Mercurial Mercurial > platform / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | zip | gz | bz2 | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Merge with c8b0dd68528b17c5fc4b7709bb742e17317b2cc1
authorcavaliet
Fri, 30 Nov 2012 13:30:51 +0100
changeset 984 4ac6e0aff004
parent 983 ea298d03fe67 (diff)
parent 982 c8b0dd68528b (current diff)
child 985 2f89ccff08cc
Merge with c8b0dd68528b17c5fc4b7709bb742e17317b2cc1
--- a/src/ldt/ldt/api/ldt/resources/project.py	Fri Nov 30 13:19:44 2012 +0100
+++ b/src/ldt/ldt/api/ldt/resources/project.py	Fri Nov 30 13:30:51 2012 +0100
@@ -1,13 +1,17 @@
+from django.conf import settings
 from django.conf.urls.defaults import url
+from django.contrib.auth.models import Group
+from guardian.shortcuts import assign
 from ldt.ldt_utils.models import Project
 from ldt.api.ldt.authentication import SessionAuthentication
 from ldt.api.ldt.serializers.cinelabserializer import CinelabSerializer
 from ldt.api.ldt.resources import ContentResource
 from ldt.api.ldt.resources.user import UserResource
+from ldt.security import protect_models, unprotect_models
 from tastypie.authorization import Authorization
 from tastypie.resources import Bundle, ModelResource, ALL
 from tastypie import fields
-from ldt.security import protect_models, unprotect_models
+
 
 class ProjectResource(ModelResource):
     contents = fields.ManyToManyField(ContentResource, 'contents')
@@ -46,10 +50,16 @@
         else:
             kwargs['ldt_id'] = bundle_or_obj.ldt_id
         return self._build_reverse_url("api_dispatch_detail", kwargs=kwargs)
-    
-    # TEMPORARY (used before authentication/authorization, because saving a project modifies a Content (via ContentStat))
-    def save_m2m(self, bundle):
+        
+    def obj_create(self, bundle, request=None, **kwargs):
         unprotect_models()
-        super(ProjectResource, self).save_m2m(bundle)
+        bundle = super(ProjectResource, self).obj_create(bundle, request)
+        # Assign permission for the owner
+        assign('view_project', request.user, bundle.obj)
+        assign('change_project', request.user, bundle.obj)
+        # Since the project is published by default, we assign permission for the everyone group
+        everyone = Group.objects.get(name=settings.PUBLIC_GROUP_NAME)
+        assign('ldt_utils.view_project', everyone, bundle.obj)
         protect_models()
+        return bundle
     
\ No newline at end of file
--- a/src/ldt/ldt/api/ldt/serializers/cinelabserializer.py	Fri Nov 30 13:19:44 2012 +0100
+++ b/src/ldt/ldt/api/ldt/serializers/cinelabserializer.py	Fri Nov 30 13:30:51 2012 +0100
@@ -60,7 +60,6 @@
         "contents*": ["IRI_ID_1","IRI_ID_2"]
         "owner*": "user_id"
         """
-        logging.debug("FROM cinelab content = " + content)
         
         cinelab = simplejson.loads(content)
         meta = cinelab["meta"]
--- a/src/ldt/ldt/ldt_utils/views/content.py	Fri Nov 30 13:19:44 2012 +0100
+++ b/src/ldt/ldt/ldt_utils/views/content.py	Fri Nov 30 13:30:51 2012 +0100
@@ -35,8 +35,9 @@
 #from django.core.files.temp import NamedTemporaryFile
 
 def media_management(request, media_input_type, cleaned_data, content_form, media_form, form_status):
+    media = None
     if media_input_type == "none":
-                    media = None
+        media = None
     elif media_input_type == "link":
         media = content_form.cleaned_data["media_obj"]
         created = False
platform