ynerant
/
nk20
mirror of https://gitlab.crans.org/bde/nk20
1
0
Fork 0
Code Issues Releases Wiki Activity
nk20/apps/permission/models.py

142 lines
4.8 KiB
Python
Raw Normal View History

[permission] Rewrite with comments
2020-02-09 16:35:15 +00:00
import functools
Added permission app
2019-09-18 12:26:42 +00:00
import json
[permission] Rewrite with comments
2020-02-09 16:35:15 +00:00
import operator
Added permission app
2019-09-18 12:26:42 +00:00
from django.contrib.contenttypes.models import ContentType
from django.core.exceptions import ValidationError
from django.db import models
from django.db.models import Q
from django.utils.translation import gettext_lazy as _
class InstancedPermission:
[permission] Rewrite with comments
2020-02-09 16:35:15 +00:00
def __init__(self, model, query, type, field):
Added permission app
2019-09-18 12:26:42 +00:00
self.model = model
[permission] Rewrite with comments
2020-02-09 16:35:15 +00:00
self.query = query
Added permission app
2019-09-18 12:26:42 +00:00
self.type = type
self.field = field
def applies(self, obj, permission_type, field_name=None):
[permission] Rewrite with comments
2020-02-09 16:35:15 +00:00
"""
Returns True if the permission applies to
the field `field_name` object `obj`
"""
Added permission app
2019-09-18 12:26:42 +00:00
if ContentType.objects.get_for_model(obj) != self.model:
[permission] Rewrite with comments
2020-02-09 16:35:15 +00:00
# The permission does not apply to the model
Added permission app
2019-09-18 12:26:42 +00:00
return False
if self.permission is None:
if permission_type == self.type:
if field_name is not None:
return field_name == self.field
else:
return True
else:
return False
[permission] Rewrite with comments
2020-02-09 16:35:15 +00:00
elif obj in self.model.objects.get(self.query):
return True
else:
return False
Added permission app
2019-09-18 12:26:42 +00:00
def __repr__(self):
if self.field:
return _("Can {type} {model}.{field} in {permission}").format(type=self.type, model=self.model, field=self.field, permission=self.permission)
else:
return _("Can {type} {model} in {permission}").format(type=self.type, model=self.model, permission=self.permission)
class Permission(models.Model):
PERMISSION_TYPES = [
[permission] Use full names for permission types
2019-09-18 14:39:37 +00:00
('add', 'add'),
('view', 'view'),
('change', 'change'),
('delete', 'delete')
Added permission app
2019-09-18 12:26:42 +00:00
]
model = models.ForeignKey(ContentType, on_delete=models.CASCADE, related_name='+')
[permission] Rewrite with comments
2020-02-09 16:35:15 +00:00
# A json encoded Q object with the following grammar
[permission] Renamed Permission.permission and added description field
2020-02-09 17:14:36 +00:00
# query -> [] | {} (the empty query representing all objects)
# query -> ['AND', query, …]
# -> ['OR', query, …]
# -> ['NOT', query]
# query -> {key: value, …}
# key -> string
# value -> int | string | bool | null
# -> [parameter]
[permission] Rewrite with comments
2020-02-09 16:35:15 +00:00
#
# Examples:
# Q(is_admin=True) := {'is_admin': ['TYPE', 'bool', 'True']}
# ~Q(is_admin=True) := ['NOT', {'is_admin': ['TYPE', 'bool', 'True']}]
[permission] Renamed Permission.permission and added description field
2020-02-09 17:14:36 +00:00
query = models.TextField()
Added permission app
2019-09-18 12:26:42 +00:00
[permission] Renamed Permission.permission and added description field
2020-02-09 17:14:36 +00:00
type = models.CharField(max_length=15, choices=PERMISSION_TYPES)
Added permission app
2019-09-18 12:26:42 +00:00
[permission] Renamed Permission.permission and added description field
2020-02-09 17:14:36 +00:00
field = models.CharField(max_length=255, blank=True)
description = models.CharField(max_length=255, blank=True)
Added permission app
2019-09-18 12:26:42 +00:00
class Meta:
[permission] Renamed Permission.permission and added description field
2020-02-09 17:14:36 +00:00
unique_together = ('model', 'query', 'type', 'field')
Added permission app
2019-09-18 12:26:42 +00:00
def clean(self):
[permission] Use full names for permission types
2019-09-18 14:39:37 +00:00
if self.field and self.type not in {'view', 'change'}:
Added permission app
2019-09-18 12:26:42 +00:00
raise ValidationError(_("Specifying field applies only to view and change permission types."))
def save(self):
self.full_clean()
super().save()
[permission] Renamed Permission.permission and added description field
2020-02-09 17:14:36 +00:00
def _about(_self, _query, **kwargs):
[permission] Rewrite with comments
2020-02-09 16:35:15 +00:00
self = _self
[permission] Renamed Permission.permission and added description field
2020-02-09 17:14:36 +00:00
query = _query
if len(query) == 0:
# The query is either [] or {} and
[permission] Rewrite with comments
2020-02-09 16:35:15 +00:00
# applies to all objects of the model
# to represent this we return None
Added permission app
2019-09-18 12:26:42 +00:00
return None
[permission] Renamed Permission.permission and added description field
2020-02-09 17:14:36 +00:00
if isinstance(query, list):
if query[0] == 'AND':
return functools.reduce(operator.and_, [self._about(query, **kwargs) for query in query[1:]])
elif query[0] == 'OR':
return functools.reduce(operator.or_, [self._about(query, **kwargs) for query in query[1:]])
elif query[0] == 'NOT':
return ~self._about(query[1], **kwargs)
elif isinstance(query, dict):
[permission] Rewrite with comments
2020-02-09 16:35:15 +00:00
q_kwargs = {}
[permission] Renamed Permission.permission and added description field
2020-02-09 17:14:36 +00:00
for key in query:
value = query[key]
[permission] Rewrite with comments
2020-02-09 16:35:15 +00:00
if isinstance(value, list):
# It is a parameter we query its primary key
q_kwargs[key] = kwargs[value[0]].pk
else:
q_kwargs[key] = value
return Q(**q_kwargs)
Added permission app
2019-09-18 12:26:42 +00:00
else:
[permission] Rewrite with comments
2020-02-09 16:35:15 +00:00
# TODO: find a better way to crash here
[permission] Renamed Permission.permission and added description field
2020-02-09 17:14:36 +00:00
raise Exception("query {} is wrong".format(self.query))
Added permission app
2019-09-18 12:26:42 +00:00
def about(self, **kwargs):
[permission] Renamed Permission.permission and added description field
2020-02-09 17:14:36 +00:00
"""
Return an InstancedPermission with the parameters
replaced by their values and the query interpreted
"""
query = json.loads(self.query)
query = self._about(query, **kwargs)
[permission] Rewrite with comments
2020-02-09 16:35:15 +00:00
return InstancedPermission(self.model, query, self.type, self.field)
Added permission app
2019-09-18 12:26:42 +00:00
def __str__(self):
if self.field:
[permission] Renamed Permission.permission and added description field
2020-02-09 17:14:36 +00:00
return _("Can {type} {model}.{field} in {query}").format(type=self.type, model=self.model, field=self.field, query=self.query)
Added permission app
2019-09-18 12:26:42 +00:00
else:
[permission] Renamed Permission.permission and added description field
2020-02-09 17:14:36 +00:00
return _("Can {type} {model} in {query}").format(type=self.type, model=self.model, query=self.query)
Added permission app
2019-09-18 12:26:42 +00:00
class UserPermission(models.Model):
user = models.ForeignKey('auth.User', on_delete=models.CASCADE)
permission = models.ForeignKey(Permission, on_delete=models.CASCADE)