Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
What's new
10
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Open sidebar
AE
Sith
Commits
e3cbe703
Commit
e3cbe703
authored
Dec 08, 2015
by
Skia
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
WIP: Improve many views and a bit user permissions (idea for class scale perm)
parent
475bff14
Changes
10
Hide whitespace changes
Inline
Side-by-side
Showing
10 changed files
with
114 additions
and
11 deletions
+114
-11
core/migrations/0018_auto_20151208_1558.py
core/migrations/0018_auto_20151208_1558.py
+18
-0
core/migrations/0019_auto_20151208_1604.py
core/migrations/0019_auto_20151208_1604.py
+18
-0
core/migrations/0020_auto_20151208_1621.py
core/migrations/0020_auto_20151208_1621.py
+18
-0
core/models.py
core/models.py
+10
-5
core/templates/core/base.html
core/templates/core/base.html
+8
-0
core/templates/core/user_detail.html
core/templates/core/user_detail.html
+8
-2
core/templates/core/user_tools.html
core/templates/core/user_tools.html
+20
-0
core/urls.py
core/urls.py
+5
-2
core/views/forms.py
core/views/forms.py
+3
-1
core/views/user.py
core/views/user.py
+6
-1
No files found.
core/migrations/0018_auto_20151208_1558.py
0 → 100644
View file @
e3cbe703
# -*- coding: utf-8 -*-
from
__future__
import
unicode_literals
from
django.db
import
migrations
,
models
class
Migration
(
migrations
.
Migration
):
dependencies
=
[
(
'core'
,
'0017_auto_20151203_1530'
),
]
operations
=
[
migrations
.
AlterModelOptions
(
name
=
'user'
,
options
=
{
'permissions'
:
((
'can_change_prop'
,
"Can change the user's properties (groups, ...)"
),),
'verbose_name'
:
'user'
,
'verbose_name_plural'
:
'users'
},
),
]
core/migrations/0019_auto_20151208_1604.py
0 → 100644
View file @
e3cbe703
# -*- coding: utf-8 -*-
from
__future__
import
unicode_literals
from
django.db
import
migrations
,
models
class
Migration
(
migrations
.
Migration
):
dependencies
=
[
(
'core'
,
'0018_auto_20151208_1558'
),
]
operations
=
[
migrations
.
AlterModelOptions
(
name
=
'user'
,
options
=
{
'permissions'
:
((
'change_prop'
,
"Can change the user's properties (groups, ...)"
),),
'verbose_name_plural'
:
'users'
,
'verbose_name'
:
'user'
},
),
]
core/migrations/0020_auto_20151208_1621.py
0 → 100644
View file @
e3cbe703
# -*- coding: utf-8 -*-
from
__future__
import
unicode_literals
from
django.db
import
migrations
,
models
class
Migration
(
migrations
.
Migration
):
dependencies
=
[
(
'core'
,
'0019_auto_20151208_1604'
),
]
operations
=
[
migrations
.
AlterModelOptions
(
name
=
'user'
,
options
=
{
'verbose_name_plural'
:
'users'
,
'permissions'
:
((
'change_prop_user'
,
"Can change the user's properties (groups, ...)"
),),
'verbose_name'
:
'user'
},
),
]
core/models.py
View file @
e3cbe703
...
...
@@ -72,6 +72,9 @@ class User(AbstractBaseUser, PermissionsMixin):
class
Meta
:
verbose_name
=
_
(
'user'
)
verbose_name_plural
=
_
(
'users'
)
permissions
=
(
(
"change_prop_user"
,
"Can change the user's properties (groups, ...)"
),
)
def
get_absolute_url
(
self
):
"""
...
...
@@ -139,11 +142,14 @@ class User(AbstractBaseUser, PermissionsMixin):
"""
Determine if the object is owned by the user
"""
# TODO: add permission scale validation, to allow some groups other than superuser to manipulate
# TODO: add permission
(class)
scale validation, to allow some groups other than superuser to manipulate
# all objects of a class if they are in the right group
# example: something like user.has_perm("change_"+obj.__class__)
if
not
hasattr
(
obj
,
"owner_group"
):
return
False
if
self
.
is_superuser
or
self
.
groups
.
filter
(
name
=
obj
.
owner_group
.
name
).
exists
():
print
(
str
(
obj
.
__class__
))
print
(
str
(
obj
.
__class__
).
lower
().
split
(
'.'
)[
-
1
])
if
self
.
is_superuser
or
self
.
groups
.
filter
(
name
=
obj
.
owner_group
.
name
).
exists
()
or
self
.
has_perm
(
"change_prop_"
+
str
(
obj
.
__class__
).
lower
().
split
(
'.'
)[
-
1
]):
return
True
return
False
...
...
@@ -158,6 +164,8 @@ class User(AbstractBaseUser, PermissionsMixin):
for
g
in
obj
.
edit_group
.
all
():
if
self
.
groups
.
filter
(
name
=
g
.
name
).
exists
():
return
True
if
isinstance
(
obj
,
User
)
and
obj
==
self
:
return
True
return
False
def
can_view
(
self
,
obj
):
...
...
@@ -171,8 +179,6 @@ class User(AbstractBaseUser, PermissionsMixin):
for
g
in
obj
.
view_group
.
all
():
if
self
.
groups
.
filter
(
name
=
g
.
name
).
exists
():
return
True
if
isinstance
(
obj
,
User
)
and
obj
==
self
:
return
True
return
False
class
LockError
(
Exception
):
...
...
@@ -212,7 +218,6 @@ class Page(models.Model):
class
Meta
:
unique_together
=
(
'name'
,
'parent'
)
permissions
=
(
#("can_edit", "Can edit the page"),
(
"can_view"
,
"Can view the page"
),
)
...
...
core/templates/core/base.html
View file @
e3cbe703
...
...
@@ -10,12 +10,20 @@
{% block header %}
{% if user.is_authenticated %}Hello, {{ user.username }}!{% endif %}
<ul>
{% if not user.is_authenticated %}
<li><a
href=
"{% url 'core:register' %}"
>
Register
</a></li>
<li><a
href=
"{% url 'core:login' %}"
>
Login
</a></li>
{% else %}
<li><a
href=
"{% url 'core:logout' %}"
>
Logout
</a></li>
{% endif %}
</ul>
{% if user.is_authenticated %}
<ul>
<li><a
href=
"{% url 'core:user_profile' user.id %}"
>
Profile
</a></li>
<li><a
href=
"{% url 'core:user_list' %}"
>
Users
</a></li>
<li><a
href=
"{% url 'core:page_list' %}"
>
Pages
</a></li>
</ul>
{% endif %}
{% endblock %}
</header>
...
...
core/templates/core/user_detail.html
View file @
e3cbe703
...
...
@@ -8,12 +8,18 @@
<h3>
User Profile
</h3>
<p><a
href=
"{% url 'core:user_list' %}"
>
Back to list
</a></p>
{
% if user.is_superuser or user.id == profile.id %
}
{
{ perms.core }
}
<ul>
{% if user.id == profile.id %}
<li><a
href=
"{% url 'core:user_tools' %}"
>
Tools
</a></li>
{% endif %}
{% if perms.core.change_user or user.id == profile.id %}
<li><a
href=
"{% url 'core:user_edit' profile.id %}"
>
Edit
</a></li>
{% endif %}
{% if perms.core.change_prop_user %}
<li><a
href=
"{% url 'core:user_groups' profile.id %}"
>
Groups
</a></li>
</ul>
{% endif %}
</ul>
<p>
You're seeing the profile of
<strong>
{{ profile.get_full_name }}
</strong><br/>
...
...
core/templates/core/user_tools.html
0 → 100644
View file @
e3cbe703
{% extends "core/base.html" %}
{% block title %}
{{ user.get_display_name }}'s tools
{% endblock %}
{% block content %}
<h3>
User Tools
</h3>
<p><a
href=
"{% url 'core:user_profile' user.id %}"
>
Back to profile
</a></p>
<ul>
{% if perms.core.add_group %}
<li><a
href=
"{% url 'core:group_list' %}"
>
Groups
</a></li>
{% endif %}
</ul>
{% endblock %}
core/urls.py
View file @
e3cbe703
...
...
@@ -3,10 +3,9 @@ from django.conf.urls import url, include
from
core.views
import
*
urlpatterns
=
[
#url('^', include('django.contrib.auth.urls')),
url
(
r
'^$'
,
index
,
name
=
'index'
),
# Login and co
url
(
r
'^login/$'
,
login
,
name
=
'login'
),
url
(
r
'^logout/$'
,
logout
,
name
=
'logout'
),
url
(
r
'^password_change/$'
,
password_change
,
name
=
'password_change'
),
...
...
@@ -17,14 +16,18 @@ urlpatterns = [
url
(
r
'^reset/done/$'
,
password_reset_complete
,
name
=
'password_reset_complete'
),
url
(
r
'^register$'
,
register
,
name
=
'register'
),
# Group handling
url
(
r
'^group/$'
,
GroupListView
.
as_view
(),
name
=
'group_list'
),
url
(
r
'^group/(?P<group_id>[0-9]+)/$'
,
GroupEditView
.
as_view
(),
name
=
'group_edit'
),
# User views
url
(
r
'^user/$'
,
UserListView
.
as_view
(),
name
=
'user_list'
),
url
(
r
'^user/(?P<user_id>[0-9]+)/$'
,
UserView
.
as_view
(),
name
=
'user_profile'
),
url
(
r
'^user/(?P<user_id>[0-9]+)/edit$'
,
UserUpdateProfileView
.
as_view
(),
name
=
'user_edit'
),
url
(
r
'^user/(?P<user_id>[0-9]+)/groups$'
,
UserUpdateGroupsView
.
as_view
(),
name
=
'user_groups'
),
url
(
r
'^user/tools/$'
,
UserToolsView
.
as_view
(),
name
=
'user_tools'
),
# Page views
url
(
r
'^page/$'
,
PageListView
.
as_view
(),
name
=
'page_list'
),
url
(
r
'^page/(?P<page_name>[a-z0-9/]*)/edit$'
,
PageEditView
.
as_view
(),
name
=
'page_edit'
),
url
(
r
'^page/(?P<page_name>[a-z0-9/]*)/prop$'
,
PagePropView
.
as_view
(),
name
=
'page_prop'
),
...
...
core/views/forms.py
View file @
e3cbe703
...
...
@@ -27,10 +27,12 @@ class UserGroupsForm(forms.ModelForm):
required_css_class
=
'required'
class
Meta
:
model
=
User
fields
=
[
'groups'
,
'user_permissions'
,]
fields
=
[
'edit_group'
,
'view_group'
,
'groups'
,
'user_permissions'
,]
widgets
=
{
'groups'
:
CheckboxSelectMultiple
,
'user_permissions'
:
CheckboxSelectMultiple
,
'edit_group'
:
CheckboxSelectMultiple
,
'view_group'
:
CheckboxSelectMultiple
,
}
class
PagePropForm
(
forms
.
ModelForm
):
...
...
core/views/user.py
View file @
e3cbe703
...
...
@@ -3,7 +3,7 @@ from django.shortcuts import render, redirect, get_object_or_404
from
django.contrib.auth
import
logout
as
auth_logout
,
views
from
django.core.urlresolvers
import
reverse
from
django.views.generic.edit
import
UpdateView
from
django.views.generic
import
ListView
,
DetailView
from
django.views.generic
import
ListView
,
DetailView
,
TemplateView
import
logging
from
core.views
import
CanViewMixin
,
CanEditMixin
,
CanEditPropMixin
...
...
@@ -120,3 +120,8 @@ class UserUpdateGroupsView(CanEditPropMixin, UpdateView):
template_name
=
"core/user_groups.html"
form_class
=
UserGroupsForm
class
UserToolsView
(
TemplateView
):
"""
Displays the logged user's tools
"""
template_name
=
"core/user_tools.html"
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment