Changeset 4025
- Timestamp:
- 11/06/06 15:25:29 (2 years ago)
- Files:
-
- django/branches/generic-auth/django/contrib/admin/templatetags/adminapplist.py (modified) (2 diffs)
- django/branches/generic-auth/django/contrib/admin/views/main.py (modified) (11 diffs)
- django/branches/generic-auth/django/contrib/auth/__init__.py (modified) (1 diff)
- django/branches/generic-auth/django/db/models/options.py (modified) (1 diff)
- django/branches/generic-auth/tests/regressiontests/authorization (deleted)
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
django/branches/generic-auth/django/contrib/admin/templatetags/adminapplist.py
r2999 r4025 1 1 from django import template 2 2 from django.db.models import get_models 3 from django.contrib.auth import has_permission 4 from django.contrib.auth.models import Permission 3 5 4 6 register = template.Library() … … 27 29 for m in app_models: 28 30 if m._meta.admin: 31 opts = m._meta 29 32 perms = { 30 'add': user.has_perm("%s.%s" % (app_label, m._meta.get_add_permission())),31 'change': user.has_perm("%s.%s" % (app_label, m._meta.get_change_permission())),32 'delete': user.has_perm("%s.%s" % (app_label, m._meta.get_delete_permission())),33 'add': has_permission(user, opts.get_add_permission()), 34 'change': has_permission(user, opts.get_change_permission()), 35 'delete': has_permission(user, opts.get_delete_permission()), 33 36 } 34 37 django/branches/generic-auth/django/contrib/admin/views/main.py
r4024 r4025 1 1 from django import forms, template 2 2 from django.conf import settings 3 from django.contrib.auth import has_permission 3 4 from django.contrib.admin.filterspecs import FilterSpec 4 5 from django.contrib.admin.views.decorators import staff_member_required … … 200 201 'add': add, 201 202 'change': change, 202 'has_delete_permission': context['perms'][app_label][opts.get_delete_permission() ],203 'has_change_permission': context['perms'][app_label][opts.get_change_permission() ],203 'has_delete_permission': context['perms'][app_label][opts.get_delete_permission().codename], 204 'has_change_permission': context['perms'][app_label][opts.get_change_permission().codename], 204 205 'has_file_field': opts.has_field_type(models.FileField), 205 206 'has_absolute_url': hasattr(model, 'get_absolute_url'), … … 230 231 opts = model._meta 231 232 232 if not request.user.has_perm(app_label + '.' +opts.get_add_permission()):233 if not has_permission(request.user, opts.get_add_permission()): 233 234 raise PermissionDenied 234 235 if post_url is None:236 if request.user.has_perm(app_label + '.' + opts.get_change_permission()):237 # redirect to list view238 post_url = '../'239 else:240 # Object list will give 'Permission Denied', so go back to admin home241 post_url = '../../../'242 235 243 236 manipulator = model.AddManipulator() … … 256 249 LogEntry.objects.log_action(request.user.id, ContentType.objects.get_for_model(model).id, pk_value, str(new_object), ADDITION) 257 250 msg = _('The %(name)s "%(obj)s" was added successfully.') % {'name': opts.verbose_name, 'obj': new_object} 251 252 if post_url is None: 253 # We want to call has permission WITHOUT passing it the new 254 # object here. We're concerned with whether the user can edit 255 # ANY instances of this model, not just the one we created. 256 if has_permission(request.user, opts.get_change_permission()): 257 # redirect to list view 258 post_url = '../' 259 else: 260 # Object list will give 'Permission Denied', so go back to admin home 261 post_url = '../../../' 262 258 263 # Here, we distinguish between different save types by checking for 259 264 # the presence of keys in request.POST. … … 304 309 opts = model._meta 305 310 306 if not request.user.has_perm(app_label + '.' + opts.get_change_permission()):307 raise PermissionDenied308 309 311 if request.POST and request.POST.has_key("_saveasnew"): 310 312 return add_stage(request, app_label, model_name, form_url='../../add/') … … 314 316 except ObjectDoesNotExist: 315 317 raise Http404 318 319 if not has_permission(request.user, opts.get_change_permission(), manipulator.original_object): 320 raise PermissionDenied 316 321 317 322 if request.POST: … … 420 425 else: 421 426 if related.opts.admin: 422 p = '%s.%s' % (related.opts.app_label, related.opts.get_delete_permission()) 423 if not user.has_perm(p): 427 if not has_permission(user, related.opts.get_delete_permission(), related): 424 428 perms_needed.add(related.opts.verbose_name) 425 429 # We don't care about populating deleted_objects now. … … 451 455 # permission to delete them, add the missing perm to perms_needed. 452 456 if related.opts.admin and has_related_objs: 453 p = '%s.%s' % (related.opts.app_label, related.opts.get_delete_permission()) 454 if not user.has_perm(p): 457 if not has_permission(user, related.opts.get_delete_permission(), related): 455 458 perms_needed.add(rel_opts_name) 456 459 for related in opts.get_all_related_many_to_many_objects(): … … 480 483 # permission to change them, add the missing perm to perms_needed. 481 484 if related.opts.admin and has_related_objs: 482 p = '%s.%s' % (related.opts.app_label, related.opts.get_change_permission()) 483 if not user.has_perm(p): 485 if not has_permission(user, related.opts.get_delete_permission(), related): 484 486 perms_needed.add(related.opts.verbose_name) 485 487 … … 491 493 raise Http404, "App %r, model %r, not found" % (app_label, model_name) 492 494 opts = model._meta 493 if not request.user.has_perm(app_label + '.' + opts.get_delete_permission()): 495 obj = get_object_or_404(model, pk=object_id) 496 if not has_permission(request.user, opts.get_delete_permission(), obj): 494 497 raise PermissionDenied 495 obj = get_object_or_404(model, pk=object_id)496 498 497 499 # Populate deleted_objects, a data structure of all related objects that … … 731 733 if model is None: 732 734 raise Http404, "App %r, model %r, not found" % (app_label, model_name) 733 if not request.user.has_perm(app_label + '.' + model._meta.get_change_permission()): 735 # There isn't a specific object to check here, so don't pass one to 736 # has_permission. There should be a has_permission implementation 737 # registered that knows when the obj arg is missing. 738 if not has_permission(request.user, model._meta.get_change_permission()): 734 739 raise PermissionDenied 735 740 try: django/branches/generic-auth/django/contrib/auth/__init__.py
r4024 r4025 5 5 LOGIN_URL = '/accounts/login/' 6 6 REDIRECT_FIELD_NAME = 'next' 7 8 def default_has_permission(user, permission, obj): 9 p_name = "%s.%s" % (permission.content_type.app_label, permission.codename) 10 return user.has_perm(p_name) 11 12 class HasPermission(object): 13 """ 14 Function that supports multiple implementations via a type registry. The 15 implemetation called depends on the argument types. 16 """ 17 def __init__(self): 18 self.registry = {} 19 20 def __call__(self, user, permission, obj=None): 21 # TODO: this isn't very robust. Only matches on exact types. Support 22 # for matching subclasses and caching registry hits would be helpful, 23 # but we'll add that later 24 types = (type(user), type(permission), type(obj)) 25 func = self.registry.get(types) 26 if func is not None: 27 return func(user, permission, obj) 28 else: 29 return default_has_permission(user, permission, obj) 30 31 def register(self, func, user_type, permission_type, obj_type=type(None)): 32 types = (user_type, permission_type, obj_type) 33 self.registry[types] = func 34 35 has_permission = HasPermission() 7 36 8 37 def load_backend(path): django/branches/generic-auth/django/db/models/options.py
r4024 r4025 107 107 108 108 def get_add_permission(self): 109 return 'add_%s' % self.object_name.lower() 109 from django.contrib.auth.models import Permission 110 codename = 'add_%s' % self.object_name.lower() 111 return Permission.objects.get( 112 content_type__app_label__exact=self.app_label, 113 codename=codename) 110 114 111 115 def get_change_permission(self): 112 return 'change_%s' % self.object_name.lower() 116 from django.contrib.auth.models import Permission 117 codename = 'change_%s' % self.object_name.lower() 118 return Permission.objects.get( 119 content_type__app_label__exact=self.app_label, 120 codename=codename) 113 121 114 122 def get_delete_permission(self): 115 return 'delete_%s' % self.object_name.lower() 123 from django.contrib.auth.models import Permission 124 codename = 'delete_%s' % self.object_name.lower() 125 return Permission.objects.get( 126 content_type__app_label__exact=self.app_label, 127 codename=codename) 116 128 117 129 def get_all_related_objects(self):
