summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristopher Long <indirecthit@gmail.com>2006-07-29 18:27:50 +0000
committerChristopher Long <indirecthit@gmail.com>2006-07-29 18:27:50 +0000
commit68072fa75c56c040b18c2fc43e96acc3f734fa67 (patch)
treea702205324a9e58ce9ec75d44d04a0dc5bc43f9c
parent340718bd3a4f56a257dd4285da178751d9cf84d2 (diff)
[per-object-permissions] Fixed some problems with checking of permissions
git-svn-id: http://code.djangoproject.com/svn/django/branches/per-object-permissions@3487 bcc190cf-cafb-0310-a4f2-bffc1f526a37
-rw-r--r--django/contrib/admin/templates/admin/change_form.html2
-rw-r--r--django/contrib/admin/views/main.py1
-rw-r--r--django/contrib/admin/views/row_level_permissions.py29
3 files changed, 20 insertions, 12 deletions
diff --git a/django/contrib/admin/templates/admin/change_form.html b/django/contrib/admin/templates/admin/change_form.html
index 5dddfa26ae..3e340615a7 100644
--- a/django/contrib/admin/templates/admin/change_form.html
+++ b/django/contrib/admin/templates/admin/change_form.html
@@ -66,7 +66,7 @@
</div>
</form>
-{% if rlp_form_list %}
+{% if new_rlp_form %}
{% include "admin/row_level_permission.html" %}
{% endif %}
diff --git a/django/contrib/admin/views/main.py b/django/contrib/admin/views/main.py
index 168199a54d..6ac7ccb276 100644
--- a/django/contrib/admin/views/main.py
+++ b/django/contrib/admin/views/main.py
@@ -391,7 +391,6 @@ def change_stage(request, app_label, model_name, object_id):
'object_id': object_id,
'original': manipulator.original_object,
'is_popup': request.REQUEST.has_key('_popup'),
- 'is_row_level_perm': model._meta.row_level_permissions,
})
if model._meta.row_level_permissions:
diff --git a/django/contrib/admin/views/row_level_permissions.py b/django/contrib/admin/views/row_level_permissions.py
index 607c6904cf..0c54ae2e87 100644
--- a/django/contrib/admin/views/row_level_permissions.py
+++ b/django/contrib/admin/views/row_level_permissions.py
@@ -4,6 +4,7 @@ from django.http import Http404, HttpResponse, HttpResponseRedirect
from django.contrib.contenttypes.models import ContentType
from django.contrib.auth.models import RowLevelPermission
from django.contrib.admin.row_level_perm_manipulator import AddRLPManipulator, ChangeRLPManipulator
+from django.core.exceptions import ImproperlyConfigured, ObjectDoesNotExist, PermissionDenied
import simplejson
def delete_row_level_permission(request, ct_id, rlp_id, hash, ajax=None):
@@ -15,7 +16,7 @@ def delete_row_level_permission(request, ct_id, rlp_id, hash, ajax=None):
opts = rlp._meta
if not request.user.has_perm(opts.app_label + '.' + opts.get_delete_permission()):
raise PermissionDenied
- if not request.user.has_perm(obj._meta.app_label + '.' + obj._meta.get_delete_permission()):
+ if not request.user.has_perm(obj._meta.app_label + '.' + obj._meta.get_change_permission()()):
raise PermissionDenied
rlp.delete()
msg = {"result":True, "text":_("Row level permission was successful deleted"), "id":rlp_id}
@@ -38,9 +39,12 @@ def add_row_level_permission(request, ct_id, obj_id, ajax=None):
ct = get_object_or_404(ContentType, pk=ct_id)
obj = get_object_or_404(ct.model_class(), pk=obj_id)
-
- if not request.user.has_perm(obj._meta.app_label + '.' + obj._meta.get_add_permission()):
+
+ if not request.user.has_perm(obj._meta.app_label + '.' + obj._meta.get_change_permission()):
raise PermissionDenied
+
+ if not request.user.has_perm(RowLevelPermission._meta.app_label + '.' + RowLevelPermission._meta.get_add_permission()):
+ raise PermissionDenied
manip = AddRLPManipulator(obj, ct)
@@ -54,7 +58,10 @@ def add_row_level_permission(request, ct_id, obj_id, ajax=None):
except validators.ValidationError:
msg = {"result":False, "text":_("A row level permission already exists with the specified values.")}
else:
- msg = {"result":True, "text":_("Row level permission has successful been added.")}
+ if len(rlp_list) is 1:
+ msg = {"result":True, "text":_("Row level permission has successfully been added.")}
+ else:
+ msg = {"result":True, "text":_("Row level permissions have successfully been added.")}
if not ajax:
request.user.message_set.create(message=msg['text'])
return HttpResponseRedirect("../../../../../%s/%s/%s" % (obj._meta.app_label, obj._meta.module_name , str(obj.id)))
@@ -80,12 +87,14 @@ def change_row_level_permission(request, ct_id, rlp_id, hash, ajax=None):
request.user.message_set.create(message=msg['text'])
return HttpResponseRedirect("/edit/%s/%s" % (obj_type, obj_id))
- obj = get_object_or_404(RowLevelPermission, pk=rlp_id)
- opts = obj._meta
+ rlp = get_object_or_404(RowLevelPermission, pk=rlp_id)
+ opts = rlp._meta
+ if not request.user.has_perm(opts.app_label + '.' + opts.get_add_permission()):
+ raise PermissionDenied
- #if not request.user.has_perm(app_label + '.' + opts.get_change_permission()):
- #if not request.user.has_perm(opts.get_change_permission()):
- #raise PermissionDenied
+ object_model = rlp.type_ct.model_class()
+ if not request.user.has_perm(object_model._meta.app_label + '.' + object_model._meta.get_change_permission()):
+ raise PermissionDenied
manip = ChangeRLPManipulator()
new_data = request.POST.copy()
@@ -102,4 +111,4 @@ def change_row_level_permission(request, ct_id, rlp_id, hash, ajax=None):
if ajax:
return HttpResponse(simplejson.dumps(msg), 'text/javascript')
request.user.message_set.create(message=msg['text'])
- return HttpResponseRedirect("../../../../../../%s/%s/%s" % (new_rlp.type._meta.app_label, new_rlp.type._meta.module_name , str(rlp.type_id))) \ No newline at end of file
+ return HttpResponseRedirect("../../../../../../%s/%s/%s" % (object_model._meta.app_label, object_model._meta.module_name , str(rlp.type_id))) \ No newline at end of file