--- a/src/ldt/ldt/security/__init__.py Wed Feb 01 15:29:34 2012 +0100
+++ b/src/ldt/ldt/security/__init__.py Thu Feb 02 12:48:30 2012 +0100
@@ -47,13 +47,13 @@
cls_list = get_models_to_protect()
if cls_list:
for cls in get_models_to_protect():
- protect_model(cls)
+ protect_model(cls)
_models_are_protected = True
def unprotect_models():
for cls in get_models_to_protect():
- unprotect_model(cls)
+ unprotect_model(cls)
_models_are_protected = False
@@ -75,7 +75,8 @@
cls.unsafe_delete = cls.delete
class_name = cls.__name__.lower()
cls.save = change_security(class_name)(cls.save)
- cls.delete = change_security(class_name)(cls.delete)
+ cls.delete = change_security(class_name)(cls.delete)
+ cls.safe_objects.check_perm = True
def unprotect_model(cls):
if hasattr(cls, 'unsafe_save'):
@@ -83,7 +84,6 @@
cls.delete = cls.unsafe_delete
del cls.unsafe_save
del cls.unsafe_delete
- cls.safe_objects.user = None
cls.safe_objects.check_perm = False
def change_security(cls_name):
--- a/src/ldt/ldt/security/command.py Wed Feb 01 15:29:34 2012 +0100
+++ b/src/ldt/ldt/security/command.py Thu Feb 02 12:48:30 2012 +0100
@@ -44,11 +44,7 @@
if user.has_perm('view_content', content):
assign('ldt_utils.view_media', user, content.media_obj)
- if verbose:
- print "Set content permissions..."
- for c in list_model['Content'].objects.all():
- c.is_public = True
-
+
for admin in list_model['User'].objects.filter(is_superuser=True):
for g in list_model['Group'].objects.all():
g.user_set.add(admin)
\ No newline at end of file
--- a/src/ldt/ldt/security/manager.py Wed Feb 01 15:29:34 2012 +0100
+++ b/src/ldt/ldt/security/manager.py Thu Feb 02 12:48:30 2012 +0100
@@ -5,9 +5,8 @@
class SafeManager(Manager):
use_for_related_fields = True
- def __init__(self, user=None, check_perm=False):
+ def __init__(self, check_perm=False):
super(SafeManager, self).__init__()
- self.user = user
self.check_perm = check_perm
def get_query_set(self):
@@ -15,17 +14,16 @@
if not self.check_perm:
return super(SafeManager, self).get_query_set()
- if not self.user:
- self.user = get_current_user()
+ user = get_current_user()
- if not self.user:
+ if not user:
raise AttributeError("No user is attached to the current thread.")
- if not self.user.is_authenticated():
- self.user = get_anonymous_user()
+ if not user.is_authenticated():
+ user = get_anonymous_user()
perm_name = '%s.view_%s' % (self.model._meta.app_label, self.model.__name__.lower())
- user_objects = get_objects_for_user(self.user, perm_name, klass=self.model.objects)
+ user_objects = get_objects_for_user(user, perm_name, klass=self.model.objects)
return user_objects
\ No newline at end of file
--- a/src/ldt/ldt/security/utils.py Wed Feb 01 15:29:34 2012 +0100
+++ b/src/ldt/ldt/security/utils.py Thu Feb 02 12:48:30 2012 +0100
@@ -27,23 +27,19 @@
cls = cls.model_class()
for elem in xml.xpath('/iri/medias/media'):
- if not user.is_authenticated():
+ content = cls.safe_objects.filter(iri_id=elem.get('id'))
+ if not content:
elem.set('video', settings.FORBIDDEN_STREAM_URL)
- else:
- content = cls.safe_objects.filter(iri_id=elem.get('id'))
- if not content:
- elem.set('video', settings.FORBIDDEN_STREAM_URL)
return xml
def use_forbidden_url(content):
- user = get_current_user()
+ cls = ContentType.objects.get(model='content')
+ cls = cls.model_class()
- if not user.is_authenticated():
- return True
- elif "Content" in settings.USE_GROUP_PERMISSIONS and user.has_perm('ldt_utils.view_content', content):
+ new_content = cls.safe_objects.filter(iri_id=content.iri_id)
+ if new_content:
return False
-
return True
def add_change_attr(user, obj_list):