Piki is a minimal wiki
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788
  1. from django.conf import settings
  2. import logging
  3. import os
  4. from .models import PikiPage
  5. logger = logging.getLogger(settings.ROOT_LOGGER_NAME).getChild(__name__)
  6. class access_control(object):
  7. def __init__(self, request, rel_path):
  8. self._request = request
  9. self._rel_path = rel_path
  10. self._user = request.user
  11. try:
  12. self._page = PikiPage.objects.get(rel_path=rel_path)
  13. except PikiPage.DoesNotExist:
  14. self._page = None
  15. self._read = None
  16. self._write = None
  17. def __analyse_access_rights__(self):
  18. if self._read is None or self._write is None:
  19. self._read = False
  20. self._write = False
  21. #
  22. if self._user.is_superuser:
  23. # A superuser has full access
  24. logger.debug("User is superuser -> full access granted")
  25. self._read = True
  26. self._write = True
  27. elif self._page is None:
  28. if self._user.is_staff:
  29. # Page creation is allowed for staff users
  30. logger.debug("Page %s does not exist and user is staff -> full access granted", repr(self._rel_path))
  31. self._read = True
  32. self._write = True
  33. else:
  34. logger.debug("Page %s does not exist and user is not staff -> no access granted", repr(self._rel_path))
  35. else:
  36. user_is_owner = self._page.owner == self._user
  37. user_in_page_group = self._page.group in self._user.groups.all()
  38. # read permissions
  39. if user_is_owner and self._page.owner_perms_read:
  40. logger.debug("Read access granted, due to owner permissions of page")
  41. self._read = True
  42. elif user_in_page_group and self._page.group_perms_read:
  43. logger.debug("Read access granted, due to group permissions of page")
  44. self._read = True
  45. elif self._page.other_perms_read:
  46. logger.debug("Read access granted, due to other permissions of page")
  47. self._read = True
  48. # write permissions
  49. if user_is_owner and self._page.owner_perms_write:
  50. logger.debug("Write access granted, due to owner permissions of page")
  51. self._write = True
  52. elif user_in_page_group and self._page.group_perms_write:
  53. logger.debug("Write access granted, due to group permissions of page")
  54. self._write = True
  55. elif self._page.other_perms_write:
  56. logger.debug("Write access granted, due to other permissions of page")
  57. self._write = True
  58. def may_read(self):
  59. self.__analyse_access_rights__()
  60. return self._read
  61. def may_write(self):
  62. self.__analyse_access_rights__()
  63. return self._write
  64. def may_read_attachment(self):
  65. return self.may_read()
  66. def may_modify_attachment(self):
  67. return self.may_write()
  68. def read_attachment(request, path):
  69. # Interface for external module mycreole
  70. rel_path = os.path.dirname(path)
  71. return access_control(request, rel_path).may_read_attachment()
  72. def modify_attachment(request, path):
  73. # Interface for external module mycreole
  74. rel_path = os.path.dirname(path)
  75. return access_control(request, rel_path).may_modify_attachment()