nk20/apps/member/backends.py

# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
# SPDX-License-Identifier: GPL-3.0-or-later

from django.contrib.auth.models import User
from django.contrib.contenttypes.models import ContentType
from django.core.exceptions import PermissionDenied
from django.db.models import Q, F

from note.models import Note, NoteUser, NoteClub, NoteSpecial
from .models import Membership, RolePermissions, Club
from django.contrib.auth.backends import ModelBackend


class PermissionBackend(ModelBackend):
    supports_object_permissions = True
    supports_anonymous_user = False
    supports_inactive_user = False

    @staticmethod
    def permissions(user):
        for membership in Membership.objects.filter(user=user).all():
            if not membership.valid() or membership.roles is None:
                continue

            for role_permissions in RolePermissions.objects.filter(role=membership.roles).all():
                for permission in role_permissions.permissions.all():
                    permission = permission.about(
                        user=user,
                        club=membership.club,
                        User=User,
                        Club=Club,
                        Membership=Membership,
                        Note=Note,
                        NoteUser=NoteUser,
                        NoteClub=NoteClub,
                        NoteSpecial=NoteSpecial,
                        F=F,
                        Q=Q
                    )
                    yield permission

    @staticmethod
    def filter_queryset(user, model, t, field=None):
        """
        Filter a queryset by considering the permissions of a given user.
        :param user: The owner of the permissions that are fetched
        :param model: The concerned model of the queryset
        :param t: The type of modification (view, add, change, delete)
        :param field: The field of the model to test, if concerned
        :return: A query that corresponds to the filter to give to a queryset
        """

        if user.is_superuser:
            # Superusers have all rights
            return Q()

        if not isinstance(model, ContentType):
            model = ContentType.objects.get_for_model(model)

        # Never satisfied
        query = Q(pk=-1)
        for perm in PermissionBackend.permissions(user):
            if perm.field and field != perm.field:
                continue
            if perm.model != model or perm.type != t:
                continue
            query = query | perm.query
        return query

    def has_perm(self, user_obj, perm, obj=None):
        if user_obj.is_superuser:
            return True

        if obj is None:
            return True

        perm = perm.split('.')[-1].split('_', 2)
        perm_type = perm[0]
        perm_field = perm[2] if len(perm) == 3 else None
        if any(permission.applies(obj, perm_type, perm_field) for permission in self.permissions(user_obj)):
            return True
        return False

    def has_module_perms(self, user_obj, app_label):
        return False

    def get_all_permissions(self, user_obj, obj=None):
        return list(self.permissions(user_obj))
Update a lot of things 2020-03-07 12:12:17 +00:00			`# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay`
			`# SPDX-License-Identifier: GPL-3.0-or-later`

Handle permissions (and it seems working!) 2020-03-18 13:42:35 +00:00			`from django.contrib.auth.models import User`
Protect views from viewing if the user has no right to view an object 2020-03-19 01:26:06 +00:00			`from django.contrib.contenttypes.models import ContentType`
Handle permissions (and it seems working!) 2020-03-18 13:42:35 +00:00			`from django.core.exceptions import PermissionDenied`
			`from django.db.models import Q, F`

			`from note.models import Note, NoteUser, NoteClub, NoteSpecial`
			`from .models import Membership, RolePermissions, Club`
Update a lot of things 2020-03-07 12:12:17 +00:00			`from django.contrib.auth.backends import ModelBackend`
Added permission app 2019-09-18 12:26:42 +00:00

Update a lot of things 2020-03-07 12:12:17 +00:00			`class PermissionBackend(ModelBackend):`
Added permission app 2019-09-18 12:26:42 +00:00			`supports_object_permissions = True`
			`supports_anonymous_user = False`
			`supports_inactive_user = False`

Protect views from viewing if the user has no right to view an object 2020-03-19 01:26:06 +00:00			`@staticmethod`
			`def permissions(user):`
Update a lot of things 2020-03-07 12:12:17 +00:00			`for membership in Membership.objects.filter(user=user).all():`
			`if not membership.valid() or membership.roles is None:`
Added permission app 2019-09-18 12:26:42 +00:00			`continue`
Handle permissions (and it seems working!) 2020-03-18 13:42:35 +00:00
Update a lot of things 2020-03-07 12:12:17 +00:00			`for role_permissions in RolePermissions.objects.filter(role=membership.roles).all():`
			`for permission in role_permissions.permissions.all():`
Handle permissions (and it seems working!) 2020-03-18 13:42:35 +00:00			`permission = permission.about(`
			`user=user,`
			`club=membership.club,`
			`User=User,`
			`Club=Club,`
			`Membership=Membership,`
			`Note=Note,`
			`NoteUser=NoteUser,`
			`NoteClub=NoteClub,`
			`NoteSpecial=NoteSpecial,`
			`F=F,`
			`Q=Q`
			`)`
Update a lot of things 2020-03-07 12:12:17 +00:00			`yield permission`
Added permission app 2019-09-18 12:26:42 +00:00
Protect views from viewing if the user has no right to view an object 2020-03-19 01:26:06 +00:00			`@staticmethod`
			`def filter_queryset(user, model, t, field=None):`
Handle permissions (and it seems working!) 2020-03-18 13:42:35 +00:00			`"""`
			`Filter a queryset by considering the permissions of a given user.`
			`:param user: The owner of the permissions that are fetched`
			`:param model: The concerned model of the queryset`
Protect views from viewing if the user has no right to view an object 2020-03-19 01:26:06 +00:00			`:param t: The type of modification (view, add, change, delete)`
Handle permissions (and it seems working!) 2020-03-18 13:42:35 +00:00			`:param field: The field of the model to test, if concerned`
			`:return: A query that corresponds to the filter to give to a queryset`
			`"""`

			`if user.is_superuser:`
			`# Superusers have all rights`
			`return Q()`

Protect views from viewing if the user has no right to view an object 2020-03-19 01:26:06 +00:00			`if not isinstance(model, ContentType):`
			`model = ContentType.objects.get_for_model(model)`

Handle permissions (and it seems working!) 2020-03-18 13:42:35 +00:00			`# Never satisfied`
			`query = Q(pk=-1)`
Protect views from viewing if the user has no right to view an object 2020-03-19 01:26:06 +00:00			`for perm in PermissionBackend.permissions(user):`
			`if perm.field and field != perm.field:`
Handle permissions (and it seems working!) 2020-03-18 13:42:35 +00:00			`continue`
Protect views from viewing if the user has no right to view an object 2020-03-19 01:26:06 +00:00			`if perm.model != model or perm.type != t:`
Handle permissions (and it seems working!) 2020-03-18 13:42:35 +00:00			`continue`
			`query = query \| perm.query`
			`return query`

Added permission app 2019-09-18 12:26:42 +00:00			`def has_perm(self, user_obj, perm, obj=None):`
Update a lot of things 2020-03-07 12:12:17 +00:00			`if user_obj.is_superuser:`
			`return True`

Added permission app 2019-09-18 12:26:42 +00:00			`if obj is None:`
Handle permissions (and it seems working!) 2020-03-18 13:42:35 +00:00			`return True`

			`perm = perm.split('.')[-1].split('_', 2)`
			`perm_type = perm[0]`
Added permission app 2019-09-18 12:26:42 +00:00			`perm_field = perm[2] if len(perm) == 3 else None`
Handle permissions (and it seems working!) 2020-03-18 13:42:35 +00:00			`if any(permission.applies(obj, perm_type, perm_field) for permission in self.permissions(user_obj)):`
			`return True`
			`return False`
Update a lot of things 2020-03-07 12:12:17 +00:00
			`def has_module_perms(self, user_obj, app_label):`
			`return False`
Added permission app 2019-09-18 12:26:42 +00:00
			`def get_all_permissions(self, user_obj, obj=None):`
Update a lot of things 2020-03-07 12:12:17 +00:00			`return list(self.permissions(user_obj))`