From 75a4cee580778cfe65154c2441f5df6225990e94 Mon Sep 17 00:00:00 2001 From: Leif Johansson Date: Tue, 3 May 2011 15:07:59 +0200 Subject: generic relations --- src/django_co_acls/models.py | 84 ++++++++++++++++---------------------------- 1 file changed, 30 insertions(+), 54 deletions(-) (limited to 'src') diff --git a/src/django_co_acls/models.py b/src/django_co_acls/models.py index 2fc3170..2e079c2 100644 --- a/src/django_co_acls/models.py +++ b/src/django_co_acls/models.py @@ -7,101 +7,77 @@ Created on Apr 5, 2011 from django.db import models from django.db.models.fields import CharField, DateTimeField from django.contrib.auth.models import Group, User -from django.db.models.fields.related import ForeignKey +from django.contrib.contenttypes.models import ContentType +from django.contrib.contenttypes import generic class AccessControlEntry(models.Model): - group = ForeignKey(Group,blank=True,null=True) - user = ForeignKey(User,blank=True,null=True) + group = models.ForeignKey(Group, blank=True, null=True, on_delete=models.SET_NULL) + user = models.ForeignKey(User, blank=True, null=True, on_delete=models.SET_NULL) + content_type = models.ForeignKey(ContentType) + object_id = models.PositiveIntegerField() + content_object = generic.GenericForeignKey('content_type', 'object_id') permission = CharField(max_length=256) modify_time = DateTimeField(auto_now=True) create_time = DateTimeField(auto_now_add=True) def __unicode__(self): - return "%s can %s" % (self.group.__unicode__(),self.permission) + return "%s can %s on %s" % (self.group.__unicode__(),self.permission,self.content_object.__unicode__()) class Meta: unique_together = (('group','permission'),('user','permission')) def allow(object,ug,permission): - if not hasattr(object,'acl'): - raise Exception,"no acl property" - if isinstance(ug, Group): return allow_group(object,ug,permission) elif isinstance(ug,User): return allow_user(object,ug,permission) elif isinstance(ug,str): if ug == 'anyone': - ace = None - if object.acl: - ace = object.acl.get_query_set().filter(group=None,permission=permission) - if not ace: - ace = object.acl.create(group=None,user=None,permission=permission) + ace,created = AccessControlEntry.objects.get_or_create(content_object=object,user=None,group=None) + return ace else: raise Exception,"Don't know how to allow %s to do stuff" % repr(ug) def deny(object,ug,permission): - if not hasattr(object,'acl'): - raise Exception,"no acl property" - if isinstance(ug, Group): return deny_group(object,ug,permission) elif isinstance(ug,User): return deny_user(object,ug,permission) elif isinstance(ug,str): if ug == 'anyone': - ace = None - if object.acl: - ace = object.acl.get_query_set().filter(user=None,group=None,permission=permission) - if ace: - object.acl.remove(ace) + acl = AccessControlEntry.objects.filter(content_object=object,user=None,group=None,permission=permission) + for ace in acl: # just in case we grew duplicates + ace.delete() + return None else: raise Exception,"Don't know how to allow %s to do stuff" % repr(ug) def acl(object): - if not hasattr(object,'acl'): - raise Exception,"no acl property" - - acl = object.acl - if not acl: - acl = [] - return acl + return AccessControlEntry.objects.filter(content_object=object) def allow_user(object,user,permission): - ace = None - if object.acl: - ace = object.acl.get_query_set().filter(user=user,permission=permission) - if not ace: - ace = object.acl.create(user=user,permission=permission) + ace,created = AccessControlEntry.objects.get_or_create(content_object=object,user=user,permission=permission) + return ace def deny_user(object,user,permission): - ace = None - if object.acl: - ace = object.acl.get_query_set().filter(user=user,permission=permission) - if ace: - object.acl.remove(ace) + acl = AccessControlEntry.objects.filter(content_object=object,user=user,permission=permission) + for ace in acl: + ace.delete() + return None def allow_group(object,group,permission): - ace = None - if object.acl: - ace = object.acl.get_query_set().filter(group=group,permission=permission) - if not ace: - ace = object.acl.create(group=group,permission=permission) + ace,created = AccessControlEntry.objects.get_or_create(content_object=object,group=group,permission=permission) + return ace def deny_group(object,group,permission): - ace = None - if object.acl: - ace = object.acl.get_query_set().filter(group=group,permission=permission) - if ace: - object.acl.remove(ace) + acl = AccessControlEntry.objects.filter(content_object=object,group=group,permission=permission) + for ace in acl: + ace.delete() + return None def is_allowed(object,user,permission): - if not hasattr(object,'acl'): - raise Exception,"no acl property" - # XXX use more sql here - if object.acl: - for ace in object.acl.get_query_set().filter(permission=permission): - if not ace.group or ace.group in user.groups or user == ace.user: - return True + for ace in AccessControlEntry.objects.filter(content_object=object,permission=permission): + if (not ace.group and not ace.user) or (ace.group in user.groups) or (user == ace.user): + return True return False \ No newline at end of file -- cgit v1.1