342 |
342 |
def is_internal(self):
|
343 |
343 |
return self.slug.startswith('_')
|
344 |
344 |
|
|
345 |
def add_permission(self, model_or_instance, operation_tpl, ou=None):
|
|
346 |
if isinstance(operation_tpl, str):
|
|
347 |
operation = Operation.objects.get(slug=operation_tpl)
|
|
348 |
else:
|
|
349 |
operation = rbac_utils.get_operation(operation_tpl)
|
|
350 |
if isinstance(model_or_instance, models.Model):
|
|
351 |
target_ct = ContentType.objects.get_for_model(model_or_instance)
|
|
352 |
target_id = model_or_instance.pk
|
|
353 |
elif issubclass(model_or_instance, models.Model):
|
|
354 |
target_ct = ContentType.objects.get_for_model(ContentType)
|
|
355 |
target_id = ContentType.objects.get_for_model(model_or_instance).pk
|
|
356 |
else:
|
|
357 |
raise ValueError('invalid model_or_instance')
|
|
358 |
permission, _ = Permission.objects.get_or_create(
|
|
359 |
operation=operation, target_ct=target_ct, target_id=target_id, ou=ou
|
|
360 |
)
|
|
361 |
self.permissions.add(permission)
|
|
362 |
|
|
363 |
def remove_permission(self, model_or_instance, operation_tpl, ou=None):
|
|
364 |
if isinstance(operation_tpl, str):
|
|
365 |
operation = Operation.objects.get(slug=operation_tpl)
|
|
366 |
else:
|
|
367 |
operation = rbac_utils.get_operation(operation_tpl)
|
|
368 |
if isinstance(model_or_instance, models.Model):
|
|
369 |
target_ct = ContentType.objects.get_for_model(model_or_instance)
|
|
370 |
target_id = model_or_instance.pk
|
|
371 |
elif issubclass(model_or_instance, models.Model):
|
|
372 |
target_ct = ContentType.objects.get_for_model(ContentType)
|
|
373 |
target_id = ContentType.objects.get_for_model(model_or_instance).pk
|
|
374 |
else:
|
|
375 |
raise ValueError('invalid model_or_instance')
|
|
376 |
qs = Permission.objects.filter(
|
|
377 |
permission__target_ct=target_ct, permission__target_id=target_id, operation=operation
|
|
378 |
)
|
|
379 |
if ou:
|
|
380 |
qs = qs.filter(ou=ou)
|
|
381 |
else:
|
|
382 |
qs = qs.filter(ou__isnull=True)
|
|
383 |
self.permissions.through.filter(permission__in=qs).delete()
|
|
384 |
|
345 |
385 |
objects = managers.RoleManager()
|
346 |
386 |
|
347 |
387 |
class Meta:
|
348 |
|
-
|