[per-object-permissions] Added "Edit Row Level Permissions" link on change_form if object has row level permissions enabled

[per-object-permissions] Modified the row level permissions edit page so the URL is based off of the object instead of being part of the auth git-svn-id: http://code.djangoproject.com/svn/django/branches/per-object-permissions@3616 bcc190cf-cafb-0310-a4f2-bffc1f526a37
author: Christopher Long <indirecthit@gmail.com> 2006-08-19 17:53:48 +0000
committer: Christopher Long <indirecthit@gmail.com> 2006-08-19 17:53:48 +0000
commit: b5cbbf58c03d79b912a076658f3ae0997fcb1dbe (patch)
tree: cb2f913f178048810cefb874227296c4e1a4e7da /django
parent: 9f115aa7eaa1da5903b6a7af6a7547234710aebf (diff)
download: django-b5cbbf58c03d79b912a076658f3ae0997fcb1dbe.tar.gz
5 files changed, 92 insertions, 39 deletions
diff --git a/django/contrib/admin/templates/admin/change_form.html b/django/contrib/admin/templates/admin/change_form.html
index 3f43ae7812..b70c9e3bae 100644
--- a/django/contrib/admin/templates/admin/change_form.html
+++ b/django/contrib/admin/templates/admin/change_form.html
@@ -18,6 +18,7 @@
 {% block content %}<div id="content-main">
 {% if change %}{% if not is_popup %}
   <ul class="object-tools"><li><a href="history/" class="historylink">{% trans "History" %}</a></li>
+  {% if has_row_level_permissions %}<li><a href="row_level_permissions/" class="rowlevelpermissions">{% trans "Edit Row Level Permissions" %}</a></li>{% endif %}
   {% if has_absolute_url %}<li><a href="../../../r/{{ content_type_id }}/{{ object_id }}/" class="viewsitelink">{% trans "View on site" %}</a></li>{% endif%}
   </ul>
 {% endif %}{% endif %}
diff --git a/django/contrib/admin/templates/admin/row_level_permission.html b/django/contrib/admin/templates/admin/row_level_permission.html
index bc4956a464..354108d66e 100644
--- a/django/contrib/admin/templates/admin/row_level_permission.html
+++ b/django/contrib/admin/templates/admin/row_level_permission.html
@@ -17,8 +17,9 @@
      {{ title|escape }}
 </div>
 {% endblock %}
-{% block content %}<div id="content-main">
-<div id="changelist">
+{% block content %}
+
+<div id="content-main">
 
 {% if_has_perm "auth.add_rowlevelpermission" %}
 <h2>{% trans "Add Permissions" %}</h2>
@@ -66,7 +67,7 @@
 {% if_has_perm "auth.change_rowlevelpermission" %}
 <h2>{% trans "Current Permissions" %}</h2>
 <table id="current-rlpTable">
-{% if rlp_form_list %}
+{% if rlp_forms %}
 <tr class="header">
 	<th id="select_header"></th>
 <th id="owner_header">
@@ -84,10 +85,16 @@
 </tr>
 <TBODY>
 {% load row_level_permission %}
-{% for o in rlp_form_list %}
+{% for x in rlp_forms %}
+<tr>
+<th colspan=5>
+{{ x.0 }}
+</th>
+</tr>
+{% for o in x.1 %}
 <tr id="editRLP-{{ o.rlp.id }}">
 <!--<td colspan="5">-->
-<form id="editRLPForm-{{ o.rlp.id }}" class="editRLPForm" method="POST" name="editRLPForm-{{ o.rlp.id }}"  action="../../../auth/row_level_permission/{% objref o.rlp %}/change/">
+<form id="editRLPForm-{{ o.rlp.id }}" class="editRLPForm" method="POST" name="editRLPForm-{{ o.rlp.id }}"  action="change/{% objref o.rlp %}/">
 <!--<table>
 <tr>-->
 	<td>
@@ -107,7 +114,8 @@
 		<input id="cancelButton-{{ o.rlp.id }}" type="reset" value="{% trans 'Reset' %}"/>
 		<br/>
 		<!--<a href="../../../auth/row_level_permission/{% objref o.rlp %}/delete/" class="deleteLink" onclick="row_level_permission.deleteRLP('{% objref o.rlp %}'); return false;">{% trans 'Delete' %}</a> |-->
-		<a href="../../../auth/row_level_permission/{% objref o.rlp %}/delete/" class="deletelink">{% trans 'Delete' %}</a> | 
+		<!--<a href="../../../auth/row_level_permission/{% objref o.rlp %}/delete/" class="deletelink">{% trans 'Delete' %}</a> | -->
+		<a href="delete/{% objref o.rlp %}" class="deletelink">{% trans 'Delete' %}</a> |
 		<a href="javascript:row_level_permission.copyToNew({{ o.rlp.id }})" class="copyToNewLink">{% trans 'Copy to New' %}</a>
 	</td>	
 <!--</tr>
@@ -116,14 +124,12 @@
 </td>
 </tr>
 {% endfor %}
+{% endfor %}
 <tr align="right">
 	<td colspan="5">
-		<form id="apply_selected_form" method="POST" name="apply_selected_form"  onsubmit="row_level_permission.apply_selected(); return false;">
-			<input id="apply_selected_button" type="submit" value="{% trans 'Apply Selected' %}" />
-		</form>
-		<form id="delete_selected_form" method="POST" name="delete_selected_form"  onsubmit="alert('Not yet working'); return false;">
-			<input id="delete_selected_button" type="submit" value="{% trans 'Delete Selected' %}" />
-		</form>
+		Commands: 
+		<a href="javascript:row_level_permission.apply_selected();">Apply Selected</a> |
+		<a href="javascript:alert('Not yet working');" class="deletelink">Delete Selected</a>
 	</td>
 </tr>
 {% if is_paginated %}
diff --git a/django/contrib/admin/urls.py b/django/contrib/admin/urls.py
index a14569d54a..3d029b7e45 100644
--- a/django/contrib/admin/urls.py
+++ b/django/contrib/admin/urls.py
@@ -41,8 +41,11 @@ urlpatterns = patterns('',
     ('^([^/]+)/([^/]+)/add/$', 'django.contrib.admin.views.main.add_stage'),
     ('^([^/]+)/([^/]+)/(.+)/history/$', 'django.contrib.admin.views.main.history'),
     ('^([^/]+)/([^/]+)/(.+)/delete/$', 'django.contrib.admin.views.main.delete_stage'),
-    ('^([^/]+)/([^/]+)/(.+)/row_level_permissions/$', 'django.contrib.admin.views.row_level_permissions.edit_row_level_permissions'),
+    ('^([^/]+)/([^/]+)/(.+)/row_level_permissions/$', 'django.contrib.admin.views.row_level_permissions.view_row_level_permissions'),
     ('^([^/]+)/([^/]+)/(.+)/row_level_permissions/add/$', 'django.contrib.admin.views.row_level_permissions.add_row_level_permission'),
+    ('^([^/]+)/([^/]+)/(.+)/row_level_permissions/delete/(.+)/(.+)/([^/]+)/$', 'django.contrib.admin.views.row_level_permissions.delete_row_level_permission'),    
+    ('^([^/]+)/([^/]+)/(.+)/row_level_permissions/change/(.+)/(.+)/([^/]+)/$', 'django.contrib.admin.views.row_level_permissions.change_row_level_permission'),    
+    
     ('^([^/]+)/([^/]+)/(.+)/$', 'django.contrib.admin.views.main.change_stage'),
 )
 
diff --git a/django/contrib/admin/views/main.py b/django/contrib/admin/views/main.py
index 6f693dd8b0..1395ca47dd 100644
--- a/django/contrib/admin/views/main.py
+++ b/django/contrib/admin/views/main.py
@@ -203,6 +203,7 @@ def render_change_form(model, manipulator, context, add=False, change=False, for
         'has_change_permission': context['perms'][app_label][opts.get_change_permission()],
         'has_file_field': opts.has_field_type(models.FileField),
         'has_absolute_url': hasattr(model, 'get_absolute_url'),
+        'has_row_level_permissions':opts.row_level_permissions,
         'auto_populated_fields': auto_populated_fields,
         'bound_field_sets': bound_field_sets,
         'first_form_field_id': first_form_field_id,
diff --git a/django/contrib/admin/views/row_level_permissions.py b/django/contrib/admin/views/row_level_permissions.py
index 43cef7c60f..40154780e8 100644
--- a/django/contrib/admin/views/row_level_permissions.py
+++ b/django/contrib/admin/views/row_level_permissions.py
@@ -3,17 +3,19 @@ from django import forms, template
 from django.shortcuts import render_to_response, get_object_or_404
 from django.http import Http404, HttpResponse, HttpResponseRedirect
 from django.contrib.contenttypes.models import ContentType
-from django.contrib.auth.models import RowLevelPermission
-from django.contrib.admin.views import main
+from django.contrib.auth.models import RowLevelPermission, User, Group
 from django.db import models
 from django.contrib.admin.row_level_perm_manipulator import AddRLPManipulator, ChangeRLPManipulator
 from django.core.exceptions import ImproperlyConfigured, ObjectDoesNotExist, PermissionDenied
 from django.core.paginator import ObjectPaginator, InvalidPage
-import simplejson
+from django.contrib.admin.views.main import unquote, quote
+from django.contrib.admin.views.decorators import staff_member_required
+from django.views.decorators.cache import never_cache
 
-def edit_row_level_permissions(request, app_label, model_name, object_id):
+
+def view_row_level_permissions(request, app_label, model_name, object_id):
     model = models.get_model(app_label, model_name)
-    object_id = main.unquote(object_id)
+    object_id = unquote(object_id)
     
     model_ct = ContentType.objects.get_for_model(model)
     model_instance = get_object_or_404(model, pk=object_id)
@@ -52,15 +54,34 @@ def edit_row_level_permissions(request, app_label, model_name, object_id):
     add_rlp_manip = AddRLPManipulator(model_instance, model_ct)
     edit_rlp_manip = ChangeRLPManipulator(model_ct)
     new_rlp_form = forms.FormWrapper(add_rlp_manip, rlp_new_data, rlp_errors)
-    empty_rlp_form = forms.FormWrapper(edit_rlp_manip, rlp_new_data, rlp_errors)
-    rlp_form_list = []
+    
+    user_rlp_form_list = []
+    other_rlp_form_list = []
+    group_rlp_form_list = []
+
+    group_ct = model_ct = ContentType.objects.get_for_model(Group)
+    user_ct = model_ct = ContentType.objects.get_for_model(User)
     for r in rlp_list:
         owner_val = str(r.owner_ct)+"-"+str(r.owner_id)
         data = {'id':r.id, 'owner':owner_val, 'perm':r.permission.id, 'negative':r.negative}
-        rlp_form_list.append({'form':forms.FormWrapper(edit_rlp_manip, data, rlp_errors), 'rlp':r})
+        
+        if r.owner_ct.id is user_ct.id:
+            user_rlp_form_list.append({'form':forms.FormWrapper(edit_rlp_manip, data, rlp_errors), 'rlp':r})
+        elif r.owner_ct.id is group_ct.id:
+            group_rlp_form_list.append({'form':forms.FormWrapper(edit_rlp_manip, data, rlp_errors), 'rlp':r})            
+        else:
+            other_rlp_form_list.append({'form':forms.FormWrapper(edit_rlp_manip, data, rlp_errors), 'rlp':r})
+    
+    rlp_forms = []
+    if user_rlp_form_list:
+        rlp_forms.append((_('Users'), user_rlp_form_list,))
+    if group_rlp_form_list:
+        rlp_forms.append((_('Groups'), group_rlp_form_list,))
+    if other_rlp_form_list:
+        rlp_forms.append((_('Other'), other_rlp_form_list,))
+
     rlp_context = {'new_rlp_form':new_rlp_form, 
-               'rlp_form_list':rlp_form_list, 
-               'empty_rlp_form':empty_rlp_form,}
+               'rlp_forms':rlp_forms, }
     
     c.update(rlp_context)
     
@@ -69,13 +90,24 @@ def edit_row_level_permissions(request, app_label, model_name, object_id):
         "admin/%s/row_level_permission.html" % opts.app_label,
         "admin/row_level_permission.html"], context_instance=c)
 
-def delete_row_level_permission(request, ct_id, rlp_id, hash):
+view_row_level_permissions = staff_member_required(never_cache(view_row_level_permissions))
+
+def delete_row_level_permission(request, app_label, model_name, object_id, ct_id, rlp_id, hash):
     msg = {}
+    
     if utils.verify_objref_hash(ct_id, rlp_id, hash):
+        model = models.get_model(app_label, model_name)
+        object_id = unquote(object_id)
+        
+        model_ct = ContentType.objects.get_for_model(model)
+        model_instance = get_object_or_404(model, pk=object_id)
         rlp = get_object_or_404(RowLevelPermission, pk=rlp_id)
         ct = rlp.model_ct
         obj = rlp.model
 
+        if model_instance.id is not obj.id:
+            raise PermissionDenied
+
         if not request.user.has_perm(rlp._meta.app_label + '.' + rlp._meta.get_delete_permission()):
             raise PermissionDenied   
         if not request.user.has_perm(obj._meta.app_label + '.' + obj._meta.get_change_permission(), object=obj):
@@ -86,13 +118,13 @@ def delete_row_level_permission(request, ct_id, rlp_id, hash):
     else:
         msg = { 'result':False, 'text': _("row level permission not found (bad hash)" )}
 
-    request.user.message_set.create(message=result['text'])
+    request.user.message_set.create(message=msg['text'])
 
-    return HttpResponseRedirect("../")
+    return HttpResponseRedirect("../../../../")
 #    return HttpResponseRedirect("%s?rlp_result=%s&rlp_msg=%s" % (request.META["HTTP_REFERER"], str(msg["result"]), main.quote(msg["text"])))
     #return main.change_stage(request, main.quote(obj._meta.app_label), main.quote(obj._meta.object_name),
     #                    main.quote(str(obj.id)), extra_context={"row_level_perm_msg":msg,})
-
+delete_row_level_permission = staff_member_required(never_cache(delete_row_level_permission))
 
 def add_row_level_permission(request, app_label, model_name, object_id):
     msg = {}
@@ -103,7 +135,7 @@ def add_row_level_permission(request, app_label, model_name, object_id):
         return HttpResponseRedirect("/edit/%s/%s" % (obj_type, object_id))  
 
     model = models.get_model(app_label, model_name)
-    object_id = main.unquote(object_id)
+    object_id = unquote(object_id)
     
     ct = ContentType.objects.get_for_model(model)
     obj = get_object_or_404(model, pk=object_id)
@@ -141,10 +173,10 @@ def add_row_level_permission(request, app_label, model_name, object_id):
     #return main.change_stage(request, main.quote(obj._meta.app_label), main.quote(obj._meta.object_name),
     #                    main.quote(str(obj.id)), extra_context={"row_level_perm_msg":msg,})
     return HttpResponseRedirect("../")
+add_row_level_permission = staff_member_required(never_cache(add_row_level_permission))
 
-def change_row_level_permission(request, ct_id, rlp_id, hash):    
+def change_row_level_permission(request, app_label, model_name, object_id, ct_id, rlp_id, hash):
     msg = {}
-    ajax = request.GET.has_key("ajax")
     if not request.POST:
         msg = { 'result':False, 'text': _("Only POSTs are allowed" )}  
 
@@ -152,10 +184,14 @@ def change_row_level_permission(request, ct_id, rlp_id, hash):
         msg = { 'result':False, 'text': _("row level permission not found (bad hash)" )}           
     
     if msg.has_key("result"):
-        if ajax:
-            return HttpResponse(simplejson.dumps(msg), 'text/javascript')
         request.user.message_set.create(message=msg['text'])
-        return HttpResponseRedirect("/edit/%s/%s" % (obj_type, obj_id))         
+        return HttpResponseRedirect('../../../../')
+    
+    model = models.get_model(app_label, model_name)
+    object_id = unquote(object_id)
+    
+    ct = ContentType.objects.get_for_model(model)
+    model_instance = get_object_or_404(model, pk=object_id)    
     
     rlp = get_object_or_404(RowLevelPermission, pk=rlp_id)
     opts = rlp._meta
@@ -163,6 +199,9 @@ def change_row_level_permission(request, ct_id, rlp_id, hash):
         raise PermissionDenied  
 
     obj = rlp.model
+    if model_instance.id is not obj.id:
+        raise PermissionDenied
+    
     if not request.user.has_perm(rlp._meta.app_label + '.' + rlp._meta.get_change_permission(), object=obj):
         raise PermissionDenied
     
@@ -178,9 +217,12 @@ def change_row_level_permission(request, ct_id, rlp_id, hash):
         msg = {"result":False, "text":_("A row level permission already exists with the specified values")}
     else:
         msg = {"result":True, "text":_("Row level permission has successfully been changed"), "id":rlp_id}
-    if ajax:
-        return HttpResponse(simplejson.dumps(msg), 'text/javascript')
-    
-    request.POST = {}
-    return main.change_stage(request, main.quote(obj._meta.app_label), main.quote(obj._meta.object_name),
-                    main.quote(str(obj.id)), extra_context={"row_level_perm_msg":msg,})
-\ No newline at end of file
+        
+    request.user.message_set.create(message=msg['text']) 
+ 
+    return HttpResponseRedirect("../../../../")
+#    request.POST = {}
+#    return change_stage(request, main.quote(obj._meta.app_label), main.quote(obj._meta.object_name),
+#                    main.quote(str(obj.id)), extra_context={"row_level_perm_msg":msg,})
+
+change_row_level_permission = staff_member_required(never_cache(change_row_level_permission))
+\ No newline at end of file
author	Christopher Long <indirecthit@gmail.com>	2006-08-19 17:53:48 +0000
committer	Christopher Long <indirecthit@gmail.com>	2006-08-19 17:53:48 +0000
commit	b5cbbf58c03d79b912a076658f3ae0997fcb1dbe (patch)
tree	cb2f913f178048810cefb874227296c4e1a4e7da /django
parent	9f115aa7eaa1da5903b6a7af6a7547234710aebf (diff)
download	django-b5cbbf58c03d79b912a076658f3ae0997fcb1dbe.tar.gz