Sith/core/views/__init__.py


from django.shortcuts import render
from django.http import HttpResponseForbidden, HttpResponseNotFound
from django.core.exceptions import PermissionDenied, ObjectDoesNotExist, ImproperlyConfigured
from django.views.generic.base import View

from core.models import Group
from core.views.forms import LoginForm

def forbidden(request):
    try:
        return HttpResponseForbidden(render(request, "core/403.jinja", context={'next': request.path, 'form':
            LoginForm(), 'popup': request.resolver_match.kwargs['popup'] or ""}))
    except:
        return HttpResponseForbidden(render(request, "core/403.jinja", context={'next': request.path, 'form': LoginForm()}))

def not_found(request):
    return HttpResponseNotFound(render(request, "core/404.jinja"))

def can_edit_prop(obj, user):
    if obj is None or user.is_owner(obj):
        return True
    return False

def can_edit(obj, user):
    if obj is None or user.can_edit(obj):
        return True
    return can_edit_prop(obj, user)

def can_view(obj, user):
    if obj is None or user.can_view(obj):
        return True
    return can_edit(obj, user)

class CanCreateMixin(View):
    """
    This view is made to protect any child view that would create an object, and thus, that can not be protected by any
    of the following mixin
    """
    def form_valid(self, form):
        obj = form.instance
        if can_edit_prop(obj, self.request.user):
            return super(CanCreateMixin, self).form_valid(form)
        raise PermissionDenied

class CanEditPropMixin(View):
    """
    This view is made to protect any child view that would be showing some properties of an object that are restricted
    to only the owner group of the given object.
    In other word, you can make a view with this view as parent, and it would be retricted to the users that are in the
    object's owner_group
    """
    def dispatch(self, request, *arg, **kwargs):
        res = super(CanEditPropMixin, self).dispatch(request, *arg, **kwargs)
        if hasattr(self, 'object'):
            obj = self.object
        elif hasattr(self, 'object_list'):
            obj = self.object_list[0] if self.object_list else None
        if can_edit_prop(obj, self.request.user):
            return res
        try: # Always unlock when 403
            self.object.unset_lock()
        except: pass
        raise PermissionDenied

class CanEditMixin(View):
    """
    This view makes exactly the same thing as its direct parent, but checks the group on the edit_groups field of the
    object
    """
    def dispatch(self, request, *arg, **kwargs):
        res = super(CanEditMixin, self).dispatch(request, *arg, **kwargs)
        if hasattr(self, 'object'):
            obj = self.object
        elif hasattr(self, 'object_list'):
            obj = self.object_list[0] if self.object_list else None
        if can_edit(obj, self.request.user):
            return res
        try: # Always unlock when 403
            self.object.unset_lock()
        except: pass
        raise PermissionDenied

class CanViewMixin(View):
    """
    This view still makes exactly the same thing as its direct parent, but checks the group on the view_groups field of
    the object
    """
    def dispatch(self, request, *arg, **kwargs):
        res = super(CanViewMixin, self).dispatch(request, *arg, **kwargs)
        if hasattr(self, 'object'):
            obj = self.object
        elif hasattr(self, 'object_list'):
            obj = self.object_list[0] if self.object_list else None
        if can_view(obj, self.request.user):
            return res
        try: # Always unlock when 403
            self.object.unset_lock()
        except: pass
        raise PermissionDenied

    def get_context_data(self, **kwargs):
        context = super(CanViewMixin, self).get_context_data(**kwargs)
        if hasattr(self, 'object_list'):
            ba_list = list(self.object_list)
            l = []
            for ba in ba_list:
                if self.request.user.can_view(ba):
                    l.append(ba)
            context['object_list'] = l
        return context

class TabedViewMixin(View):
    """
    This view provide the basic functions for displaying tabs in the template
    """
    def get_tabs_title(self):
        try:
            return self.tabs_title
        except:
            raise ImproperlyConfigured("tabs_title is required")

    def get_current_tab(self):
        try:
            return self.current_tab
        except:
            raise ImproperlyConfigured("current_tab is required")

    def get_list_of_tabs(self):
        try:
            return self.list_of_tabs
        except:
            raise ImproperlyConfigured("list_of_tabs is required")

    def get_context_data(self, **kwargs):
        kwargs = super(TabedViewMixin, self).get_context_data(**kwargs)
        kwargs['tabs_title'] = self.get_tabs_title()
        kwargs['current_tab'] = self.get_current_tab()
        kwargs['list_of_tabs'] = self.get_list_of_tabs()
        return kwargs

from .user import *
from .page import *
from .files import *
from .site import *
from .group import *
Implement generic right checking for any View with the right parents 2015-11-27 14:39:42 +00:00
WIP: Add custom 403 and 404, but break a bit the permissions! To be fixed 2015-12-07 16:23:52 +00:00			`from django.shortcuts import render`
Fix custom special views 403,404 to return the right HTTP code 2016-05-02 09:33:38 +00:00			`from django.http import HttpResponseForbidden, HttpResponseNotFound`
Refactor lots of tabed templates, and create TabedViewMixin 2016-09-04 17:24:53 +00:00			`from django.core.exceptions import PermissionDenied, ObjectDoesNotExist, ImproperlyConfigured`
Implement generic right checking for any View with the right parents 2015-11-27 14:39:42 +00:00			`from django.views.generic.base import View`

Repair all tests and update requirements.txt 2015-12-07 15:08:24 +00:00			`from core.models import Group`
Improve login form 2016-08-31 00:43:49 +00:00			`from core.views.forms import LoginForm`
Repair all tests and update requirements.txt 2015-12-07 15:08:24 +00:00
WIP: Add custom 403 and 404, but break a bit the permissions! To be fixed 2015-12-07 16:23:52 +00:00			`def forbidden(request):`
Make file modale chooser and complete user profile 2016-08-11 02:24:32 +00:00			`try:`
			`return HttpResponseForbidden(render(request, "core/403.jinja", context={'next': request.path, 'form':`
Improve login form 2016-08-31 00:43:49 +00:00			`LoginForm(), 'popup': request.resolver_match.kwargs['popup'] or ""}))`
Make file modale chooser and complete user profile 2016-08-11 02:24:32 +00:00			`except:`
Improve login form 2016-08-31 00:43:49 +00:00			`return HttpResponseForbidden(render(request, "core/403.jinja", context={'next': request.path, 'form': LoginForm()}))`
WIP: Add custom 403 and 404, but break a bit the permissions! To be fixed 2015-12-07 16:23:52 +00:00
			`def not_found(request):`
Fix custom special views 403,404 to return the right HTTP code 2016-05-02 09:33:38 +00:00			`return HttpResponseNotFound(render(request, "core/404.jinja"))`
WIP: Add custom 403 and 404, but break a bit the permissions! To be fixed 2015-12-07 16:23:52 +00:00
Some refactoring and misc improvements 2016-02-05 15:59:42 +00:00			`def can_edit_prop(obj, user):`
			`if obj is None or user.is_owner(obj):`
			`return True`
			`return False`

			`def can_edit(obj, user):`
			`if obj is None or user.can_edit(obj):`
			`return True`
			`return can_edit_prop(obj, user)`

			`def can_view(obj, user):`
			`if obj is None or user.can_view(obj):`
			`return True`
			`return can_edit(obj, user)`
WIP: Add custom 403 and 404, but break a bit the permissions! To be fixed 2015-12-07 16:23:52 +00:00
Add CanCreateMixin, and add amount in journals 2016-06-20 13:47:19 +00:00			`class CanCreateMixin(View):`
			`"""`
			`This view is made to protect any child view that would create an object, and thus, that can not be protected by any`
			`of the following mixin`
			`"""`
Update CanCreateView and fix accounting views in consequence 2016-06-24 19:07:59 +00:00			`def form_valid(self, form):`
			`obj = form.instance`
			`if can_edit_prop(obj, self.request.user):`
			`return super(CanCreateMixin, self).form_valid(form)`
Add CanCreateMixin, and add amount in journals 2016-06-20 13:47:19 +00:00			`raise PermissionDenied`

Implement generic right checking for any View with the right parents 2015-11-27 14:39:42 +00:00			`class CanEditPropMixin(View):`
			`"""`
			`This view is made to protect any child view that would be showing some properties of an object that are restricted`
			`to only the owner group of the given object.`
			`In other word, you can make a view with this view as parent, and it would be retricted to the users that are in the`
			`object's owner_group`
			`"""`
			`def dispatch(self, request, arg, *kwargs):`
			`res = super(CanEditPropMixin, self).dispatch(request, arg, *kwargs)`
Some refactoring and misc improvements 2016-02-05 15:59:42 +00:00			`if hasattr(self, 'object'):`
			`obj = self.object`
			`elif hasattr(self, 'object_list'):`
			`obj = self.object_list[0] if self.object_list else None`
			`if can_edit_prop(obj, self.request.user):`
Implement generic right checking for any View with the right parents 2015-11-27 14:39:42 +00:00			`return res`
Refactor rights handling 2015-12-08 10:10:29 +00:00			`try: # Always unlock when 403`
			`self.object.unset_lock()`
			`except: pass`
WIP: Add custom 403 and 404, but break a bit the permissions! To be fixed 2015-12-07 16:23:52 +00:00			`raise PermissionDenied`
Implement generic right checking for any View with the right parents 2015-11-27 14:39:42 +00:00
Refactor rights handling 2015-12-08 10:10:29 +00:00			`class CanEditMixin(View):`
Implement generic right checking for any View with the right parents 2015-11-27 14:39:42 +00:00			`"""`
Make some more validation on the token click form 2016-08-01 17:59:22 +00:00			`This view makes exactly the same thing as its direct parent, but checks the group on the edit_groups field of the`
Implement generic right checking for any View with the right parents 2015-11-27 14:39:42 +00:00			`object`
			`"""`
			`def dispatch(self, request, arg, *kwargs):`
Refactor rights handling 2015-12-08 10:10:29 +00:00			`res = super(CanEditMixin, self).dispatch(request, arg, *kwargs)`
Some refactoring and misc improvements 2016-02-05 15:59:42 +00:00			`if hasattr(self, 'object'):`
			`obj = self.object`
			`elif hasattr(self, 'object_list'):`
			`obj = self.object_list[0] if self.object_list else None`
			`if can_edit(obj, self.request.user):`
WIP: Refactor permissions 2015-12-08 08:46:48 +00:00			`return res`
Refactor rights handling 2015-12-08 10:10:29 +00:00			`try: # Always unlock when 403`
			`self.object.unset_lock()`
			`except: pass`
WIP: Add custom 403 and 404, but break a bit the permissions! To be fixed 2015-12-07 16:23:52 +00:00			`raise PermissionDenied`
Implement generic right checking for any View with the right parents 2015-11-27 14:39:42 +00:00
Refactor rights handling 2015-12-08 10:10:29 +00:00			`class CanViewMixin(View):`
Implement generic right checking for any View with the right parents 2015-11-27 14:39:42 +00:00			`"""`
Make some more validation on the token click form 2016-08-01 17:59:22 +00:00			`This view still makes exactly the same thing as its direct parent, but checks the group on the view_groups field of`
Implement generic right checking for any View with the right parents 2015-11-27 14:39:42 +00:00			`the object`
			`"""`
			`def dispatch(self, request, arg, *kwargs):`
Refactor rights handling 2015-12-08 10:10:29 +00:00			`res = super(CanViewMixin, self).dispatch(request, arg, *kwargs)`
Some refactoring and misc improvements 2016-02-05 15:59:42 +00:00			`if hasattr(self, 'object'):`
			`obj = self.object`
			`elif hasattr(self, 'object_list'):`
			`obj = self.object_list[0] if self.object_list else None`
			`if can_view(obj, self.request.user):`
Implement generic right checking for any View with the right parents 2015-11-27 14:39:42 +00:00			`return res`
Refactor rights handling 2015-12-08 10:10:29 +00:00			`try: # Always unlock when 403`
			`self.object.unset_lock()`
			`except: pass`
Implement generic right checking for any View with the right parents 2015-11-27 14:39:42 +00:00			`raise PermissionDenied`

Migrate accounting 2016-08-24 17:50:22 +00:00			`def get_context_data(self, **kwargs):`
			`context = super(CanViewMixin, self).get_context_data(**kwargs)`
			`if hasattr(self, 'object_list'):`
			`ba_list = list(self.object_list)`
			`l = []`
			`for ba in ba_list:`
			`if self.request.user.can_view(ba):`
			`l.append(ba)`
			`context['object_list'] = l`
			`return context`

Refactor lots of tabed templates, and create TabedViewMixin 2016-09-04 17:24:53 +00:00			`class TabedViewMixin(View):`
			`"""`
			`This view provide the basic functions for displaying tabs in the template`
			`"""`
			`def get_tabs_title(self):`
			`try:`
			`return self.tabs_title`
			`except:`
			`raise ImproperlyConfigured("tabs_title is required")`

			`def get_current_tab(self):`
			`try:`
			`return self.current_tab`
			`except:`
			`raise ImproperlyConfigured("current_tab is required")`

			`def get_list_of_tabs(self):`
			`try:`
			`return self.list_of_tabs`
			`except:`
			`raise ImproperlyConfigured("list_of_tabs is required")`

			`def get_context_data(self, **kwargs):`
			`kwargs = super(TabedViewMixin, self).get_context_data(**kwargs)`
			`kwargs['tabs_title'] = self.get_tabs_title()`
			`kwargs['current_tab'] = self.get_current_tab()`
			`kwargs['list_of_tabs'] = self.get_list_of_tabs()`
			`return kwargs`

Put view into a module 2015-11-24 15:09:46 +00:00			`from .user import *`
			`from .page import *`
Add nice whole file support 2016-08-10 03:48:06 +00:00			`from .files import *`
Put view into a module 2015-11-24 15:09:46 +00:00			`from .site import *`
Basic group view and permissions management on the pages 2015-11-26 16:40:31 +00:00			`from .group import *`
Refactor lots of tabed templates, and create TabedViewMixin 2016-09-04 17:24:53 +00:00