summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristopher Long <indirecthit@gmail.com>2006-07-24 23:28:04 +0000
committerChristopher Long <indirecthit@gmail.com>2006-07-24 23:28:04 +0000
commit71dad9e3057f088a6baa97fcec088f55455f5476 (patch)
treeeef225233361b8ec79f5df63a471a96cacdd82ab
parent53fed0e76941f90a43a9803ab5b394461c0f32a8 (diff)
[per-object-permissions] Updated auth model's to contain the row level permission object and connected users with row level permissions
git-svn-id: http://code.djangoproject.com/svn/django/branches/per-object-permissions@3440 bcc190cf-cafb-0310-a4f2-bffc1f526a37
-rw-r--r--django/contrib/auth/models.py58
1 files changed, 58 insertions, 0 deletions
diff --git a/django/contrib/auth/models.py b/django/contrib/auth/models.py
index cca3c62252..747da2f5ef 100644
--- a/django/contrib/auth/models.py
+++ b/django/contrib/auth/models.py
@@ -46,6 +46,60 @@ class Permission(models.Model):
def __str__(self):
return "%s | %s" % (self.content_type, self.name)
+class RowLevelPermissionManager(models.Manager):
+ def create_row_level_permission(self, object_instance, owner, permission, negative=False):
+ if isinstance(permission, str):
+ permission = Permission.objects.get(codename__exact=permission)
+ type_ct=ContentType.objects.get_for_model(object_instance)
+ if type_ct != permission.content_type:
+ raise TypeError, "Invalid value: Permission content type(%s) and object content type(%s) do not match" % (permission.content_type, type_ct)
+
+ rowLvlPerm = self.model(type_id=object_instance.id, type_ct=ContentType.objects.get_for_model(object_instance),
+ owner_id=owner.id, owner_ct=ContentType.objects.get_for_model(owner),
+ permission=permission, negative=negative)
+ rowLvlPerm.save()
+ return rowLvlPerm
+
+ def create_default_row_permissions(self, type, owner, change=True, delete=True, negChange=False, negDel=False):
+ ret_dict = {}
+ if change:
+ change_str = "change_%s" % (ContentType.objects.get_for_model(type))
+ ret_dict[change_str]=self.create_row_level_permission(type, owner, change_str, negative=negChange)
+ if delete:
+ delete_str = "delete_%s" % (ContentType.objects.get_for_model(type))
+ ret_dict[delete_str]=self.create_row_level_permission(type, owner, delete_str, negative=negDel)
+ return ret_dict
+
+class RowLevelPermission(models.Model):
+ """ Similiar to permissions but works on instances of objects instead of types.
+ This uses generic relations to minimize the number of tables, and connects to the
+ permissions table using a many to one relation.
+ """
+ type_id = models.PositiveIntegerField("'Type' ID")
+ type_ct = models.ForeignKey(ContentType, verbose_name="'Type' content type", related_name="type_ct")
+ owner_id = models.PositiveIntegerField("'Owner' ID")
+ owner_ct = models.ForeignKey(ContentType, verbose_name="'Owner' content type", related_name="owner_ct")
+ negative = models.BooleanField()
+ permission = models.ForeignKey(Permission)
+
+ type = models.GenericForeignKey(fk_field='type_id', ct_field='type_ct')
+ owner = models.GenericForeignKey(fk_field='owner_id', ct_field='owner_ct')
+
+ objects = RowLevelPermissionManager()
+
+ class Meta:
+ verbose_name = _('row level permission')
+ verbose_name_plural = _('row level permissions')
+ unique_together = (('type_ct', 'type_id', 'owner_id', 'owner_ct', 'permission'),)
+
+
+ def __str__(self):
+ return "%s | %s:%s | %s:%s" % (self.permission, self.owner_ct, self.owner, self.type_ct, self.type)
+
+ def __repr__(self):
+ return "%s | %s:%s | %s:%s" % (self.permission, self.owner_ct, self.owner, self.type_ct, self.type)
+
+
class Group(models.Model):
"""Groups are a generic way of categorizing users to apply permissions, or some other label, to those users. A user can belong to any number of groups.
@@ -99,11 +153,15 @@ class User(models.Model):
groups = models.ManyToManyField(Group, verbose_name=_('groups'), blank=True,
help_text=_("In addition to the permissions manually assigned, this user will also get all permissions granted to each group he/she is in."))
user_permissions = models.ManyToManyField(Permission, verbose_name=_('user permissions'), blank=True, filter_interface=models.HORIZONTAL)
+
+ row_level_permissions_owned = models.GenericRelation(RowLevelPermission, object_id_field="owner_id", content_type_field="owner_ct", related_name="owner")
+
objects = UserManager()
class Meta:
verbose_name = _('user')
verbose_name_plural = _('users')
ordering = ('username',)
+ row_level_permissions = True
class Admin:
fields = (
(None, {'fields': ('username', 'password')}),