--- a/src/ldt/ldt/ldt_utils/migrations/0005_add_permissions.py Thu Dec 08 16:04:44 2011 +0100
+++ b/src/ldt/ldt/ldt_utils/migrations/0005_add_permissions.py Fri Dec 09 11:17:15 2011 +0100
@@ -33,6 +33,9 @@
for content in Content.objects.all():
if checker.has_perm('view_content', content):
assign('view_media', user, content.media_obj)
+
+ for c in Content.objects.all():
+ c.is_public = True
def add_perm(self, orm, model_name):
--- a/src/ldt/ldt/ldt_utils/models.py Thu Dec 08 16:04:44 2011 +0100
+++ b/src/ldt/ldt/ldt_utils/models.py Fri Dec 09 11:17:15 2011 +0100
@@ -320,9 +320,11 @@
if self.pk:
everyone = Group.objects.get(name=settings.PUBLIC_GROUP_NAME)
if value:
- assign('view_content', everyone, self)
+ assign('view_content', everyone, self)
+ assign('view_media', everyone, self)
else:
remove_perm('view_content', everyone, self)
+ remove_perm('vew_media', everyone, self.media_obj)
return locals()
--- a/src/ldt/ldt/ldt_utils/templates/ldt/ldt_utils/create_ldt.html Thu Dec 08 16:04:44 2011 +0100
+++ b/src/ldt/ldt/ldt_utils/templates/ldt/ldt_utils/create_ldt.html Fri Dec 09 11:17:15 2011 +0100
@@ -70,8 +70,7 @@
<div class="projectscontentstitle span-20 last">{% if ldt_id %}{% trans "Update your project" %}{% else %}{% trans "Create your project" %}{% endif %}</div>
<form action="{{create_project_action}}" method="POST" {% if target_parent %}target="_parent"{% endif %}>
{% csrf_token %}
- <input type="hidden" name="form_status" value="{{form_status}}" id="project_form_status" />
-
+ <input type="hidden" name="form_status" value="{{form_status}}" id="project_form_status" />
<div id="contentleft" class="span-9">
<label for="title">{% trans "Title" %}:</label>
@@ -118,7 +117,7 @@
<div id="submitcontent" class="span-18 last">
- <div id="submitcontent-buttons" class="span-11 last">
+ <div id="submitcontent-buttons" class="span-18 last">
<button type="button" id="close_button" value="close">{% trans 'close_cancel' %}</button>
{% if ldt_id %}
<button class="button" id="ldt_submit" type="submit" value="prepare_delete" name="submit_button">{% trans "delete_project" %}</button>
--- a/src/ldt/ldt/ldt_utils/views.py Thu Dec 08 16:04:44 2011 +0100
+++ b/src/ldt/ldt/ldt_utils/views.py Fri Dec 09 11:17:15 2011 +0100
@@ -146,7 +146,7 @@
if is_owner:
owner = None
try:
- owner = request.user #@UndefinedVariable
+ owner = request.user
except:
return HttpResponseServerError("<h1>User not found</h1>")
query &= Q(owner=owner)
@@ -167,10 +167,10 @@
project_list = get_objects_for_group(grp, 'ldt_utils.view_project').filter(query)
show_username = True
else:
- project_list = Project.safe_objects.filter(query) #@UndefinedVariable
+ project_list = Project.safe_objects.filter(query)
project_list = add_change_attr(request.user, project_list)
- # Template depends on the projects's status
+
if status == 2:
url_templ = "ldt/ldt_utils/partial/publishedprojectslist.html"
else:
@@ -213,11 +213,7 @@
else:
content_list = Content.safe_objects.all() #@UndefinedVariable
- checker = ObjectPermissionChecker(request.user)
-
- for c in content_list:
- if checker.has_perm('ldt_utils.change_content', c):
- c.change = True
+ content_list = add_change_attr(request.user, content_list)
return render_to_response("ldt/ldt_utils/partial/contentslist.html",
{'contents': content_list},
@@ -1092,7 +1088,7 @@
if not mimetype:
mimetype = mimetypes.guess_type(cleaned_data['src'])
cleaned_data['mimetype_field'] = mimetype
- media, created = Media.objects.get_or_create(src=cleaned_data['src'], defaults=cleaned_data) #@UndefinedVariable
+ media, created = Media.safe_objects.get_or_create(src=cleaned_data['src'], defaults=cleaned_data) #@UndefinedVariable
assign('view_media', request.user, media)
else:
media = None
@@ -1125,9 +1121,13 @@
if content_form.cleaned_data['is_public']:
assign('view_content', everyone, content)
+ if media:
+ assign('view_media', everyone, media)
else:
remove_perm('view_content', everyone, content)
assign_perm_to_obj(content, content_form.cleaned_data['read_list'], content_form.cleaned_data['write_list'], request.user)
+ if media:
+ assign_perm_to_obj(media, content_form.cleaned_data['read_list'], content_form.cleaned_data['write_list'], request.user)
if not created:
for attribute in ('iriurl', 'title', 'description', 'duration', 'content_creation_date', 'tags', 'media_obj'):
setattr(content, attribute, content_defaults[attribute])
@@ -1271,14 +1271,13 @@
def get_group_projects(request):
# Get group, user and project_list
- grp = Group.objects.get(id=request.POST["id_group"]) #@UndefinedVariable
+ grp = Group.objects.get(id=request.POST["id_group"])
everyone = Group.objects.get(name=settings.PUBLIC_GROUP_NAME)
project_list = get_objects_for_group(grp, 'ldt_utils.view_project') | get_objects_for_group(everyone, 'ldt_utils.view_project').filter(owner__in=[grp])
project_list = add_change_attr(request.user, project_list)
is_gecko = ((request.META['HTTP_USER_AGENT'].lower().find("firefox")) > -1);
-
- # render list
+
return render_to_response("ldt/ldt_utils/partial/projectslist.html",
{'projects': project_list, 'show_username':True,
'is_gecko': is_gecko, 'group_id': grp.id},
@@ -1304,14 +1303,14 @@
group = Group.objects.create(name=name)
group.save()
assign('change_group', request.user, group)
-
+ request.user.groups.add(group)
+
for elem in members_list:
if hasattr(elem, 'username'):
elem.groups.add(group)
if elem in admin_list:
assign('change_group', elem, group)
- request.user.groups.add(group)
form_status = 'saved'
else:
--- a/src/ldt/ldt/security/forms.py Thu Dec 08 16:04:44 2011 +0100
+++ b/src/ldt/ldt/security/forms.py Fri Dec 09 11:17:15 2011 +0100
@@ -4,7 +4,6 @@
class LazyMultipleChoiceField(forms.MultipleChoiceField):
- # Should do some checking here
def validate(self, value):
pass
--- a/src/ldt/ldt/security/utils.py Thu Dec 08 16:04:44 2011 +0100
+++ b/src/ldt/ldt/security/utils.py Fri Dec 09 11:17:15 2011 +0100
@@ -1,7 +1,7 @@
from django.conf import settings
from django.contrib.contenttypes.models import ContentType
from guardian.core import ObjectPermissionChecker
-from guardian.shortcuts import assign, remove_perm, get_users_with_perms, get_groups_with_perms, get_objects_for_group
+from guardian.shortcuts import assign, remove_perm, get_users_with_perms, get_groups_with_perms
try:
from threading import local
@@ -85,6 +85,10 @@
return xml
def add_change_attr(user, obj_list):
+ """
+ Add a change attribute set to True to objects of obj_list
+ if permissions change_object is set with respect to user.
+ """
if len(obj_list) == 0:
return []
@@ -92,17 +96,20 @@
ctype = ContentType.objects.get(model=model_name)
cls = ctype.model_class()
- checker = ObjectPermissionChecker(user)
+ if model_name in [cls_name.lower() for cls_name in settings.USE_GROUP_PERMISSIONS]:
+ checker = ObjectPermissionChecker(user)
+ else:
+ checker = None
+
perm_name = "%s.change_%s" % (cls._meta.app_label, model_name)
for obj in obj_list:
- if checker.has_perm(perm_name, obj):
+ if not checker or checker.has_perm(perm_name, obj):
obj.change = True
else:
obj.change = False
- return obj_list
-
+ return obj_list
def assign_perm_to_obj(object, read_list, write_list, owner):
name = object.__class__.__name__.lower()
@@ -124,8 +131,7 @@
remove_perm('change_%s' % name, e, obj)
remove_perms(read_list, old_users, object, name)
- remove_perms(read_list, old_groups, object, name)
-
+ remove_perms(read_list, old_groups, object, name)
def get_userlist_model(object, owner):
users = get_users_with_perms(object, attach_perms=True)
@@ -159,7 +165,6 @@
return [users_list + groups_list, admin_users + admin_groups]
-
def get_userlist_group(group, user):
members = group.user_set.all()
admin = get_users_with_perms(group)
@@ -176,7 +181,3 @@
admin_list = [{'name': e.username, 'id': e.id, 'type': 'user'} for e in admin]
return [member_list, admin_list]
-
-
-
-
--- a/src/ldt/ldt/static/ldt/js/multiselect.js Thu Dec 08 16:04:44 2011 +0100
+++ b/src/ldt/ldt/static/ldt/js/multiselect.js Fri Dec 09 11:17:15 2011 +0100
@@ -1,4 +1,4 @@
-function init_multi_select_events (first_list, sec_list, first_selection, sec_selection, search_input, search_url) {
+function init_multi_select_events (first_list, sec_list, first_selection, sec_selection, search_input, search_url, first_list_name, second_list) {
var first_list_name = "read_list";
var second_list_name = "write_list";
@@ -38,11 +38,11 @@
});
$("#removeaux").click(function () {
- var users = get_selected_elems(sec_list);
+ var elems = get_selected_elems(sec_list);
- for (var i=0; i < users.length; i++) {
- $("option[value=" + users[i] + "]", sec_list).css('color', 'black');
- $("input[value=" + users[i] + "]", sec_selection).remove();
+ for (var i=0; i < elems.length; i++) {
+ $("option[value=" + elems[i] + "]", sec_list).css('color', 'black');
+ $("input[value=" + elems[i] + "]", sec_selection).remove();
}
});
--- a/src/ldt/ldt/static/ldt/js/projectscontents.js Thu Dec 08 16:04:44 2011 +0100
+++ b/src/ldt/ldt/static/ldt/js/projectscontents.js Fri Dec 09 11:17:15 2011 +0100
@@ -192,7 +192,7 @@
});
nm.store.iframe.width(730);
- nm.store.iframe.height(820);
+ nm.store.iframe.height(830);
}
}
});
@@ -227,7 +227,7 @@
});
nm.store.iframe.width(730);
- nm.store.iframe.height(820);
+ nm.store.iframe.height(830);
}
}
});
@@ -280,7 +280,7 @@
function init_events_base_projects(base_node, embed_url, searchprojectfilterurl, publishprojecturl, unpublishprojecturl) {
init_modal_window ('.ldt_link_open_ldt', 1035, 670, 1025, 660, base_node, searchprojectfilterurl);
- init_modal_window ('.ldt_link_create_project', 800, 700, 820, 690, base_node, searchprojectfilterurl);
+ init_modal_window ('.ldt_link_create_project', 740, 650, 820, 640, base_node, searchprojectfilterurl);
init_modal_window ('.ldt_link_copy_project', 500, 150, 500, 150, base_node, searchprojectfilterurl);
$('.publishedproject', base_node).click(function(e) {
@@ -331,8 +331,8 @@
$('.projecttitlelink').nyroModal({
filters: ['iframe'],
sizes: {
- minW: '800',
- minH: '710'
+ minW: '740',
+ minH: '650'
},
closeOnClick:false,
callbacks: {
@@ -349,7 +349,7 @@
});
nm.store.iframe.width(820);
- nm.store.iframe.height(700);
+ nm.store.iframe.height(640);
}
}
});