platform: changeset 229:fce9a02cc0a2

--- a/src/ldt/ldt/ldt_utils/models.py	Fri Oct 28 11:01:40 2011 +0200
+++ b/src/ldt/ldt/ldt_utils/models.py	Fri Oct 28 15:10:34 2011 +0200
@@ -396,7 +396,8 @@
         for content in contents:
             project.contents.add(content)
         project.save()
-        assign(['view_project', 'change_project'], user, project)
+        assign('view_project', user, project)
+        assign('change_project', user, project)
         return create_ldt(project, user)
 
     def copy_project(self, user, title, description=''):
@@ -405,7 +406,8 @@
         project = Project(title=title, owner=owner, description=description)
         project = copy_ldt(self, project, user)
         project.save()
-        assign(['view_project', 'change_project'], user, project)
+        assign('view_project', user, project)
+        assign('change_project', user, project)
         for content in self.contents.all():
             project.contents.add(content)
         project.save()

--- a/src/ldt/ldt/ldt_utils/security.py	Fri Oct 28 11:01:40 2011 +0200
+++ b/src/ldt/ldt/ldt_utils/security.py	Fri Oct 28 15:10:34 2011 +0200
@@ -7,18 +7,36 @@
         if settings.USE_GROUP_PERMISSIONS:
             if not request.user:
                 raise AttributeError("A user should be set in the request.")
-
-            Project.objects_safe.check_perm_for(request.user)
-            old_project_manager = Project.objects
-            Project.objects = Project.objects_safe
             
-            response = func(request, *args, **kwargs)
-            
-            Project.objects = old_project_manager            
-            Project.objects_safe.stop_checking()
+            if Project.objects_safe.has_user():
+                response = func(request, *args, **kwargs)
+            else:                    
+                Project.objects_safe.check_perm_for(request.user)
+                
+                old_project_manager = Project.objects                         
+                old_save_method = Project.save
+                Project.save = save_security(request.user)(Project.save)
+                Project.objects = Project.objects_safe
+                
+                response = func(request, *args, **kwargs)
+                
+                Project.objects = old_project_manager 
+                Project.save = old_save_method     
+                Project.objects_safe.stop_checking()
             
         else:
             response = func(request, *args, **kwargs)
         return response
     return wrapper
-        
\ No newline at end of file
+
+ 
+def save_security(user):
+    def wrapper(func):
+        def wrapped(self, *args, **kwargs):
+            
+            if not user.has_perm('change_project', self):
+                raise AttributeError('User %s does not have sufficient permissions to change object %s' % (user, self))
+            
+            return func(self, *args, **kwargs)
+        return wrapped
+    return wrapper
\ No newline at end of file

--- a/src/ldt/ldt/ldt_utils/templates/ldt/ldt_utils/groups.html	Fri Oct 28 11:01:40 2011 +0200
+++ b/src/ldt/ldt/ldt_utils/templates/ldt/ldt_utils/groups.html	Fri Oct 28 15:10:34 2011 +0200
@@ -43,6 +43,7 @@
                 init_events(document);
             },
     		error: function(jqXHR, textStatus, errorThrown) {
+    			alert(jqXHR.responseText);
     			resp = $.parseJSON(jqXHR.responseText);
     			alert(resp.message);
     		}

--- a/src/ldt/ldt/ldt_utils/templates/ldt/ldt_utils/partial/projectslist.html	Fri Oct 28 11:01:40 2011 +0200
+++ b/src/ldt/ldt/ldt_utils/templates/ldt/ldt_utils/partial/projectslist.html	Fri Oct 28 15:10:34 2011 +0200
@@ -25,9 +25,9 @@
         </td>
         <td class="projecttitle">
         {% ifequal project.state 2 %}
-        {% if show_username %}{{ project.owner.username }} : {% endif %} <span class="projectinfos" data-title="{{ project.title }}" >{{ project.title }}</span>
+        {% if show_username %}{{ project.owner.username }} : {% endif %} <span class="projectinfos" data-title="{{ project.title }}" data-desc="{{ project.description|linebreaksbr }}" >{{ project.title }}</span>
         {% else %}
-        <a class="projecttitlelink" href="{% url ldt.ldt_utils.views.update_project ldt_id=project.ldt_id %}">{% if show_username %}{{ project.owner.username }} : {% endif %}<span class="projectinfos" data-title="{{ project.title }}" >{{ project.title }}</span></a>
+        <a class="projecttitlelink" href="{% url ldt.ldt_utils.views.update_project ldt_id=project.ldt_id %}">{% if show_username %}{{ project.owner.username }} : {% endif %}<span class="projectinfos" data-title="{{ project.title }}" data-desc="{{ project.description|linebreaksbr }}" >{{ project.title }}</span></a>
         {% endifequal %}
         </td>
     </tr>

--- a/src/ldt/ldt/ldt_utils/templates/ldt/ldt_utils/partial/publishedprojectslist.html	Fri Oct 28 11:01:40 2011 +0200
+++ b/src/ldt/ldt/ldt_utils/templates/ldt/ldt_utils/partial/publishedprojectslist.html	Fri Oct 28 15:10:34 2011 +0200
@@ -22,7 +22,7 @@
         {% ifequal project.state 2 %}
         <span class="projectinfos" data-title="{{ project.title }}" data-desc="{{ project.description|linebreaksbr }}">{{ project.title }}</span>
         {% else %}
-        <a class="projecttitlelink" href="{% url ldt.ldt_utils.views.update_project ldt_id=project.ldt_id %}">{{ project.title }}</a>
+        <a class="projecttitlelink" href="{% url ldt.ldt_utils.views.update_project ldt_id=project.ldt_id %} data-desc="{{ project.description|linebreaksbr }}">{{ project.title }}</a>
         {% endifequal %}
         </td>
     </tr>

--- a/src/ldt/ldt/ldt_utils/views.py	Fri Oct 28 11:01:40 2011 +0200
+++ b/src/ldt/ldt/ldt_utils/views.py	Fri Oct 28 15:10:34 2011 +0200
@@ -45,7 +45,7 @@
 @login_required
 @group_security
 def workspace(request):
-
+    
     # list of contents
     content_list = Content.objects.all() #@UndefinedVariable
 
@@ -202,6 +202,7 @@
 
 
 @login_required
+@group_security
 def search_index(request):
         
     sform = SearchForm(request.POST)
@@ -694,9 +695,8 @@
     
     return render_to_response('ldt/ldt_utils/save_done.html', {'ldt': ldt, 'id':id, 'title':ldtproject.title, 'contents': new_contents}, context_instance=RequestContext(request))
 
-
-
 @login_required
+@group_security
 def publish(request, id, redirect=True):
     ldt = get_object_or_404(Project, ldt_id=id)
     ldt.state = 2 #published
@@ -706,8 +706,9 @@
         return HttpResponseRedirect(reverse("ldt.ldt_utils.views.list_ldt"))
     else:
         return HttpResponse(simplejson.dumps({'res':True, 'ldt': {'id': ldt.id, 'state':ldt.state, 'ldt_id': ldt.ldt_id}}, ensure_ascii=False), mimetype='application/json')
-    
+
 @login_required
+@group_security
 def unpublish(request, id, redirect=True):
     ldt = get_object_or_404(Project, ldt_id=id)
     ldt.state = 1 #edition
@@ -768,6 +769,7 @@
     return render_to_response('ldt/ldt_utils/create_ldt.html', {'form':form, 'contents':contents, 'create_project_action':reverse("ldt.ldt_utils.views.create_project", args=[iri_id]), 'target_parent':target_parent}, context_instance=RequestContext(request))
 
 @login_required
+@group_security
 def update_project(request, ldt_id):
 
     project = get_object_or_404(Project, ldt_id=ldt_id)

author	verrierj
	Fri, 28 Oct 2011 15:10:34 +0200
changeset 229	fce9a02cc0a2
parent 228	94fdb72b7d56
child 230	39d97d561c60

src/ldt/ldt/ldt_utils/models.py		file \| annotate \| diff \| comparison \| revisions
src/ldt/ldt/ldt_utils/security.py		file \| annotate \| diff \| comparison \| revisions
src/ldt/ldt/ldt_utils/templates/ldt/ldt_utils/groups.html		file \| annotate \| diff \| comparison \| revisions
src/ldt/ldt/ldt_utils/templates/ldt/ldt_utils/partial/projectslist.html		file \| annotate \| diff \| comparison \| revisions
src/ldt/ldt/ldt_utils/templates/ldt/ldt_utils/partial/publishedprojectslist.html		file \| annotate \| diff \| comparison \| revisions
src/ldt/ldt/ldt_utils/views.py		file \| annotate \| diff \| comparison \| revisions