2015-11-27 14:39:42 +00:00
|
|
|
|
2015-12-07 16:23:52 +00:00
|
|
|
from django.shortcuts import render
|
2016-05-02 09:33:38 +00:00
|
|
|
from django.http import HttpResponseForbidden, HttpResponseNotFound
|
2016-09-04 17:24:53 +00:00
|
|
|
from django.core.exceptions import PermissionDenied, ObjectDoesNotExist, ImproperlyConfigured
|
2015-11-27 14:39:42 +00:00
|
|
|
from django.views.generic.base import View
|
|
|
|
|
|
2015-12-07 15:08:24 +00:00
|
|
|
from core.models import Group
|
2016-08-31 00:43:49 +00:00
|
|
|
from core.views.forms import LoginForm
|
2015-12-07 15:08:24 +00:00
|
|
|
|
2015-12-07 16:23:52 +00:00
|
|
|
def forbidden(request):
|
2016-08-11 02:24:32 +00:00
|
|
|
try:
|
|
|
|
|
return HttpResponseForbidden(render(request, "core/403.jinja", context={'next': request.path, 'form':
|
2016-08-31 00:43:49 +00:00
|
|
|
LoginForm(), 'popup': request.resolver_match.kwargs['popup'] or ""}))
|
2016-08-11 02:24:32 +00:00
|
|
|
except:
|
2016-08-31 00:43:49 +00:00
|
|
|
return HttpResponseForbidden(render(request, "core/403.jinja", context={'next': request.path, 'form': LoginForm()}))
|
2015-12-07 16:23:52 +00:00
|
|
|
|
|
|
|
|
def not_found(request):
|
2016-05-02 09:33:38 +00:00
|
|
|
return HttpResponseNotFound(render(request, "core/404.jinja"))
|
2015-12-07 16:23:52 +00:00
|
|
|
|
2016-02-05 15:59:42 +00:00
|
|
|
def can_edit_prop(obj, user):
|
|
|
|
|
if obj is None or user.is_owner(obj):
|
|
|
|
|
return True
|
|
|
|
|
return False
|
|
|
|
|
|
|
|
|
|
def can_edit(obj, user):
|
|
|
|
|
if obj is None or user.can_edit(obj):
|
|
|
|
|
return True
|
|
|
|
|
return can_edit_prop(obj, user)
|
|
|
|
|
|
|
|
|
|
def can_view(obj, user):
|
|
|
|
|
if obj is None or user.can_view(obj):
|
|
|
|
|
return True
|
|
|
|
|
return can_edit(obj, user)
|
2015-12-07 16:23:52 +00:00
|
|
|
|
2016-06-20 13:47:19 +00:00
|
|
|
class CanCreateMixin(View):
|
|
|
|
|
"""
|
|
|
|
|
This view is made to protect any child view that would create an object, and thus, that can not be protected by any
|
|
|
|
|
of the following mixin
|
|
|
|
|
"""
|
2016-11-05 12:37:30 +00:00
|
|
|
def dispatch(self, request, *arg, **kwargs):
|
|
|
|
|
res = super(CanCreateMixin, self).dispatch(request, *arg, **kwargs)
|
|
|
|
|
if not request.user.is_authenticated():
|
|
|
|
|
raise PermissionDenied
|
|
|
|
|
return res
|
|
|
|
|
|
2016-06-24 19:07:59 +00:00
|
|
|
def form_valid(self, form):
|
|
|
|
|
obj = form.instance
|
|
|
|
|
if can_edit_prop(obj, self.request.user):
|
|
|
|
|
return super(CanCreateMixin, self).form_valid(form)
|
2016-06-20 13:47:19 +00:00
|
|
|
raise PermissionDenied
|
|
|
|
|
|
2015-11-27 14:39:42 +00:00
|
|
|
class CanEditPropMixin(View):
|
|
|
|
|
"""
|
|
|
|
|
This view is made to protect any child view that would be showing some properties of an object that are restricted
|
|
|
|
|
to only the owner group of the given object.
|
|
|
|
|
In other word, you can make a view with this view as parent, and it would be retricted to the users that are in the
|
|
|
|
|
object's owner_group
|
|
|
|
|
"""
|
|
|
|
|
def dispatch(self, request, *arg, **kwargs):
|
|
|
|
|
res = super(CanEditPropMixin, self).dispatch(request, *arg, **kwargs)
|
2016-11-19 16:19:00 +00:00
|
|
|
if res.__class__.status_code == 302:
|
|
|
|
|
return res
|
2016-02-05 15:59:42 +00:00
|
|
|
if hasattr(self, 'object'):
|
|
|
|
|
obj = self.object
|
|
|
|
|
elif hasattr(self, 'object_list'):
|
|
|
|
|
obj = self.object_list[0] if self.object_list else None
|
|
|
|
|
if can_edit_prop(obj, self.request.user):
|
2015-11-27 14:39:42 +00:00
|
|
|
return res
|
2015-12-08 10:10:29 +00:00
|
|
|
try: # Always unlock when 403
|
|
|
|
|
self.object.unset_lock()
|
|
|
|
|
except: pass
|
2015-12-07 16:23:52 +00:00
|
|
|
raise PermissionDenied
|
2015-11-27 14:39:42 +00:00
|
|
|
|
2015-12-08 10:10:29 +00:00
|
|
|
class CanEditMixin(View):
|
2015-11-27 14:39:42 +00:00
|
|
|
"""
|
2016-08-01 17:59:22 +00:00
|
|
|
This view makes exactly the same thing as its direct parent, but checks the group on the edit_groups field of the
|
2015-11-27 14:39:42 +00:00
|
|
|
object
|
|
|
|
|
"""
|
|
|
|
|
def dispatch(self, request, *arg, **kwargs):
|
2015-12-08 10:10:29 +00:00
|
|
|
res = super(CanEditMixin, self).dispatch(request, *arg, **kwargs)
|
2016-11-19 16:19:00 +00:00
|
|
|
if res.__class__.status_code == 302:
|
|
|
|
|
return res
|
2016-02-05 15:59:42 +00:00
|
|
|
if hasattr(self, 'object'):
|
|
|
|
|
obj = self.object
|
|
|
|
|
elif hasattr(self, 'object_list'):
|
|
|
|
|
obj = self.object_list[0] if self.object_list else None
|
|
|
|
|
if can_edit(obj, self.request.user):
|
2015-12-08 08:46:48 +00:00
|
|
|
return res
|
2015-12-08 10:10:29 +00:00
|
|
|
try: # Always unlock when 403
|
|
|
|
|
self.object.unset_lock()
|
|
|
|
|
except: pass
|
2015-12-07 16:23:52 +00:00
|
|
|
raise PermissionDenied
|
2015-11-27 14:39:42 +00:00
|
|
|
|
2015-12-08 10:10:29 +00:00
|
|
|
class CanViewMixin(View):
|
2015-11-27 14:39:42 +00:00
|
|
|
"""
|
2016-08-01 17:59:22 +00:00
|
|
|
This view still makes exactly the same thing as its direct parent, but checks the group on the view_groups field of
|
2015-11-27 14:39:42 +00:00
|
|
|
the object
|
|
|
|
|
"""
|
|
|
|
|
def dispatch(self, request, *arg, **kwargs):
|
2015-12-08 10:10:29 +00:00
|
|
|
res = super(CanViewMixin, self).dispatch(request, *arg, **kwargs)
|
2016-11-19 16:19:00 +00:00
|
|
|
if res.__class__.status_code == 302:
|
|
|
|
|
return res
|
2016-02-05 15:59:42 +00:00
|
|
|
if hasattr(self, 'object'):
|
|
|
|
|
obj = self.object
|
|
|
|
|
elif hasattr(self, 'object_list'):
|
|
|
|
|
obj = self.object_list[0] if self.object_list else None
|
|
|
|
|
if can_view(obj, self.request.user):
|
2015-11-27 14:39:42 +00:00
|
|
|
return res
|
2015-12-08 10:10:29 +00:00
|
|
|
try: # Always unlock when 403
|
|
|
|
|
self.object.unset_lock()
|
|
|
|
|
except: pass
|
2015-11-27 14:39:42 +00:00
|
|
|
raise PermissionDenied
|
|
|
|
|
|
2016-08-24 17:50:22 +00:00
|
|
|
def get_context_data(self, **kwargs):
|
|
|
|
|
context = super(CanViewMixin, self).get_context_data(**kwargs)
|
|
|
|
|
if hasattr(self, 'object_list'):
|
|
|
|
|
ba_list = list(self.object_list)
|
|
|
|
|
l = []
|
|
|
|
|
for ba in ba_list:
|
|
|
|
|
if self.request.user.can_view(ba):
|
|
|
|
|
l.append(ba)
|
|
|
|
|
context['object_list'] = l
|
|
|
|
|
return context
|
|
|
|
|
|
2016-09-04 17:24:53 +00:00
|
|
|
class TabedViewMixin(View):
|
|
|
|
|
"""
|
|
|
|
|
This view provide the basic functions for displaying tabs in the template
|
|
|
|
|
"""
|
|
|
|
|
def get_tabs_title(self):
|
|
|
|
|
try:
|
|
|
|
|
return self.tabs_title
|
|
|
|
|
except:
|
|
|
|
|
raise ImproperlyConfigured("tabs_title is required")
|
|
|
|
|
|
|
|
|
|
def get_current_tab(self):
|
|
|
|
|
try:
|
|
|
|
|
return self.current_tab
|
|
|
|
|
except:
|
|
|
|
|
raise ImproperlyConfigured("current_tab is required")
|
|
|
|
|
|
|
|
|
|
def get_list_of_tabs(self):
|
|
|
|
|
try:
|
|
|
|
|
return self.list_of_tabs
|
|
|
|
|
except:
|
|
|
|
|
raise ImproperlyConfigured("list_of_tabs is required")
|
|
|
|
|
|
|
|
|
|
def get_context_data(self, **kwargs):
|
|
|
|
|
kwargs = super(TabedViewMixin, self).get_context_data(**kwargs)
|
|
|
|
|
kwargs['tabs_title'] = self.get_tabs_title()
|
|
|
|
|
kwargs['current_tab'] = self.get_current_tab()
|
|
|
|
|
kwargs['list_of_tabs'] = self.get_list_of_tabs()
|
|
|
|
|
return kwargs
|
|
|
|
|
|
2015-11-24 15:09:46 +00:00
|
|
|
from .user import *
|
|
|
|
|
from .page import *
|
2016-08-10 03:48:06 +00:00
|
|
|
from .files import *
|
2015-11-24 15:09:46 +00:00
|
|
|
from .site import *
|
2015-11-26 16:40:31 +00:00
|
|
|
from .group import *
|
2016-09-04 17:24:53 +00:00
|
|
|
|
|
|
|
|
|
