__init__.py 3.51 KB
Newer Older
1

2
from django.shortcuts import render
3
from django.http import HttpResponseForbidden, HttpResponseNotFound
Skia's avatar
Skia committed
4
from django.core.exceptions import PermissionDenied, ObjectDoesNotExist
5
from django.views.generic.base import View
Skia's avatar
Skia committed
6
from django.contrib.auth.forms import AuthenticationForm
7

8 9
from core.models import Group

10
def forbidden(request):
Skia's avatar
Skia committed
11 12
    return HttpResponseForbidden(render(request, "core/403.jinja", context={'next': request.path, 'form':
        AuthenticationForm()}))
13 14

def not_found(request):
15
    return HttpResponseNotFound(render(request, "core/404.jinja"))
16

17 18 19 20 21 22 23 24 25 26 27 28 29 30
def can_edit_prop(obj, user):
    if obj is None or user.is_owner(obj):
        return True
    return False

def can_edit(obj, user):
    if obj is None or user.can_edit(obj):
        return True
    return can_edit_prop(obj, user)

def can_view(obj, user):
    if obj is None or user.can_view(obj):
        return True
    return can_edit(obj, user)
31

32 33 34 35 36
class CanCreateMixin(View):
    """
    This view is made to protect any child view that would create an object, and thus, that can not be protected by any
    of the following mixin
    """
37 38 39 40
    def form_valid(self, form):
        obj = form.instance
        if can_edit_prop(obj, self.request.user):
            return super(CanCreateMixin, self).form_valid(form)
41 42
        raise PermissionDenied

43 44 45 46 47 48 49 50 51
class CanEditPropMixin(View):
    """
    This view is made to protect any child view that would be showing some properties of an object that are restricted
    to only the owner group of the given object.
    In other word, you can make a view with this view as parent, and it would be retricted to the users that are in the
    object's owner_group
    """
    def dispatch(self, request, *arg, **kwargs):
        res = super(CanEditPropMixin, self).dispatch(request, *arg, **kwargs)
52 53 54 55 56
        if hasattr(self, 'object'):
            obj = self.object
        elif hasattr(self, 'object_list'):
            obj = self.object_list[0] if self.object_list else None
        if can_edit_prop(obj, self.request.user):
57
            return res
Skia's avatar
Skia committed
58 59 60
        try: # Always unlock when 403
            self.object.unset_lock()
        except: pass
61
        raise PermissionDenied
62

Skia's avatar
Skia committed
63
class CanEditMixin(View):
64
    """
65
    This view makes exactly the same thing as its direct parent, but checks the group on the edit_groups field of the
66 67 68
    object
    """
    def dispatch(self, request, *arg, **kwargs):
Skia's avatar
Skia committed
69
        res = super(CanEditMixin, self).dispatch(request, *arg, **kwargs)
70 71 72 73 74
        if hasattr(self, 'object'):
            obj = self.object
        elif hasattr(self, 'object_list'):
            obj = self.object_list[0] if self.object_list else None
        if can_edit(obj, self.request.user):
Skia's avatar
Skia committed
75
            return res
Skia's avatar
Skia committed
76 77 78
        try: # Always unlock when 403
            self.object.unset_lock()
        except: pass
79
        raise PermissionDenied
80

Skia's avatar
Skia committed
81
class CanViewMixin(View):
82
    """
83
    This view still makes exactly the same thing as its direct parent, but checks the group on the view_groups field of
84 85 86
    the object
    """
    def dispatch(self, request, *arg, **kwargs):
Skia's avatar
Skia committed
87
        res = super(CanViewMixin, self).dispatch(request, *arg, **kwargs)
88 89 90 91 92
        if hasattr(self, 'object'):
            obj = self.object
        elif hasattr(self, 'object_list'):
            obj = self.object_list[0] if self.object_list else None
        if can_view(obj, self.request.user):
93
            return res
Skia's avatar
Skia committed
94 95 96
        try: # Always unlock when 403
            self.object.unset_lock()
        except: pass
97 98
        raise PermissionDenied

Skia's avatar
Skia committed
99 100 101
from .user import *
from .page import *
from .site import *
102
from .group import *