PageRenderTime 398ms CodeModel.GetById 29ms RepoModel.GetById 1ms app.codeStats 0ms

/cms/admin/permissionadmin.py

https://github.com/Doap/django-cms
Python | 174 lines | 135 code | 6 blank | 33 comment | 2 complexity | 60447d01a84283c1b2de2e535867d194 MD5 | raw file
    

  1. # -*- coding: utf-8 -*-
    2. 

  2. from copy import deepcopy
    3. 

  3. from django.conf import settings
    4. 

  4. from django.template.defaultfilters import title
    5. 

  5. from django.utils.translation import ugettext as _
    6. 

  6. 

  7. from django.contrib import admin
    8. 

  8. 

  9. from cms.exceptions import NoPermissionsException
    10. 

  10. from cms.models import Page, PagePermission, GlobalPagePermission, PageUser
    11. 

  11. from cms.utils.permissions import get_user_permission_level
    12. 

  12. from cms.admin.forms import (GlobalPagePermissionAdminForm,
    13. 

  13.     PagePermissionInlineAdminForm, ViewRestrictionInlineAdminForm)
    14. 

  14. 

  15. PAGE_ADMIN_INLINES = []
    16. 

  16. 

  17. 

  18. class PagePermissionInlineAdmin(admin.TabularInline):
    19. 

  19.     model = PagePermission
    20. 

  20.     # use special form, so we can override of user and group field
    21. 

  21.     form = PagePermissionInlineAdminForm
    22. 

  22.     classes = ['collapse', 'collapsed']
    23. 

  23.     exclude = ['can_view']
    24. 

  24.     
    25. 

  25.     def queryset(self, request):
    26. 

  26.         """
    27. 

  27.         Queryset change, so user with global change permissions can see
    28. 

  28.         all permissions. Otherwise can user see only permissions for 
    29. 

  29.         peoples which are under him (he can't see his permissions, because
    30. 

  30.         this will lead to violation, when he can add more power to itself)
    31. 

  31.         """
    32. 

  32.         # can see only permissions for users which are under him in tree
    33. 

  33. 

  34.         ### here a exception can be thrown
    35. 

  35.         try:
    36. 

  36.             qs = PagePermission.objects.subordinate_to_user(request.user)
    37. 

  37.             return qs.filter(can_view=False)
    38. 

  38.         except NoPermissionsException:
    39. 

  39.             return self.objects.get_empty_query_set()
    40. 

  40.     
    41. 

  41.     def get_formset(self, request, obj=None, **kwargs):
    42. 

  42.         """
    43. 

  43.         Some fields may be excluded here. User can change only
    44. 

  44.         permissions which are available for him. E.g. if user does not haves
    45. 

  45.         can_publish flag, he can't change assign can_publish permissions.
    46. 

  46.         """
    47. 

  47.         exclude = self.exclude or []
    48. 

  48.         if obj:
    49. 

  49.             if not obj.has_add_permission(request):
    50. 

  50.                 exclude.append('can_add')
    51. 

  51.             if not obj.has_delete_permission(request):
    52. 

  52.                 exclude.append('can_delete')
    53. 

  53.             if not obj.has_publish_permission(request):
    54. 

  54.                 exclude.append('can_publish')
    55. 

  55.             if not obj.has_advanced_settings_permission(request):
    56. 

  56.                 exclude.append('can_change_advanced_settings')
    57. 

  57.             if not obj.has_move_page_permission(request):
    58. 

  58.                 exclude.append('can_move_page')
    59. 

  59.             if not settings.CMS_MODERATOR or not obj.has_moderate_permission(request):
    60. 

  60.                 exclude.append('can_moderate')
    61. 

  61.         formset_cls = super(PagePermissionInlineAdmin, self
    62. 

  62.             ).get_formset(request, obj=None, exclude=exclude, *kwargs)
    63. 

  63.         qs = self.queryset(request)
    64. 

  64.         if obj is not None:
    65. 

  65.             qs = qs.filter(page=obj)
    66. 

  66.         formset_cls._queryset = qs
    67. 

  67.         return formset_cls
    68. 

  68. 

  69. class ViewRestrictionInlineAdmin(PagePermissionInlineAdmin):
    70. 

  70.     extra = 1
    71. 

  71.     form = ViewRestrictionInlineAdminForm
    72. 

  72.     verbose_name = _("View restriction")
    73. 

  73.     verbose_name_plural = _("View restrictions")
    74. 

  74.     exclude = [
    75. 

  75.         'can_add', 'can_change', 'can_delete', 'can_view',
    76. 

  76.         'can_publish', 'can_change_advanced_settings', 'can_move_page',
    77. 

  77.         'can_moderate', 'can_change_permissions'
    78. 

  78.     ]
    79. 

  79. 

  80.     def get_formset(self, request, obj=None, **kwargs):
    81. 

  81.         """
    82. 

  82.         Some fields may be excluded here. User can change only permissions
    83. 

  83.         which are available for him. E.g. if user does not haves can_publish
    84. 

  84.         flag, he can't change assign can_publish permissions.
    85. 

  85.         """
    86. 

  86.         formset_cls = super(PagePermissionInlineAdmin, self).get_formset(request, obj, **kwargs)
    87. 

  87.         qs = self.queryset(request)
    88. 

  88.         if obj is not None:
    89. 

  89.             qs = qs.filter(page=obj)
    90. 

  90.         formset_cls._queryset = qs
    91. 

  91.         return formset_cls
    92. 

  92. 

  93.     def queryset(self, request):
    94. 

  94.         """
    95. 

  95.         Returns a QuerySet of all model instances that can be edited by the
    96. 

  96.         admin site. This is used by changelist_view.
    97. 

  97.         """
    98. 

  98.         qs = PagePermission.objects.subordinate_to_user(request.user)
    99. 

  99.         return qs.filter(can_view=True)
    100. 

  100. 

  101. 

  102. class GlobalPagePermissionAdmin(admin.ModelAdmin):
    103. 

  103.     list_display = ['user', 'group', 'can_change', 'can_delete', 'can_publish', 'can_change_permissions']
    104. 

  104.     list_filter = ['user', 'group', 'can_change', 'can_delete', 'can_publish', 'can_change_permissions']
    105. 

  105.     
    106. 

  106.     form = GlobalPagePermissionAdminForm
    107. 

  107.     
    108. 

  108.     search_fields = ('user__username', 'user__first_name', 'user__last_name', 'group__name')
    109. 

  109.     
    110. 

  110.     exclude = []
    111. 

  111.     
    112. 

  112.     list_display.append('can_change_advanced_settings')
    113. 

  113.     list_filter.append('can_change_advanced_settings')
    114. 

  114.     
    115. 

  115.     if settings.CMS_MODERATOR:
    116. 

  116.         list_display.append('can_moderate')
    117. 

  117.         list_filter.append('can_moderate')
    118. 

  118.     else:
    119. 

  119.         exclude.append('can_moderate')
    120. 

  120. 

  121. 

  122. class GenericCmsPermissionAdmin(object):
    123. 

  123.     """
    124. 

  124.     Custom mixin for permission-enabled admin interfaces.
    125. 

  125.     """
    126. 

  126.     def update_permission_fieldsets(self, request, obj=None):
    127. 

  127.         """
    128. 

  128.         Nobody can grant more than he haves, so check for user permissions
    129. 

  129.         to Page and User model and render fieldset depending on them.
    130. 

  130.         """
    131. 

  131.         fieldsets = deepcopy(self.fieldsets)
    132. 

  132.         perm_models = (
    133. 

  133.             (Page, _('Page permissions')),
    134. 

  134.             (PageUser, _('User & Group permissions')),
    135. 

  135.             (PagePermission, _('Page permissions management')),
    136. 

  136.         )
    137. 

  137.         for i, perm_model in enumerate(perm_models):
    138. 

  138.             model, title = perm_model
    139. 

  139.             opts, fields = model._meta, []
    140. 

  140.             name = model.__name__.lower()
    141. 

  141.             for t in ('add', 'change', 'delete'):
    142. 

  142.                 fn = getattr(opts, 'get_%s_permission' % t)
    143. 

  143.                 if request.user.has_perm(opts.app_label + '.' + fn()):
    144. 

  144.                     fields.append('can_%s_%s' % (t, name))
    145. 

  145.             if fields:
    146. 

  146.                 fieldsets.insert(2 + i, (title, {'fields': (fields,)}))
    147. 

  147.         return fieldsets
    148. 

  148.     
    149. 

  149.     def _has_change_permissions_permission(self, request):
    150. 

  150.         """
    151. 

  151.         User is able to add/change objects only if he haves can change
    152. 

  152.         permission on some page.
    153. 

  153.         """
    154. 

  154.         try:
    155. 

  155.             user_level = get_user_permission_level(request.user)
    156. 

  156.         except NoPermissionsException:
    157. 

  157.             return False
    158. 

  158.         return True
    159. 

  159.     
    160. 

  160.     def has_add_permission(self, request):
    161. 

  161.         return self._has_change_permissions_permission(request) and \
    162. 

  162.             super(self.__class__, self).has_add_permission(request)
    163. 

  163.     
    164. 

  164.     def has_change_permission(self, request, obj=None):
    165. 

  165.         return self._has_change_permissions_permission(request) and \
    166. 

  166.             super(self.__class__, self).has_change_permission(request, obj)
    167. 

  167. 

  168. 

  169. if settings.CMS_PERMISSION:
    170. 

  170.     admin.site.register(GlobalPagePermission, GlobalPagePermissionAdmin)
    171. 

  171.     PAGE_ADMIN_INLINES.extend([
    172. 

  172.         ViewRestrictionInlineAdmin,
    173. 

  173.         PagePermissionInlineAdmin,
    174. 

  174.     ])
    175. 

  175.