Project

General

Profile

0001-data-delegate-permission-checking-to-mellon-when-ava.patch

Valentin Deniaud, 17 Jul 2019 05:18 PM

Download (4.37 KB)

View differences:

Subject: [PATCH 1/2] data: delegate permission checking to mellon when
 available

If a page requires roles the user doesn't currently have, we let them be
redirected by the middleware. In the case of a cell, we display a link
to the appropriate authentication page instead of the cell content.
 combo/data/models.py | 38 +++++++++++++++++++++++++++-----------
 combo/settings.py    |  1 +
 2 files changed, 28 insertions(+), 11 deletions(-)
combo/data/models.py
59 59
from combo import utils
60 60
from combo.utils import NothingInCacheException
61 61

  
62
if 'mellon' in settings.INSTALLED_APPS:
63
    from mellon.utils import user_has_roles, get_role_request_url
64
    from mellon.exceptions import RolesNotInSession
65
else:
66
    def user_has_roles(request, roles):
67
        return len(set(page_groups).intersection(request.user.groups.all())) > 0
68

  
62 69

  
63 70
class PostException(Exception):
64 71
    pass
65 72

  
66 73

  
67
def element_is_visible(element, user=None):
74
def element_is_visible(element, request=None):
68 75
    if element.public:
69 76
        if getattr(element, 'restricted_to_unlogged', None) is True:
70
            return (user is None or user.is_anonymous())
77
            return (request is None or request.user.is_anonymous())
71 78
        return True
72
    if user is None or user.is_anonymous():
79
    if request is None or request.user.is_anonymous():
73 80
        return False
74
    if user.is_superuser:
75
        return True
76 81
    page_groups = element.groups.all()
77 82
    if not page_groups:
78 83
        groups_ok = True
79 84
    else:
80
        groups_ok = len(set(page_groups).intersection(user.groups.all())) > 0
85
        groups_ok = user_has_roles(request, page_groups)
81 86
    if getattr(element, 'restricted_to_unlogged', None) is True:
82
        return not(groups_ok)
87
        return request.user.is_superuser or not(groups_ok)
83 88
    return groups_ok
84 89

  
85 90

  
......
338 343
            return _('Public')
339 344
        return _('Private (%s)') % ', '.join([x.name for x in self.groups.all()])
340 345

  
341
    def is_visible(self, user=None):
342
        return element_is_visible(self, user=user)
346
    def is_visible(self, request=None):
347
        return element_is_visible(self, request=request)
343 348

  
344 349
    def get_cells(self):
345 350
        return CellBase.get_cells(page=self)
......
669 674
    def get_extra_manager_context(self):
670 675
        return {}
671 676

  
672
    def is_visible(self, user=None):
673
        return element_is_visible(self, user=user)
677
    def is_visible(self, request=None):
678
        try:
679
            return element_is_visible(self, request=request)
680
        except RolesNotInSession as e:
681
            self.missing_roles = e.roles
682
            return True
674 683

  
675 684
    def is_relevant(self, context):
676 685
        '''Return whether it's relevant to render this cell in the page
......
689 698
        return {'cell': self}
690 699

  
691 700
    def render(self, context):
701
        if getattr(self, 'missing_roles', None):
702
            # je vois un context.get('request') plus bas, mais il faudrait que je sache
703
            # dans quel cas ca arrive avant de pouvoir le gerer proprement ici
704
            context['url'] = get_role_request_url(context['request'], self.missing_roles)
705
            context['title'] = _('Some permissions are missing in order to view this cell.')
706
            tmpl = template.loader.get_template('combo/link-cell.html')
707
            return tmpl.render(context, context['request'])
692 708
        context.update(self.get_cell_extra_context(context))
693 709
        template_names = ['combo/' + self._meta.model_name + '.html']
694 710
        base_template_name = self._meta.model_name + '.html'
combo/settings.py
239 239
        'mellon.backends.SAMLBackend',
240 240
        'django.contrib.auth.backends.ModelBackend',
241 241
    )
242
    MIDDLEWARE_CLASSES += ('mellon.middleware.RolesRequestMiddleware',)
242 243

  
243 244
LOGIN_URL = '/login/'
244 245
LOGIN_REDIRECT_URL = '/'
245
-