| 1 |
1 |
import copy
|
| 2 |
2 |
import functools
|
| 3 |
3 |
|
|
4 |
from django.apps import apps
|
| 4 |
5 |
from django.conf import settings
|
| 5 |
6 |
from django.contrib.contenttypes.models import ContentType
|
| 6 |
7 |
from django.core.exceptions import FieldDoesNotExist
|
|
8 |
from django.db import models
|
| 7 |
9 |
from django.db.models.query import Q
|
| 8 |
10 |
|
| 9 |
11 |
from . import utils
|
| ... | ... | |
| 20 |
22 |
return field.related_model
|
| 21 |
23 |
|
| 22 |
24 |
|
|
25 |
_MODEL_INHERITANCE = None
|
|
26 |
|
|
27 |
|
|
28 |
def get_model_inheritance():
|
|
29 |
global _MODEL_INHERITANCE
|
|
30 |
|
|
31 |
if _MODEL_INHERITANCE is not None:
|
|
32 |
return _MODEL_INHERITANCE
|
|
33 |
_MODEL_INHERITANCE = {}
|
|
34 |
for app in apps.get_app_configs():
|
|
35 |
for model in app.get_models():
|
|
36 |
for parent in model.__bases__:
|
|
37 |
if issubclass(parent, models.Model):
|
|
38 |
_MODEL_INHERITANCE.setdefault(parent, set()).add(model)
|
|
39 |
|
|
40 |
|
|
41 |
def get_model_child_classes(model):
|
|
42 |
return get_model_inheritance().get(model) or ()
|
|
43 |
|
|
44 |
|
| 23 |
45 |
class DjangoRBACBackend:
|
| 24 |
46 |
_DEFAULT_DJANGO_RBAC_PERMISSIONS_HIERARCHY = {
|
| 25 |
47 |
'view': ['search'],
|
| ... | ... | |
| 59 |
81 |
target = ContentType.objects.get_for_id(permission.target_id)
|
| 60 |
82 |
app_label = target.app_label
|
| 61 |
83 |
model = target.model
|
|
84 |
model_child_classes = get_model_child_classes(target.model_class)
|
| 62 |
85 |
if permission.ou_id:
|
| 63 |
86 |
key = 'ou.%s' % permission.ou_id
|
| 64 |
87 |
else:
|
| ... | ... | |
| 66 |
89 |
else:
|
| 67 |
90 |
app_label = target_ct.app_label
|
| 68 |
91 |
model = target_ct.model
|
|
92 |
model_child_classes = get_model_child_classes(target_ct.model_class)
|
| 69 |
93 |
key = '%s.%s' % (permission.target_ct_id, permission.target_id)
|
| 70 |
94 |
slug = permission.operation.slug
|
| 71 |
|
perms = [str('%s.%s_%s' % (app_label, slug, model))]
|
|
95 |
perms = ['%s.%s_%s' % (app_label, slug, model)]
|
|
96 |
for model_child_class in model_child_classes:
|
|
97 |
perms.append(
|
|
98 |
f'{model_child_class._meta.app_label}.{slug}_{model_child_class._meta.model_name}'
|
|
99 |
)
|
| 72 |
100 |
perm_hierarchy = getattr(
|
| 73 |
101 |
settings,
|
| 74 |
102 |
'DJANGO_RBAC_PERMISSIONS_HIERARCHY',
|
| ... | ... | |
| 77 |
105 |
if slug in perm_hierarchy:
|
| 78 |
106 |
for other_perm in perm_hierarchy[slug]:
|
| 79 |
107 |
perms.append(str('%s.%s_%s' % (app_label, other_perm, model)))
|
|
108 |
for model_child_class in model_child_classes:
|
|
109 |
for other_perm in perm_hierarchy[slug]:
|
|
110 |
perms.append(
|
|
111 |
f'{model_child_class._meta.app_label}.{other_perm}_{model_child_class._meta.model_name}'
|
|
112 |
)
|
| 80 |
113 |
permissions = perms_cache.setdefault(key, set())
|
| 81 |
114 |
permissions.update(perms)
|
| 82 |
115 |
# optimization for has_module_perms
|
| 83 |
|
-
|