Changeset 3616
- Timestamp:
- 08/19/06 12:53:48 (2 years ago)
- Files:
-
- django/branches/per-object-permissions/django/contrib/admin/templates/admin/change_form.html (modified) (1 diff)
- django/branches/per-object-permissions/django/contrib/admin/templates/admin/row_level_permission.html (modified) (5 diffs)
- django/branches/per-object-permissions/django/contrib/admin/urls.py (modified) (1 diff)
- django/branches/per-object-permissions/django/contrib/admin/views/main.py (modified) (1 diff)
- django/branches/per-object-permissions/django/contrib/admin/views/row_level_permissions.py (modified) (9 diffs)
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
django/branches/per-object-permissions/django/contrib/admin/templates/admin/change_form.html
r3615 r3616 19 19 {% if change %}{% if not is_popup %} 20 20 <ul class="object-tools"><li><a href="history/" class="historylink">{% trans "History" %}</a></li> 21 {% if has_row_level_permissions %}<li><a href="row_level_permissions/" class="rowlevelpermissions">{% trans "Edit Row Level Permissions" %}</a></li>{% endif %} 21 22 {% if has_absolute_url %}<li><a href="../../../r/{{ content_type_id }}/{{ object_id }}/" class="viewsitelink">{% trans "View on site" %}</a></li>{% endif%} 22 23 </ul> django/branches/per-object-permissions/django/contrib/admin/templates/admin/row_level_permission.html
r3615 r3616 18 18 </div> 19 19 {% endblock %} 20 {% block content %}<div id="content-main"> 21 <div id="changelist"> 20 {% block content %} 21 22 <div id="content-main"> 22 23 23 24 {% if_has_perm "auth.add_rowlevelpermission" %} … … 67 68 <h2>{% trans "Current Permissions" %}</h2> 68 69 <table id="current-rlpTable"> 69 {% if rlp_form _list%}70 {% if rlp_forms %} 70 71 <tr class="header"> 71 72 <th id="select_header"></th> … … 85 86 <TBODY> 86 87 {% load row_level_permission %} 87 {% for o in rlp_form_list %} 88 {% for x in rlp_forms %} 89 <tr> 90 <th colspan=5> 91 {{ x.0 }} 92 </th> 93 </tr> 94 {% for o in x.1 %} 88 95 <tr id="editRLP-{{ o.rlp.id }}"> 89 96 <!--<td colspan="5">--> 90 <form id="editRLPForm-{{ o.rlp.id }}" class="editRLPForm" method="POST" name="editRLPForm-{{ o.rlp.id }}" action=" ../../../auth/row_level_permission/{% objref o.rlp %}/change/">97 <form id="editRLPForm-{{ o.rlp.id }}" class="editRLPForm" method="POST" name="editRLPForm-{{ o.rlp.id }}" action="change/{% objref o.rlp %}/"> 91 98 <!--<table> 92 99 <tr>--> … … 108 115 <br/> 109 116 <!--<a href="../../../auth/row_level_permission/{% objref o.rlp %}/delete/" class="deleteLink" onclick="row_level_permission.deleteRLP('{% objref o.rlp %}'); return false;">{% trans 'Delete' %}</a> |--> 110 <a href="../../../auth/row_level_permission/{% objref o.rlp %}/delete/" class="deletelink">{% trans 'Delete' %}</a> | 117 <!--<a href="../../../auth/row_level_permission/{% objref o.rlp %}/delete/" class="deletelink">{% trans 'Delete' %}</a> | --> 118 <a href="delete/{% objref o.rlp %}" class="deletelink">{% trans 'Delete' %}</a> | 111 119 <a href="javascript:row_level_permission.copyToNew({{ o.rlp.id }})" class="copyToNewLink">{% trans 'Copy to New' %}</a> 112 120 </td> … … 117 125 </tr> 118 126 {% endfor %} 127 {% endfor %} 119 128 <tr align="right"> 120 129 <td colspan="5"> 121 <form id="apply_selected_form" method="POST" name="apply_selected_form" onsubmit="row_level_permission.apply_selected(); return false;"> 122 <input id="apply_selected_button" type="submit" value="{% trans 'Apply Selected' %}" /> 123 </form> 124 <form id="delete_selected_form" method="POST" name="delete_selected_form" onsubmit="alert('Not yet working'); return false;"> 125 <input id="delete_selected_button" type="submit" value="{% trans 'Delete Selected' %}" /> 126 </form> 130 Commands: 131 <a href="javascript:row_level_permission.apply_selected();">Apply Selected</a> | 132 <a href="javascript:alert('Not yet working');" class="deletelink">Delete Selected</a> 127 133 </td> 128 134 </tr> django/branches/per-object-permissions/django/contrib/admin/urls.py
r3615 r3616 42 42 ('^([^/]+)/([^/]+)/(.+)/history/$', 'django.contrib.admin.views.main.history'), 43 43 ('^([^/]+)/([^/]+)/(.+)/delete/$', 'django.contrib.admin.views.main.delete_stage'), 44 ('^([^/]+)/([^/]+)/(.+)/row_level_permissions/$', 'django.contrib.admin.views.row_level_permissions. edit_row_level_permissions'),44 ('^([^/]+)/([^/]+)/(.+)/row_level_permissions/$', 'django.contrib.admin.views.row_level_permissions.view_row_level_permissions'), 45 45 ('^([^/]+)/([^/]+)/(.+)/row_level_permissions/add/$', 'django.contrib.admin.views.row_level_permissions.add_row_level_permission'), 46 ('^([^/]+)/([^/]+)/(.+)/row_level_permissions/delete/(.+)/(.+)/([^/]+)/$', 'django.contrib.admin.views.row_level_permissions.delete_row_level_permission'), 47 ('^([^/]+)/([^/]+)/(.+)/row_level_permissions/change/(.+)/(.+)/([^/]+)/$', 'django.contrib.admin.views.row_level_permissions.change_row_level_permission'), 48 46 49 ('^([^/]+)/([^/]+)/(.+)/$', 'django.contrib.admin.views.main.change_stage'), 47 50 ) django/branches/per-object-permissions/django/contrib/admin/views/main.py
r3609 r3616 204 204 'has_file_field': opts.has_field_type(models.FileField), 205 205 'has_absolute_url': hasattr(model, 'get_absolute_url'), 206 'has_row_level_permissions':opts.row_level_permissions, 206 207 'auto_populated_fields': auto_populated_fields, 207 208 'bound_field_sets': bound_field_sets, django/branches/per-object-permissions/django/contrib/admin/views/row_level_permissions.py
r3615 r3616 4 4 from django.http import Http404, HttpResponse, HttpResponseRedirect 5 5 from django.contrib.contenttypes.models import ContentType 6 from django.contrib.auth.models import RowLevelPermission 7 from django.contrib.admin.views import main 6 from django.contrib.auth.models import RowLevelPermission, User, Group 8 7 from django.db import models 9 8 from django.contrib.admin.row_level_perm_manipulator import AddRLPManipulator, ChangeRLPManipulator 10 9 from django.core.exceptions import ImproperlyConfigured, ObjectDoesNotExist, PermissionDenied 11 10 from django.core.paginator import ObjectPaginator, InvalidPage 12 import simplejson 13 14 def edit_row_level_permissions(request, app_label, model_name, object_id): 11 from django.contrib.admin.views.main import unquote, quote 12 from django.contrib.admin.views.decorators import staff_member_required 13 from django.views.decorators.cache import never_cache 14 15 16 def view_row_level_permissions(request, app_label, model_name, object_id): 15 17 model = models.get_model(app_label, model_name) 16 object_id = main.unquote(object_id)18 object_id = unquote(object_id) 17 19 18 20 model_ct = ContentType.objects.get_for_model(model) … … 53 55 edit_rlp_manip = ChangeRLPManipulator(model_ct) 54 56 new_rlp_form = forms.FormWrapper(add_rlp_manip, rlp_new_data, rlp_errors) 55 empty_rlp_form = forms.FormWrapper(edit_rlp_manip, rlp_new_data, rlp_errors) 56 rlp_form_list = [] 57 58 user_rlp_form_list = [] 59 other_rlp_form_list = [] 60 group_rlp_form_list = [] 61 62 group_ct = model_ct = ContentType.objects.get_for_model(Group) 63 user_ct = model_ct = ContentType.objects.get_for_model(User) 57 64 for r in rlp_list: 58 65 owner_val = str(r.owner_ct)+"-"+str(r.owner_id) 59 66 data = {'id':r.id, 'owner':owner_val, 'perm':r.permission.id, 'negative':r.negative} 60 rlp_form_list.append({'form':forms.FormWrapper(edit_rlp_manip, data, rlp_errors), 'rlp':r}) 67 68 if r.owner_ct.id is user_ct.id: 69 user_rlp_form_list.append({'form':forms.FormWrapper(edit_rlp_manip, data, rlp_errors), 'rlp':r}) 70 elif r.owner_ct.id is group_ct.id: 71 group_rlp_form_list.append({'form':forms.FormWrapper(edit_rlp_manip, data, rlp_errors), 'rlp':r}) 72 else: 73 other_rlp_form_list.append({'form':forms.FormWrapper(edit_rlp_manip, data, rlp_errors), 'rlp':r}) 74 75 rlp_forms = [] 76 if user_rlp_form_list: 77 rlp_forms.append((_('Users'), user_rlp_form_list,)) 78 if group_rlp_form_list: 79 rlp_forms.append((_('Groups'), group_rlp_form_list,)) 80 if other_rlp_form_list: 81 rlp_forms.append((_('Other'), other_rlp_form_list,)) 82 61 83 rlp_context = {'new_rlp_form':new_rlp_form, 62 'rlp_form_list':rlp_form_list, 63 'empty_rlp_form':empty_rlp_form,} 84 'rlp_forms':rlp_forms, } 64 85 65 86 c.update(rlp_context) … … 70 91 "admin/row_level_permission.html"], context_instance=c) 71 92 72 def delete_row_level_permission(request, ct_id, rlp_id, hash): 93 view_row_level_permissions = staff_member_required(never_cache(view_row_level_permissions)) 94 95 def delete_row_level_permission(request, app_label, model_name, object_id, ct_id, rlp_id, hash): 73 96 msg = {} 97 74 98 if utils.verify_objref_hash(ct_id, rlp_id, hash): 99 model = models.get_model(app_label, model_name) 100 object_id = unquote(object_id) 101 102 model_ct = ContentType.objects.get_for_model(model) 103 model_instance = get_object_or_404(model, pk=object_id) 75 104 rlp = get_object_or_404(RowLevelPermission, pk=rlp_id) 76 105 ct = rlp.model_ct 77 106 obj = rlp.model 107 108 if model_instance.id is not obj.id: 109 raise PermissionDenied 78 110 79 111 if not request.user.has_perm(rlp._meta.app_label + '.' + rlp._meta.get_delete_permission()): … … 87 119 msg = { 'result':False, 'text': _("row level permission not found (bad hash)" )} 88 120 89 request.user.message_set.create(message= result['text'])90 91 return HttpResponseRedirect("../ ")121 request.user.message_set.create(message=msg['text']) 122 123 return HttpResponseRedirect("../../../../") 92 124 # return HttpResponseRedirect("%s?rlp_result=%s&rlp_msg=%s" % (request.META["HTTP_REFERER"], str(msg["result"]), main.quote(msg["text"]))) 93 125 #return main.change_stage(request, main.quote(obj._meta.app_label), main.quote(obj._meta.object_name), 94 126 # main.quote(str(obj.id)), extra_context={"row_level_perm_msg":msg,}) 95 127 delete_row_level_permission = staff_member_required(never_cache(delete_row_level_permission)) 96 128 97 129 def add_row_level_permission(request, app_label, model_name, object_id): … … 104 136 105 137 model = models.get_model(app_label, model_name) 106 object_id = main.unquote(object_id)138 object_id = unquote(object_id) 107 139 108 140 ct = ContentType.objects.get_for_model(model) … … 142 174 # main.quote(str(obj.id)), extra_context={"row_level_perm_msg":msg,}) 143 175 return HttpResponseRedirect("../") 144 145 def change_row_level_permission(request, ct_id, rlp_id, hash): 176 add_row_level_permission = staff_member_required(never_cache(add_row_level_permission)) 177 178 def change_row_level_permission(request, app_label, model_name, object_id, ct_id, rlp_id, hash): 146 179 msg = {} 147 ajax = request.GET.has_key("ajax")148 180 if not request.POST: 149 181 msg = { 'result':False, 'text': _("Only POSTs are allowed" )} … … 153 185 154 186 if msg.has_key("result"): 155 if ajax:156 return HttpResponse(simplejson.dumps(msg), 'text/javascript')157 187 request.user.message_set.create(message=msg['text']) 158 return HttpResponseRedirect("/edit/%s/%s" % (obj_type, obj_id)) 188 return HttpResponseRedirect('../../../../') 189 190 model = models.get_model(app_label, model_name) 191 object_id = unquote(object_id) 192 193 ct = ContentType.objects.get_for_model(model) 194 model_instance = get_object_or_404(model, pk=object_id) 159 195 160 196 rlp = get_object_or_404(RowLevelPermission, pk=rlp_id) … … 164 200 165 201 obj = rlp.model 202 if model_instance.id is not obj.id: 203 raise PermissionDenied 204 166 205 if not request.user.has_perm(rlp._meta.app_label + '.' + rlp._meta.get_change_permission(), object=obj): 167 206 raise PermissionDenied … … 179 218 else: 180 219 msg = {"result":True, "text":_("Row level permission has successfully been changed"), "id":rlp_id} 181 if ajax: 182 return HttpResponse(simplejson.dumps(msg), 'text/javascript') 183 184 request.POST = {} 185 return main.change_stage(request, main.quote(obj._meta.app_label), main.quote(obj._meta.object_name), 186 main.quote(str(obj.id)), extra_context={"row_level_perm_msg":msg,}) 220 221 request.user.message_set.create(message=msg['text']) 222 223 return HttpResponseRedirect("../../../../") 224 # request.POST = {} 225 # return change_stage(request, main.quote(obj._meta.app_label), main.quote(obj._meta.object_name), 226 # main.quote(str(obj.id)), extra_context={"row_level_perm_msg":msg,}) 227 228 change_row_level_permission = staff_member_required(never_cache(change_row_level_permission))
