--- a/src/ldt/ldt/ldt_utils/views.py Tue Dec 13 10:28:42 2011 +0100
+++ b/src/ldt/ldt/ldt_utils/views.py Tue Dec 13 14:46:29 2011 +0100
@@ -23,7 +23,7 @@
from ldt.ldt_utils.models import Content
from ldt.ldt_utils.utils import boolean_convert, LdtUtils, LdtSearch
from ldt.security.utils import (assign_perm_to_obj, set_forbidden_stream,
- add_change_attr, get_userlist_model, get_userlist_group)
+ add_change_attr, get_userlist, get_userlist_model, get_userlist_group)
from ldt.security.cache import get_checker_for, assign
from lxml.html import fragment_fromstring
from models import Media, Project
@@ -188,12 +188,8 @@
raise AttributeError("filter should be a string")
filter = filter[1:]
- users = User.objects.filter(username__icontains=filter)[0:20]
-
- resp = []
- for u in users:
- resp.append({'name':u.username, 'id':u.id, 'type': 'user'})
-
+ resp = get_userlist(request.user, filter=filter)
+
if use_groups:
groups = Group.objects.filter(name__icontains=filter).exclude(name=settings.PUBLIC_GROUP_NAME)[0:20]
@@ -472,11 +468,9 @@
contents = Content.safe_objects.all()
form_status = "none"
- user_list = User.objects.all()[0:20]
- elem_list = [{'name': u.username, 'id': u.id, 'type': 'user'} for u in user_list]
return render_to_response('ldt/ldt_utils/create_ldt.html', {'contents': contents, 'form': form, 'form_status':form_status,
'redirect_to': redirect_to, 'create_project_action':reverse(create_ldt_view), 'language_code' : settings.LANGUAGE_CODE[2:],
- 'elem_list': elem_list}, context_instance=RequestContext(request))
+ 'elem_list': get_userlist(request.user)}, context_instance=RequestContext(request))
def created_ldt(request):
return render_to_response('ldt/ldt_utils/save_done.html', context_instance=RequestContext(request))
@@ -858,17 +852,15 @@
return HttpResponseRedirect(reverse('index_project', args=[project.ldt_id]))
else:
form = AddProjectForm()
-
+
return render_to_response('ldt/ldt_utils/create_ldt.html', {'form':form, 'form_status': form_status, 'contents':contents,'groups' : groups,
- 'redirect_to': redirect_to, 'create_project_action':reverse("ldt.ldt_utils.views.create_project", args=[iri_id])}, context_instance=RequestContext(request))
+ 'redirect_to': redirect_to, 'elem_list': get_userlist(request.user), 'create_project_action':reverse("ldt.ldt_utils.views.create_project", args=[iri_id])}, context_instance=RequestContext(request))
@login_required
def update_project(request, ldt_id):
project = get_object_or_404(Project.safe_objects, ldt_id=ldt_id)
contents = project.contents.all()
groups = request.user.groups.exclude(name=settings.PUBLIC_GROUP_NAME)
- elem_list = User.objects.all()[0:20]
- elem_list = [{'name': e.username, 'id': e.id, 'type': 'user'} for e in elem_list]
member_list, admin_list = get_userlist_model(project, request.user)
if request.method == "POST" :
@@ -910,7 +902,7 @@
form_status = 'none'
- return render_to_response('ldt/ldt_utils/create_ldt.html', {'form':form, 'form_status':form_status, 'groups': groups, 'elem_list': elem_list,
+ return render_to_response('ldt/ldt_utils/create_ldt.html', {'form':form, 'form_status':form_status, 'groups': groups, 'elem_list': get_userlist(request.user),
'ldt_id': ldt_id, 'contents':contents, 'member_list': member_list, 'admin_list': admin_list,
'create_project_action':reverse("ldt.ldt_utils.views.update_project", args=[ldt_id])}, context_instance=RequestContext(request))
@@ -1156,7 +1148,6 @@
def write_content(request, iri_id=None):
submit_action = request.REQUEST.get("submit_button", False)
groups = request.user.groups.exclude(name=settings.PUBLIC_GROUP_NAME)
- elem_list = [{'name': u.username, 'id': u.id, 'type': 'user'} for u in User.objects.all()[0:20]]
if submit_action == "prepare_delete":
errors, titles = prepare_delete_content(request, iri_id)
@@ -1187,7 +1178,7 @@
content_form.fields["media_obj"].queryset = Media.safe_objects.all()
return render_to_response('ldt/ldt_utils/create_content.html', {'content_form': content_form, 'media_form': media_form, 'form_status': form_status, 'create_content_action': create_content_action,
- 'elem_list': elem_list, 'member_list': member_list, 'admin_list': admin_list, 'iri_id': iri_id, 'session_key':session_key, 'cookie_name':cookie_name}, context_instance=RequestContext(request))
+ 'elem_list': get_userlist(request.user), 'member_list': member_list, 'admin_list': admin_list, 'iri_id': iri_id, 'session_key':session_key, 'cookie_name':cookie_name}, context_instance=RequestContext(request))
@login_required
def prepare_delete_content(request, iri_id=None):
@@ -1275,7 +1266,7 @@
grp = Group.objects.get(id=request.POST["id_group"])
everyone = Group.objects.get(name=settings.PUBLIC_GROUP_NAME)
project_list = get_objects_for_group(grp, 'ldt_utils.view_project') | get_objects_for_group(everyone, 'ldt_utils.view_project').filter(owner__in=[grp])
- project_list = add_change_attr(request.user, project_list)
+ #project_list = add_change_attr(request.user, project_list)
is_gecko = ((request.META['HTTP_USER_AGENT'].lower().find("firefox")) > -1);
@@ -1288,10 +1279,7 @@
def create_group(request):
if not request.user.has_perm('auth.add_group'):
return HttpResponseServerError('<h1>User %s can not create a group.</h1>' % request.user.username)
-
- query = Q(id=settings.ANONYMOUS_USER_ID) | Q(id=request.user.id) | Q(is_superuser=True)
- user_list = User.objects.exclude(query)[0:20]
- user_list = [{'name': x.username, 'id': x.id, 'type': 'user'} for x in user_list]
+
form_status = ''
if request.method == 'POST':
@@ -1314,12 +1302,12 @@
if elem in admin_list:
assign('change_group', elem, group)
- form_status = 'saved'
+ form_status = 'saved'
else:
- form = GroupAddForm()
-
- return render_to_response("ldt/ldt_utils/create_group.html", {'form' : form, 'form_status' : form_status, 'elem_list' : user_list}, context_instance=RequestContext(request))
+ form = GroupAddForm()
+
+ return render_to_response("ldt/ldt_utils/create_group.html", {'form' : form, 'form_status' : form_status, 'elem_list' : get_userlist(request.user)}, context_instance=RequestContext(request))
@login_required
def update_group(request, group_id):
@@ -1330,9 +1318,6 @@
form_status = 'none'
return render_to_response("ldt/ldt_utils/create_group.html", {'form_status' : form_status}, context_instance=RequestContext(request))
- query = Q(id=settings.ANONYMOUS_USER_ID) | Q(id=request.user.id) | Q(is_superuser=True)
- user_list = User.objects.exclude(query)[0:20]
- user_list = [{'name': x.username, 'id': x.id, 'type': 'user'} for x in user_list]
form_status = ''
is_owner_group = checker.has_perm('is_owner_group', group)
@@ -1375,5 +1360,5 @@
member_list, admin_list = get_userlist_group(group, request.user)
return render_to_response("ldt/ldt_utils/create_group.html", {'group_id' : group_id, 'form' : form, 'form_status' : form_status,
- 'elem_list' : user_list, 'member_list': member_list, 'admin_list': admin_list,
+ 'elem_list' : get_userlist(request.user), 'member_list': member_list, 'admin_list': admin_list,
'is_owner_group': is_owner_group}, context_instance=RequestContext(request))
--- a/src/ldt/ldt/security/utils.py Tue Dec 13 10:28:42 2011 +0100
+++ b/src/ldt/ldt/security/utils.py Tue Dec 13 14:46:29 2011 +0100
@@ -1,5 +1,7 @@
from django.conf import settings
from django.contrib.contenttypes.models import ContentType
+from django.contrib.auth.models import User
+from django.db.models import Q
from guardian.shortcuts import assign, remove_perm, get_users_with_perms, get_groups_with_perms
from cache import get_checker_for
@@ -110,7 +112,7 @@
perm_name = "%s.change_%s" % (cls._meta.app_label, model_name)
for obj in obj_list:
- if checker and checker.has_perm(perm_name, obj):
+ if not checker or checker.has_perm(perm_name, obj):
obj.change = True
else:
obj.change = False
@@ -139,6 +141,14 @@
remove_perms(read_list, old_users, object, name)
remove_perms(read_list, old_groups, object, name)
+def get_userlist(user, filter=None):
+ query = Q(id=settings.ANONYMOUS_USER_ID) | Q(id=user.id) | Q(is_superuser=True)
+ user_list = User.objects.exclude(query)
+ if filter:
+ user_list = user_list.filter(username__icontains=filter)
+ elem_list = [{'name': u.username, 'id': u.id, 'type': 'user'} for u in user_list[0:settings.MAX_USERS_SEARCH]]
+ return elem_list
+
def get_userlist_model(object, owner):
if hasattr(object, 'is_public') and object.is_public:
return [None, None]