django-authority/authority/managers.py

from django.db import models
from django.db.models import Q
from django.contrib.contenttypes.models import ContentType


class PermissionManager(models.Manager):
    def get_content_type(self, obj):
        return ContentType.objects.get_for_model(obj)

    def get_for_model(self, obj):
        return self.filter(content_type=self.get_content_type(obj))

    def for_object(self, obj, approved=True):
        return (
            self.get_for_model(obj)
            .select_related("user", "creator", "group", "content_type")
            .filter(object_id=obj.id, approved=approved)
        )

    def for_user(self, user, obj, check_groups=True):
        perms = self.get_for_model(obj)
        if not check_groups:
            return perms.select_related("user", "creator").filter(user=user)

        # Hacking user to user__pk to workaround deepcopy bug:
        # http://bugs.python.org/issue2460
        # Which is triggered by django's deepcopy which backports that fix in
        # Django 1.2
        return (
            perms.select_related("user", "creator")
            .prefetch_related("user__groups")
            .filter(Q(user__pk=user.pk) | Q(group__in=user.groups.all()))
        )

    def user_permissions(self, user, perm, obj, approved=True, check_groups=True):
        return self.for_user(user, obj, check_groups,).filter(
            codename=perm, approved=approved,
        )

    def group_permissions(self, group, perm, obj, approved=True):
        """
        Get objects that have Group perm permission on
        """
        return (
            self.get_for_model(obj)
            .select_related("user", "group", "creator")
            .filter(group=group, codename=perm, approved=approved)
        )

    def delete_objects_permissions(self, obj):
        """
        Delete permissions related to an object instance
        """
        perms = self.for_object(obj)
        perms.delete()

    def delete_user_permissions(self, user, perm, obj, check_groups=False):
        """
        Remove granular permission perm from user on an object instance
        """
        user_perms = self.user_permissions(user, perm, obj, check_groups=False)
        if not user_perms.filter(object_id=obj.id):
            return
        perms = self.user_permissions(user, perm, obj).filter(object_id=obj.id)
        perms.delete()