Changes between Version 2 and Version 3 of RowLevelPermissionsDeveloper


Ignore:
Timestamp:
08/06/2006 03:00:05 PM (9 years ago)
Author:
clong
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • RowLevelPermissionsDeveloper

    v2 v3  
    88#!python
    99class RowLevelPermission(models.Model):
    10     type_id = models.PositiveIntegerField("'Type' ID")
    11     type_ct = models.ForeignKey(ContentType, verbose_name="'Type' content type", related_name="type_ct")
     10    model_id = models.PositiveIntegerField("'Type' ID")
     11    model_ct = models.ForeignKey(ContentType, verbose_name="'Type' content model", related_name="model_ct")
    1212    owner_id = models.PositiveIntegerField("'Owner' ID")
    13     owner_ct = models.ForeignKey(ContentType, verbose_name="'Owner' content type", related_name="owner_ct")
     13    owner_ct = models.ForeignKey(ContentType, verbose_name="'Owner' content model", related_name="owner_ct")
    1414    negative = models.BooleanField()
    1515    permission = models.ForeignKey(Permission)
    1616   
    17     type = models.GenericForeignKey(fk_field='type_id', ct_field='type_ct')
     17    model = models.GenericForeignKey(fk_field='model_id', ct_field='model_ct')
    1818    owner = models.GenericForeignKey(fk_field='owner_id', ct_field='owner_ct')
    1919   
     
    2323        verbose_name = _('row level permission')
    2424        verbose_name_plural = _('row level permissions')
    25         unique_together = (('type_ct', 'type_id', 'owner_id', 'owner_ct', 'permission'),)       
     25        unique_together = (('model_ct', 'model_id', 'owner_id', 'owner_ct', 'permission'),)       
    2626}}}
    2727
     
    3636        if getattr(new_class._meta, 'row_level_permissions', None):
    3737            from django.contrib.auth.models import RowLevelPermission
    38             gen_rel = django.db.models.GenericRelation(RowLevelPermission, object_id_field="type_id", content_type_field="type_ct")
     38            gen_rel = django.db.models.GenericRelation(RowLevelPermission, object_id_field="model_id", content_model_field="model_ct")
    3939            new_class.add_to_class("row_level_permissions", gen_rel)
    4040}}}
     
    4848#!python
    4949...
    50 row_level_permissions_owned = models.GenericRelation(RowLevelPermission, object_id_field="owner_id", content_type_field="owner_ct", related_name="owner")
     50row_level_permissions_owned = models.GenericRelation(RowLevelPermission, object_id_field="owner_id", content_model_field="owner_ct", related_name="owner")
    5151...
    5252}}}
     
    5656== Checking of Row Level Permissions ==
    5757
    58 To be added soon.
     58Checking of RLP are done in the following order: User RLP->Group RLP->User Model Level->Group Model Level. Stopping at the first positive or negative.
     59
     60The has_perm method has been modified to now check for row level permissions and has an optional parameter for a model instance, which is required to check row level permissions.
     61
     62{{{
     63#!python
     64    def has_perm(self, perm, object=None):
     65        "Returns True if the user has the specified permission."
     66        if not self.is_active:
     67            return False
     68        if self.is_superuser:
     69            return True
     70        if object and object._meta.row_level_permissions:
     71            row_level_permission = self.check_row_level_permission(perm, object)
     72            if row_level_permission is not None:
     73                return row_level_permission
     74        return perm in self.get_all_permissions()
     75}}}
     76
     77The check_row_level_permission checks the user RLPs first and then checks the group RLPs. The user RLPs are determined by using a filter method. The group RLP uses an SQL query that works out to be:
     78
     79{{{
     80#!sql
     81SELECT rlp."negative"
     82        FROM "auth_user_groups" ug, "auth_rowlevelpermission" rlp
     83        WHERE rlp."owner_id"=ug."group_id"
     84        AND ug."user_id"=%s       
     85        AND rlp."owner_ct_id"=%s
     86        AND rlp."model_id"=%s
     87        AND rlp."model_ct_id"=%s
     88        AND rlp."permission_id"=%s;
     89}}}
    5990
    6091== Integration into Administration Application ==
Back to Top