django-rosetta/rosetta/access.py

import importlib

from django.conf import settings
from django.core.exceptions import ImproperlyConfigured

from .conf import settings as rosetta_settings


def can_translate(user):
    return get_access_control_function()(user)


def get_access_control_function():
    """
    Return a predicate for determining if a user can
    access the Rosetta views
    """
    access_function = getattr(settings, 'ROSETTA_ACCESS_CONTROL_FUNCTION', None)
    if access_function is None:
        return is_superuser_staff_or_in_translators_group
    elif isinstance(access_function, str):
        # Dynamically load a permissions function
        perm_module, perm_func = access_function.rsplit('.', 1)
        perm_module = importlib.import_module(perm_module)
        return getattr(perm_module, perm_func)
    elif callable(access_function):
        return access_function
    else:
        raise TypeError(access_function)


# Default access control test
def is_superuser_staff_or_in_translators_group(user):
    if not getattr(settings, 'ROSETTA_REQUIRES_AUTH', True):
        return True
    try:
        if not user.is_authenticated:
            return False
        elif user.is_superuser and user.is_staff:
            return True
        else:
            return user.groups.filter(name='translators').exists()
    except AttributeError:
        if not hasattr(user, 'is_authenticated') or not hasattr(user, 'is_superuser') or not hasattr(user, 'groups'):
            raise ImproperlyConfigured('If you are using custom User Models you must implement a custom authentication method for Rosetta. See ROSETTA_ACCESS_CONTROL_FUNCTION here: https://django-rosetta.readthedocs.org/en/latest/settings.html')
        raise


def can_translate_language(user, langid):
    try:
        if not rosetta_settings.ROSETTA_LANGUAGE_GROUPS:
            return can_translate(user)
        elif not user.is_authenticated:
            return False
        elif user.is_superuser and user.is_staff:
            return True
        else:
            return user.groups.filter(name='translators-%s' % langid).exists()

    except AttributeError:
        if not hasattr(user, 'is_authenticated') or not hasattr(user, 'is_superuser') or not hasattr(user, 'groups'):
            raise ImproperlyConfigured('If you are using custom User Models you must implement a custom authentication method for Rosetta. See ROSETTA_ACCESS_CONTROL_FUNCTION here: https://django-rosetta.readthedocs.org/en/latest/settings.html')
        raise
Removed old compatibility code for Django < 1.8 2018-08-23 18:25:09 +00:00			`import importlib`
Imports cleanup 2019-02-28 07:57:33 +00:00
Allow access control function to be replaced The current access control function `can_translate` is not always sufficient. For instance, some projects require access to translation to be controlled using a permission rather than using groups. This change introduces a new setting `ROSETTA_ACCESS_CONTROL_FUNCTION` that allows an alternative predicate to be specified. The default is to use the current function so this change is backwards compatible. 2013-04-16 10:31:36 +00:00			`from django.conf import settings`
Better handling for Custom User Models. Fixes Issue #131 2015-06-04 09:44:42 +00:00			`from django.core.exceptions import ImproperlyConfigured`
Added docs, tests and fine tuned ROSETTA_LANGUAGE_GROUPS setting 2014-05-02 10:04:41 +00:00
Imports cleanup 2019-02-28 07:57:33 +00:00			`from .conf import settings as rosetta_settings`

Allow access control function to be replaced The current access control function `can_translate` is not always sufficient. For instance, some projects require access to translation to be controlled using a permission rather than using groups. This change introduces a new setting `ROSETTA_ACCESS_CONTROL_FUNCTION` that allows an alternative predicate to be specified. The default is to use the current function so this change is backwards compatible. 2013-04-16 10:31:36 +00:00
			`def can_translate(user):`
			`return get_access_control_function()(user)`


			`def get_access_control_function():`
			`"""`
Imports cleanup 2019-02-28 07:57:33 +00:00			`Return a predicate for determining if a user can`
			`access the Rosetta views`
Allow access control function to be replaced The current access control function `can_translate` is not always sufficient. For instance, some projects require access to translation to be controlled using a permission rather than using groups. This change introduces a new setting `ROSETTA_ACCESS_CONTROL_FUNCTION` that allows an alternative predicate to be specified. The default is to use the current function so this change is backwards compatible. 2013-04-16 10:31:36 +00:00			`"""`
Allow passing a function itself to the setting ROSETTA_ACCESS_CONTROL_FUNCTION. 2019-10-11 22:22:59 +00:00			`access_function = getattr(settings, 'ROSETTA_ACCESS_CONTROL_FUNCTION', None)`
			`if access_function is None:`
Allow access control function to be replaced The current access control function `can_translate` is not always sufficient. For instance, some projects require access to translation to be controlled using a permission rather than using groups. This change introduces a new setting `ROSETTA_ACCESS_CONTROL_FUNCTION` that allows an alternative predicate to be specified. The default is to use the current function so this change is backwards compatible. 2013-04-16 10:31:36 +00:00			`return is_superuser_staff_or_in_translators_group`
Allow passing a function itself to the setting ROSETTA_ACCESS_CONTROL_FUNCTION. 2019-10-11 22:22:59 +00:00			`elif isinstance(access_function, str):`
			`# Dynamically load a permissions function`
			`perm_module, perm_func = access_function.rsplit('.', 1)`
			`perm_module = importlib.import_module(perm_module)`
			`return getattr(perm_module, perm_func)`
			`elif callable(access_function):`
			`return access_function`
			`else:`
			`raise TypeError(access_function)`
Allow access control function to be replaced The current access control function `can_translate` is not always sufficient. For instance, some projects require access to translation to be controlled using a permission rather than using groups. This change introduces a new setting `ROSETTA_ACCESS_CONTROL_FUNCTION` that allows an alternative predicate to be specified. The default is to use the current function so this change is backwards compatible. 2013-04-16 10:31:36 +00:00

			`# Default access control test`
			`def is_superuser_staff_or_in_translators_group(user):`
			`if not getattr(settings, 'ROSETTA_REQUIRES_AUTH', True):`
			`return True`
Better handling for Custom User Models. Fixes Issue #131 2015-06-04 09:44:42 +00:00			`try:`
Tests passing on Django 2.0a1 2017-09-23 19:16:16 +00:00			`if not user.is_authenticated:`
Better handling for Custom User Models. Fixes Issue #131 2015-06-04 09:44:42 +00:00			`return False`
			`elif user.is_superuser and user.is_staff:`
			`return True`
			`else:`
			`return user.groups.filter(name='translators').exists()`
			`except AttributeError:`
			`if not hasattr(user, 'is_authenticated') or not hasattr(user, 'is_superuser') or not hasattr(user, 'groups'):`
			`raise ImproperlyConfigured('If you are using custom User Models you must implement a custom authentication method for Rosetta. See ROSETTA_ACCESS_CONTROL_FUNCTION here: https://django-rosetta.readthedocs.org/en/latest/settings.html')`
			`raise`
Added docs, tests and fine tuned ROSETTA_LANGUAGE_GROUPS setting 2014-05-02 10:04:41 +00:00

			`def can_translate_language(user, langid):`
Better handling for Custom User Models. Fixes Issue #131 2015-06-04 09:44:42 +00:00			`try:`
			`if not rosetta_settings.ROSETTA_LANGUAGE_GROUPS:`
			`return can_translate(user)`
Tests passing on Django 2.0a1 2017-09-23 19:16:16 +00:00			`elif not user.is_authenticated:`
Better handling for Custom User Models. Fixes Issue #131 2015-06-04 09:44:42 +00:00			`return False`
			`elif user.is_superuser and user.is_staff:`
			`return True`
			`else:`
			`return user.groups.filter(name='translators-%s' % langid).exists()`

			`except AttributeError:`
			`if not hasattr(user, 'is_authenticated') or not hasattr(user, 'is_superuser') or not hasattr(user, 'groups'):`
			`raise ImproperlyConfigured('If you are using custom User Models you must implement a custom authentication method for Rosetta. See ROSETTA_ACCESS_CONTROL_FUNCTION here: https://django-rosetta.readthedocs.org/en/latest/settings.html')`
			`raise`