镜像来自
https://github.com/ae-utbm/sith.git
synced 2026-03-01 01:08:39 +00:00
Improve a bit user views's rights
This commit is contained in:
Skia
44
core/migrations/0016_auto_20151203_1514.py
Normal file
44
core/migrations/0016_auto_20151203_1514.py
Normal file
@@ -0,0 +1,44 @@
|
|||||||
|
# -*- coding: utf-8 -*-
|
||||||
|
from __future__ import unicode_literals
|
||||||
|
|
||||||
|
from django.db import migrations, models
|
||||||
|
|
||||||
|
|
||||||
|
class Migration(migrations.Migration):
|
||||||
|
|
||||||
|
dependencies = [
|
||||||
|
('core', '0015_remove_page_is_locked'),
|
||||||
|
]
|
||||||
|
|
||||||
|
operations = [
|
||||||
|
migrations.AddField(
|
||||||
|
model_name='user',
|
||||||
|
name='edit_group',
|
||||||
|
field=models.ManyToManyField(to='core.Group', related_name='editable_user'),
|
||||||
|
),
|
||||||
|
migrations.AddField(
|
||||||
|
model_name='user',
|
||||||
|
name='owner_group',
|
||||||
|
field=models.ForeignKey(related_name='owned_user', to='core.Group', default=1),
|
||||||
|
),
|
||||||
|
migrations.AddField(
|
||||||
|
model_name='user',
|
||||||
|
name='view_group',
|
||||||
|
field=models.ManyToManyField(to='core.Group', related_name='viewable_user'),
|
||||||
|
),
|
||||||
|
migrations.AlterField(
|
||||||
|
model_name='page',
|
||||||
|
name='edit_group',
|
||||||
|
field=models.ManyToManyField(to='core.Group', related_name='editable_page'),
|
||||||
|
),
|
||||||
|
migrations.AlterField(
|
||||||
|
model_name='page',
|
||||||
|
name='owner_group',
|
||||||
|
field=models.ForeignKey(related_name='owned_page', to='core.Group', default=1),
|
||||||
|
),
|
||||||
|
migrations.AlterField(
|
||||||
|
model_name='page',
|
||||||
|
name='view_group',
|
||||||
|
field=models.ManyToManyField(to='core.Group', related_name='viewable_page'),
|
||||||
|
),
|
||||||
|
]
|
||||||
34
core/migrations/0017_auto_20151203_1530.py
Normal file
34
core/migrations/0017_auto_20151203_1530.py
Normal file
@@ -0,0 +1,34 @@
|
|||||||
|
# -*- coding: utf-8 -*-
|
||||||
|
from __future__ import unicode_literals
|
||||||
|
|
||||||
|
from django.db import migrations, models
|
||||||
|
|
||||||
|
|
||||||
|
class Migration(migrations.Migration):
|
||||||
|
|
||||||
|
dependencies = [
|
||||||
|
('core', '0016_auto_20151203_1514'),
|
||||||
|
]
|
||||||
|
|
||||||
|
operations = [
|
||||||
|
migrations.AlterField(
|
||||||
|
model_name='page',
|
||||||
|
name='edit_group',
|
||||||
|
field=models.ManyToManyField(blank=True, related_name='editable_page', to='core.Group'),
|
||||||
|
),
|
||||||
|
migrations.AlterField(
|
||||||
|
model_name='page',
|
||||||
|
name='view_group',
|
||||||
|
field=models.ManyToManyField(blank=True, related_name='viewable_page', to='core.Group'),
|
||||||
|
),
|
||||||
|
migrations.AlterField(
|
||||||
|
model_name='user',
|
||||||
|
name='edit_group',
|
||||||
|
field=models.ManyToManyField(blank=True, related_name='editable_user', to='core.Group'),
|
||||||
|
),
|
||||||
|
migrations.AlterField(
|
||||||
|
model_name='user',
|
||||||
|
name='view_group',
|
||||||
|
field=models.ManyToManyField(blank=True, related_name='viewable_user', to='core.Group'),
|
||||||
|
),
|
||||||
|
]
|
||||||
@@ -7,6 +7,13 @@ from django.core.exceptions import ValidationError
|
|||||||
from django.core.urlresolvers import reverse
|
from django.core.urlresolvers import reverse
|
||||||
from datetime import datetime, timedelta
|
from datetime import datetime, timedelta
|
||||||
|
|
||||||
|
class Group(AuthGroup):
|
||||||
|
def get_absolute_url(self):
|
||||||
|
"""
|
||||||
|
This is needed for black magic powered UpdateView's children
|
||||||
|
"""
|
||||||
|
return reverse('core:group_edit', kwargs={'group_id': self.pk})
|
||||||
|
|
||||||
class User(AbstractBaseUser, PermissionsMixin):
|
class User(AbstractBaseUser, PermissionsMixin):
|
||||||
"""
|
"""
|
||||||
Defines the base user class, useable in every app
|
Defines the base user class, useable in every app
|
||||||
@@ -53,6 +60,9 @@ class User(AbstractBaseUser, PermissionsMixin):
|
|||||||
),
|
),
|
||||||
)
|
)
|
||||||
date_joined = models.DateTimeField(_('date joined'), default=timezone.now)
|
date_joined = models.DateTimeField(_('date joined'), default=timezone.now)
|
||||||
|
owner_group = models.ForeignKey(Group, related_name="owned_user", default=1)
|
||||||
|
edit_group = models.ManyToManyField(Group, related_name="editable_user", blank=True)
|
||||||
|
view_group = models.ManyToManyField(Group, related_name="viewable_user", blank=True)
|
||||||
|
|
||||||
objects = UserManager()
|
objects = UserManager()
|
||||||
|
|
||||||
@@ -125,20 +135,6 @@ class User(AbstractBaseUser, PermissionsMixin):
|
|||||||
self.username = user_name
|
self.username = user_name
|
||||||
return user_name
|
return user_name
|
||||||
|
|
||||||
class Group(AuthGroup):
|
|
||||||
def get_absolute_url(self):
|
|
||||||
"""
|
|
||||||
This is needed for black magic powered UpdateView's children
|
|
||||||
"""
|
|
||||||
return reverse('core:group_edit', kwargs={'group_id': self.pk})
|
|
||||||
|
|
||||||
class GroupManagedObject(models.Model):
|
|
||||||
owner_group = models.ForeignKey(Group, related_name="owned_object", default=1)
|
|
||||||
edit_group = models.ManyToManyField(Group, related_name="editable_object")
|
|
||||||
view_group = models.ManyToManyField(Group, related_name="viewable_object")
|
|
||||||
class Meta:
|
|
||||||
abstract = True
|
|
||||||
|
|
||||||
class LockError(Exception):
|
class LockError(Exception):
|
||||||
"""There was a lock error on the object"""
|
"""There was a lock error on the object"""
|
||||||
pass
|
pass
|
||||||
@@ -151,7 +147,7 @@ class NotLocked(LockError):
|
|||||||
"""The object is not locked"""
|
"""The object is not locked"""
|
||||||
pass
|
pass
|
||||||
|
|
||||||
class Page(GroupManagedObject, models.Model):
|
class Page(models.Model):
|
||||||
"""
|
"""
|
||||||
The page class to build a Wiki
|
The page class to build a Wiki
|
||||||
Each page may have a parent and it's URL is of the form my.site/page/<grd_pa>/<parent>/<mypage>
|
Each page may have a parent and it's URL is of the form my.site/page/<grd_pa>/<parent>/<mypage>
|
||||||
@@ -167,6 +163,9 @@ class Page(GroupManagedObject, models.Model):
|
|||||||
# Attention: this field may not be valid until you call save(). It's made for fast query, but don't rely on it when
|
# Attention: this field may not be valid until you call save(). It's made for fast query, but don't rely on it when
|
||||||
# playing with a Page object, use get_full_name() instead!
|
# playing with a Page object, use get_full_name() instead!
|
||||||
full_name = models.CharField(_('page name'), max_length=255, blank=True)
|
full_name = models.CharField(_('page name'), max_length=255, blank=True)
|
||||||
|
owner_group = models.ForeignKey(Group, related_name="owned_page", default=1)
|
||||||
|
edit_group = models.ManyToManyField(Group, related_name="editable_page", blank=True)
|
||||||
|
view_group = models.ManyToManyField(Group, related_name="viewable_page", blank=True)
|
||||||
lock_mutex = {}
|
lock_mutex = {}
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -37,6 +37,8 @@ class CanEditMixin(CanEditPropMixin):
|
|||||||
for g in obj.edit_group.all():
|
for g in obj.edit_group.all():
|
||||||
if user.groups.filter(name=g.name).exists():
|
if user.groups.filter(name=g.name).exists():
|
||||||
return super(CanEditPropMixin, self).dispatch(request, *arg, **kwargs)
|
return super(CanEditPropMixin, self).dispatch(request, *arg, **kwargs)
|
||||||
|
if isinstance(obj, User) and obj == user:
|
||||||
|
return super(CanEditPropMixin, self).dispatch(request, *arg, **kwargs)
|
||||||
return HttpResponseForbidden("403, Forbidden")
|
return HttpResponseForbidden("403, Forbidden")
|
||||||
|
|
||||||
class CanViewMixin(CanEditMixin):
|
class CanViewMixin(CanEditMixin):
|
||||||
|
|||||||
@@ -6,6 +6,7 @@ from django.views.generic.edit import UpdateView
|
|||||||
from django.views.generic import ListView, DetailView
|
from django.views.generic import ListView, DetailView
|
||||||
import logging
|
import logging
|
||||||
|
|
||||||
|
from core.views import CanViewMixin, CanEditMixin, CanEditPropMixin
|
||||||
from core.views.forms import RegisteringForm, UserGroupsForm
|
from core.views.forms import RegisteringForm, UserGroupsForm
|
||||||
from core.models import User
|
from core.models import User
|
||||||
|
|
||||||
@@ -87,7 +88,7 @@ def register(request):
|
|||||||
context['form'] = form.as_p()
|
context['form'] = form.as_p()
|
||||||
return render(request, "core/register.html", context)
|
return render(request, "core/register.html", context)
|
||||||
|
|
||||||
class UserView(DetailView):
|
class UserView(CanViewMixin, DetailView):
|
||||||
"""
|
"""
|
||||||
Display a user's profile
|
Display a user's profile
|
||||||
"""
|
"""
|
||||||
@@ -101,7 +102,7 @@ class UserListView(ListView):
|
|||||||
"""
|
"""
|
||||||
model = User
|
model = User
|
||||||
|
|
||||||
class UserUpdateProfileView(UpdateView):
|
class UserUpdateProfileView(CanEditMixin, UpdateView):
|
||||||
"""
|
"""
|
||||||
Edit a user's profile
|
Edit a user's profile
|
||||||
"""
|
"""
|
||||||
@@ -110,7 +111,7 @@ class UserUpdateProfileView(UpdateView):
|
|||||||
template_name = "core/user_edit.html"
|
template_name = "core/user_edit.html"
|
||||||
fields = ('first_name', 'last_name', 'nick_name', 'email', 'date_of_birth', )
|
fields = ('first_name', 'last_name', 'nick_name', 'email', 'date_of_birth', )
|
||||||
|
|
||||||
class UserUpdateGroupsView(UpdateView):
|
class UserUpdateGroupsView(CanEditPropMixin, UpdateView):
|
||||||
"""
|
"""
|
||||||
Edit a user's groups
|
Edit a user's groups
|
||||||
"""
|
"""
|
||||||
|
|||||||
Reference in New Issue
Block a user