Refactor rights handling

2025-07-09 19:40:19 +00:00 · 2015-12-08 11:10:29 +01:00
parent dc37e79f14
commit 475bff14cb
4 changed files with 69 additions and 43 deletions
--- a/core/views/init.py
+++ b/core/views/init.py
@ -23,63 +23,40 @@ class CanEditPropMixin(View):
    """
    def dispatch(self, request, *arg, **kwargs):
        res = super(CanEditPropMixin, self).dispatch(request, *arg, **kwargs)
-        obj = self.object
-        user = self.request.user
-        if obj is None:
+        if self.object is None or self.request.user.is_owner(self.object):
            return res
-        # TODO: add permission scale validation, to allow some groups other than superuser to manipulate
-        # all objects of a class if they are in the right group
-        if user.is_superuser or user.groups.filter(name=obj.owner_group.name).exists():
-            return res
-        print("Guyuy")
-        self.object.unset_lock()
+        try: # Always unlock when 403
+            self.object.unset_lock()
+        except: pass
        raise PermissionDenied
-        return HttpResponseForbidden("403, Forbidden")

-class CanEditMixin(CanEditPropMixin):
+class CanEditMixin(View):
    """
    This view makes exactly the same this as its direct parent, but checks the group on the edit_group field of the
    object
    """
    def dispatch(self, request, *arg, **kwargs):
        # TODO: WIP: fix permissions with exceptions!
-        try:
-            res = super(CanEditMixin, self).dispatch(request, *arg, **kwargs)
-            return res
-        except PermissionDenied:
-            pass
-        res = super(CanEditPropMixin, self).dispatch(request, *arg, **kwargs)
-        obj = self.object
-        user = self.request.user
-        if obj is None:
-            return res
-        for g in obj.edit_group.all():
-            if user.groups.filter(name=g.name).exists():
-                return res
-        if isinstance(obj, User) and obj == user:
+        res = super(CanEditMixin, self).dispatch(request, *arg, **kwargs)
+        if self.object is None or self.request.user.can_edit(self.object):
            return res
+        try: # Always unlock when 403
+            self.object.unset_lock()
+        except: pass
        raise PermissionDenied
-        return HttpResponseForbidden("403, Forbidden")

-class CanViewMixin(CanEditMixin):
+class CanViewMixin(View):
    """
    This view still makes exactly the same this as its direct parent, but checks the group on the view_group field of
    the object
    """
    def dispatch(self, request, *arg, **kwargs):
-        try:
-            res = super(CanViewMixin, self).dispatch(request, *arg, **kwargs)
+        res = super(CanViewMixin, self).dispatch(request, *arg, **kwargs)
+        if self.object is None or self.request.user.can_view(self.object):
            return res
-        except PermissionDenied:
-            pass
-        res = super(CanEditPropMixin, self).dispatch(request, *arg, **kwargs)
-        obj = self.object
-        user = self.request.user
-        if obj is None:
-            return res
-        for g in obj.view_group.all():
-            if user.groups.filter(name=g.name).exists():
-                return res
+        try: # Always unlock when 403
+            self.object.unset_lock()
+        except: pass
        raise PermissionDenied

 from .user import *
--- a/core/views/page.py
+++ b/core/views/page.py
@ -27,6 +27,11 @@ class PageView(CanViewMixin, DetailView):
        context = super(PageView, self).get_context_data(**kwargs)
        if "page" not in context.keys():
            context['new_page'] = self.kwargs['page_name']
+        if self.request.user.is_owner(self.object):
+            context['can_edit_prop'] = True
+        if self.request.user.can_edit(self.object):
+            context['can_edit'] = True
+
        return context

 class PageHistView(CanViewMixin, DetailView):