restricting access using permissions, first step
This commit is contained in:
Élie Bouttier
parent
be4df3a1f7
commit
d881679b7e
7 changed files with 79 additions and 14 deletions
|
|
@ -50,6 +50,13 @@ class Project(models.Model):
|
||||||
verbose_name="Do unregistered users have read access "
|
verbose_name="Do unregistered users have read access "
|
||||||
"to this project?")
|
"to this project?")
|
||||||
|
|
||||||
|
def grant_user(self, user):
|
||||||
|
perm = ProjectPermission(project=self,
|
||||||
|
manage_project_permission=True,
|
||||||
|
grantee_type=PermissionModel.GRANTEE_USER,
|
||||||
|
grantee_name=user.username)
|
||||||
|
perm.save()
|
||||||
|
|
||||||
def __str__(self):
|
def __str__(self):
|
||||||
|
|
||||||
return self.display_name
|
return self.display_name
|
||||||
|
|
|
||||||
11
issue/shortcuts.py
Normal file
11
issue/shortcuts.py
Normal file
|
|
@ -0,0 +1,11 @@
|
||||||
|
from django.contrib.auth.views import redirect_to_login
|
||||||
|
|
||||||
|
|
||||||
|
def permission_granted_or_login(request, perm):
|
||||||
|
|
||||||
|
if hasattr(request, 'project'):
|
||||||
|
project = request.project
|
||||||
|
else:
|
||||||
|
project = None
|
||||||
|
if not request.user.has_perm(perm, project):
|
||||||
|
return redirect_to_login(request.build_absolute_uri())
|
||||||
|
|
@ -51,14 +51,19 @@
|
||||||
<li class="dropdown">
|
<li class="dropdown">
|
||||||
<a href="#" class="dropdown-toggle" data-toggle="dropdown">Project <span class="caret"></span></a>
|
<a href="#" class="dropdown-toggle" data-toggle="dropdown">Project <span class="caret"></span></a>
|
||||||
<ul class="dropdown-menu" role="menu">
|
<ul class="dropdown-menu" role="menu">
|
||||||
|
{% if projects.exists %}
|
||||||
{% for p in projects %}
|
{% for p in projects %}
|
||||||
<li role="presentation"><a role="menuitem" tabindex="-1" href="{% url 'list-issue' p.name %}">{{ p }}</a></li>
|
<li role="presentation"><a role="menuitem" tabindex="-1" href="{% url 'list-issue' p.name %}">{{ p }}</a></li>
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
{% if projects.count %}
|
{% else %}
|
||||||
<li role="presentation" class="divider"></li>
|
<li role="presentation"><a role="munitem" tabindex="-1" href="#"><em>No project</em></a></li>
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% block projectmenu %}{% endblock %}
|
{% block projectmenu %}
|
||||||
|
{% if perm.create_project %}
|
||||||
|
<li role="presentation" class="divider"></li>
|
||||||
<li role="presentation"><a role="menuitem" tabindex="-1" href="{% url 'add-project' %}">New project…</a></li>
|
<li role="presentation"><a role="menuitem" tabindex="-1" href="{% url 'add-project' %}">New project…</a></li>
|
||||||
|
{% endif %}
|
||||||
|
{% endblock %}
|
||||||
</ul>
|
</ul>
|
||||||
</li>
|
</li>
|
||||||
{% if request.user.is_authenticated %}
|
{% if request.user.is_authenticated %}
|
||||||
|
|
|
||||||
|
|
@ -4,10 +4,21 @@
|
||||||
{% block page_title %}{{ project }}{% endblock %}
|
{% block page_title %}{{ project }}{% endblock %}
|
||||||
|
|
||||||
{% block projectmenu %}
|
{% block projectmenu %}
|
||||||
<li role="presentation"><a role="menuitem" tabindex="-1" href="{% url 'list-project-permission' project.name %}">Manage permissions</a></li>
|
{% if perm.manage_permission or perm.modify_project or perm.delete_project or perm.create_project %}
|
||||||
<li role="presentation"><a role="menuitem" tabindex="-1" href="{% url 'edit-project' project.name %}">Modify this project</a></li>
|
|
||||||
<li role="presentation"><a role="menuitem" tabindex="-1" href="{% url 'delete-project' project.name %}">Delete this project</a></li>
|
|
||||||
<li role="presentation" class="divider"></li>
|
<li role="presentation" class="divider"></li>
|
||||||
|
{% if perm.manage_permission %}
|
||||||
|
<li role="presentation"><a role="menuitem" tabindex="-1" href="{% url 'list-project-permission' project.name %}">Manage permissions</a></li>
|
||||||
|
{% endif %}
|
||||||
|
{% if perm.modify_project %}
|
||||||
|
<li role="presentation"><a role="menuitem" tabindex="-1" href="{% url 'edit-project' project.name %}">Modify this project</a></li>
|
||||||
|
{% endif %}
|
||||||
|
{% if perm.delete_project %}
|
||||||
|
<li role="presentation"><a role="menuitem" tabindex="-1" href="{% url 'delete-project' project.name %}">Delete this project</a></li>
|
||||||
|
{% endif %}
|
||||||
|
{% if perm.create_project %}
|
||||||
|
<li role="presentation"><a role="menuitem" tabindex="-1" href="{% url 'add-project' %}">New project…</a></li>
|
||||||
|
{% endif %}
|
||||||
|
{% endif %}
|
||||||
{% endblock %}
|
{% endblock %}
|
||||||
|
|
||||||
{% block navbar %}
|
{% block navbar %}
|
||||||
|
|
|
||||||
|
|
@ -10,13 +10,16 @@
|
||||||
<div class="panel-heading">
|
<div class="panel-heading">
|
||||||
<h1>
|
<h1>
|
||||||
Projects
|
Projects
|
||||||
|
{% if perm.create_project %}
|
||||||
<div class="pull-right">
|
<div class="pull-right">
|
||||||
<a href="{% url 'add-project' %}"><button class="btn btn-success">Add project</button></a>
|
<a href="{% url 'add-project' %}"><button class="btn btn-success">Add project</button></a>
|
||||||
</div>
|
</div>
|
||||||
|
{% endif %}
|
||||||
</h1>
|
</h1>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<div class="panel-body">
|
<div class="panel-body">
|
||||||
|
{% if projects.exists %}
|
||||||
<div class="row">
|
<div class="row">
|
||||||
<div class="col-md-3">
|
<div class="col-md-3">
|
||||||
<strong>Name</strong>
|
<strong>Name</strong>
|
||||||
|
|
@ -40,6 +43,11 @@
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
|
{% elif user.is_authenticated %}
|
||||||
|
<em>Sorry, you have no access to any project.</em>
|
||||||
|
{% else %}
|
||||||
|
<em>There is not any public project. You should probably <a href="{% url 'login' %}">login</a>.</em>
|
||||||
|
{% endif %}
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
{% endblock %}
|
{% endblock %}
|
||||||
|
|
|
||||||
|
|
@ -124,7 +124,7 @@ class TestViews(TestCase):
|
||||||
self.assertRedirects(response, expected_url)
|
self.assertRedirects(response, expected_url)
|
||||||
|
|
||||||
def test_add_project(self):
|
def test_add_project(self):
|
||||||
expected_url = reverse('list-issue', args=['test'])
|
expected_url = reverse('list-project-permission', args=['test'])
|
||||||
url = reverse('add-project')
|
url = reverse('add-project')
|
||||||
response = self.client.post(url, {
|
response = self.client.post(url, {
|
||||||
'name': 'test',
|
'name': 'test',
|
||||||
|
|
|
||||||
|
|
@ -1,14 +1,17 @@
|
||||||
from django.shortcuts import render, redirect, get_object_or_404
|
from django.shortcuts import render, redirect, get_object_or_404
|
||||||
from django.contrib import messages
|
from django.contrib import messages
|
||||||
from django.core.exceptions import ObjectDoesNotExist
|
from django.core.exceptions import ObjectDoesNotExist, PermissionDenied
|
||||||
from django.http import Http404
|
from django.contrib.auth.decorators import login_required, permission_required
|
||||||
|
from django.http import Http404, HttpResponseForbidden
|
||||||
|
|
||||||
from issue.models import *
|
from issue.models import *
|
||||||
from issue.forms import *
|
from issue.forms import *
|
||||||
|
from issue.shortcuts import permission_granted_or_login
|
||||||
|
|
||||||
import shlex
|
import shlex
|
||||||
|
|
||||||
|
|
||||||
|
@login_required
|
||||||
def profile(request):
|
def profile(request):
|
||||||
|
|
||||||
user = User.objects.get(username=request.user)
|
user = User.objects.get(username=request.user)
|
||||||
|
|
@ -21,6 +24,7 @@ def profile(request):
|
||||||
return render(request, 'issue/profile.html', c)
|
return render(request, 'issue/profile.html', c)
|
||||||
|
|
||||||
|
|
||||||
|
@permission_required('manage_permission')
|
||||||
def global_permission_list(request):
|
def global_permission_list(request):
|
||||||
|
|
||||||
permissions = GlobalPermission.objects.all()
|
permissions = GlobalPermission.objects.all()
|
||||||
|
|
@ -32,6 +36,7 @@ def global_permission_list(request):
|
||||||
return render(request, 'issue/global_permission_list.html', c)
|
return render(request, 'issue/global_permission_list.html', c)
|
||||||
|
|
||||||
|
|
||||||
|
@permission_required('manage_permission')
|
||||||
def global_permission_edit(request, id=None):
|
def global_permission_edit(request, id=None):
|
||||||
|
|
||||||
if id:
|
if id:
|
||||||
|
|
@ -61,6 +66,7 @@ def global_permission_edit(request, id=None):
|
||||||
return render(request, 'issue/global_permission_edit.html', c)
|
return render(request, 'issue/global_permission_edit.html', c)
|
||||||
|
|
||||||
|
|
||||||
|
@permission_required('manage_permission')
|
||||||
def global_permission_toggle(request, id, perm):
|
def global_permission_toggle(request, id, perm):
|
||||||
|
|
||||||
permission = get_object_or_404(GlobalPermission, id=id)
|
permission = get_object_or_404(GlobalPermission, id=id)
|
||||||
|
|
@ -71,7 +77,6 @@ def global_permission_toggle(request, id, perm):
|
||||||
perm = perm.replace('-', '_')
|
perm = perm.replace('-', '_')
|
||||||
|
|
||||||
if hasattr(permission, perm):
|
if hasattr(permission, perm):
|
||||||
print(type(getattr(permission, perm)))
|
|
||||||
setattr(permission, perm, not getattr(permission, perm))
|
setattr(permission, perm, not getattr(permission, perm))
|
||||||
permission.save()
|
permission.save()
|
||||||
else:
|
else:
|
||||||
|
|
@ -80,6 +85,7 @@ def global_permission_toggle(request, id, perm):
|
||||||
return redirect('list-global-permission')
|
return redirect('list-global-permission')
|
||||||
|
|
||||||
|
|
||||||
|
@permission_required('manage_permission')
|
||||||
def global_permission_delete(request, id):
|
def global_permission_delete(request, id):
|
||||||
|
|
||||||
permission = get_object_or_404(GlobalPermission, id=id)
|
permission = get_object_or_404(GlobalPermission, id=id)
|
||||||
|
|
@ -93,6 +99,8 @@ def global_permission_delete(request, id):
|
||||||
|
|
||||||
def project_permission_list(request, project):
|
def project_permission_list(request, project):
|
||||||
|
|
||||||
|
permission_granted_or_login(request, 'manage_project_permission')
|
||||||
|
|
||||||
permissions = ProjectPermission.objects.filter(project=project)
|
permissions = ProjectPermission.objects.filter(project=project)
|
||||||
|
|
||||||
c = {
|
c = {
|
||||||
|
|
@ -105,6 +113,8 @@ def project_permission_list(request, project):
|
||||||
|
|
||||||
def project_permission_edit(request, project, id=None):
|
def project_permission_edit(request, project, id=None):
|
||||||
|
|
||||||
|
permission_granted_or_login(request, 'manage_project_permission')
|
||||||
|
|
||||||
if id:
|
if id:
|
||||||
permission = get_object_or_404(ProjectPermission,
|
permission = get_object_or_404(ProjectPermission,
|
||||||
project=project, id=id)
|
project=project, id=id)
|
||||||
|
|
@ -135,6 +145,8 @@ def project_permission_edit(request, project, id=None):
|
||||||
|
|
||||||
def project_permission_toggle(request, project, id, perm):
|
def project_permission_toggle(request, project, id, perm):
|
||||||
|
|
||||||
|
permission_granted_or_login(request, 'manage_project_permission')
|
||||||
|
|
||||||
permission = get_object_or_404(ProjectPermission, project=project, id=id)
|
permission = get_object_or_404(ProjectPermission, project=project, id=id)
|
||||||
|
|
||||||
# to be sure to dont modify other attribut with the following trick
|
# to be sure to dont modify other attribut with the following trick
|
||||||
|
|
@ -154,6 +166,8 @@ def project_permission_toggle(request, project, id, perm):
|
||||||
|
|
||||||
def project_permission_delete(request, project, id):
|
def project_permission_delete(request, project, id):
|
||||||
|
|
||||||
|
permission_granted_or_login(request, 'manage_project_permission')
|
||||||
|
|
||||||
permission = get_object_or_404(ProjectPermission, project=project, id=id)
|
permission = get_object_or_404(ProjectPermission, project=project, id=id)
|
||||||
|
|
||||||
permission.delete()
|
permission.delete()
|
||||||
|
|
@ -167,13 +181,14 @@ def project_list(request):
|
||||||
|
|
||||||
if not request.projects.exists():
|
if not request.projects.exists():
|
||||||
|
|
||||||
|
if request.user.has_perm('create_project'):
|
||||||
messages.info(request, 'Start by creating a project.')
|
messages.info(request, 'Start by creating a project.')
|
||||||
|
|
||||||
return redirect('add-project')
|
return redirect('add-project')
|
||||||
|
|
||||||
return render(request, 'issue/project_list.html')
|
return render(request, 'issue/project_list.html')
|
||||||
|
|
||||||
|
|
||||||
|
@permission_required('create_project')
|
||||||
def project_add(request):
|
def project_add(request):
|
||||||
|
|
||||||
form = AddProjectForm(request.POST or None)
|
form = AddProjectForm(request.POST or None)
|
||||||
|
|
@ -187,7 +202,13 @@ def project_add(request):
|
||||||
else:
|
else:
|
||||||
project = form.save()
|
project = form.save()
|
||||||
messages.success(request, 'Project added successfully.')
|
messages.success(request, 'Project added successfully.')
|
||||||
return redirect('list-issue', project.name)
|
project.grant_user(request.user)
|
||||||
|
perm = ProjectPermission(project=project,
|
||||||
|
manage_project_permission=True,
|
||||||
|
grantee_type=PermissionModel.GRANTEE_USER,
|
||||||
|
grantee_name=request.user.username)
|
||||||
|
perm.save()
|
||||||
|
return redirect('list-project-permission', project.name)
|
||||||
|
|
||||||
c = {
|
c = {
|
||||||
'form': form,
|
'form': form,
|
||||||
|
|
@ -196,6 +217,7 @@ def project_add(request):
|
||||||
return render(request, 'issue/project_add.html', c)
|
return render(request, 'issue/project_add.html', c)
|
||||||
|
|
||||||
|
|
||||||
|
@permission_required('modify_project')
|
||||||
def project_edit(request, project):
|
def project_edit(request, project):
|
||||||
|
|
||||||
form = EditProjectForm(request.POST or None, instance=project)
|
form = EditProjectForm(request.POST or None, instance=project)
|
||||||
|
|
@ -220,6 +242,7 @@ def project_edit(request, project):
|
||||||
return render(request, 'issue/project_edit.html', c)
|
return render(request, 'issue/project_edit.html', c)
|
||||||
|
|
||||||
|
|
||||||
|
@permission_required('delete_project')
|
||||||
def project_delete(request, project):
|
def project_delete(request, project):
|
||||||
|
|
||||||
project.delete()
|
project.delete()
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue