38 |
38 |
|
39 |
39 |
from gadjo.templatetags.gadjo import xstatic
|
40 |
40 |
|
|
41 |
from django_rbac.exceptions import InsufficientAuthLevel
|
41 |
42 |
from django_rbac.utils import get_ou_model
|
42 |
43 |
|
43 |
44 |
from authentic2.data_transfer import export_site, import_site, DataImportError, ImportContext
|
... | ... | |
102 |
103 |
'''Control access to views based on permissions'''
|
103 |
104 |
permissions = None
|
104 |
105 |
|
|
106 |
@staticmethod
|
|
107 |
def can_and_could(user, perm, auth_level, obj=None):
|
|
108 |
try:
|
|
109 |
can = could = user.has_perm(perm, obj, auth_level=auth_level) if obj \
|
|
110 |
else user.has_perm_any(perm, auth_level=auth_level)
|
|
111 |
except InsufficientAuthLevel:
|
|
112 |
can = False
|
|
113 |
could = True
|
|
114 |
return can, could
|
|
115 |
|
105 |
116 |
def authorize(self, request, *args, **kwargs):
|
106 |
117 |
auth_level = request.session.get('auth_level', 1)
|
107 |
118 |
if hasattr(self, 'model'):
|
108 |
119 |
app_label = self.model._meta.app_label
|
109 |
120 |
model_name = self.model._meta.model_name
|
110 |
121 |
add_perm = '%s.add_%s' % (app_label, model_name)
|
111 |
|
self.can_add = request.user.has_perm_any(add_perm)
|
|
122 |
self.can_add, self.could_add = \
|
|
123 |
self.can_and_could(request.user, add_perm, auth_level)
|
112 |
124 |
if hasattr(self, 'get_object') \
|
113 |
125 |
and ((hasattr(self, 'pk_url_kwarg')
|
114 |
126 |
and self.pk_url_kwarg in self.kwargs)
|
115 |
127 |
or (hasattr(self, 'slug_url_kwarg')
|
116 |
128 |
and self.slug_url_kwarg in self.kwargs)):
|
117 |
129 |
self.object = self.get_object()
|
118 |
|
view_perm = '%s.view_%s' % (app_label, model_name)
|
119 |
|
change_perm = '%s.change_%s' % (app_label, model_name)
|
120 |
|
delete_perm = '%s.delete_%s' % (app_label, model_name)
|
121 |
|
self.can_view = request.user.has_perm(view_perm, self.object)
|
122 |
|
self.can_change = request.user.has_perm(change_perm,
|
123 |
|
self.object)
|
124 |
|
self.can_delete = request.user.has_perm(delete_perm,
|
125 |
|
self.object)
|
|
130 |
actions = ('view', 'change', 'delete')
|
|
131 |
for action in actions:
|
|
132 |
perm = '%s.%s_%s' % (app_label, action, model_name)
|
|
133 |
can, could = self.can_and_could(request.user, perm, auth_level,
|
|
134 |
self.object)
|
|
135 |
setattr(self, 'can_' + action, can)
|
|
136 |
setattr(self, 'could_' + action, could)
|
126 |
137 |
if self.permissions \
|
127 |
138 |
and not request.user.has_perms(
|
128 |
139 |
self.permissions, self.object, auth_level=auth_level):
|
129 |
|
-
|