inpt/ponytracker
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

new global perm to grant ro access on all project

Browse source
This commit is contained in:
Élie Bouttier 2014-08-30 19:26:08 -07:00
parent 81df233d5a
commit 203dc89db0
4 changed files with 69 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

30
permissions/migrations/0004_auto_20140830_2318.py Normal file
View file

@ -0,0 +1,30 @@
# -*- coding: utf-8 -*-
from __future__ import unicode_literals
from django.db import models, migrations
class Migration(migrations.Migration):
dependencies = [
('permissions', '0003_auto_20140830_2304'),
]
operations = [
migrations.AddField(
model_name='globalpermission',
name='access_project',
field=models.BooleanField(default=False),
preserve_default=True,
),
migrations.AlterField(
model_name='globalpermission',
name='create_comment',
field=models.BooleanField(default=False),
),
migrations.AlterField(
model_name='globalpermission',
name='create_issue',
field=models.BooleanField(default=False),
),
]

6
permissions/models.py
View file

@ -96,12 +96,14 @@ class GlobalPermission(PermissionModel):
# Project permissions, given on ALL projects # Project permissions, given on ALL projects
create_issue = models.BooleanField(default=True) access_project = models.BooleanField(default=False)
create_issue = models.BooleanField(default=False)
modify_issue = models.BooleanField(default=False) modify_issue = models.BooleanField(default=False)
manage_issue = models.BooleanField(default=False) manage_issue = models.BooleanField(default=False)
delete_issue = models.BooleanField(default=False) delete_issue = models.BooleanField(default=False)
create_comment = models.BooleanField(default=True) create_comment = models.BooleanField(default=False)
modify_comment = models.BooleanField(default=False) modify_comment = models.BooleanField(default=False)
delete_comment = models.BooleanField(default=False) delete_comment = models.BooleanField(default=False)

4
templates/permissions/global_perm_list.html
View file

@ -66,6 +66,10 @@
</div> </div>
<div class="tab-pane" id="project{{ perm.id }}"> <div class="tab-pane" id="project{{ perm.id }}">
<ul class="list-group"> <ul class="list-group">
<li class="list-group-item">
Access
<a href="javascript:void(0);" class="pull-right perm-toggle" data-href="{% url 'toggle-global-permission' perm.id 'access-project' %}">{{ perm.access_project|boolean }}</a>
</li>
<li class="list-group-item"> <li class="list-group-item">
Create issue Create issue
<a href="javascript:void(0);" class="pull-right perm-toggle" data-href="{% url 'toggle-global-permission' perm.id 'create-issue' %}">{{ perm.create_issue|boolean }}</a> <a href="javascript:void(0);" class="pull-right perm-toggle" data-href="{% url 'toggle-global-permission' perm.id 'create-issue' %}">{{ perm.create_issue|boolean }}</a>

41
tracker/middleware.py
View file

@ -5,6 +5,7 @@ from django.contrib.auth.decorators import login_required
from django.db.models import Q from django.db.models import Q
from tracker.models import Project from tracker.models import Project
from permissions.models import GlobalPermission
from permissions.models import PermissionModel as PermModel from permissions.models import PermissionModel as PermModel
@ -30,25 +31,45 @@ class ProjectMiddleware:
" 'django.contrib.auth.middleware.AuthenticationMiddleware'" " 'django.contrib.auth.middleware.AuthenticationMiddleware'"
" before the ProjectMiddleware class.") " before the ProjectMiddleware class.")
# projects # projectS
if request.user.is_authenticated() and request.user.is_staff: if request.user.is_authenticated() and request.user.is_staff:
projects = Project.objects.all() projects = Project.objects.all()
else: elif request.user.is_authenticated():
query = Q(access=Project.ACCESS_PUBLIC) teams = request.user.teams.values_list('id')
if request.user.is_authenticated(): groups = request.user.groups.values_list('id')
# check for a global permission allowing access
if GlobalPermission.objects.filter(access_project=True) \
.filter(
# directly
Q(grantee_type=PermModel.GRANTEE_USER,
grantee_id=request.user.id)
# through a group
| Q(grantee_type=PermModel.GRANTEE_GROUP,
grantee_id__in=groups)
# through a team
| Q(grantee_type=PermModel.GRANTEE_TEAM,
grantee_id__in=teams)
).exists():
projects = Project.objects.all()
# searching project reachable throught project permission
else:
# public project
query = Q(access=Project.ACCESS_PUBLIC)
# project reserved to logged users
query |= Q(access=Project.ACCESS_REGISTERED) query |= Q(access=Project.ACCESS_REGISTERED)
# access granted through a team # access granted through a team
teams = request.user.teams.values_list('id')
query |= Q(permissions__grantee_type=PermModel.GRANTEE_TEAM, query |= Q(permissions__grantee_type=PermModel.GRANTEE_TEAM,
permissions__grantee_id__in=teams) permissions__grantee_id__in=teams)
# access granted through a group # access granted through a group
groups = request.user.groups.values_list('id')
query |= Q(permissions__grantee_type=PermModel.GRANTEE_GROUP, query |= Q(permissions__grantee_type=PermModel.GRANTEE_GROUP,
permissions__grantee_id__in=groups) permissions__grantee_id__in=groups)
# access granted by specific permission # access granted by specific permission
query |= Q(permissions__grantee_type=PermModel.GRANTEE_USER, query |= Q(permissions__grantee_type=PermModel.GRANTEE_USER,
permissions__grantee_id=request.user.id) permissions__grantee_id=request.user.id)
projects = Project.objects.filter(query).distinct() projects = Project.objects.filter(query).distinct()
else:
# only public projects
projects = Project.objects.filter(access=Project.ACCESS_PUBLIC)
request.projects = projects request.projects = projects
# project # project