0006-manager-handle-special-cases-of-access-control-33515.patch
| src/authentic2/manager/ou_views.py | ||
|---|---|---|
|
def authorize(self, request, *args, **kwargs):
|
||
|
super(OrganizationalUnitDetailView, self).authorize(request, *args, **kwargs)
|
||
|
self.can_delete = self.can_delete and not self.object.default
|
||
|
self.could_delete = self.could_delete and not self.object.default
|
||
|
detail = OrganizationalUnitDetailView.as_view()
|
||
| src/authentic2/manager/role_views.py | ||
|---|---|---|
|
from django.core.urlresolvers import reverse
|
||
|
from django.contrib.auth import get_user_model
|
||
|
from django_rbac.exceptions import InsufficientAuthLevel
|
||
|
from django_rbac.utils import get_role_model, get_permission_model, get_ou_model
|
||
|
from authentic2.utils import redirect
|
||
|
from authentic2 import hooks, data_transfer
|
||
|
from . import tables, views, resources, forms, app_settings
|
||
|
from . import tables, views, resources, forms, app_settings, utils
|
||
|
class RolesMixin(object):
|
||
| ... | ... | |
|
def authorize(self, request, *args, **kwargs):
|
||
|
super(RolesView, self).authorize(request, *args, **kwargs)
|
||
|
self.can_add = bool(request.user.ous_with_perm('a2_rbac.add_role'))
|
||
|
self.could_add = bool(request.user.ous_with_perm('a2_rbac.add_role'))
|
||
|
listing = RolesView.as_view()
|
||
| ... | ... | |
|
hooks.call_hooks('event', name='manager-remove-role-member',
|
||
|
user=self.request.user, role=self.object, member=user)
|
||
|
else:
|
||
|
if self.could_change:
|
||
|
return utils.increase_auth_level(self.request)
|
||
|
messages.warning(self.request, _('You are not authorized'))
|
||
|
return super(RoleMembersView, self).form_valid(form)
|
||
| ... | ... | |
|
def post(self, request, *args, **kwargs):
|
||
|
if not self.can_delete:
|
||
|
if self.could_delete:
|
||
|
return utils.increase_auth_level(self.request)
|
||
|
raise PermissionDenied
|
||
|
return super(RoleDeleteView, self).post(request, *args, **kwargs)
|
||
| ... | ... | |
|
hooks.call_hooks('event', name='manager-remove-permission',
|
||
|
user=self.request.user, role=self.object, permission=perm)
|
||
|
else:
|
||
|
if self.could_change:
|
||
|
return utils.increase_auth_level(self.request)
|
||
|
messages.warning(self.request, _('You are not authorized'))
|
||
|
return super(RolePermissionsView, self).form_valid(form)
|
||
| src/authentic2/manager/utils.py | ||
|---|---|---|
|
from django_rbac.utils import get_ou_model
|
||
|
from authentic2.decorators import GlobalCache
|
||
|
from authentic2.utils import login_require
|
||
|
def label_from_user(user):
|
||
| ... | ... | |
|
@GlobalCache(timeout=10)
|
||
|
def get_ou_count():
|
||
|
return get_ou_model().objects.count()
|
||
|
def increase_auth_level(request):
|
||
|
current_auth_level = request.session.get('auth_level', 1)
|
||
|
return login_require(request, params={'auth_level': current_auth_level + 1})
|
||
| src/authentic2/manager/views.py | ||
|---|---|---|
|
from authentic2.data_transfer import export_site, import_site, DataImportError, ImportContext
|
||
|
from authentic2.forms.profile import modelform_factory
|
||
|
from authentic2.utils import redirect, batch_queryset, login_require
|
||
|
from authentic2.utils import redirect, batch_queryset
|
||
|
from authentic2.decorators import json as json_view
|
||
|
from authentic2 import hooks
|
||
| ... | ... | |
|
try:
|
||
|
response = self.authorize(request, *args, **kwargs)
|
||
|
except InsufficientAuthLevel:
|
||
|
current_auth_level = request.session.get('auth_level', 1)
|
||
|
return login_require(request, params={'auth_level': current_auth_level + 1})
|
||
|
return utils.increase_auth_level(request)
|
||
|
if response is not None:
|
||
|
return response
|
||
|
return super(PermissionMixin, self).dispatch(request, *args, **kwargs)
|
||