diff options
author | Leif Johansson <leifj@sunet.se> | 2011-05-03 15:07:59 +0200 |
---|---|---|
committer | Leif Johansson <leifj@sunet.se> | 2011-05-03 15:07:59 +0200 |
commit | 75a4cee580778cfe65154c2441f5df6225990e94 (patch) | |
tree | d12f0bca6c5ea6ecc8fc56766f1f0e31550042ee /src | |
parent | c689796d307519702e063a5aad6c84e3ba8fd20c (diff) |
generic relations
Diffstat (limited to 'src')
-rw-r--r-- | src/django_co_acls/models.py | 84 |
1 files changed, 30 insertions, 54 deletions
diff --git a/src/django_co_acls/models.py b/src/django_co_acls/models.py index 2fc3170..2e079c2 100644 --- a/src/django_co_acls/models.py +++ b/src/django_co_acls/models.py @@ -7,101 +7,77 @@ Created on Apr 5, 2011 from django.db import models from django.db.models.fields import CharField, DateTimeField from django.contrib.auth.models import Group, User -from django.db.models.fields.related import ForeignKey +from django.contrib.contenttypes.models import ContentType +from django.contrib.contenttypes import generic class AccessControlEntry(models.Model): - group = ForeignKey(Group,blank=True,null=True) - user = ForeignKey(User,blank=True,null=True) + group = models.ForeignKey(Group, blank=True, null=True, on_delete=models.SET_NULL) + user = models.ForeignKey(User, blank=True, null=True, on_delete=models.SET_NULL) + content_type = models.ForeignKey(ContentType) + object_id = models.PositiveIntegerField() + content_object = generic.GenericForeignKey('content_type', 'object_id') permission = CharField(max_length=256) modify_time = DateTimeField(auto_now=True) create_time = DateTimeField(auto_now_add=True) def __unicode__(self): - return "%s can %s" % (self.group.__unicode__(),self.permission) + return "%s can %s on %s" % (self.group.__unicode__(),self.permission,self.content_object.__unicode__()) class Meta: unique_together = (('group','permission'),('user','permission')) def allow(object,ug,permission): - if not hasattr(object,'acl'): - raise Exception,"no acl property" - if isinstance(ug, Group): return allow_group(object,ug,permission) elif isinstance(ug,User): return allow_user(object,ug,permission) elif isinstance(ug,str): if ug == 'anyone': - ace = None - if object.acl: - ace = object.acl.get_query_set().filter(group=None,permission=permission) - if not ace: - ace = object.acl.create(group=None,user=None,permission=permission) + ace,created = AccessControlEntry.objects.get_or_create(content_object=object,user=None,group=None) + return ace else: raise Exception,"Don't know how to allow %s to do stuff" % repr(ug) def deny(object,ug,permission): - if not hasattr(object,'acl'): - raise Exception,"no acl property" - if isinstance(ug, Group): return deny_group(object,ug,permission) elif isinstance(ug,User): return deny_user(object,ug,permission) elif isinstance(ug,str): if ug == 'anyone': - ace = None - if object.acl: - ace = object.acl.get_query_set().filter(user=None,group=None,permission=permission) - if ace: - object.acl.remove(ace) + acl = AccessControlEntry.objects.filter(content_object=object,user=None,group=None,permission=permission) + for ace in acl: # just in case we grew duplicates + ace.delete() + return None else: raise Exception,"Don't know how to allow %s to do stuff" % repr(ug) def acl(object): - if not hasattr(object,'acl'): - raise Exception,"no acl property" - - acl = object.acl - if not acl: - acl = [] - return acl + return AccessControlEntry.objects.filter(content_object=object) def allow_user(object,user,permission): - ace = None - if object.acl: - ace = object.acl.get_query_set().filter(user=user,permission=permission) - if not ace: - ace = object.acl.create(user=user,permission=permission) + ace,created = AccessControlEntry.objects.get_or_create(content_object=object,user=user,permission=permission) + return ace def deny_user(object,user,permission): - ace = None - if object.acl: - ace = object.acl.get_query_set().filter(user=user,permission=permission) - if ace: - object.acl.remove(ace) + acl = AccessControlEntry.objects.filter(content_object=object,user=user,permission=permission) + for ace in acl: + ace.delete() + return None def allow_group(object,group,permission): - ace = None - if object.acl: - ace = object.acl.get_query_set().filter(group=group,permission=permission) - if not ace: - ace = object.acl.create(group=group,permission=permission) + ace,created = AccessControlEntry.objects.get_or_create(content_object=object,group=group,permission=permission) + return ace def deny_group(object,group,permission): - ace = None - if object.acl: - ace = object.acl.get_query_set().filter(group=group,permission=permission) - if ace: - object.acl.remove(ace) + acl = AccessControlEntry.objects.filter(content_object=object,group=group,permission=permission) + for ace in acl: + ace.delete() + return None def is_allowed(object,user,permission): - if not hasattr(object,'acl'): - raise Exception,"no acl property" - # XXX use more sql here - if object.acl: - for ace in object.acl.get_query_set().filter(permission=permission): - if not ace.group or ace.group in user.groups or user == ace.user: - return True + for ace in AccessControlEntry.objects.filter(content_object=object,permission=permission): + if (not ace.group and not ace.user) or (ace.group in user.groups) or (user == ace.user): + return True return False
\ No newline at end of file |