WIP: Refactor permissions

2024-11-25 02:24:26 +00:00 · 2015-12-08 09:46:48 +01:00 · 2015-12-08 09:46:48 +01:00 · dc37e79f14
commit dc37e79f14
parent f7bfd6daed
2 changed files with 12 additions and 11 deletions
--- a/core/models.py
+++ b/core/models.py
@ -251,7 +251,7 @@ class Page(models.Model):
            raise AlreadyLocked("The page is already locked by someone else")
        Page.lock_mutex[self.pk] = {'user': user,
                                    'time': timezone.now()}
-        # print("Locking page")
+        print("Locking page")

    def set_lock_recursive(self, user):
        """
@ -264,7 +264,7 @@ class Page(models.Model):
    def unset_lock(self):
        """Always try to unlock, even if there is no lock"""
        Page.lock_mutex.pop(self.pk, None)
-        # print("Unlocking page")
+        print("Unlocking page")

    def get_lock(self):
        """
--- a/core/views/init.py
+++ b/core/views/init.py
@ -1,7 +1,7 @@

 from django.shortcuts import render
 from django.http import HttpResponseForbidden
-from django.core.exceptions import PermissionDenied
+from django.core.exceptions import PermissionDenied, ObjectDoesNotExist
 from django.views.generic.base import View

 from core.models import Group
@ -31,6 +31,8 @@ class CanEditPropMixin(View):
        # all objects of a class if they are in the right group
        if user.is_superuser or user.groups.filter(name=obj.owner_group.name).exists():
            return res
+        print("Guyuy")
+        self.object.unset_lock()
        raise PermissionDenied
        return HttpResponseForbidden("403, Forbidden")

@ -43,19 +45,19 @@ class CanEditMixin(CanEditPropMixin):
        # TODO: WIP: fix permissions with exceptions!
        try:
            res = super(CanEditMixin, self).dispatch(request, *arg, **kwargs)
+            return res
        except PermissionDenied:
            pass
-        except:
-            return res
+        res = super(CanEditPropMixin, self).dispatch(request, *arg, **kwargs)
        obj = self.object
        user = self.request.user
        if obj is None:
            return res
        for g in obj.edit_group.all():
            if user.groups.filter(name=g.name).exists():
-                return super(CanEditPropMixin, self).dispatch(request, *arg, **kwargs)
+                return res
        if isinstance(obj, User) and obj == user:
-            return super(CanEditPropMixin, self).dispatch(request, *arg, **kwargs)
+            return res
        raise PermissionDenied
        return HttpResponseForbidden("403, Forbidden")

@ -67,19 +69,18 @@ class CanViewMixin(CanEditMixin):
    def dispatch(self, request, *arg, **kwargs):
        try:
            res = super(CanViewMixin, self).dispatch(request, *arg, **kwargs)
+            return res
        except PermissionDenied:
            pass
-        except:
-            return res
+        res = super(CanEditPropMixin, self).dispatch(request, *arg, **kwargs)
        obj = self.object
        user = self.request.user
        if obj is None:
            return res
        for g in obj.view_group.all():
            if user.groups.filter(name=g.name).exists():
-                return super(CanEditPropMixin, self).dispatch(request, *arg, **kwargs)
+                return res
        raise PermissionDenied
-        return HttpResponseForbidden("403, Forbidden")

 from .user import *
 from .page import *