instance_content is not None:
content_form.media_input_type = "link"
@@ -1192,7 +1192,6 @@
management_form = group_form = None
else:
content_form, media_form, form_status = write_content_base(request, iri_id)
-
perm_list = []
content = Content.safe_objects.get(iri_id=iri_id) if iri_id else None
@@ -1210,14 +1209,16 @@
permission = permission_formset(initial=perm_list)
management_form = permission.management_form
group_form = zip(permission, groups)
-
+
if iri_id:
create_content_action = reverse('ldt.ldt_utils.views.write_content', kwargs={'iri_id':iri_id})
else:
create_content_action = reverse('ldt.ldt_utils.views.write_content')
session_key = request.COOKIES[settings.SESSION_COOKIE_NAME]
- cookie_name = settings.SESSION_COOKIE_NAME
+ cookie_name = settings.SESSION_COOKIE_NAME
+
+ content_form.fields["media_obj"].queryset = Media.safe_objects.all()
return render_to_response('ldt/ldt_utils/create_content.html', {'content_form': content_form, 'media_form': media_form, 'form_status': form_status, 'create_content_action': create_content_action,
'management_form': management_form, 'group_form': group_form, 'iri_id': iri_id, 'session_key':session_key, 'cookie_name':cookie_name}, context_instance=RequestContext(request))
@@ -1238,7 +1239,6 @@
project_titles = map(lambda p: unicode(p.title), projects)
errors.append(ungettext("Content '%(title)s' is referenced by this project : %(project_titles)s. Please delete it beforehand.", "Content '%(title)s' is referenced by %(count)d projects: %(project_titles)s. Please delete them beforehand.", projects_nb) % {'title':unicode(content.title), 'count':projects_nb, 'project_titles': ",".join(project_titles)})
-
return errors, titles
--- a/src/ldt/ldt/security/middleware.py Wed Nov 30 17:37:42 2011 +0100
+++ b/src/ldt/ldt/security/middleware.py Thu Dec 01 14:49:10 2011 +0100
@@ -1,4 +1,3 @@
-from django.core.exceptions import MiddlewareNotUsed
from ldt.security.utils import protect_models, unprotect_models, _thread_locals
class SecurityMiddleware(object):
@@ -9,9 +8,9 @@
protect_models()
def process_response(self, request, response):
- unprotect_models()
- if hasattr(_thread_locals, 'user'):
+ if hasattr(_thread_locals, 'user'):
+ unprotect_models()
del _thread_locals.user
return response
--- a/src/ldt/ldt/security/models.py Wed Nov 30 17:37:42 2011 +0100
+++ b/src/ldt/ldt/security/models.py Thu Dec 01 14:49:10 2011 +0100
@@ -2,8 +2,8 @@
from manager import SafeManager
class SafeModel(models.Model):
- objects = SafeManager()
- safe_objects = SafeManager(check_perm=True)
+ objects = SafeManager() # By default, SafeManagers do not chek permissions.
+ safe_objects = SafeManager() # This setting is activated in the middleware
class Meta:
abstract = True
\ No newline at end of file
--- a/src/ldt/ldt/security/utils.py Wed Nov 30 17:37:42 2011 +0100
+++ b/src/ldt/ldt/security/utils.py Thu Dec 01 14:49:10 2011 +0100
@@ -43,6 +43,7 @@
def protect_model(cls, user):
cls.safe_objects.user = user
+ cls.safe_objects.check_perm = True
cls.old_save = cls.save
cls.old_delete = cls.delete
@@ -111,6 +112,8 @@
assign('view_%s' % name, group, object)
if elem['perms'] == 'write':
assign('change_%s' % name, group, object)
+ else:
+ remove_perm('change_%s' % name, group, object)
else:
remove_perm('view_%s' % name, group, object)
remove_perm('change_%s' % name, group, object)
--- a/src/ldt/ldt/static/ldt/js/projectscontents.js Wed Nov 30 17:37:42 2011 +0100
+++ b/src/ldt/ldt/static/ldt/js/projectscontents.js Thu Dec 01 14:49:10 2011 +0100
@@ -1,4 +1,4 @@
-
+
$.fn.realVal = function() {
var obj = $(this[0]);
if(obj.val) {
@@ -53,13 +53,13 @@
});
});
- $('.cellimgdiv img, .publishedproject, .unpublishedproject').qtip({
+ $('.cellimgdiv img, .qtiplink, .grouplink, .publishedproject, .unpublishedproject').qtip({
style: {
classes: 'ui-tooltip-dark ui-tooltip-rounded'
}
});
- $('.projectinfos').each( function () {
+ $('.infostooltip').each( function () {
var desc = $(this).attr('data-desc');
if (desc == 'None') {
desc = '';
@@ -115,7 +115,7 @@
data: "filename="+ $('#id_media-local_file_name',$.nmTop().store.iframe.contents()).val(),
cache: false,
success: function(data, status, request){
- //alert("remove success");
+ alert("remove success");
}
});
}
@@ -192,7 +192,7 @@
});
nm.store.iframe.width(730);
- nm.store.iframe.height(830);
+ nm.store.iframe.height(820);
}
}
});
@@ -210,7 +210,7 @@
filters: ['iframe'],
sizes: {
minW: 730,
- minH: 480
+ minH: 840
},
closeOnClick:false,
callbacks: {
@@ -226,7 +226,7 @@
});
nm.store.iframe.width(730);
- nm.store.iframe.height(470);
+ nm.store.iframe.height(820);
}
}
});
@@ -261,9 +261,6 @@
nm.store.iframe.width(frameW);
nm.store.iframe.height(frameH);
},
- close: function(nm) {
- // We don't do anything here, we hack the callback directly from the close function.
- },
afterClose: function(nm) {
// Can't do that because searchprojectfilterurl is not defined in init_events_base params
searchCallback($('#searchprojectsinput'), "#projectslistcontainer", searchprojectfilterurl, 0);
@@ -328,6 +325,8 @@
$('.projecttitlelink').each(function(i){
$(this).attr("target","_blank");
});
+
+
$('.projecttitlelink').nyroModal({
filters: ['iframe'],
sizes: {
@@ -349,7 +348,7 @@
});
nm.store.iframe.width(940);
- nm.store.iframe.height(740);
+ nm.store.iframe.height(700);
}
}
});
@@ -360,7 +359,7 @@
project.attr('src', LDT_MEDIA_PREFIX + "img/ajax-loader-transp.gif");
}
-function init_events_group (base_node, embed_url, groupfilterurl) {
+function init_events_groups (base_node, embed_url, groupfilterurl) {
$('.create_group',base_node).each(function(i){
$(this).attr("target","_iri");
@@ -422,8 +421,8 @@
$(e.target).blur();
$(e.target).next(".searchajaxloader").hide();
}
- });
-
+ });
+
$('.searchfieldinput').each(function(i) {
var sbox = $(this);
if(sbox.val() !== '') {
--- a/web/ldtplatform/config.py.tmpl Wed Nov 30 17:37:42 2011 +0100
+++ b/web/ldtplatform/config.py.tmpl Thu Dec 01 14:49:10 2011 +0100
@@ -83,6 +83,6 @@
AUTO_INDEX_AFTER_SAVE = True
-USE_GROUP_PERMISSIONS = ['Project', 'Content']
+USE_GROUP_PERMISSIONS = ['Project', 'Content', 'Media']
FORBIDDEN_STREAM_URL = "empty-video"
PUBLIC_GROUP_NAME = 'everyone'