cms.utils.page_resolver << index >> cms.utils.placeholder

cms.utils.permissions: 118 total statements, 0.0% covered

Generated: Wed 2013-03-13 10:33 CET

Source file: /media/Envs/Envs/filer-gallery/lib/python2.7/site-packages/cms/utils/permissions.py

Stats: 0 executed, 105 missed, 13 excluded, 182 ignored

  1. # -*- coding: utf-8 -*-
  2. from cms.exceptions import NoPermissionsException
  3. from cms.models import Page, PagePermission, GlobalPagePermission
  4. from cms.plugin_pool import plugin_pool
  5. from django.conf import settings
  6. from django.contrib.auth.models import User, Group
  7. from django.contrib.sites.models import Site
  8. from django.db.models import Q
  9. from django.utils.translation import ugettext_lazy as _
  13. try:
  14. from threading import local
  15. except ImportError:
  16. from django.utils._threading_local import local
  18. # thread local support
  19. _thread_locals = local()
  21. def set_current_user(user):
  22. """
  23. Assigns current user from request to thread_locals, used by
  24. CurrentUserMiddleware.
  25. """
  26. _thread_locals.user=user
  28. def get_current_user():
  29. """
  30. Returns current user, or None
  31. """
  32. return getattr(_thread_locals, 'user', None)
  34. def has_page_add_permission(request):
  35. """
  36. Return true if the current user has permission to add a new page. This is
  37. just used for general add buttons - only superuser, or user with can_add in
  38. globalpagepermission can add page.
  41. Special case occur when page is going to be added from add page button in
  42. change list - then we have target and position there, so check if user can
  43. add page under target page will occur.
  44. """
  45. opts = Page._meta
  46. if request.user.is_superuser:
  47. return True
  49. # if add under page
  50. target = request.GET.get('target', None)
  51. position = request.GET.get('position', None)
  53. if target is not None:
  54. try:
  55. page = Page.objects.get(pk=target)
  56. except Page.DoesNotExist:
  57. return False
  58. if (request.user.has_perm(opts.app_label + '.' + opts.get_add_permission()) and
  59. has_global_page_permission(request, page.site_id, can_add=True)):
  60. return True
  61. if position in ("first-child", "last-child"):
  62. return page.has_add_permission(request)
  63. elif position in ("left", "right"):
  64. if page.parent_id:
  65. return has_generic_permission(page.parent_id, request.user, "add", page.site)
  66. #return page.parent.has_add_permission(request)
  67. else:
  68. from cms.utils.plugins import current_site
  69. site = current_site(request)
  70. if (request.user.has_perm(opts.app_label + '.' + opts.get_add_permission()) and
  71. has_global_page_permission(request, site, can_add=True)):
  72. return True
  73. return False
  75. def has_any_page_change_permissions(request):
  76. from cms.utils.plugins import current_site
  77. return PagePermission.objects.filter(
  78. page__site=current_site(request)
  79. ).filter((
  80. Q(user=request.user) |
  81. Q(group__in=request.user.groups.all())
  82. )).exists()
  84. def has_page_change_permission(request):
  85. """
  86. Return true if the current user has permission to change any page. This is
  87. just used for building the tree - only superuser, or user with can_change in
  88. globalpagepermission can change a page.
  89. """
  90. from cms.utils.plugins import current_site
  91. opts = Page._meta
  92. if request.user.is_superuser or (
  93. request.user.has_perm(opts.app_label + '.' + opts.get_change_permission()) and (
  94. has_global_page_permission(request, current_site(request), can_change=True))
  95. or has_any_page_change_permissions(request)):
  96. return True
  97. return False
  100. def has_global_page_permission(request, site, **filters):
  101. """
  102. A helper function to check for global page permissions for the current user
  103. and site. Caches the result on a request basis, so multiple calls to this
  104. funtion inside of one request/response cycle only generate one query.
  106. :param request: the Request object
  107. :param site: the Site object or ID
  108. :param filters: queryset filters, e.g. ``can_add = True``
  109. :return: ``True`` or ``False``
  110. """
  111. if not hasattr(request, '_cms_global_perms'):
  112. request._cms_global_perms = {}
  113. key = (site.pk if hasattr(site, 'pk') else int(site),) + tuple((k, v) for k, v in filters.iteritems())
  114. if key not in request._cms_global_perms:
  115. request._cms_global_perms[key] = GlobalPagePermission.objects.with_user(request.user).filter(sites__in=[site], **filters).exists()
  116. return request._cms_global_perms[key]
  119. def get_any_page_view_permissions(request, page):
  120. """
  121. Used by the admin template tag is_restricted
  122. """
  123. return PagePermission.objects.for_page(page=page).filter(can_view=True)
  126. def get_user_permission_level(user):
  127. """
  128. Returns highest user level from the page/permission hierarchy on which
  129. user haves can_change_permission. Also takes look into user groups. Higher
  130. level equals to lover number. Users on top of hierarchy have level 0. Level
  131. is the same like page.level attribute.
  133. Example:
  134. A,W level 0
  135. / \
  136. user B,GroupE level 1
  137. / \
  138. C,X D,Y,W level 2
  140. Users A, W have user level 0. GroupE and all his users have user level 1
  141. If user D is a member of GroupE, his user level will be 1, otherwise is
  142. 2.
  144. """
  145. if (user.is_superuser or
  146. GlobalPagePermission.objects.with_can_change_permissions(user).exists()):
  147. # those
  148. return 0
  149. try:
  150. permission = PagePermission.objects.with_can_change_permissions(user).order_by('page__level')[0]
  151. except IndexError:
  152. # user is'nt assigned to any node
  153. raise NoPermissionsException
  154. return permission.page.level
  156. def get_subordinate_users(user):
  157. """
  158. Returns users queryset, containing all subordinate users to given user
  159. including users created by given user and not assigned to any page.
  161. Not assigned users must be returned, because they shouldn't get lost, and
  162. user should still have possibility to see them.
  164. Only users created_by given user which are on the same, or lover level are
  165. returned.
  167. If user haves global permissions or is a superuser, then he can see all the
  168. users.
  170. This function is currently used in PagePermissionInlineAdminForm for limit
  171. users in permission combobox.
  173. Example:
  174. A,W level 0
  175. / \
  176. user B,GroupE level 1
  177. Z / \
  178. C,X D,Y,W level 2
  180. Rules: W was created by user, Z was created by user, but is not assigned
  181. to any page.
  183. Will return [user, C, X, D, Y, Z]. W was created by user, but is also
  184. assigned to higher level.
  185. """
  187. # TODO: try to merge with PagePermissionManager.subordinate_to_user()
  189. if user.is_superuser or \
  190. GlobalPagePermission.objects.with_can_change_permissions(user):
  191. return User.objects.all()
  192. site = Site.objects.get_current()
  193. page_id_allow_list = Page.permissions.get_change_permissions_id_list(user, site)
  194. try:
  195. user_level = get_user_permission_level(user)
  196. except NoPermissionsException:
  197. # no permission so only staff and no page permissions
  198. qs = User.objects.distinct().filter(
  199. Q(is_staff=True) &
  200. Q(pageuser__created_by=user) &
  201. Q(pagepermission__page=None)
  202. )
  203. qs = qs.exclude(pk=user.id).exclude(groups__user__pk=user.id)
  204. return qs
  205. # normal query
  206. qs = User.objects.distinct().filter(
  207. Q(is_staff=True) &
  208. (Q(pagepermission__page__id__in=page_id_allow_list) & Q(pagepermission__page__level__gte=user_level))
  209. | (Q(pageuser__created_by=user) & Q(pagepermission__page=None))
  210. )
  211. qs = qs.exclude(pk=user.id).exclude(groups__user__pk=user.id)
  212. return qs
  214. def get_subordinate_groups(user):
  215. """
  216. Simillar to get_subordinate_users, but returns queryset of Groups instead
  217. of Users.
  218. """
  219. if (user.is_superuser or
  220. GlobalPagePermission.objects.with_can_change_permissions(user)):
  221. return Group.objects.all()
  222. site = Site.objects.get_current()
  223. page_id_allow_list = Page.permissions.get_change_permissions_id_list(user, site)
  224. try:
  225. user_level = get_user_permission_level(user)
  226. except NoPermissionsException:
  227. # no permission no records
  228. # page_id_allow_list is empty
  229. qs = Group.objects.distinct().filter(
  230. Q(pageusergroup__created_by=user) &
  231. Q(pagepermission__page=None)
  232. )
  233. return qs
  235. qs = Group.objects.distinct().filter(
  236. (Q(pagepermission__page__id__in=page_id_allow_list) & Q(pagepermission__page__level__gte=user_level))
  237. | (Q(pageusergroup__created_by=user) & Q(pagepermission__page=None))
  238. )
  239. return qs
  241. def has_global_change_permissions_permission(user):
  242. opts = GlobalPagePermission._meta
  243. if user.is_superuser or (
  244. user.has_perm(opts.app_label + '.' + opts.get_change_permission()) and
  245. GlobalPagePermission.objects.with_user(user).filter(can_change=True).exists()):
  246. return True
  247. return False
  249. def has_generic_permission(page_id, user, attr, site):
  250. """
  251. Permission getter for single page with given id.
  252. """
  253. func = getattr(Page.permissions, "get_%s_id_list" % attr)
  254. permission = func(user, site)
  255. return permission == Page.permissions.GRANT_ALL or page_id in permission
  258. def get_user_sites_queryset(user):
  259. """
  260. Returns queryset of all sites available for given user.
  262. 1. For superuser always returns all sites.
  263. 2. For global user returns all sites he haves in global page permissions
  264. together with any sites he is assigned to over an page.
  265. 3. For standard user returns just sites he is assigned to over pages.
  266. """
  267. qs = Site.objects.all()
  269. if user.is_superuser:
  270. return qs
  272. global_ids = GlobalPagePermission.objects.with_user(user).filter(
  273. Q(can_add=True) | Q(can_change=True)
  274. ).values_list('id', flat=True)
  276. query = Q()
  277. if global_ids:
  278. query = Q(globalpagepermission__id__in=global_ids)
  279. # haves some global permissions assigned
  280. if not qs.filter(query).exists():
  281. # haves global permissions, but none of sites is specified,
  282. # so he haves access to all sites
  283. return qs
  284. # add some pages if he has permission to add / change them
  285. query |= Q(Q(page__pagepermission__user=user) | Q(page__pagepermission__group__user=user)) & \
  286. (Q(Q(page__pagepermission__can_add=True) | Q(page__pagepermission__can_change=True)))
  287. return qs.filter(query).distinct()
  290. def has_plugin_permission(user, plugin_type, permission_type):
  291. """
  292. Checks that a user has permissions for the plugin-type given to performe
  293. the action defined in permission_type
  294. permission_type should be 'add', 'change' or 'delete'.
  295. """
  296. plugin_class = plugin_pool.get_plugin(plugin_type)
  297. plugin_model = plugin_class.model
  298. plugin_opts = plugin_model._meta
  299. return user.has_perm('%s.%s_%s' % (plugin_opts.app_label, permission_type,
  300. plugin_opts.object_name.lower()))
cms.utils.page_resolver << index >> cms.utils.placeholder