diff options
| author | Leif Johansson <leifj@sunet.se> | 2011-08-31 09:55:00 +0200 |
|---|---|---|
| committer | Leif Johansson <leifj@sunet.se> | 2011-08-31 09:55:00 +0200 |
| commit | cff46494eedfa3649431a2d7d8321892334e67e0 (patch) | |
| tree | e15abce0ed1926729964cddef8d38190b38ed86a | |
| parent | e0244e84126afee652c875e42b1627c697c1d073 (diff) | |
anyone cleaner
| -rw-r--r-- | src/django_co_acls/models.py | 19 |
1 files changed, 14 insertions, 5 deletions
diff --git a/src/django_co_acls/models.py b/src/django_co_acls/models.py index 64f9a47..fee26e3 100644 --- a/src/django_co_acls/models.py +++ b/src/django_co_acls/models.py @@ -36,8 +36,7 @@ def allow(object,ug,permission): return allow_group(object,ug,permission) elif isinstance(ug,User): return allow_user(object,ug,permission) - elif isinstance(ug,str): - if ug == 'anyone': + elif ug == 'anyone' or ug == '': type = ContentType.objects.get_for_model(object) ace,created = AccessControlEntry.objects.get_or_create(object_id=object.id,content_type=type,permission=permission,user=None,group=None) return ace @@ -49,8 +48,7 @@ def deny(object,ug,permission): return deny_group(object,ug,permission) elif isinstance(ug,User): return deny_user(object,ug,permission) - elif isinstance(ug,str): - if ug == 'anyone': + elif ug == 'anyone' or ug == '': type = ContentType.objects.get_for_model(object) acl = AccessControlEntry.objects.filter(object_id=object.id,content_type=type,user=None,group=None,permission=permission) for ace in acl: # just in case we grew duplicates @@ -91,11 +89,22 @@ def clear_acl(object): type = ContentType.objects.get_for_model(object) for ace in AccessControlEntry.objects.filter(object_id=object.id,content_type=type): ace.delete() + +def remove_permission(id): + for ace in AccessControlEntry.objects.filter(pk=id): + ace.delete() def is_allowed(object,user,permission): type = ContentType.objects.get_for_model(object) for ace in AccessControlEntry.objects.filter(object_id=object.id,content_type=type,permission=permission): - if (not ace.group and not ace.user) or (ace.group in user.groups) or (user == ace.user): + if (not ace.group and not ace.user) or (ace.group in user.groups.all()) or (user == ace.user): return True + return False + +def is_anyone_allowed(object,permission): + type = ContentType.objects.get_for_model(object) + for ace in AccessControlEntry.objects.filter(object_id=object.id,content_type=type,user=None,group=None,permission=permission): + if not ace.group and not ace.user: #probably redundant but you never know what the db layer does... + return True return False
\ No newline at end of file |