From b1356e8761682fbd362afc47f47a9c3b81385a3d Mon Sep 17 00:00:00 2001 From: Jannis Leidel Date: Mon, 6 Jul 2009 21:57:16 +0200 Subject: [PATCH] Back to tuple style syntax for permission required decorator. --- example/exampleapp/views.py | 9 +++++---- src/authority/decorators.py | 24 +++++++++++++----------- src/authority/permissions.py | 4 ---- 3 files changed, 18 insertions(+), 19 deletions(-) diff --git a/example/exampleapp/views.py b/example/exampleapp/views.py index dbc6fc9..2727727 100644 --- a/example/exampleapp/views.py +++ b/example/exampleapp/views.py @@ -3,10 +3,11 @@ from django.contrib.flatpages.models import FlatPage from authority.decorators import permission_required, permission_required_or_403 -# @permission_required_or_403('flatpage_permission.top_secret', { # use this to return a 403 page -# 'url': (FlatPage, 'url__contains'), 'lala': (FlatPage, 'url__contains')}) -@permission_required('flatpage_permission.top_secret', { - 'url': (FlatPage, 'url__contains'), 'lala': (FlatPage, 'url__contains')}) +@permission_required_or_403('flatpage_permission.top_secret', # use this to return a 403 page + (FlatPage, 'url__contains', 'url'), (FlatPage, 'url__contains', 'lala')) +# @permission_required('flatpage_permission.top_secret', +# (FlatPage, 'url__contains', 'url'), (FlatPage, 'url__contains', 'lala')) +#@permission_required_or_403('flatpages.add_flatpage') def top_secret(request, url, lala=None): """ A wrapping view that performs the permission check given in the decorator diff --git a/src/authority/decorators.py b/src/authority/decorators.py index 6962f64..6f2ee72 100644 --- a/src/authority/decorators.py +++ b/src/authority/decorators.py @@ -12,25 +12,24 @@ from django.contrib.auth import REDIRECT_FIELD_NAME from authority import permissions from authority.views import permission_denied -def permission_required(perm, lookup_params=None, login_url=None, - redirect_field_name=REDIRECT_FIELD_NAME, redirect_to_login=True): +def permission_required(perm, *model_lookups, **kwargs): """ Decorator for views that checks whether a user has a particular permission enabled, redirecting to the log-in page if necessary. """ - if lookup_params is None: - lookup_params = {} - if login_url is None: - login_url = settings.LOGIN_URL + login_url = kwargs.pop('login_url', settings.LOGIN_URL) + redirect_field_name = kwargs.pop('redirect_field_name', REDIRECT_FIELD_NAME) + redirect_to_login = kwargs.pop('redirect_to_login', True) def decorate(view_func): def decorated(request, *args, **kwargs): objs = [] if request.user.is_authenticated(): - for name, value in kwargs.items(): - lookup_param = lookup_params.get(name, None) - if None in (value, lookup_param): + for model, lookup, varname in model_lookups: + if varname not in kwargs: + continue + value = kwargs.get(varname, None) + if value is None: continue - model, lookup = lookup_param if isinstance(model, basestring): model_class = get_model(*model.split(".")) else: @@ -44,7 +43,10 @@ def permission_required(perm, lookup_params=None, login_url=None, 'The argument %s needs to be a model.' % model) objs.append(get_object_or_404(model_class, **{lookup: value})) check = permissions.registry.get_check(request.user, perm) - if (check and check(*objs)) or request.user.has_perm(perm): + granted = False + if check is not None: + granted = check(*objs) + if granted or request.user.has_perm(perm): return view_func(request, *args, **kwargs) if redirect_to_login: path = urlquote(request.get_full_path()) diff --git a/src/authority/permissions.py b/src/authority/permissions.py index 53f29cf..98de5a6 100644 --- a/src/authority/permissions.py +++ b/src/authority/permissions.py @@ -122,10 +122,6 @@ class PermissionMetaclass(type): class BasePermission(object): """ Base Permission class to be used to define app permissions. - - check = MyPermission(request.user) - if check.can("change", obj): - """ __metaclass__ = PermissionMetaclass