Code

Changes between Version 2 and Version 3 of RowLevelPermissionsDeveloper


Ignore:
Timestamp:
08/06/06 13:00:05 (8 years ago)
Author:
clong
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • RowLevelPermissionsDeveloper

    v2 v3  
    88#!python 
    99class RowLevelPermission(models.Model): 
    10     type_id = models.PositiveIntegerField("'Type' ID") 
    11     type_ct = models.ForeignKey(ContentType, verbose_name="'Type' content type", related_name="type_ct") 
     10    model_id = models.PositiveIntegerField("'Type' ID") 
     11    model_ct = models.ForeignKey(ContentType, verbose_name="'Type' content model", related_name="model_ct") 
    1212    owner_id = models.PositiveIntegerField("'Owner' ID") 
    13     owner_ct = models.ForeignKey(ContentType, verbose_name="'Owner' content type", related_name="owner_ct") 
     13    owner_ct = models.ForeignKey(ContentType, verbose_name="'Owner' content model", related_name="owner_ct") 
    1414    negative = models.BooleanField() 
    1515    permission = models.ForeignKey(Permission) 
    1616     
    17     type = models.GenericForeignKey(fk_field='type_id', ct_field='type_ct') 
     17    model = models.GenericForeignKey(fk_field='model_id', ct_field='model_ct') 
    1818    owner = models.GenericForeignKey(fk_field='owner_id', ct_field='owner_ct') 
    1919     
     
    2323        verbose_name = _('row level permission') 
    2424        verbose_name_plural = _('row level permissions') 
    25         unique_together = (('type_ct', 'type_id', 'owner_id', 'owner_ct', 'permission'),)         
     25        unique_together = (('model_ct', 'model_id', 'owner_id', 'owner_ct', 'permission'),)         
    2626}}} 
    2727 
     
    3636        if getattr(new_class._meta, 'row_level_permissions', None): 
    3737            from django.contrib.auth.models import RowLevelPermission 
    38             gen_rel = django.db.models.GenericRelation(RowLevelPermission, object_id_field="type_id", content_type_field="type_ct") 
     38            gen_rel = django.db.models.GenericRelation(RowLevelPermission, object_id_field="model_id", content_model_field="model_ct") 
    3939            new_class.add_to_class("row_level_permissions", gen_rel) 
    4040}}} 
     
    4848#!python 
    4949... 
    50 row_level_permissions_owned = models.GenericRelation(RowLevelPermission, object_id_field="owner_id", content_type_field="owner_ct", related_name="owner") 
     50row_level_permissions_owned = models.GenericRelation(RowLevelPermission, object_id_field="owner_id", content_model_field="owner_ct", related_name="owner") 
    5151... 
    5252}}} 
     
    5656== Checking of Row Level Permissions ==  
    5757 
    58 To be added soon. 
     58Checking of RLP are done in the following order: User RLP->Group RLP->User Model Level->Group Model Level. Stopping at the first positive or negative. 
     59 
     60The has_perm method has been modified to now check for row level permissions and has an optional parameter for a model instance, which is required to check row level permissions. 
     61 
     62{{{ 
     63#!python 
     64    def has_perm(self, perm, object=None): 
     65        "Returns True if the user has the specified permission." 
     66        if not self.is_active: 
     67            return False 
     68        if self.is_superuser: 
     69            return True 
     70        if object and object._meta.row_level_permissions: 
     71            row_level_permission = self.check_row_level_permission(perm, object) 
     72            if row_level_permission is not None: 
     73                return row_level_permission 
     74        return perm in self.get_all_permissions() 
     75}}} 
     76 
     77The check_row_level_permission checks the user RLPs first and then checks the group RLPs. The user RLPs are determined by using a filter method. The group RLP uses an SQL query that works out to be: 
     78 
     79{{{ 
     80#!sql 
     81SELECT rlp."negative"  
     82        FROM "auth_user_groups" ug, "auth_rowlevelpermission" rlp  
     83        WHERE rlp."owner_id"=ug."group_id"  
     84        AND ug."user_id"=%s         
     85        AND rlp."owner_ct_id"=%s 
     86        AND rlp."model_id"=%s 
     87        AND rlp."model_ct_id"=%s 
     88        AND rlp."permission_id"=%s; 
     89}}} 
    5990 
    6091== Integration into Administration Application ==