Navigation

← Previous Changeset
Next Changeset →

Changeset 3625

Timestamp:

08/20/06 15:54:37 (2 years ago)

Author:

clong

Message:

[per-object-permissions] Updated admin pages to use contains_permission, this means the admin interface will now show the change list link to a user even if they only have change row level permissions on one of the objects. Right now, it does list all the objects and does not filter out those that the user does not have permissions on.

Files:

Legend:

: Unmodified
: Added
: Removed
: Modified
: Copied
: Moved

django/branches/per-object-permissions/django/contrib/admin/templatetags/adminapplist.py

r3623	r3625
28	28	if m._meta.admin:
29	29	if not m._meta.admin.hidden:
	30	#perms = {
	31	#'add': user.has_perm("%s.%s" % (app_label, m._meta.get_add_permission())),
	32	#'change': user.has_perm("%s.%s" % (app_label, m._meta.get_change_permission())),
	33	#'delete': user.has_perm("%s.%s" % (app_label, m._meta.get_delete_permission())),
	34	#}
	35
30	36	perms = {
31		'add': user.~~has_perm("%s.%s" % (app_label, m._meta.get_add_permission())~~),
32		'change': user.~~has_perm("%s.%s" % (app_label, m._meta.get_change_permission())~~),
33		'delete': user.~~has_perm("%s.%s" % (app_label, m._meta.get_delete_permission())~~),
34		}
	37	'add': user.contains_permission("%s.%s" % (app_label, m._meta.get_add_permission()), m),
	38	'change': user.contains_permission("%s.%s" % (app_label, m._meta.get_change_permission()), m),
	39	'delete': user.contains_permission("%s.%s" % (app_label, m._meta.get_delete_permission()), m),
	40	}
35	41
36	42	# Check whether user has any perm for this module.

django/branches/per-object-permissions/django/contrib/admin/views/main.py

r3623	r3625
312	312	opts = model._meta
313	313
314		~~if not request.user.has_perm(app_label + '.' + opts.get_change_permission()):~~
315		~~raise PermissionDenied~~
316
317		~~if request.POST and request.POST.has_key("_saveasnew"):~~
318		~~return add_stage(request, app_label, model_name, form_url='../../add/')~~
319
320	314	try:
321	315	manipulator = model.ChangeManipulator(object_id)
322	316	except ObjectDoesNotExist:
323	317	raise Http404
	318
	319	if not request.user.has_perm(app_label + '.' + opts.get_change_permission(), object=manipulator.original_object):
	320	raise PermissionDenied
	321
	322	if request.POST and request.POST.has_key("_saveasnew"):
	323	return add_stage(request, app_label, model_name, form_url='../../add/')
	324
	325
324	326
325	327	if request.POST:
…	…
419	421	return # Avoid recursing too deep.
420	422	opts_seen = []
421		for related in opts.~~get_all_~~related_objects():
	423	for related in opts.related_objects():
422	424	if related.opts in opts_seen:
423	425	continue
…	…
502	504	raise Http404, "App %r, model %r, not found" % (app_label, model_name)
503	505	opts = model._meta
504		if not request.user.has_perm(app_label + '.' + opts.get_delete_permission()):
	506
	507	obj = get_object_or_404(model, pk=object_id)
	508
	509	if not request.user.has_perm(app_label + '.' + opts.get_delete_permission(), object=obj):
505	510	raise PermissionDenied
506		~~obj = get_object_or_404(model, pk=object_id)~~
507	511
508	512	# Populate deleted_objects, a data structure of all related objects that
…	…
742	746	if model is None:
743	747	raise Http404, "App %r, model %r, not found" % (app_label, model_name)
744		if not request.user.~~has_perm(app_label + '.' + model._meta.get_change_permission()~~):
	748	if not request.user.contains_permission(app_label + '.' + model._meta.get_change_permission(), model):
745	749	raise PermissionDenied
746	750	try:

Code

Navigation

Changeset 3625

Legend:

django/branches/per-object-permissions/django/contrib/admin/templatetags/adminapplist.py

django/branches/per-object-permissions/django/contrib/admin/views/main.py

Download in other formats: