acls

author: Leif Johansson <leifj@sunet.se> 2011-05-02 14:42:47 +0200
committer: Leif Johansson <leifj@sunet.se> 2011-05-02 14:42:47 +0200
commit: fad0210b1e917d1f6de6755bc236ca23f5f1f313 (patch)
tree: 6ca4c186e75e87165de4a404609ee47258e8319f
parent: 69a0a519a58b44bb9fc9c57a00508dd5701be744 (diff)
7 files changed, 121 insertions, 57 deletions
diff --git a/setup.py b/setup.py
index 9c14c86..6e37e04 100644..100755
--- a/setup.py
+++ b/setup.py
@@ -1,3 +1,5 @@
+#!/usr/bin/env python
+
 from distutils.core import setup
 
 setup(name="django-co-connector",
@@ -8,7 +10,7 @@ setup(name="django-co-connector",
       url="http://github.com/leifj/django-co-connector",
       #download_url="",
       zip_safe=False,
-      packages=["django_user_channels"],
+      packages=["django_co_connector","django_co_acls"],
       package_dir={"": "src"},
       #package_data = {"django_user_channels": []},
       classifiers=["Development Status :: 3 - Alpha",
@@ -17,4 +19,4 @@ setup(name="django-co-connector",
                    "License :: OSI Approved :: BSD License",
                    "Operating System :: OS Independent",
                    "Programming Language :: Python",
-                   "Framework :: Django",])
-\ No newline at end of file
+                   "Framework :: Django",])
diff --git a/src/django_co_acls/__init__.py b/src/django_co_acls/__init__.py
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/src/django_co_acls/__init__.py
diff --git a/src/django_co_acls/admin.py b/src/django_co_acls/admin.py
new file mode 100644
index 0000000..775a5db
--- /dev/null
+++ b/src/django_co_acls/admin.py
@@ -0,0 +1,9 @@
+'''
+Created on Mar 25, 2011
+
+@author: leifj
+'''
+from django.contrib import admin
+from django_co_acls.models import AccessControlEntry
+
+admin.site.register(AccessControlEntry)
diff --git a/src/django_co_acls/models.py b/src/django_co_acls/models.py
new file mode 100644
index 0000000..449ae56
--- /dev/null
+++ b/src/django_co_acls/models.py
@@ -0,0 +1,97 @@
+'''
+Created on Apr 5, 2011
+
+@author: leifj
+'''
+
+from django.db import models
+from django.db.models.fields import CharField, DateTimeField
+from django.contrib.auth.models import Group, User
+from django.db.models.fields.related import  ForeignKey
+
+class AccessControlEntry(models.Model):
+    group = ForeignKey(Group,related_name='+',blank=True,null=True)
+    user = ForeignKey(User,related_name='+',blank=True,null=True)
+    permission = CharField(max_length=256)
+    modify_time = DateTimeField(auto_now=True)
+    create_time = DateTimeField(auto_now_add=True)
+    
+    def __unicode__(self):
+        return "%s can %s" % (self.group.__unicode__(),self.permission)
+
+    class Meta:
+        unique_together = (('group','permission'),('user','permission'))
+
+def allow(object,ug,permission):
+    if not hasattr(object,'acl'):
+        raise Exception,"no acl property"
+    
+    if isinstance(ug, Group):
+        return allow_group(object,ug,permission)
+    elif isinstance(ug,User):
+        return allow_user(object,ug,permission)
+    elif isinstance(ug,str):
+        if ug == 'anyone':
+            ace = object.acl.filter(group=None,permission=permission)
+            if not ace:
+                ace = AccessControlEntry.objects.create(group=None,user=None,permission=permission)
+                object.acl.append(ace)
+    else:
+        raise Exception,"Don't know how to allow %s to do stuff" % repr(ug)
+
+def deny(object,ug,permission):
+    if not hasattr(object,'acl'):
+        raise Exception,"no acl property"
+    
+    if isinstance(ug, Group):
+        return deny_group(object,ug,permission)
+    elif isinstance(ug,User):
+        return deny_user(object,ug,permission)
+    elif isinstance(ug,str):
+        if ug == 'anyone':
+            ace = object.acl.filter(user=None,group=None,permission=permission)
+            if ace:
+                object.acl.remove(ace)
+    else:
+        raise Exception,"Don't know how to allow %s to do stuff" % repr(ug)
+
+def acl(object):
+    if not hasattr(object,'acl'):
+        raise Exception,"no acl property"
+    
+    acl = object.acl
+    if not acl:
+        acl = []
+    return acl
+
+def allow_user(object,user,permission):
+    ace = object.acl.filter(user=user,permission=permission)
+    if not ace:
+        ace = AccessControlEntry.objects.create(user=user,permission=permission)
+        object.acl.append(ace)
+
+def deny_user(object,user,permission):
+    ace = object.acl.filter(user=user,permission=permission)
+    if ace:
+        object.acl.remove(ace)
+
+def allow_group(object,group,permission):
+    ace = object.acl.filter(group=group,permission=permission)
+    if not ace:
+        ace = AccessControlEntry.objects.create(group=group,permission=permission)
+        object.acl.append(ace)
+
+def deny_group(object,group,permission):
+    ace = object.acl.filter(group=group,permission=permission)
+    if ace:
+        object.acl.remove(ace)
+
+def is_allowed(object,user,permission):
+    if not hasattr(object,'acl'):
+        raise Exception,"no acl property"
+    # XXX use more sql here
+    for ace in object.acl.filter(permission=permission):
+        if not ace.group or ace.group in user.groups or user == ace.user:
+            return True
+            
+    return False
+\ No newline at end of file
diff --git a/src/django_co_acls/views.py b/src/django_co_acls/views.py
new file mode 100644
index 0000000..fb93aaa
--- /dev/null
+++ b/src/django_co_acls/views.py
@@ -0,0 +1,5 @@
+'''
+Created on Apr 16, 2011
+
+@author: leifj
+'''
diff --git a/src/django_co_connector/admin.py b/src/django_co_connector/admin.py
index 6f0c7b7..9e1dd85 100644
--- a/src/django_co_connector/admin.py
+++ b/src/django_co_connector/admin.py
@@ -4,6 +4,6 @@ Created on Mar 25, 2011
 @author: leifj
 '''
 from django.contrib import admin
-from django_co_connector.models import URIGroupConnector
+from django_co_connector.models import GroupConnector
 
-admin.site.register(URIGroupConnector)
+admin.site.register(GroupConnector)
diff --git a/src/django_co_connector/models.py b/src/django_co_connector/models.py
index 7cddb9a..4df8bc2 100644
--- a/src/django_co_connector/models.py
+++ b/src/django_co_connector/models.py
@@ -7,60 +7,10 @@ Created on Apr 5, 2011
 from django.db import models
 from django.db.models.fields import CharField, URLField, DateTimeField, IntegerField
 from django.contrib.auth.models import Group
-from django.db.models.fields.related import OneToOneField, ForeignKey
+from django.db.models.fields.related import OneToOneField
 from django.dispatch.dispatcher import Signal
 from django_co_connector.settings import CO_ATTRIBUTES
 
-class AccessControlEntry(models.Model):
-    group = ForeignKey(Group,related_name='+',blank=True,null=True)
-    permission = CharField(max_length=256)
-    modify_time = DateTimeField(auto_now=True)
-    create_time = DateTimeField(auto_now_add=True)
-    
-    def __unicode__(self):
-        return "%s can %s" % (self.group.__unicode__(),self.permission)
-
-    class Meta:
-        unique_together = ('group','permission')
-
-def allow(object,group,permission):
-    if not hasattr(object,'acl'):
-        raise Exception,"no acl property"
-    
-    if group == 'anyone':
-        ace = object.acl.filter(group=None,permission=permission)
-        if not ace:
-            ace = AccessControlEntry.objects.create(group=None,permission=permission)
-            object.acl.append(ace)
-    else:
-        ace = object.acl.filter(group=group,permission=permission)
-        if not ace:
-            ace = AccessControlEntry.objects.create(group=group,permission=permission)
-            object.acl.append(ace)
-
-def deny(object,group,permission):
-    if not hasattr(object,'acl'):
-        raise Exception,"no acl property"
-    
-    if group == 'anyone':
-        ace = object.acl.filter(group=None,permission=permission)
-        if ace:
-            object.acl.remove(ace)
-    else:
-        ace = object.acl.filter(group=group,permission=permission)
-        if ace:
-            object.acl.remove(ace)
-
-def can(object,user,permission):
-    if not hasattr(object,'acl'):
-        raise Exception,"no acl property"
-    # XXX use more sql here
-    for ace in object.acl.filter(permission=permission):
-        if not ace.group or ace.group in user.groups:
-            return True
-            
-    return False
-
 class GroupConnector(models.Model):
     attribute = CharField(max_length=1024)
     value = CharField(max_length=1024)
@@ -103,8 +53,9 @@ remove_member = Signal(providing_args=['user'])
 
 def co_import_from_request(request):
     for attribute in request.META.get(CO_ATTRIBUTES):
-        values = request.META.get(attribute)
-        co_import_av(request.user,attribute,values.split(';'))
+        values = request.META.get(attribute)                    
+        if values and values != "(null)":
+            co_import_av(request.user,attribute,values.split(';'))
 
 def co_import_av(user,attribute,values):
     for value in values:
author	Leif Johansson <leifj@sunet.se>	2011-05-02 14:42:47 +0200
committer	Leif Johansson <leifj@sunet.se>	2011-05-02 14:42:47 +0200
commit	fad0210b1e917d1f6de6755bc236ca23f5f1f313 (patch)
tree	6ca4c186e75e87165de4a404609ee47258e8319f
parent	69a0a519a58b44bb9fc9c57a00508dd5701be744 (diff)