1 |
1 |
import copy
|
2 |
2 |
import functools
|
3 |
3 |
|
|
4 |
from django.apps import apps
|
4 |
5 |
from django.conf import settings
|
5 |
6 |
from django.contrib.contenttypes.models import ContentType
|
6 |
7 |
from django.core.exceptions import FieldDoesNotExist
|
|
8 |
from django.db import models
|
7 |
9 |
from django.db.models.query import Q
|
8 |
10 |
|
9 |
11 |
from . import utils
|
... | ... | |
20 |
22 |
return field.related_model
|
21 |
23 |
|
22 |
24 |
|
|
25 |
_MODEL_INHERITANCE = None
|
|
26 |
|
|
27 |
|
|
28 |
def get_model_inheritance():
|
|
29 |
global _MODEL_INHERITANCE
|
|
30 |
|
|
31 |
if _MODEL_INHERITANCE is not None:
|
|
32 |
return _MODEL_INHERITANCE
|
|
33 |
_MODEL_INHERITANCE = {}
|
|
34 |
for app in apps.get_app_configs():
|
|
35 |
for model in app.get_models():
|
|
36 |
for parent in model.__bases__:
|
|
37 |
if issubclass(parent, models.Model):
|
|
38 |
_MODEL_INHERITANCE.setdefault(parent, set()).add(model)
|
|
39 |
|
|
40 |
|
|
41 |
def get_model_child_classes(model):
|
|
42 |
return get_model_inheritance().get(model) or ()
|
|
43 |
|
|
44 |
|
23 |
45 |
class DjangoRBACBackend:
|
24 |
46 |
_DEFAULT_DJANGO_RBAC_PERMISSIONS_HIERARCHY = {
|
25 |
47 |
'view': ['search'],
|
... | ... | |
59 |
81 |
target = ContentType.objects.get_for_id(permission.target_id)
|
60 |
82 |
app_label = target.app_label
|
61 |
83 |
model = target.model
|
|
84 |
model_child_classes = get_model_child_classes(target.model_class)
|
62 |
85 |
if permission.ou_id:
|
63 |
86 |
key = 'ou.%s' % permission.ou_id
|
64 |
87 |
else:
|
... | ... | |
66 |
89 |
else:
|
67 |
90 |
app_label = target_ct.app_label
|
68 |
91 |
model = target_ct.model
|
|
92 |
model_child_classes = get_model_child_classes(target_ct.model_class)
|
69 |
93 |
key = '%s.%s' % (permission.target_ct_id, permission.target_id)
|
70 |
94 |
slug = permission.operation.slug
|
71 |
|
perms = [str('%s.%s_%s' % (app_label, slug, model))]
|
|
95 |
perms = ['%s.%s_%s' % (app_label, slug, model)]
|
|
96 |
for model_child_class in model_child_classes:
|
|
97 |
perms.append(
|
|
98 |
f'{model_child_class._meta.app_label}.{slug}_{model_child_class._meta.model_name}'
|
|
99 |
)
|
72 |
100 |
perm_hierarchy = getattr(
|
73 |
101 |
settings,
|
74 |
102 |
'DJANGO_RBAC_PERMISSIONS_HIERARCHY',
|
... | ... | |
77 |
105 |
if slug in perm_hierarchy:
|
78 |
106 |
for other_perm in perm_hierarchy[slug]:
|
79 |
107 |
perms.append(str('%s.%s_%s' % (app_label, other_perm, model)))
|
|
108 |
for model_child_class in model_child_classes:
|
|
109 |
for other_perm in perm_hierarchy[slug]:
|
|
110 |
perms.append(
|
|
111 |
f'{model_child_class._meta.app_label}.{other_perm}_{model_child_class._meta.model_name}'
|
|
112 |
)
|
80 |
113 |
permissions = perms_cache.setdefault(key, set())
|
81 |
114 |
permissions.update(perms)
|
82 |
115 |
# optimization for has_module_perms
|
83 |
|
-
|