django-rosetta/rosetta/access.py

import importlib

from django.conf import settings
from django.core.exceptions import ImproperlyConfigured

from .conf import settings as rosetta_settings


def can_translate(user):
    return get_access_control_function()(user)


def get_access_control_function():
    """
    Return a predicate for determining if a user can
    access the Rosetta views
    """
    access_function = getattr(settings, "ROSETTA_ACCESS_CONTROL_FUNCTION", None)
    if access_function is None:
        return is_superuser_staff_or_in_translators_group
    elif isinstance(access_function, str):
        # Dynamically load a permissions function
        perm_module, perm_func = access_function.rsplit(".", 1)
        perm_module = importlib.import_module(perm_module)
        return getattr(perm_module, perm_func)
    elif callable(access_function):
        return access_function
    else:
        raise TypeError(access_function)


# Default access control test
def is_superuser_staff_or_in_translators_group(user):
    if not getattr(settings, "ROSETTA_REQUIRES_AUTH", True):
        return True
    try:
        if not user.is_authenticated:
            return False
        elif user.is_superuser and user.is_staff:
            return True
        else:
            return user.groups.filter(name="translators").exists()
    except AttributeError:
        if (
            not hasattr(user, "is_authenticated")
            or not hasattr(user, "is_superuser")
            or not hasattr(user, "groups")
        ):
            raise ImproperlyConfigured(
                "If you are using custom User Models you must implement a custom authentication method for Rosetta. See ROSETTA_ACCESS_CONTROL_FUNCTION here: https://django-rosetta.readthedocs.org/en/latest/settings.html"
            )
        raise


def can_translate_language(user, langid):
    try:
        if not rosetta_settings.ROSETTA_LANGUAGE_GROUPS:
            return can_translate(user)
        elif not user.is_authenticated:
            return False
        elif user.is_superuser and user.is_staff:
            return True
        else:
            return user.groups.filter(name="translators-%s" % langid).exists()

    except AttributeError:
        if (
            not hasattr(user, "is_authenticated")
            or not hasattr(user, "is_superuser")
            or not hasattr(user, "groups")
        ):
            raise ImproperlyConfigured(
                "If you are using custom User Models you must implement a custom authentication method for Rosetta. See ROSETTA_ACCESS_CONTROL_FUNCTION here: https://django-rosetta.readthedocs.org/en/latest/settings.html"
            )
        raise
Removed old compatibility code for Django < 1.8 2018-08-23 18:25:09 +00:00			`import importlib`
Imports cleanup 2019-02-28 07:57:33 +00:00
Allow access control function to be replaced The current access control function `can_translate` is not always sufficient. For instance, some projects require access to translation to be controlled using a permission rather than using groups. This change introduces a new setting `ROSETTA_ACCESS_CONTROL_FUNCTION` that allows an alternative predicate to be specified. The default is to use the current function so this change is backwards compatible. 2013-04-16 10:31:36 +00:00			`from django.conf import settings`
Better handling for Custom User Models. Fixes Issue #131 2015-06-04 09:44:42 +00:00			`from django.core.exceptions import ImproperlyConfigured`
Added docs, tests and fine tuned ROSETTA_LANGUAGE_GROUPS setting 2014-05-02 10:04:41 +00:00
Imports cleanup 2019-02-28 07:57:33 +00:00			`from .conf import settings as rosetta_settings`

Allow access control function to be replaced The current access control function `can_translate` is not always sufficient. For instance, some projects require access to translation to be controlled using a permission rather than using groups. This change introduces a new setting `ROSETTA_ACCESS_CONTROL_FUNCTION` that allows an alternative predicate to be specified. The default is to use the current function so this change is backwards compatible. 2013-04-16 10:31:36 +00:00
			`def can_translate(user):`
			`return get_access_control_function()(user)`


			`def get_access_control_function():`
			`"""`
Imports cleanup 2019-02-28 07:57:33 +00:00			`Return a predicate for determining if a user can`
			`access the Rosetta views`
Allow access control function to be replaced The current access control function `can_translate` is not always sufficient. For instance, some projects require access to translation to be controlled using a permission rather than using groups. This change introduces a new setting `ROSETTA_ACCESS_CONTROL_FUNCTION` that allows an alternative predicate to be specified. The default is to use the current function so this change is backwards compatible. 2013-04-16 10:31:36 +00:00			`"""`
proxy deeply through the backend. Fixes #271 2023-01-01 13:17:08 +00:00			`access_function = getattr(settings, "ROSETTA_ACCESS_CONTROL_FUNCTION", None)`
Allow passing a function itself to the setting ROSETTA_ACCESS_CONTROL_FUNCTION. 2019-10-11 22:22:59 +00:00			`if access_function is None:`
Allow access control function to be replaced The current access control function `can_translate` is not always sufficient. For instance, some projects require access to translation to be controlled using a permission rather than using groups. This change introduces a new setting `ROSETTA_ACCESS_CONTROL_FUNCTION` that allows an alternative predicate to be specified. The default is to use the current function so this change is backwards compatible. 2013-04-16 10:31:36 +00:00			`return is_superuser_staff_or_in_translators_group`
Allow passing a function itself to the setting ROSETTA_ACCESS_CONTROL_FUNCTION. 2019-10-11 22:22:59 +00:00			`elif isinstance(access_function, str):`
			`# Dynamically load a permissions function`
proxy deeply through the backend. Fixes #271 2023-01-01 13:17:08 +00:00			`perm_module, perm_func = access_function.rsplit(".", 1)`
Allow passing a function itself to the setting ROSETTA_ACCESS_CONTROL_FUNCTION. 2019-10-11 22:22:59 +00:00			`perm_module = importlib.import_module(perm_module)`
			`return getattr(perm_module, perm_func)`
			`elif callable(access_function):`
			`return access_function`
			`else:`
			`raise TypeError(access_function)`
Allow access control function to be replaced The current access control function `can_translate` is not always sufficient. For instance, some projects require access to translation to be controlled using a permission rather than using groups. This change introduces a new setting `ROSETTA_ACCESS_CONTROL_FUNCTION` that allows an alternative predicate to be specified. The default is to use the current function so this change is backwards compatible. 2013-04-16 10:31:36 +00:00

			`# Default access control test`
			`def is_superuser_staff_or_in_translators_group(user):`
proxy deeply through the backend. Fixes #271 2023-01-01 13:17:08 +00:00			`if not getattr(settings, "ROSETTA_REQUIRES_AUTH", True):`
Allow access control function to be replaced The current access control function `can_translate` is not always sufficient. For instance, some projects require access to translation to be controlled using a permission rather than using groups. This change introduces a new setting `ROSETTA_ACCESS_CONTROL_FUNCTION` that allows an alternative predicate to be specified. The default is to use the current function so this change is backwards compatible. 2013-04-16 10:31:36 +00:00			`return True`
Better handling for Custom User Models. Fixes Issue #131 2015-06-04 09:44:42 +00:00			`try:`
Tests passing on Django 2.0a1 2017-09-23 19:16:16 +00:00			`if not user.is_authenticated:`
Better handling for Custom User Models. Fixes Issue #131 2015-06-04 09:44:42 +00:00			`return False`
			`elif user.is_superuser and user.is_staff:`
			`return True`
			`else:`
proxy deeply through the backend. Fixes #271 2023-01-01 13:17:08 +00:00			`return user.groups.filter(name="translators").exists()`
Better handling for Custom User Models. Fixes Issue #131 2015-06-04 09:44:42 +00:00			`except AttributeError:`
proxy deeply through the backend. Fixes #271 2023-01-01 13:17:08 +00:00			`if (`
			`not hasattr(user, "is_authenticated")`
			`or not hasattr(user, "is_superuser")`
			`or not hasattr(user, "groups")`
			`):`
			`raise ImproperlyConfigured(`
			`"If you are using custom User Models you must implement a custom authentication method for Rosetta. See ROSETTA_ACCESS_CONTROL_FUNCTION here: https://django-rosetta.readthedocs.org/en/latest/settings.html"`
			`)`
Better handling for Custom User Models. Fixes Issue #131 2015-06-04 09:44:42 +00:00			`raise`
Added docs, tests and fine tuned ROSETTA_LANGUAGE_GROUPS setting 2014-05-02 10:04:41 +00:00

			`def can_translate_language(user, langid):`
Better handling for Custom User Models. Fixes Issue #131 2015-06-04 09:44:42 +00:00			`try:`
			`if not rosetta_settings.ROSETTA_LANGUAGE_GROUPS:`
			`return can_translate(user)`
Tests passing on Django 2.0a1 2017-09-23 19:16:16 +00:00			`elif not user.is_authenticated:`
Better handling for Custom User Models. Fixes Issue #131 2015-06-04 09:44:42 +00:00			`return False`
			`elif user.is_superuser and user.is_staff:`
			`return True`
			`else:`
proxy deeply through the backend. Fixes #271 2023-01-01 13:17:08 +00:00			`return user.groups.filter(name="translators-%s" % langid).exists()`
Better handling for Custom User Models. Fixes Issue #131 2015-06-04 09:44:42 +00:00
			`except AttributeError:`
proxy deeply through the backend. Fixes #271 2023-01-01 13:17:08 +00:00			`if (`
			`not hasattr(user, "is_authenticated")`
			`or not hasattr(user, "is_superuser")`
			`or not hasattr(user, "groups")`
			`):`
			`raise ImproperlyConfigured(`
			`"If you are using custom User Models you must implement a custom authentication method for Rosetta. See ROSETTA_ACCESS_CONTROL_FUNCTION here: https://django-rosetta.readthedocs.org/en/latest/settings.html"`
			`)`
Better handling for Custom User Models. Fixes Issue #131 2015-06-04 09:44:42 +00:00			`raise`