__init__.py 3.53 KB
Newer Older
1

2
from django.shortcuts import render
3
from django.http import HttpResponseForbidden, HttpResponseNotFound
Skia's avatar
Skia committed
4
from django.core.exceptions import PermissionDenied, ObjectDoesNotExist
5
from django.views.generic.base import View
Skia's avatar
Skia committed
6
from django.contrib.auth.forms import AuthenticationForm
7

8
9
from core.models import Group

10
def forbidden(request):
Skia's avatar
Skia committed
11
12
    return HttpResponseForbidden(render(request, "core/403.jinja", context={'next': request.path, 'form':
        AuthenticationForm()}))
13
14

def not_found(request):
15
    return HttpResponseNotFound(render(request, "core/404.jinja"))
16

Skia's avatar
Skia committed
17
18
19
20
21
22
23
24
25
26
27
28
29
30
def can_edit_prop(obj, user):
    if obj is None or user.is_owner(obj):
        return True
    return False

def can_edit(obj, user):
    if obj is None or user.can_edit(obj):
        return True
    return can_edit_prop(obj, user)

def can_view(obj, user):
    if obj is None or user.can_view(obj):
        return True
    return can_edit(obj, user)
31

32
33
34
35
36
class CanCreateMixin(View):
    """
    This view is made to protect any child view that would create an object, and thus, that can not be protected by any
    of the following mixin
    """
37
38
39
40
    def form_valid(self, form):
        obj = form.instance
        if can_edit_prop(obj, self.request.user):
            return super(CanCreateMixin, self).form_valid(form)
41
42
        raise PermissionDenied

43
44
45
46
47
48
49
50
51
class CanEditPropMixin(View):
    """
    This view is made to protect any child view that would be showing some properties of an object that are restricted
    to only the owner group of the given object.
    In other word, you can make a view with this view as parent, and it would be retricted to the users that are in the
    object's owner_group
    """
    def dispatch(self, request, *arg, **kwargs):
        res = super(CanEditPropMixin, self).dispatch(request, *arg, **kwargs)
Skia's avatar
Skia committed
52
53
54
55
56
        if hasattr(self, 'object'):
            obj = self.object
        elif hasattr(self, 'object_list'):
            obj = self.object_list[0] if self.object_list else None
        if can_edit_prop(obj, self.request.user):
57
            return res
Skia's avatar
Skia committed
58
59
60
        try: # Always unlock when 403
            self.object.unset_lock()
        except: pass
61
        raise PermissionDenied
62

Skia's avatar
Skia committed
63
class CanEditMixin(View):
64
    """
65
    This view makes exactly the same thing as its direct parent, but checks the group on the edit_groups field of the
66
67
68
    object
    """
    def dispatch(self, request, *arg, **kwargs):
Skia's avatar
Skia committed
69
        res = super(CanEditMixin, self).dispatch(request, *arg, **kwargs)
Skia's avatar
Skia committed
70
71
72
73
74
        if hasattr(self, 'object'):
            obj = self.object
        elif hasattr(self, 'object_list'):
            obj = self.object_list[0] if self.object_list else None
        if can_edit(obj, self.request.user):
Skia's avatar
Skia committed
75
            return res
Skia's avatar
Skia committed
76
77
78
        try: # Always unlock when 403
            self.object.unset_lock()
        except: pass
79
        raise PermissionDenied
80

Skia's avatar
Skia committed
81
class CanViewMixin(View):
82
    """
83
    This view still makes exactly the same thing as its direct parent, but checks the group on the view_groups field of
84
85
86
    the object
    """
    def dispatch(self, request, *arg, **kwargs):
Skia's avatar
Skia committed
87
        res = super(CanViewMixin, self).dispatch(request, *arg, **kwargs)
Skia's avatar
Skia committed
88
89
90
91
92
        if hasattr(self, 'object'):
            obj = self.object
        elif hasattr(self, 'object_list'):
            obj = self.object_list[0] if self.object_list else None
        if can_view(obj, self.request.user):
93
            return res
Skia's avatar
Skia committed
94
95
96
        try: # Always unlock when 403
            self.object.unset_lock()
        except: pass
97
98
        raise PermissionDenied

Skia's avatar
Skia committed
99
100
101
from .user import *
from .page import *
from .site import *
102
from .group import *
103
from .api import *
104