2024-10-21 07:20:37 +02:00
|
|
|
class access_control(object):
|
|
|
|
|
def __init__(self, request, rel_path):
|
|
|
|
|
self._request = request
|
|
|
|
|
self._rel_path = rel_path
|
2024-10-05 11:55:55 +02:00
|
|
|
|
2024-10-21 07:20:37 +02:00
|
|
|
def may_read(self):
|
|
|
|
|
return "private" not in self._rel_path or self.may_write()
|
2024-10-05 11:55:55 +02:00
|
|
|
|
2024-10-21 07:20:37 +02:00
|
|
|
def may_write(self):
|
|
|
|
|
# /!\ rel_path is the filsystem rel_path - caused by the flat folder structure /!\
|
|
|
|
|
return self._request.user.is_authenticated and self._request.user.username in ['root', 'dirk']
|
|
|
|
|
|
|
|
|
|
def may_read_attachment(self):
|
|
|
|
|
return self.may_read()
|
|
|
|
|
|
|
|
|
|
def may_modify_attachment(self):
|
|
|
|
|
return self.may_write()
|
2024-10-05 16:22:40 +02:00
|
|
|
|
|
|
|
|
|
|
|
|
|
def read_attachment(request, rel_path):
|
2024-10-21 07:20:37 +02:00
|
|
|
# Interface for external module mycreole
|
|
|
|
|
return access_control(request, rel_path).may_read_attachment()
|
2024-10-05 16:22:40 +02:00
|
|
|
|
|
|
|
|
|
2024-10-05 11:55:55 +02:00
|
|
|
def modify_attachment(request, rel_path):
|
2024-10-21 07:20:37 +02:00
|
|
|
# Interface for external module mycreole
|
|
|
|
|
return access_control(request, rel_path).may_modify_attachment()
|
