Piki is a minimal wiki
Nelze vybrat více než 25 témat Téma musí začínat písmenem nebo číslem, může obsahovat pomlčky („-“) a může být dlouhé až 35 znaků.

access.py 3.3KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485
  1. from django.conf import settings
  2. import logging
  3. from .models import PikiPage
  4. logger = logging.getLogger(settings.ROOT_LOGGER_NAME).getChild(__name__)
  5. class access_control(object):
  6. def __init__(self, request, rel_path):
  7. self._request = request
  8. self._rel_path = rel_path
  9. self._user = request.user
  10. try:
  11. self._page = PikiPage.objects.get(rel_path=rel_path)
  12. except PikiPage.DoesNotExist:
  13. self._page = None
  14. self._read = None
  15. self._write = None
  16. def __analyse_access_rights__(self):
  17. if self._read is None or self._write is None:
  18. self._read = False
  19. self._write = False
  20. #
  21. if self._user.is_superuser:
  22. # A superuser has full access
  23. logger.debug("User is superuser -> full access granted")
  24. self._read = True
  25. self._write = True
  26. elif self._page is None:
  27. if self._user.is_staff:
  28. # Page creation is allowed for staff users
  29. logger.debug("Page does not exist and user is staff -> full access granted")
  30. self._read = True
  31. self._write = True
  32. else:
  33. logger.debug("Page does not exist and user is not staff -> no access granted")
  34. else:
  35. user_is_owner = self._page.owner == self._user
  36. user_in_page_group = self._page.group in self._user.groups.all()
  37. # read permissions
  38. if user_is_owner and self._page.owner_perms_read:
  39. logger.debug("Read access granted, due to owner permissions of page")
  40. self._read = True
  41. elif user_in_page_group and self._page.group_perms_read:
  42. logger.debug("Read access granted, due to group permissions of page")
  43. self._read = True
  44. elif self._page.other_perms_read:
  45. logger.debug("Read access granted, due to other permissions of page")
  46. self._read = True
  47. # write permissions
  48. if user_is_owner and self._page.owner_perms_write:
  49. logger.debug("Write access granted, due to owner permissions of page")
  50. self._write = True
  51. elif user_in_page_group and self._page.group_perms_write:
  52. logger.debug("Write access granted, due to group permissions of page")
  53. self._write = True
  54. elif self._page.other_perms_write:
  55. logger.debug("Write access granted, due to other permissions of page")
  56. self._write = True
  57. def may_read(self):
  58. self.__analyse_access_rights__()
  59. return self._read
  60. def may_write(self):
  61. self.__analyse_access_rights__()
  62. return self._write
  63. def may_read_attachment(self):
  64. return self.may_read()
  65. def may_modify_attachment(self):
  66. return self.may_write()
  67. def read_attachment(request, rel_path):
  68. # Interface for external module mycreole
  69. return access_control(request, rel_path).may_read_attachment()
  70. def modify_attachment(request, rel_path):
  71. # Interface for external module mycreole
  72. return access_control(request, rel_path).may_modify_attachment()