diff options
author | Christopher Long <indirecthit@gmail.com> | 2006-08-20 20:52:58 +0000 |
---|---|---|
committer | Christopher Long <indirecthit@gmail.com> | 2006-08-20 20:52:58 +0000 |
commit | e1caee2b287513db0a349d701b3643fb9a32168f (patch) | |
tree | e4a1f3060334e584b47f459cbf6fe20bb8382db6 | |
parent | 19ece7470d3529d87e9a1c237cc5e1cfdc0456f5 (diff) | |
download | django-e1caee2b287513db0a349d701b3643fb9a32168f.tar.gz |
[per-object-permissions] Expanded on has_module_perm to check for row level permissions contained within the module
[per-object-permissions] Created method contains_permission to check if a user has a permission on a model (not hte instance). The difference between this and has_perm is that contains_permission does not require an instance of a model, it only checks that there exists a row level permission for an instance of this object.
git-svn-id: http://code.djangoproject.com/svn/django/branches/per-object-permissions@3624 bcc190cf-cafb-0310-a4f2-bffc1f526a37
-rw-r--r-- | django/contrib/auth/models.py | 104 |
1 files changed, 103 insertions, 1 deletions
diff --git a/django/contrib/auth/models.py b/django/contrib/auth/models.py index 5856840ddd..d7b790ec4b 100644 --- a/django/contrib/auth/models.py +++ b/django/contrib/auth/models.py @@ -337,11 +337,113 @@ class User(models.Model): return False return True + def contains_permission(self, perm, model): + if self.has_perm(perm): + return True + perm = perm[perm.index('.')+1:] + return self.contains_row_level_perm(perm, model) + + def contains_row_level_perm(self, perm, model): + model_ct = ContentType.objects.get_for_model(model) + count = self.row_level_permissions_owned.filter(model_ct=model_ct.id).count() + if count>0: + return True + return self.contains_group_row_level_perms(perm, model_ct) + + def contains_group_row_level_perms(self, perm, ct): + #SELECT COUNT(*) + #FROM "auth_user_groups" ug, "auth_rowlevelpermission" rlp, "django_content_type" ct + #WHERE rlp."owner_id" = ug."group_id" + #AND ug."user_id"=%s + #AND rlp."negative" = 0 + #AND rlp."owner_ct_id" = %s + #AND rlp."model_ct_id" = %s + + cursor = connection.cursor() + sql = """ + SELECT COUNT(*) + FROM %s ug, %s rlp, %s ct + WHERE rlp.%s = ug.%s + AND ug.%s=%%s + AND rlp.%s = 0 + AND rlp.%s = %%s + AND rlp.%s = %%s""" % ( + backend.quote_name('auth_user_groups'), backend.quote_name('auth_rowlevelpermission'), + backend.quote_name('django_content_type'), backend.quote_name('owner_id'), + backend.quote_name('group_id'), backend.quote_name('user_id'), + backend.quote_name('negative'), backend.quote_name('owner_ct_id'), + backend.quote_name('model_ct_id')) + print sql + cursor.execute(sql, [self.id, ContentType.objects.get_for_model(Group).id, ct.id]) + count = int(cursor.fetchone()[0]) + return (count>0) + def has_module_perms(self, app_label): "Returns True if the user has any permissions in the given app label." if self.is_superuser: return True - return bool(len([p for p in self.get_all_permissions() if p[:p.index('.')] == app_label])) + if bool(len([p for p in self.get_all_permissions() if p[:p.index('.')] == app_label])): + return True + return self.has_module_row_level_perms(app_label) + + def has_module_row_level_perms(self, app_label): + #SELECT COUNT(*) + #FROM "django_content_type" ct, "auth_rowlevelpermission" rlp + #WHERE rlp."model_ct_id" = ct."id" + #AND ct."app_label"=%s + #AND rlp."negative" = 0 + #AND rlp."owner_ct_id" = %s + #AND rlp."owner_id" = %s + cursor = connection.cursor() + sql = """ + SELECT COUNT(*) + FROM %s ct, %s rlp + WHERE rlp.%s = ct.%s + AND ct.%s=%%s + AND rlp.%s = 0 + AND rlp.%s = %%s + AND rlp.%s = %%s + """ % ( + backend.quote_name('django_content_type'), backend.quote_name('auth_rowlevelpermission'), + backend.quote_name('model_ct_id'), backend.quote_name('id'), + backend.quote_name('app_label'), backend.quote_name('negative'), + backend.quote_name('owner_ct_id'), + backend.quote_name('owner_id'), ) + cursor.execute(sql, [app_label, ContentType.objects.get_for_model(User).id, self.id]) + count = int(cursor.fetchone()[0]) + if count>0: + return True + return self.has_module_group_row_level_perms(app_label) + + def has_module_group_row_level_perms(self, app_label): + #SELECT COUNT(*) + #FROM "auth_user_groups" ug, "auth_rowlevelpermission" rlp, "django_content_type" ct + #WHERE rlp."owner_id" = ug."group_id" + #AND ug."user_id"=%s + #AND rlp."model_ct_id" = ct."id" + #AND ct."app_label"=%s + #AND rlp."negative" = 0 + #AND rlp."owner_ct_id" = %s + cursor = connection.cursor() + sql = """ + SELECT COUNT(*) + FROM %s ug, %s rlp, %s ct + WHERE rlp.%s = ug.%s + AND ug.%s=%%s + AND rlp.%s = ct.%s + AND ct.%s=%%s + AND rlp.%s = 0 + AND rlp.%s = %%s""" % ( + backend.quote_name('auth_user_groups'), backend.quote_name('auth_rowlevelpermission'), + backend.quote_name('django_content_type'), backend.quote_name('owner_id'), + backend.quote_name('group_id'), backend.quote_name('user_id'), + backend.quote_name('model_ct_id'), backend.quote_name('id'), + backend.quote_name('app_label'), backend.quote_name('negative'), + backend.quote_name('owner_ct_id')) + cursor.execute(sql, [app_label, self.id, ContentType.objects.get_for_model(Group).id,]) + count = int(cursor.fetchone()[0]) + return (count>0) + def get_and_delete_messages(self): messages = [] |