ynerant/nk20
1
0
Fork 0
mirror of https://gitlab.crans.org/bde/nk20 synced 2025-06-21 01:48:21 +02:00
Code Issues Releases Wiki Activity

Protect views from viewing if the user has no right to view an object

Browse Source
This commit is contained in:
Yohann D'ANELLO
2020-03-19 02:26:06 +01:00
parent e461d70b14
commit 730d37c620
9 changed files with 116 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

0
apps/permission/templatetags/__init__.py Normal file
View File

42
apps/permission/templatetags/perms.py Normal file
View File

@ -0,0 +1,42 @@
# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
# SPDX-License-Identifier: GPL-3.0-or-later
from django.contrib.contenttypes.models import ContentType
from django.template.defaultfilters import stringfilter
from logs.middlewares import get_current_authenticated_user
from django import template
from member.backends import PermissionBackend
def has_perm(value):
return get_current_authenticated_user().has_perm(value)
@stringfilter
def not_empty_model_list(model_name):
user = get_current_authenticated_user()
if user.is_superuser:
return True
spl = model_name.split(".")
ct = ContentType.objects.get(app_label=spl[0], model=spl[1])
qs = ct.model_class().objects.filter(PermissionBackend.filter_queryset(user, ct, "view"))
return qs.exists()
@stringfilter
def not_empty_model_change_list(model_name):
user = get_current_authenticated_user()
if user.is_superuser:
return True
spl = model_name.split(".")
ct = ContentType.objects.get(app_label=spl[0], model=spl[1])
qs = ct.model_class().objects.filter(PermissionBackend.filter_queryset(user, ct, "change"))
return qs.exists()
register = template.Library()
register.filter('has_perm', has_perm)
register.filter('not_empty_model_list', not_empty_model_list)
register.filter('not_empty_model_change_list', not_empty_model_change_list)