restricting access using permissions, first step
This commit is contained in:
Élie Bouttier
parent
be4df3a1f7
commit
d881679b7e
7 changed files with 79 additions and 14 deletions
|
|
@ -50,6 +50,13 @@ class Project(models.Model):
|
|||
verbose_name="Do unregistered users have read access "
|
||||
"to this project?")
|
||||
|
||||
def grant_user(self, user):
|
||||
perm = ProjectPermission(project=self,
|
||||
manage_project_permission=True,
|
||||
grantee_type=PermissionModel.GRANTEE_USER,
|
||||
grantee_name=user.username)
|
||||
perm.save()
|
||||
|
||||
def __str__(self):
|
||||
|
||||
return self.display_name
|
||||
|
|
|
|||
11
issue/shortcuts.py
Normal file
11
issue/shortcuts.py
Normal file
|
|
@ -0,0 +1,11 @@
|
|||
from django.contrib.auth.views import redirect_to_login
|
||||
|
||||
|
||||
def permission_granted_or_login(request, perm):
|
||||
|
||||
if hasattr(request, 'project'):
|
||||
project = request.project
|
||||
else:
|
||||
project = None
|
||||
if not request.user.has_perm(perm, project):
|
||||
return redirect_to_login(request.build_absolute_uri())
|
||||
|
|
@ -51,14 +51,19 @@
|
|||
<li class="dropdown">
|
||||
<a href="#" class="dropdown-toggle" data-toggle="dropdown">Project <span class="caret"></span></a>
|
||||
<ul class="dropdown-menu" role="menu">
|
||||
{% if projects.exists %}
|
||||
{% for p in projects %}
|
||||
<li role="presentation"><a role="menuitem" tabindex="-1" href="{% url 'list-issue' p.name %}">{{ p }}</a></li>
|
||||
{% endfor %}
|
||||
{% if projects.count %}
|
||||
<li role="presentation" class="divider"></li>
|
||||
{% else %}
|
||||
<li role="presentation"><a role="munitem" tabindex="-1" href="#"><em>No project</em></a></li>
|
||||
{% endif %}
|
||||
{% block projectmenu %}{% endblock %}
|
||||
{% block projectmenu %}
|
||||
{% if perm.create_project %}
|
||||
<li role="presentation" class="divider"></li>
|
||||
<li role="presentation"><a role="menuitem" tabindex="-1" href="{% url 'add-project' %}">New project…</a></li>
|
||||
{% endif %}
|
||||
{% endblock %}
|
||||
</ul>
|
||||
</li>
|
||||
{% if request.user.is_authenticated %}
|
||||
|
|
|
|||
|
|
@ -4,10 +4,21 @@
|
|||
{% block page_title %}{{ project }}{% endblock %}
|
||||
|
||||
{% block projectmenu %}
|
||||
<li role="presentation"><a role="menuitem" tabindex="-1" href="{% url 'list-project-permission' project.name %}">Manage permissions</a></li>
|
||||
<li role="presentation"><a role="menuitem" tabindex="-1" href="{% url 'edit-project' project.name %}">Modify this project</a></li>
|
||||
<li role="presentation"><a role="menuitem" tabindex="-1" href="{% url 'delete-project' project.name %}">Delete this project</a></li>
|
||||
{% if perm.manage_permission or perm.modify_project or perm.delete_project or perm.create_project %}
|
||||
<li role="presentation" class="divider"></li>
|
||||
{% if perm.manage_permission %}
|
||||
<li role="presentation"><a role="menuitem" tabindex="-1" href="{% url 'list-project-permission' project.name %}">Manage permissions</a></li>
|
||||
{% endif %}
|
||||
{% if perm.modify_project %}
|
||||
<li role="presentation"><a role="menuitem" tabindex="-1" href="{% url 'edit-project' project.name %}">Modify this project</a></li>
|
||||
{% endif %}
|
||||
{% if perm.delete_project %}
|
||||
<li role="presentation"><a role="menuitem" tabindex="-1" href="{% url 'delete-project' project.name %}">Delete this project</a></li>
|
||||
{% endif %}
|
||||
{% if perm.create_project %}
|
||||
<li role="presentation"><a role="menuitem" tabindex="-1" href="{% url 'add-project' %}">New project…</a></li>
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
{% endblock %}
|
||||
|
||||
{% block navbar %}
|
||||
|
|
|
|||
|
|
@ -10,13 +10,16 @@
|
|||
<div class="panel-heading">
|
||||
<h1>
|
||||
Projects
|
||||
{% if perm.create_project %}
|
||||
<div class="pull-right">
|
||||
<a href="{% url 'add-project' %}"><button class="btn btn-success">Add project</button></a>
|
||||
</div>
|
||||
{% endif %}
|
||||
</h1>
|
||||
</div>
|
||||
|
||||
<div class="panel-body">
|
||||
{% if projects.exists %}
|
||||
<div class="row">
|
||||
<div class="col-md-3">
|
||||
<strong>Name</strong>
|
||||
|
|
@ -40,6 +43,11 @@
|
|||
</div>
|
||||
</div>
|
||||
{% endfor %}
|
||||
{% elif user.is_authenticated %}
|
||||
<em>Sorry, you have no access to any project.</em>
|
||||
{% else %}
|
||||
<em>There is not any public project. You should probably <a href="{% url 'login' %}">login</a>.</em>
|
||||
{% endif %}
|
||||
</div>
|
||||
|
||||
{% endblock %}
|
||||
|
|
|
|||
|
|
@ -124,7 +124,7 @@ class TestViews(TestCase):
|
|||
self.assertRedirects(response, expected_url)
|
||||
|
||||
def test_add_project(self):
|
||||
expected_url = reverse('list-issue', args=['test'])
|
||||
expected_url = reverse('list-project-permission', args=['test'])
|
||||
url = reverse('add-project')
|
||||
response = self.client.post(url, {
|
||||
'name': 'test',
|
||||
|
|
|
|||
|
|
@ -1,14 +1,17 @@
|
|||
from django.shortcuts import render, redirect, get_object_or_404
|
||||
from django.contrib import messages
|
||||
from django.core.exceptions import ObjectDoesNotExist
|
||||
from django.http import Http404
|
||||
from django.core.exceptions import ObjectDoesNotExist, PermissionDenied
|
||||
from django.contrib.auth.decorators import login_required, permission_required
|
||||
from django.http import Http404, HttpResponseForbidden
|
||||
|
||||
from issue.models import *
|
||||
from issue.forms import *
|
||||
from issue.shortcuts import permission_granted_or_login
|
||||
|
||||
import shlex
|
||||
|
||||
|
||||
@login_required
|
||||
def profile(request):
|
||||
|
||||
user = User.objects.get(username=request.user)
|
||||
|
|
@ -21,6 +24,7 @@ def profile(request):
|
|||
return render(request, 'issue/profile.html', c)
|
||||
|
||||
|
||||
@permission_required('manage_permission')
|
||||
def global_permission_list(request):
|
||||
|
||||
permissions = GlobalPermission.objects.all()
|
||||
|
|
@ -32,6 +36,7 @@ def global_permission_list(request):
|
|||
return render(request, 'issue/global_permission_list.html', c)
|
||||
|
||||
|
||||
@permission_required('manage_permission')
|
||||
def global_permission_edit(request, id=None):
|
||||
|
||||
if id:
|
||||
|
|
@ -61,6 +66,7 @@ def global_permission_edit(request, id=None):
|
|||
return render(request, 'issue/global_permission_edit.html', c)
|
||||
|
||||
|
||||
@permission_required('manage_permission')
|
||||
def global_permission_toggle(request, id, perm):
|
||||
|
||||
permission = get_object_or_404(GlobalPermission, id=id)
|
||||
|
|
@ -71,7 +77,6 @@ def global_permission_toggle(request, id, perm):
|
|||
perm = perm.replace('-', '_')
|
||||
|
||||
if hasattr(permission, perm):
|
||||
print(type(getattr(permission, perm)))
|
||||
setattr(permission, perm, not getattr(permission, perm))
|
||||
permission.save()
|
||||
else:
|
||||
|
|
@ -80,6 +85,7 @@ def global_permission_toggle(request, id, perm):
|
|||
return redirect('list-global-permission')
|
||||
|
||||
|
||||
@permission_required('manage_permission')
|
||||
def global_permission_delete(request, id):
|
||||
|
||||
permission = get_object_or_404(GlobalPermission, id=id)
|
||||
|
|
@ -93,6 +99,8 @@ def global_permission_delete(request, id):
|
|||
|
||||
def project_permission_list(request, project):
|
||||
|
||||
permission_granted_or_login(request, 'manage_project_permission')
|
||||
|
||||
permissions = ProjectPermission.objects.filter(project=project)
|
||||
|
||||
c = {
|
||||
|
|
@ -105,6 +113,8 @@ def project_permission_list(request, project):
|
|||
|
||||
def project_permission_edit(request, project, id=None):
|
||||
|
||||
permission_granted_or_login(request, 'manage_project_permission')
|
||||
|
||||
if id:
|
||||
permission = get_object_or_404(ProjectPermission,
|
||||
project=project, id=id)
|
||||
|
|
@ -135,6 +145,8 @@ def project_permission_edit(request, project, id=None):
|
|||
|
||||
def project_permission_toggle(request, project, id, perm):
|
||||
|
||||
permission_granted_or_login(request, 'manage_project_permission')
|
||||
|
||||
permission = get_object_or_404(ProjectPermission, project=project, id=id)
|
||||
|
||||
# to be sure to dont modify other attribut with the following trick
|
||||
|
|
@ -154,6 +166,8 @@ def project_permission_toggle(request, project, id, perm):
|
|||
|
||||
def project_permission_delete(request, project, id):
|
||||
|
||||
permission_granted_or_login(request, 'manage_project_permission')
|
||||
|
||||
permission = get_object_or_404(ProjectPermission, project=project, id=id)
|
||||
|
||||
permission.delete()
|
||||
|
|
@ -167,13 +181,14 @@ def project_list(request):
|
|||
|
||||
if not request.projects.exists():
|
||||
|
||||
messages.info(request, 'Start by creating a project.')
|
||||
|
||||
return redirect('add-project')
|
||||
if request.user.has_perm('create_project'):
|
||||
messages.info(request, 'Start by creating a project.')
|
||||
return redirect('add-project')
|
||||
|
||||
return render(request, 'issue/project_list.html')
|
||||
|
||||
|
||||
@permission_required('create_project')
|
||||
def project_add(request):
|
||||
|
||||
form = AddProjectForm(request.POST or None)
|
||||
|
|
@ -187,7 +202,13 @@ def project_add(request):
|
|||
else:
|
||||
project = form.save()
|
||||
messages.success(request, 'Project added successfully.')
|
||||
return redirect('list-issue', project.name)
|
||||
project.grant_user(request.user)
|
||||
perm = ProjectPermission(project=project,
|
||||
manage_project_permission=True,
|
||||
grantee_type=PermissionModel.GRANTEE_USER,
|
||||
grantee_name=request.user.username)
|
||||
perm.save()
|
||||
return redirect('list-project-permission', project.name)
|
||||
|
||||
c = {
|
||||
'form': form,
|
||||
|
|
@ -196,6 +217,7 @@ def project_add(request):
|
|||
return render(request, 'issue/project_add.html', c)
|
||||
|
||||
|
||||
@permission_required('modify_project')
|
||||
def project_edit(request, project):
|
||||
|
||||
form = EditProjectForm(request.POST or None, instance=project)
|
||||
|
|
@ -220,6 +242,7 @@ def project_edit(request, project):
|
|||
return render(request, 'issue/project_edit.html', c)
|
||||
|
||||
|
||||
@permission_required('delete_project')
|
||||
def project_delete(request, project):
|
||||
|
||||
project.delete()
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue