12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485 |
- from django.conf import settings
- import logging
-
- from .models import PikiPage
-
- logger = logging.getLogger(settings.ROOT_LOGGER_NAME).getChild(__name__)
-
-
- class access_control(object):
- def __init__(self, request, rel_path):
- self._request = request
- self._rel_path = rel_path
- self._user = request.user
- try:
- self._page = PikiPage.objects.get(rel_path=rel_path)
- except PikiPage.DoesNotExist:
- self._page = None
- self._read = None
- self._write = None
-
- def __analyse_access_rights__(self):
- if self._read is None or self._write is None:
- self._read = False
- self._write = False
- #
- if self._user.is_superuser:
- # A superuser has full access
- logger.debug("User is superuser -> full access granted")
- self._read = True
- self._write = True
- elif self._page is None:
- if self._user.is_staff:
- # Page creation is allowed for staff users
- logger.debug("Page does not exist and user is staff -> full access granted")
- self._read = True
- self._write = True
- else:
- logger.debug("Page does not exist and user is not staff -> no access granted")
- else:
- user_is_owner = self._page.owner == self._user
- user_in_page_group = self._page.group in self._user.groups.all()
- # read permissions
- if user_is_owner and self._page.owner_perms_read:
- logger.debug("Read access granted, due to owner permissions of page")
- self._read = True
- elif user_in_page_group and self._page.group_perms_read:
- logger.debug("Read access granted, due to group permissions of page")
- self._read = True
- elif self._page.other_perms_read:
- logger.debug("Read access granted, due to other permissions of page")
- self._read = True
- # write permissions
- if user_is_owner and self._page.owner_perms_write:
- logger.debug("Write access granted, due to owner permissions of page")
- self._write = True
- elif user_in_page_group and self._page.group_perms_write:
- logger.debug("Write access granted, due to group permissions of page")
- self._write = True
- elif self._page.other_perms_write:
- logger.debug("Write access granted, due to other permissions of page")
- self._write = True
-
- def may_read(self):
- self.__analyse_access_rights__()
- return self._read
-
- def may_write(self):
- self.__analyse_access_rights__()
- return self._write
-
- def may_read_attachment(self):
- return self.may_read()
-
- def may_modify_attachment(self):
- return self.may_write()
-
-
- def read_attachment(request, rel_path):
- # Interface for external module mycreole
- return access_control(request, rel_path).may_read_attachment()
-
-
- def modify_attachment(request, rel_path):
- # Interface for external module mycreole
- return access_control(request, rel_path).may_modify_attachment()
|