diff options
author | Leif Johansson <leifj@sunet.se> | 2011-05-02 14:42:47 +0200 |
---|---|---|
committer | Leif Johansson <leifj@sunet.se> | 2011-05-02 14:42:47 +0200 |
commit | fad0210b1e917d1f6de6755bc236ca23f5f1f313 (patch) | |
tree | 6ca4c186e75e87165de4a404609ee47258e8319f | |
parent | 69a0a519a58b44bb9fc9c57a00508dd5701be744 (diff) |
acls
-rwxr-xr-x[-rw-r--r--] | setup.py | 6 | ||||
-rw-r--r-- | src/django_co_acls/__init__.py | 0 | ||||
-rw-r--r-- | src/django_co_acls/admin.py | 9 | ||||
-rw-r--r-- | src/django_co_acls/models.py | 97 | ||||
-rw-r--r-- | src/django_co_acls/views.py | 5 | ||||
-rw-r--r-- | src/django_co_connector/admin.py | 4 | ||||
-rw-r--r-- | src/django_co_connector/models.py | 57 |
7 files changed, 121 insertions, 57 deletions
@@ -1,3 +1,5 @@ +#!/usr/bin/env python + from distutils.core import setup setup(name="django-co-connector", @@ -8,7 +10,7 @@ setup(name="django-co-connector", url="http://github.com/leifj/django-co-connector", #download_url="", zip_safe=False, - packages=["django_user_channels"], + packages=["django_co_connector","django_co_acls"], package_dir={"": "src"}, #package_data = {"django_user_channels": []}, classifiers=["Development Status :: 3 - Alpha", @@ -17,4 +19,4 @@ setup(name="django-co-connector", "License :: OSI Approved :: BSD License", "Operating System :: OS Independent", "Programming Language :: Python", - "Framework :: Django",])
\ No newline at end of file + "Framework :: Django",]) diff --git a/src/django_co_acls/__init__.py b/src/django_co_acls/__init__.py new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/src/django_co_acls/__init__.py diff --git a/src/django_co_acls/admin.py b/src/django_co_acls/admin.py new file mode 100644 index 0000000..775a5db --- /dev/null +++ b/src/django_co_acls/admin.py @@ -0,0 +1,9 @@ +''' +Created on Mar 25, 2011 + +@author: leifj +''' +from django.contrib import admin +from django_co_acls.models import AccessControlEntry + +admin.site.register(AccessControlEntry) diff --git a/src/django_co_acls/models.py b/src/django_co_acls/models.py new file mode 100644 index 0000000..449ae56 --- /dev/null +++ b/src/django_co_acls/models.py @@ -0,0 +1,97 @@ +''' +Created on Apr 5, 2011 + +@author: leifj +''' + +from django.db import models +from django.db.models.fields import CharField, DateTimeField +from django.contrib.auth.models import Group, User +from django.db.models.fields.related import ForeignKey + +class AccessControlEntry(models.Model): + group = ForeignKey(Group,related_name='+',blank=True,null=True) + user = ForeignKey(User,related_name='+',blank=True,null=True) + permission = CharField(max_length=256) + modify_time = DateTimeField(auto_now=True) + create_time = DateTimeField(auto_now_add=True) + + def __unicode__(self): + return "%s can %s" % (self.group.__unicode__(),self.permission) + + class Meta: + unique_together = (('group','permission'),('user','permission')) + +def allow(object,ug,permission): + if not hasattr(object,'acl'): + raise Exception,"no acl property" + + if isinstance(ug, Group): + return allow_group(object,ug,permission) + elif isinstance(ug,User): + return allow_user(object,ug,permission) + elif isinstance(ug,str): + if ug == 'anyone': + ace = object.acl.filter(group=None,permission=permission) + if not ace: + ace = AccessControlEntry.objects.create(group=None,user=None,permission=permission) + object.acl.append(ace) + else: + raise Exception,"Don't know how to allow %s to do stuff" % repr(ug) + +def deny(object,ug,permission): + if not hasattr(object,'acl'): + raise Exception,"no acl property" + + if isinstance(ug, Group): + return deny_group(object,ug,permission) + elif isinstance(ug,User): + return deny_user(object,ug,permission) + elif isinstance(ug,str): + if ug == 'anyone': + ace = object.acl.filter(user=None,group=None,permission=permission) + if ace: + object.acl.remove(ace) + else: + raise Exception,"Don't know how to allow %s to do stuff" % repr(ug) + +def acl(object): + if not hasattr(object,'acl'): + raise Exception,"no acl property" + + acl = object.acl + if not acl: + acl = [] + return acl + +def allow_user(object,user,permission): + ace = object.acl.filter(user=user,permission=permission) + if not ace: + ace = AccessControlEntry.objects.create(user=user,permission=permission) + object.acl.append(ace) + +def deny_user(object,user,permission): + ace = object.acl.filter(user=user,permission=permission) + if ace: + object.acl.remove(ace) + +def allow_group(object,group,permission): + ace = object.acl.filter(group=group,permission=permission) + if not ace: + ace = AccessControlEntry.objects.create(group=group,permission=permission) + object.acl.append(ace) + +def deny_group(object,group,permission): + ace = object.acl.filter(group=group,permission=permission) + if ace: + object.acl.remove(ace) + +def is_allowed(object,user,permission): + if not hasattr(object,'acl'): + raise Exception,"no acl property" + # XXX use more sql here + for ace in object.acl.filter(permission=permission): + if not ace.group or ace.group in user.groups or user == ace.user: + return True + + return False
\ No newline at end of file diff --git a/src/django_co_acls/views.py b/src/django_co_acls/views.py new file mode 100644 index 0000000..fb93aaa --- /dev/null +++ b/src/django_co_acls/views.py @@ -0,0 +1,5 @@ +''' +Created on Apr 16, 2011 + +@author: leifj +''' diff --git a/src/django_co_connector/admin.py b/src/django_co_connector/admin.py index 6f0c7b7..9e1dd85 100644 --- a/src/django_co_connector/admin.py +++ b/src/django_co_connector/admin.py @@ -4,6 +4,6 @@ Created on Mar 25, 2011 @author: leifj ''' from django.contrib import admin -from django_co_connector.models import URIGroupConnector +from django_co_connector.models import GroupConnector -admin.site.register(URIGroupConnector) +admin.site.register(GroupConnector) diff --git a/src/django_co_connector/models.py b/src/django_co_connector/models.py index 7cddb9a..4df8bc2 100644 --- a/src/django_co_connector/models.py +++ b/src/django_co_connector/models.py @@ -7,60 +7,10 @@ Created on Apr 5, 2011 from django.db import models from django.db.models.fields import CharField, URLField, DateTimeField, IntegerField from django.contrib.auth.models import Group -from django.db.models.fields.related import OneToOneField, ForeignKey +from django.db.models.fields.related import OneToOneField from django.dispatch.dispatcher import Signal from django_co_connector.settings import CO_ATTRIBUTES -class AccessControlEntry(models.Model): - group = ForeignKey(Group,related_name='+',blank=True,null=True) - permission = CharField(max_length=256) - modify_time = DateTimeField(auto_now=True) - create_time = DateTimeField(auto_now_add=True) - - def __unicode__(self): - return "%s can %s" % (self.group.__unicode__(),self.permission) - - class Meta: - unique_together = ('group','permission') - -def allow(object,group,permission): - if not hasattr(object,'acl'): - raise Exception,"no acl property" - - if group == 'anyone': - ace = object.acl.filter(group=None,permission=permission) - if not ace: - ace = AccessControlEntry.objects.create(group=None,permission=permission) - object.acl.append(ace) - else: - ace = object.acl.filter(group=group,permission=permission) - if not ace: - ace = AccessControlEntry.objects.create(group=group,permission=permission) - object.acl.append(ace) - -def deny(object,group,permission): - if not hasattr(object,'acl'): - raise Exception,"no acl property" - - if group == 'anyone': - ace = object.acl.filter(group=None,permission=permission) - if ace: - object.acl.remove(ace) - else: - ace = object.acl.filter(group=group,permission=permission) - if ace: - object.acl.remove(ace) - -def can(object,user,permission): - if not hasattr(object,'acl'): - raise Exception,"no acl property" - # XXX use more sql here - for ace in object.acl.filter(permission=permission): - if not ace.group or ace.group in user.groups: - return True - - return False - class GroupConnector(models.Model): attribute = CharField(max_length=1024) value = CharField(max_length=1024) @@ -103,8 +53,9 @@ remove_member = Signal(providing_args=['user']) def co_import_from_request(request): for attribute in request.META.get(CO_ATTRIBUTES): - values = request.META.get(attribute) - co_import_av(request.user,attribute,values.split(';')) + values = request.META.get(attribute) + if values and values != "(null)": + co_import_av(request.user,attribute,values.split(';')) def co_import_av(user,attribute,values): for value in values: |