klmp200/Sith
1
0
Fork 0
mirror of https://github.com/ae-utbm/sith.git synced 2025-07-09 19:40:19 +00:00
Code Issues Packages Projects Releases Wiki Activity

Some refactoring and misc improvements

Browse Source
This commit is contained in:
Skia
2016-02-05 16:59:42 +01:00
parent ed080b76a2
commit a14d940db2
16 changed files with 199 additions and 74 deletions
Download Patch File Download Diff File Expand all files Collapse all files

42
core/views/__init__.py
View File

@ -12,6 +12,20 @@ def forbidden(request):
def not_found(request):
return render(request, "core/404.jinja")
def can_edit_prop(obj, user):
if obj is None or user.is_owner(obj):
return True
return False
def can_edit(obj, user):
if obj is None or user.can_edit(obj):
return True
return can_edit_prop(obj, user)
def can_view(obj, user):
if obj is None or user.can_view(obj):
return True
return can_edit(obj, user)
class CanEditPropMixin(View):
"""
@ -22,8 +36,11 @@ class CanEditPropMixin(View):
"""
def dispatch(self, request, *arg, **kwargs):
res = super(CanEditPropMixin, self).dispatch(request, *arg, **kwargs)
if ((hasattr(self, 'object') and (self.object is None or self.request.user.is_owner(self.object))) or
(hasattr(self, 'object_list') and (self.object_list is None or self.object_list is [] or self.request.user.is_owner(self.object_list[0])))):
if hasattr(self, 'object'):
obj = self.object
elif hasattr(self, 'object_list'):
obj = self.object_list[0] if self.object_list else None
if can_edit_prop(obj, self.request.user):
return res
try: # Always unlock when 403
self.object.unset_lock()
@ -32,35 +49,38 @@ class CanEditPropMixin(View):
class CanEditMixin(View):
"""
This view makes exactly the same this as its direct parent, but checks the group on the edit_group field of the
This view makes exactly the same this as its direct parent, but checks the group on the edit_groups field of the
object
"""
def dispatch(self, request, *arg, **kwargs):
# TODO: WIP: fix permissions with exceptions!
res = super(CanEditMixin, self).dispatch(request, *arg, **kwargs)
if ((hasattr(self, 'object') and (self.object is None or self.request.user.can_edit(self.object))) or
(hasattr(self, 'object_list') and (self.object_list is None or self.object_list is [] or self.request.user.can_edit(self.object_list[0])))):
if hasattr(self, 'object'):
obj = self.object
elif hasattr(self, 'object_list'):
obj = self.object_list[0] if self.object_list else None
if can_edit(obj, self.request.user):
return res
try: # Always unlock when 403
self.object.unset_lock()
except: pass
print("CanEditMixin 403")
raise PermissionDenied
class CanViewMixin(View):
"""
This view still makes exactly the same this as its direct parent, but checks the group on the view_group field of
This view still makes exactly the same this as its direct parent, but checks the group on the view_groups field of
the object
"""
def dispatch(self, request, *arg, **kwargs):
res = super(CanViewMixin, self).dispatch(request, *arg, **kwargs)
if ((hasattr(self, 'object') and (self.object is None or self.request.user.can_view(self.object))) or
(hasattr(self, 'object_list') and (self.object_list is None or self.object_list is [] or self.request.user.can_view(self.object_list[0])))):
if hasattr(self, 'object'):
obj = self.object
elif hasattr(self, 'object_list'):
obj = self.object_list[0] if self.object_list else None
if can_view(obj, self.request.user):
return res
try: # Always unlock when 403
self.object.unset_lock()
except: pass
print("CanViewMixin 403")
raise PermissionDenied
from .user import *

24
core/views/forms.py
View File

@ -27,21 +27,21 @@ class UserPropForm(forms.ModelForm):
required_css_class = 'required'
class Meta:
model = User
fields = ['groups', 'edit_group', 'view_group']
fields = ['groups', 'edit_groups', 'view_groups']
labels = {
'edit_group': "Edit profile group",
'view_group': "View profile group",
'edit_groups': "Edit profile group",
'view_groups': "View profile group",
}
help_texts = {
'edit_group': "Groups that can edit this user's profile",
'view_group': "Groups that can view this user's profile",
'edit_groups': "Groups that can edit this user's profile",
'view_groups': "Groups that can view this user's profile",
'groups': "Which groups this user belongs to",
}
widgets = {
'groups': CheckboxSelectMultiple,
'user_permissions': CheckboxSelectMultiple,
'edit_group': CheckboxSelectMultiple,
'view_group': CheckboxSelectMultiple,
'edit_groups': CheckboxSelectMultiple,
'view_groups': CheckboxSelectMultiple,
}
class PagePropForm(forms.ModelForm):
@ -49,16 +49,16 @@ class PagePropForm(forms.ModelForm):
required_css_class = 'required'
class Meta:
model = Page
fields = ['parent', 'name', 'owner_group', 'edit_group', 'view_group', ]
fields = ['parent', 'name', 'owner_group', 'edit_groups', 'view_groups', ]
widgets = {
'edit_group': CheckboxSelectMultiple,
'view_group': CheckboxSelectMultiple,
'edit_groups': CheckboxSelectMultiple,
'view_groups': CheckboxSelectMultiple,
}
def __init__(self, *arg, **kwargs):
super(PagePropForm, self).__init__(*arg, **kwargs)
self.fields['edit_group'].required = False
self.fields['view_group'].required = False
self.fields['edit_groups'].required = False
self.fields['view_groups'].required = False
class GroupEditForm(forms.ModelForm):

2
core/views/page.py
View File

@ -9,7 +9,7 @@ from core.models import Page, PageRev, LockError
from core.views.forms import PagePropForm
from core.views import CanViewMixin, CanEditMixin, CanEditPropMixin
class PageListView(ListView):
class PageListView(CanViewMixin, ListView):
model = Page
template_name = 'core/page_list.jinja'