piki/pages/access.py

86 lines
3.3 KiB
Python
Raw Normal View History

2024-10-21 17:29:49 +02:00
from django.conf import settings
import logging
from .models import PikiPage
logger = logging.getLogger(settings.ROOT_LOGGER_NAME).getChild(__name__)
class access_control(object):
def __init__(self, request, rel_path):
self._request = request
self._rel_path = rel_path
2024-10-21 17:29:49 +02:00
self._user = request.user
try:
self._page = PikiPage.objects.get(rel_path=rel_path)
except PikiPage.DoesNotExist:
self._page = None
self._read = None
self._write = None
def __analyse_access_rights__(self):
if self._read is None or self._write is None:
self._read = False
self._write = False
#
if self._user.is_superuser:
# A superuser has full access
logger.debug("User is superuser -> full access granted")
self._read = True
self._write = True
elif self._page is None:
if self._user.is_staff:
# Page creation is allowed for staff users
logger.debug("Page does not exist and user is staff -> full access granted")
self._read = True
self._write = True
else:
logger.debug("Page does not exist and user is not staff -> no access granted")
else:
user_is_owner = self._page.owner == self._user
user_in_page_group = self._page.group in self._user.groups.all()
# read permissions
if user_is_owner and self._page.owner_perms_read:
logger.debug("Read access granted, due to owner permissions of page")
self._read = True
elif user_in_page_group and self._page.group_perms_read:
logger.debug("Read access granted, due to group permissions of page")
self._read = True
elif self._page.other_perms_read:
logger.debug("Read access granted, due to other permissions of page")
self._read = True
# write permissions
if user_is_owner and self._page.owner_perms_write:
logger.debug("Write access granted, due to owner permissions of page")
self._write = True
elif user_in_page_group and self._page.group_perms_write:
logger.debug("Write access granted, due to group permissions of page")
self._write = True
elif self._page.other_perms_write:
logger.debug("Write access granted, due to other permissions of page")
self._write = True
def may_read(self):
2024-10-21 17:29:49 +02:00
self.__analyse_access_rights__()
return self._read
def may_write(self):
2024-10-21 17:29:49 +02:00
self.__analyse_access_rights__()
return self._write
def may_read_attachment(self):
return self.may_read()
def may_modify_attachment(self):
return self.may_write()
2024-10-05 16:22:40 +02:00
def read_attachment(request, rel_path):
# Interface for external module mycreole
return access_control(request, rel_path).may_read_attachment()
2024-10-05 16:22:40 +02:00
def modify_attachment(request, rel_path):
# Interface for external module mycreole
return access_control(request, rel_path).may_modify_attachment()