Making permissions easier to manage

djadmin2/actions.py

@@ -32,9 +32,6 @@ class BaseListAction(object):
         self.queryset = queryset
         self.model = queryset.model
         self.options = utils.model_options(self.model)
-        self.permission_name = '%s.delete.%s' \
-                % (self.options.app_label, self.options.object_name.lower())
-        self.has_permission = request.user.has_perm(self.permission_name)
 
         self.item_count = len(queryset)
 
@@ -44,6 +41,10 @@ class BaseListAction(object):
             objects_name = self.options.verbose_name_plural
         self.objects_name = unicode(objects_name)
 
+    @property
+    def permission_name(self):
+        return NotImplemented
+
     def description(self):
         return NotImplemented
 
@@ -54,6 +55,11 @@ class BaseListAction(object):
         return NotImplemented
 
     def __call__(self):
+        if not self.request.user.has_perm(self.permission_name):
+            message = _("Permission to '%s' denied" % force_text(self.description))
+            messages.add_message(self.request, messages.INFO, message)
+            return None
+
         if self.item_count > 0:
             return self.get_response()
         else:
@@ -72,35 +78,27 @@ class DeleteSelectedAction(BaseListAction):
     def get_response(self):
         if self.request.POST.get('confirmed'):
             # The user has confirmed that they want to delete the objects.
-            if self.has_permission:
+            num_objects_deleted = len(self.queryset)
-                num_objects_deleted = len(self.queryset)
+            self.queryset.delete()
-                self.queryset.delete()
+            message = _("Successfully deleted %d %s" % \
-                message = _("Successfully deleted %d %s" % \
+                    (num_objects_deleted, self.objects_name))
-                        (num_objects_deleted, self.objects_name))
+            messages.add_message(self.request, messages.INFO, message)
-                messages.add_message(self.request, messages.INFO, message)
+            return None
-                return None
-            else:
-                raise PermissionDenied
         else:
             # The user has not confirmed that they want to delete the objects, so
             # render a template asking for their confirmation.
-            if self.has_permission:
 
-                def _format_callback(obj):
+            def _format_callback(obj):
-                    opts = utils.model_options(obj)
+                opts = utils.model_options(obj)
-                    return '%s: %s' % (force_text(capfirst(opts.verbose_name)),
+                return '%s: %s' % (force_text(capfirst(opts.verbose_name)),
-                                       force_text(obj))
+                                   force_text(obj))
 
-                collector = utils.NestedObjects(using=None)
+            collector = utils.NestedObjects(using=None)
-                collector.collect(self.queryset)
+            collector.collect(self.queryset)
 
-                context = {
+            context = {
-                    'queryset': self.queryset,
+                'queryset': self.queryset,
-                    'objects_name': self.objects_name,
+                'objects_name': self.objects_name,
-                    'deletable_objects': collector.nested(_format_callback),
+                'deletable_objects': collector.nested(_format_callback),
-                }
+            }
-                return TemplateResponse(self.request, self.template, context)
+            return TemplateResponse(self.request, self.template, context)
-            else:
-                message = _("Permission to delete %s denied" % self.objects_name)
-                messages.add_message(self.request, messages.INFO, message)
-                return None