Commit dc37e79f authored by Skia's avatar Skia

WIP: Refactor permissions

parent f7bfd6da
...@@ -251,7 +251,7 @@ class Page(models.Model): ...@@ -251,7 +251,7 @@ class Page(models.Model):
raise AlreadyLocked("The page is already locked by someone else") raise AlreadyLocked("The page is already locked by someone else")
Page.lock_mutex[self.pk] = {'user': user, Page.lock_mutex[self.pk] = {'user': user,
'time': timezone.now()} 'time': timezone.now()}
# print("Locking page") print("Locking page")
def set_lock_recursive(self, user): def set_lock_recursive(self, user):
""" """
...@@ -264,7 +264,7 @@ class Page(models.Model): ...@@ -264,7 +264,7 @@ class Page(models.Model):
def unset_lock(self): def unset_lock(self):
"""Always try to unlock, even if there is no lock""" """Always try to unlock, even if there is no lock"""
Page.lock_mutex.pop(self.pk, None) Page.lock_mutex.pop(self.pk, None)
# print("Unlocking page") print("Unlocking page")
def get_lock(self): def get_lock(self):
""" """
......
from django.shortcuts import render from django.shortcuts import render
from django.http import HttpResponseForbidden from django.http import HttpResponseForbidden
from django.core.exceptions import PermissionDenied from django.core.exceptions import PermissionDenied, ObjectDoesNotExist
from django.views.generic.base import View from django.views.generic.base import View
from core.models import Group from core.models import Group
...@@ -31,6 +31,8 @@ class CanEditPropMixin(View): ...@@ -31,6 +31,8 @@ class CanEditPropMixin(View):
# all objects of a class if they are in the right group # all objects of a class if they are in the right group
if user.is_superuser or user.groups.filter(name=obj.owner_group.name).exists(): if user.is_superuser or user.groups.filter(name=obj.owner_group.name).exists():
return res return res
print("Guyuy")
self.object.unset_lock()
raise PermissionDenied raise PermissionDenied
return HttpResponseForbidden("403, Forbidden") return HttpResponseForbidden("403, Forbidden")
...@@ -43,19 +45,19 @@ class CanEditMixin(CanEditPropMixin): ...@@ -43,19 +45,19 @@ class CanEditMixin(CanEditPropMixin):
# TODO: WIP: fix permissions with exceptions! # TODO: WIP: fix permissions with exceptions!
try: try:
res = super(CanEditMixin, self).dispatch(request, *arg, **kwargs) res = super(CanEditMixin, self).dispatch(request, *arg, **kwargs)
return res
except PermissionDenied: except PermissionDenied:
pass pass
except: res = super(CanEditPropMixin, self).dispatch(request, *arg, **kwargs)
return res
obj = self.object obj = self.object
user = self.request.user user = self.request.user
if obj is None: if obj is None:
return res return res
for g in obj.edit_group.all(): for g in obj.edit_group.all():
if user.groups.filter(name=g.name).exists(): if user.groups.filter(name=g.name).exists():
return super(CanEditPropMixin, self).dispatch(request, *arg, **kwargs) return res
if isinstance(obj, User) and obj == user: if isinstance(obj, User) and obj == user:
return super(CanEditPropMixin, self).dispatch(request, *arg, **kwargs) return res
raise PermissionDenied raise PermissionDenied
return HttpResponseForbidden("403, Forbidden") return HttpResponseForbidden("403, Forbidden")
...@@ -67,19 +69,18 @@ class CanViewMixin(CanEditMixin): ...@@ -67,19 +69,18 @@ class CanViewMixin(CanEditMixin):
def dispatch(self, request, *arg, **kwargs): def dispatch(self, request, *arg, **kwargs):
try: try:
res = super(CanViewMixin, self).dispatch(request, *arg, **kwargs) res = super(CanViewMixin, self).dispatch(request, *arg, **kwargs)
return res
except PermissionDenied: except PermissionDenied:
pass pass
except: res = super(CanEditPropMixin, self).dispatch(request, *arg, **kwargs)
return res
obj = self.object obj = self.object
user = self.request.user user = self.request.user
if obj is None: if obj is None:
return res return res
for g in obj.view_group.all(): for g in obj.view_group.all():
if user.groups.filter(name=g.name).exists(): if user.groups.filter(name=g.name).exists():
return super(CanEditPropMixin, self).dispatch(request, *arg, **kwargs) return res
raise PermissionDenied raise PermissionDenied
return HttpResponseForbidden("403, Forbidden")
from .user import * from .user import *
from .page import * from .page import *
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment