Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
What's new
10
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Open sidebar
AE
Sith
Commits
475bff14
Commit
475bff14
authored
Dec 08, 2015
by
Skia
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Refactor rights handling
parent
dc37e79f
Changes
4
Hide whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
69 additions
and
43 deletions
+69
-43
core/models.py
core/models.py
+45
-3
core/templates/core/page_detail.html
core/templates/core/page_detail.html
+3
-1
core/views/__init__.py
core/views/__init__.py
+16
-39
core/views/page.py
core/views/page.py
+5
-0
No files found.
core/models.py
View file @
475bff14
...
...
@@ -135,6 +135,46 @@ class User(AbstractBaseUser, PermissionsMixin):
self
.
username
=
user_name
return
user_name
def
is_owner
(
self
,
obj
):
"""
Determine if the object is owned by the user
"""
# TODO: add permission scale validation, to allow some groups other than superuser to manipulate
# all objects of a class if they are in the right group
if
not
hasattr
(
obj
,
"owner_group"
):
return
False
if
self
.
is_superuser
or
self
.
groups
.
filter
(
name
=
obj
.
owner_group
.
name
).
exists
():
return
True
return
False
def
can_edit
(
self
,
obj
):
"""
Determine if the object can be edited by the user
"""
if
not
hasattr
(
obj
,
"edit_group"
):
return
False
if
self
.
is_owner
(
obj
):
return
True
for
g
in
obj
.
edit_group
.
all
():
if
self
.
groups
.
filter
(
name
=
g
.
name
).
exists
():
return
True
return
False
def
can_view
(
self
,
obj
):
"""
Determine if the object can be viewed by the user
"""
if
not
hasattr
(
obj
,
"view_group"
):
return
False
if
self
.
can_edit
(
obj
):
return
True
for
g
in
obj
.
view_group
.
all
():
if
self
.
groups
.
filter
(
name
=
g
.
name
).
exists
():
return
True
if
isinstance
(
obj
,
User
)
and
obj
==
self
:
return
True
return
False
class
LockError
(
Exception
):
"""There was a lock error on the object"""
pass
...
...
@@ -237,7 +277,7 @@ class Page(models.Model):
if
self
.
pk
not
in
Page
.
lock_mutex
.
keys
():
# print("Page mutex does not exists")
return
False
if
(
timezone
.
now
()
-
Page
.
lock_mutex
[
self
.
pk
][
'time'
])
>
timedelta
(
second
s
=
5
):
if
(
timezone
.
now
()
-
Page
.
lock_mutex
[
self
.
pk
][
'time'
])
>
timedelta
(
minute
s
=
5
):
# print("Lock timed out")
self
.
unset_lock
()
return
False
...
...
@@ -251,7 +291,7 @@ class Page(models.Model):
raise
AlreadyLocked
(
"The page is already locked by someone else"
)
Page
.
lock_mutex
[
self
.
pk
]
=
{
'user'
:
user
,
'time'
:
timezone
.
now
()}
print
(
"Locking page"
)
#
print("Locking page")
def
set_lock_recursive
(
self
,
user
):
"""
...
...
@@ -264,7 +304,7 @@ class Page(models.Model):
def
unset_lock
(
self
):
"""Always try to unlock, even if there is no lock"""
Page
.
lock_mutex
.
pop
(
self
.
pk
,
None
)
print
(
"Unlocking page"
)
#
print("Unlocking page")
def
get_lock
(
self
):
"""
...
...
@@ -322,6 +362,8 @@ class PageRev(models.Model):
return
self
.
page
.
edit_group
elif
attr
==
"view_group"
:
return
self
.
page
.
view_group
elif
attr
==
"unset_lock"
:
return
self
.
page
.
unset_lock
else
:
return
object
.
__getattribute__
(
self
,
attr
)
...
...
core/templates/core/page_detail.html
View file @
475bff14
...
...
@@ -3,8 +3,10 @@
{% block page %}
<h3>
Page
</h3>
<p><a
href=
"{% url 'core:page_list' %}"
>
Back to list
</a></p>
{% if
user.is_superuser
%}
{% if
can_edit
%}
<p><a
href=
"{% url 'core:page_edit' page.get_full_name %}"
>
Edit
</a></p>
{% endif %}
{% if can_edit_prop %}
<p><a
href=
"{% url 'core:page_prop' page.get_full_name %}"
>
Prop
</a></p>
{% endif %}
<p>
You're seeing the page
<strong>
{{ page.get_display_name }}
</strong>
-
...
...
core/views/__init__.py
View file @
475bff14
...
...
@@ -23,63 +23,40 @@ class CanEditPropMixin(View):
"""
def
dispatch
(
self
,
request
,
*
arg
,
**
kwargs
):
res
=
super
(
CanEditPropMixin
,
self
).
dispatch
(
request
,
*
arg
,
**
kwargs
)
obj
=
self
.
object
user
=
self
.
request
.
user
if
obj
is
None
:
if
self
.
object
is
None
or
self
.
request
.
user
.
is_owner
(
self
.
object
):
return
res
# TODO: add permission scale validation, to allow some groups other than superuser to manipulate
# all objects of a class if they are in the right group
if
user
.
is_superuser
or
user
.
groups
.
filter
(
name
=
obj
.
owner_group
.
name
).
exists
():
return
res
print
(
"Guyuy"
)
self
.
object
.
unset_lock
()
try
:
# Always unlock when 403
self
.
object
.
unset_lock
()
except
:
pass
raise
PermissionDenied
return
HttpResponseForbidden
(
"403, Forbidden"
)
class
CanEditMixin
(
CanEditPropMixin
):
class
CanEditMixin
(
View
):
"""
This view makes exactly the same this as its direct parent, but checks the group on the edit_group field of the
object
"""
def
dispatch
(
self
,
request
,
*
arg
,
**
kwargs
):
# TODO: WIP: fix permissions with exceptions!
try
:
res
=
super
(
CanEditMixin
,
self
).
dispatch
(
request
,
*
arg
,
**
kwargs
)
return
res
except
PermissionDenied
:
pass
res
=
super
(
CanEditPropMixin
,
self
).
dispatch
(
request
,
*
arg
,
**
kwargs
)
obj
=
self
.
object
user
=
self
.
request
.
user
if
obj
is
None
:
return
res
for
g
in
obj
.
edit_group
.
all
():
if
user
.
groups
.
filter
(
name
=
g
.
name
).
exists
():
return
res
if
isinstance
(
obj
,
User
)
and
obj
==
user
:
res
=
super
(
CanEditMixin
,
self
).
dispatch
(
request
,
*
arg
,
**
kwargs
)
if
self
.
object
is
None
or
self
.
request
.
user
.
can_edit
(
self
.
object
):
return
res
try
:
# Always unlock when 403
self
.
object
.
unset_lock
()
except
:
pass
raise
PermissionDenied
return
HttpResponseForbidden
(
"403, Forbidden"
)
class
CanViewMixin
(
CanEditMixin
):
class
CanViewMixin
(
View
):
"""
This view still makes exactly the same this as its direct parent, but checks the group on the view_group field of
the object
"""
def
dispatch
(
self
,
request
,
*
arg
,
**
kwargs
):
try
:
res
=
super
(
CanViewMixin
,
self
).
dispatch
(
request
,
*
arg
,
**
kwargs
)
return
res
except
PermissionDenied
:
pass
res
=
super
(
CanEditPropMixin
,
self
).
dispatch
(
request
,
*
arg
,
**
kwargs
)
obj
=
self
.
object
user
=
self
.
request
.
user
if
obj
is
None
:
res
=
super
(
CanViewMixin
,
self
).
dispatch
(
request
,
*
arg
,
**
kwargs
)
if
self
.
object
is
None
or
self
.
request
.
user
.
can_view
(
self
.
object
):
return
res
for
g
in
obj
.
view_group
.
all
():
if
user
.
groups
.
filter
(
name
=
g
.
name
).
exists
()
:
return
re
s
try
:
# Always unlock when 403
self
.
object
.
unset_lock
()
except
:
pas
s
raise
PermissionDenied
from
.user
import
*
...
...
core/views/page.py
View file @
475bff14
...
...
@@ -27,6 +27,11 @@ class PageView(CanViewMixin, DetailView):
context
=
super
(
PageView
,
self
).
get_context_data
(
**
kwargs
)
if
"page"
not
in
context
.
keys
():
context
[
'new_page'
]
=
self
.
kwargs
[
'page_name'
]
if
self
.
request
.
user
.
is_owner
(
self
.
object
):
context
[
'can_edit_prop'
]
=
True
if
self
.
request
.
user
.
can_edit
(
self
.
object
):
context
[
'can_edit'
]
=
True
return
context
class
PageHistView
(
CanViewMixin
,
DetailView
):
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment