Navigation

← Previous Changeset
Next Changeset →

Changeset 3529

Timestamp:

08/06/06 14:44:58 (2 years ago)

Author:

clong

Message:

[per-object-permissions] First version of checking for row level permissions. No cache implemented at this point. See wiki page for more details.

Files:

django/branches/per-object-permissions/django/contrib/auth/models.py (modified) (3 diffs)

Legend:

: Unmodified
: Added
: Removed
: Modified
: Copied
: Moved

django/branches/per-object-permissions/django/contrib/auth/models.py

r3518	r3529
112	112	name = models.CharField(_('name'), maxlength=80, unique=True)
113	113	permissions = models.ManyToManyField(Permission, verbose_name=_('permissions'), blank=True, filter_interface=models.HORIZONTAL)
	114	row_level_permissions_owned = models.GenericRelation(RowLevelPermission, object_id_field="owner_id", content_type_field="owner_ct", related_name="owner")
114	115	class Meta:
115	116	verbose_name = _('group')
…	…
259	260	return self._perm_cache
260	261
261		def has_perm(self, perm):
	262	def check_row_level_permission(self, permission, object):
	263	if isinstance(permission, str):
	264	permission = Permission.objects.get(codename__exact=permission)
	265	try:
	266	row_level_perm=self.row_level_permissions_owned.get(model_id=object.id,
	267	model_ct=ContentType.objects.get_for_model(object).id,
	268	permission=permission.id)
	269	except RowLevelPermission.DoesNotExist:
	270	return self.check_group_row_level_permissions(permission, object)
	271	return not row_level_perm.negative
	272
	273	def check_group_row_level_permissions(self, permission, object):
	274	#SELECT rlp."negative"
	275	#FROM "auth_user_groups" ug, "auth_rowlevelpermission" rlp
	276	#WHERE rlp."owner_id"=ug."group_id"
	277	#AND ug."user_id"=%s
	278	#AND rlp."owner_ct_id"=%s
	279	#AND rlp."model_id"=%s
	280	#AND rlp."model_ct_id"=%s
	281	#AND rlp."permission_id"=%s;
	282	cursor = connection.cursor()
	283	sql = """
	284	SELECT rlp.%s
	285	FROM %s ug, %s rlp
	286	WHERE rlp.%s = ug.%s
	287	AND ug.%s=%%s
	288	AND rlp.%s=%%s
	289	AND rlp.%s=%%s
	290	AND rlp.%s=%%s
	291	AND rlp.%s=%%s
	292	ORDER BY rlp.%s""" % (
	293	backend.quote_name('negative'), backend.quote_name('auth_user_groups'),
	294	backend.quote_name('auth_rowlevelpermission'), backend.quote_name('owner_id'),
	295	backend.quote_name('group_id'), backend.quote_name('user_id'),
	296	backend.quote_name('owner_ct_id'), backend.quote_name('model_id'),
	297	backend.quote_name('model_ct_id'), backend.quote_name('permission_id'),
	298	backend.quote_name('negative'))
	299	cursor.execute(sql, [self.id,
	300	ContentType.objects.get_for_model(Group).id,
	301	object.id,
	302	ContentType.objects.get_for_model(object).id,
	303	permission.id,])
	304	row = cursor.fetchone()
	305	if row is None:
	306	return None
	307	return not row[0]
	308
	309
	310	def has_perm(self, perm, object=None):
262	311	"Returns True if the user has the specified permission."
263	312	if not self.is_active:
…	…
265	314	if self.is_superuser:
266	315	return True
	316	if object and object._meta.row_level_permissions:
	317	row_level_permission = self.check_row_level_permission(perm, object)
	318	if row_level_permission is not None:
	319	return row_level_permission
267	320	return perm in self.get_all_permissions()
268	321

Code

Navigation

Changeset 3529

Legend:

django/branches/per-object-permissions/django/contrib/auth/models.py

Download in other formats: