klmp200/Sith
1
0
Fork 0
mirror of https://github.com/ae-utbm/sith3.git synced 2024-06-26 16:38:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

WIP: Refactor permissions

Browse Source
This commit is contained in:
Skia 2015-12-08 09:46:48 +01:00
parent f7bfd6daed
commit dc37e79f14
2 changed files with 12 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
core/models.py
View File

@ -251,7 +251,7 @@ class Page(models.Model):
raise AlreadyLocked("The page is already locked by someone else") raise AlreadyLocked("The page is already locked by someone else")
Page.lock_mutex[self.pk] = {'user': user, Page.lock_mutex[self.pk] = {'user': user,
'time': timezone.now()} 'time': timezone.now()}
# print("Locking page") print("Locking page")
def set_lock_recursive(self, user): def set_lock_recursive(self, user):
""" """
@ -264,7 +264,7 @@ class Page(models.Model):
def unset_lock(self): def unset_lock(self):
"""Always try to unlock, even if there is no lock""" """Always try to unlock, even if there is no lock"""
Page.lock_mutex.pop(self.pk, None) Page.lock_mutex.pop(self.pk, None)
# print("Unlocking page") print("Unlocking page")
def get_lock(self): def get_lock(self):
""" """

19
core/views/__init__.py
View File

@ -1,7 +1,7 @@
from django.shortcuts import render from django.shortcuts import render
from django.http import HttpResponseForbidden from django.http import HttpResponseForbidden
from django.core.exceptions import PermissionDenied from django.core.exceptions import PermissionDenied, ObjectDoesNotExist
from django.views.generic.base import View from django.views.generic.base import View
from core.models import Group from core.models import Group
@ -31,6 +31,8 @@ class CanEditPropMixin(View):
# all objects of a class if they are in the right group # all objects of a class if they are in the right group
if user.is_superuser or user.groups.filter(name=obj.owner_group.name).exists(): if user.is_superuser or user.groups.filter(name=obj.owner_group.name).exists():
return res return res
print("Guyuy")
self.object.unset_lock()
raise PermissionDenied raise PermissionDenied
return HttpResponseForbidden("403, Forbidden") return HttpResponseForbidden("403, Forbidden")
@ -43,19 +45,19 @@ class CanEditMixin(CanEditPropMixin):
# TODO: WIP: fix permissions with exceptions! # TODO: WIP: fix permissions with exceptions!
try: try:
res = super(CanEditMixin, self).dispatch(request, *arg, **kwargs) res = super(CanEditMixin, self).dispatch(request, *arg, **kwargs)
return res
except PermissionDenied: except PermissionDenied:
pass pass
except: res = super(CanEditPropMixin, self).dispatch(request, *arg, **kwargs)
return res
obj = self.object obj = self.object
user = self.request.user user = self.request.user
if obj is None: if obj is None:
return res return res
for g in obj.edit_group.all(): for g in obj.edit_group.all():
if user.groups.filter(name=g.name).exists(): if user.groups.filter(name=g.name).exists():
return super(CanEditPropMixin, self).dispatch(request, *arg, **kwargs) return res
if isinstance(obj, User) and obj == user: if isinstance(obj, User) and obj == user:
return super(CanEditPropMixin, self).dispatch(request, *arg, **kwargs) return res
raise PermissionDenied raise PermissionDenied
return HttpResponseForbidden("403, Forbidden") return HttpResponseForbidden("403, Forbidden")
@ -67,19 +69,18 @@ class CanViewMixin(CanEditMixin):
def dispatch(self, request, *arg, **kwargs): def dispatch(self, request, *arg, **kwargs):
try: try:
res = super(CanViewMixin, self).dispatch(request, *arg, **kwargs) res = super(CanViewMixin, self).dispatch(request, *arg, **kwargs)
return res
except PermissionDenied: except PermissionDenied:
pass pass
except: res = super(CanEditPropMixin, self).dispatch(request, *arg, **kwargs)
return res
obj = self.object obj = self.object
user = self.request.user user = self.request.user
if obj is None: if obj is None:
return res return res
for g in obj.view_group.all(): for g in obj.view_group.all():
if user.groups.filter(name=g.name).exists(): if user.groups.filter(name=g.name).exists():
return super(CanEditPropMixin, self).dispatch(request, *arg, **kwargs) return res
raise PermissionDenied raise PermissionDenied
return HttpResponseForbidden("403, Forbidden")
from .user import * from .user import *
from .page import * from .page import *