Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

a partial fix for #269, still some unit test breaking

  • Loading branch information...
commit 2f26445f9aaca314d05e34d6356a278ba2a9dd01 1 parent 48d871a
Patrick Lauber digi604 authored
41 cms/admin/change_list.py
View
@@ -9,7 +9,8 @@
from cms.models.moderatormodels import MASK_PAGE, MASK_CHILDREN,\
MASK_DESCENDANTS, PageModeratorState
-SITE_VAR = "site__exact"
+
+
COPY_VAR = "copy"
class CMSChangeList(ChangeList):
@@ -17,20 +18,14 @@ class CMSChangeList(ChangeList):
def __init__(self, request, *args, **kwargs):
super(CMSChangeList, self).__init__(request, *args, **kwargs)
+ from cms.admin.utils import current_site
+ self._current_site = current_site(request)
try:
self.query_set = self.get_query_set(request)
except:
raise
self.get_results(request)
- if SITE_VAR in self.params:
- self._current_site = Site.objects.get(pk=self.params[SITE_VAR])
- else:
- site_pk = request.session.get('cms_admin_site', None)
- if site_pk:
- self._current_site = Site.objects.get(pk=site_pk)
- else:
- self._current_site = Site.objects.get_current()
request.session['cms_admin_site'] = self._current_site.pk
self.set_sites(request)
@@ -38,21 +33,21 @@ def __init__(self, request, *args, **kwargs):
def get_query_set(self, request=None):
if COPY_VAR in self.params:
del self.params[COPY_VAR]
-
-
qs = super(CMSChangeList, self).get_query_set().drafts()
if request:
- permissions = Page.permissions.get_change_list_id_list(request.user)
+ site = self._current_site
+ permissions = Page.permissions.get_change_id_list(request.user, site)
+
if permissions != Page.permissions.GRANT_ALL:
qs = qs.filter(pk__in=permissions)
self.root_query_set = self.root_query_set.filter(pk__in=permissions)
self.real_queryset = True
- if not SITE_VAR in self.params:
- qs = qs.filter(site=request.session.get('cms_admin_site', None))
+ qs = qs.filter(site=self._current_site)
qs = qs.order_by('tree_id', 'parent', 'lft')
return qs
def is_filtered(self):
+ from cms.admin.utils import SITE_VAR
lookup_params = self.params.copy() # a dictionary of the query string
for i in (ALL_VAR, ORDER_VAR, ORDER_TYPE_VAR, SEARCH_VAR, IS_POPUP_VAR, SITE_VAR):
if i in lookup_params:
@@ -71,16 +66,17 @@ def get_results(self, request):
def set_items(self, request):
lang = get_language_from_request(request)
+ site = self._current_site
pages = self.get_query_set(request).drafts().order_by('tree_id', 'parent', 'lft').select_related()
- perm_edit_ids = Page.permissions.get_change_id_list(request.user)
- perm_publish_ids = Page.permissions.get_publish_id_list(request.user)
- perm_advanced_settings_ids = Page.permissions.get_advanced_settings_id_list(request.user)
- perm_change_list_ids = Page.permissions.get_change_list_id_list(request.user)
-
+ perm_edit_ids = Page.permissions.get_change_id_list(request.user, site)
+ perm_publish_ids = Page.permissions.get_publish_id_list(request.user, site)
+ perm_advanced_settings_ids = Page.permissions.get_advanced_settings_id_list(request.user, site)
+ perm_change_list_ids = Page.permissions.get_change_id_list(request.user, site)
+
if perm_edit_ids and perm_edit_ids != Page.permissions.GRANT_ALL:
- #pages = pages.filter(pk__in=perm_edit_ids)
- pages = pages.filter(pk__in=perm_change_list_ids)
+ pages = pages.filter(pk__in=perm_edit_ids)
+ #pages = pages.filter(pk__in=perm_change_list_ids)
if settings.CMS_MODERATOR:
# get all ids of public instances, so we can cache them
@@ -109,8 +105,7 @@ def set_items(self, request):
try:
home_pk = Page.objects.drafts().get_home(self.current_site()).pk
except NoHomeFound:
- home_pk = 0
-
+ home_pk = 0
for page in pages:
children = []
14 cms/admin/pageadmin.py
View
@@ -44,7 +44,8 @@
get_test_moderation_level, moderator_should_approve, approve_page, \
will_require_moderation
from cms.utils.permissions import has_page_add_permission, \
- get_user_permission_level, has_global_change_permissions_permission
+ get_user_permission_level, has_global_change_permissions_permission,\
+ has_page_change_permission
@@ -566,8 +567,11 @@ def has_change_permission(self, request, obj=None):
Return true if the current user has permission on the page.
Return the string 'All' if the user has all rights.
"""
- if settings.CMS_PERMISSION and obj is not None:
- return obj.has_change_permission(request)
+ if settings.CMS_PERMISSION:
+ if obj:
+ return obj.has_change_permission(request)
+ else:
+ return has_page_change_permission(request)
return super(PageAdmin, self).has_change_permission(request, obj)
def has_delete_permission(self, request, obj=None):
@@ -746,9 +750,9 @@ def move_page(self, request, page_id, extra_context=None):
def get_permissions(self, request, page_id):
page = get_object_or_404(Page, id=page_id)
- can_change_list = Page.permissions.get_change_id_list(request.user)
+ can_change_list = Page.permissions.get_change_id_list(request.user, page.site_id)
- global_page_permissions = GlobalPagePermission.objects.all()
+ global_page_permissions = GlobalPagePermission.objects.filter(sites__in=[page.site_id])
page_permissions = PagePermission.objects.for_page(page)
permissions = list(global_page_permissions) + list(page_permissions)
15 cms/admin/utils.py
View
@@ -2,6 +2,7 @@
from cms.utils import get_template_from_request
from django.template.context import RequestContext
from django.contrib.auth.models import AnonymousUser
+from django.contrib.sites.models import Site
import re
def get_placeholders(request, template_name):
@@ -26,3 +27,17 @@ def get_placeholders(request, template_name):
output = temp.render(context)
request.user = user
return re.findall("<!-- PlaceholderNode: (.+?) -->", output)
+
+
+SITE_VAR = "site__exact"
+
+def current_site(request):
+ if SITE_VAR in request.REQUEST:
+ return Site.objects.get(pk=request.REQUEST[SITE_VAR])
+ else:
+ site_pk = request.session.get('cms_admin_site', None)
+ if site_pk:
+ return Site.objects.get(pk=site_pk)
+ else:
+ return Site.objects.get_current()
+
53 cms/models/managers.py
View
@@ -337,64 +337,64 @@ class PagePermissionsPermissionManager(models.Manager):
# enabled/configured in settings
GRANT_ALL = 'All'
- def get_publish_id_list(self, user):
+ def get_publish_id_list(self, user, site):
"""
Give a list of page where the user has publish rights or the string "All" if
the user has all rights.
"""
- return self.__get_id_list(user, "can_publish")
+ return self.__get_id_list(user, site, "can_publish")
- def get_change_id_list(self, user):
+ def get_change_id_list(self, user, site):
"""
Give a list of page where the user has edit rights or the string "All" if
the user has all rights.
"""
- return self.__get_id_list(user, "can_change")
+ return self.__get_id_list(user, site, "can_change")
- def get_add_id_list(self, user):
+ def get_add_id_list(self, user, site):
"""
Give a list of page where the user has add page rights or the string
"All" if the user has all rights.
"""
- return self.__get_id_list(user, "can_add")
+ return self.__get_id_list(user, site, "can_add")
- def get_delete_id_list(self, user):
+ def get_delete_id_list(self, user, site):
"""
Give a list of page where the user has delete rights or the string "All" if
the user has all rights.
"""
- return self.__get_id_list(user, "can_delete")
+ return self.__get_id_list(user, site, "can_delete")
- def get_advanced_settings_id_list(self, user):
+ def get_advanced_settings_id_list(self, user, site):
"""
Give a list of page where the user can change advanced settings or the
string "All" if the user has all rights.
"""
- return self.__get_id_list(user, "can_change_advanced_settings")
+ return self.__get_id_list(user, site, "can_change_advanced_settings")
- def get_change_permissions_id_list(self, user):
+ def get_change_permissions_id_list(self, user, site):
"""Give a list of page where the user can change permissions.
"""
- return self.__get_id_list(user, "can_change_permissions")
+ return self.__get_id_list(user, site, "can_change_permissions")
- def get_move_page_id_list(self, user):
+ def get_move_page_id_list(self, user, site):
"""Give a list of pages which user can move.
"""
- return self.__get_id_list(user, "can_move_page")
+ return self.__get_id_list(user, site, "can_move_page")
- def get_moderate_id_list(self, user):
+ def get_moderate_id_list(self, user, site):
"""Give a list of pages which user can moderate. If moderation isn't
installed, nobody can moderate.
"""
if not settings.CMS_MODERATOR:
return []
- return self.__get_id_list(user, "can_moderate")
+ return self.__get_id_list(user, site, "can_moderate")
-
- def get_change_list_id_list(self, user):
+ '''
+ def get_change_list_id_list(self, user, site):
"""This is used just in admin now. Gives all ids where user haves can_edit
and can_add merged together.
@@ -413,9 +413,9 @@ def get_change_list_id_list(self, user):
else:
page_id_list = list(set(can_change).union(set(can_add)))
return page_id_list
-
+ '''
- def __get_id_list(self, user, attr):
+ def __get_id_list(self, user, site, attr):
# TODO: result of this method should be cached per user, and cache should
# be cleaned after some change in permissions / globalpermission
@@ -428,19 +428,20 @@ def __get_id_list(self, user, attr):
return PagePermissionsPermissionManager.GRANT_ALL
# read from cache if posssible
- cached = get_permission_cache(user, attr)
- if cached is not None:
- return cached
+ #cached = get_permission_cache(user, attr)
+ #if cached is not None:
+ # print "retunr cache"
+ # print cached
+ # return cached
from cms.models import GlobalPagePermission, PagePermission, MASK_PAGE,\
MASK_CHILDREN, MASK_DESCENDANTS
# check global permissions
- in_global_permissions = GlobalPagePermission.objects.with_user(user).filter(**{attr: True})
+ in_global_permissions = GlobalPagePermission.objects.with_user(user).filter(**{attr: True, 'sites__in':[site]}).count()
if in_global_permissions:
# user or his group are allowed to do `attr` action
# !IMPORTANT: page permissions must not override global permissions
return PagePermissionsPermissionManager.GRANT_ALL
-
# for standard users without global permissions, get all pages for him or
# his group/s
qs = PagePermission.objects.with_user(user)
@@ -459,7 +460,7 @@ def __get_id_list(self, user, attr):
elif permission.grant_on & MASK_DESCENDANTS:
page_id_allow_list.extend(permission.page.get_descendants().values_list('id', flat=True))
# store value in cache
- set_permission_cache(user, attr, page_id_allow_list)
+ #set_permission_cache(user, attr, page_id_allow_list)
return page_id_allow_list
2  cms/models/pagemodel.py
View
@@ -550,7 +550,7 @@ def has_generic_permission(self, request, type):
from cms.utils.permissions import has_generic_permission
self.permission_user_cache = request.user
- setattr(self, att_name, has_generic_permission(self.id, request.user, type))
+ setattr(self, att_name, has_generic_permission(self.id, request.user, type, self.site_id))
if getattr(self, att_name):
self.permission_edit_cache = True
return getattr(self, att_name)
6 cms/tests/permmod.py
View
@@ -314,7 +314,7 @@ def test_05_slave_can_add_page_under_slave_home(self):
# can he even access it over get?
response = self.client.get(url)
self.assertEqual(response.status_code, 200)
-
+ print response
page_data = self.get_new_page_data(slave_page.pk)
# request moderation
@@ -326,8 +326,10 @@ def test_05_slave_can_add_page_under_slave_home(self):
# add page
self.login_user(self.user_slave)
+ print url
+ print page_data
response = self.client.post(url, page_data)
-
+ print response
self.assertRedirects(response, URL_CMS_PAGE)
# public model shouldn't be available yet, because of the moderation
15 cms/utils/admin.py
View
@@ -4,9 +4,10 @@
from cms.utils import get_language_from_request
from django.shortcuts import render_to_response
from django.template.context import RequestContext
-from cms.utils.permissions import has_add_page_on_same_level_permission,\
- has_page_add_permission
+from cms.utils.permissions import has_page_add_permission, has_generic_permission
from django.http import HttpResponse, Http404
+from cms.models.permissionmodels import GlobalPagePermission
+from cms.models.pagemodel import Page
def get_admin_menu_item_context(request, page, filtered=False):
@@ -36,7 +37,15 @@ def get_admin_menu_item_context(request, page, filtered=False):
isinstance(e[1], bool) and str(e[1]) or e[1].lower() ), md)) + "}"
moderator_state = page_moderator_state(request, page)
- has_add_on_same_level_permission = has_add_page_on_same_level_permission(request, page)
+ has_add_on_same_level_permission = False
+ opts = Page._meta
+ if (request.user.has_perm(opts.app_label + '.' + opts.get_add_permission()) and
+ GlobalPagePermission.objects.with_user(request.user).filter(can_add=True, sites__in=[page.site_id])):
+ has_add_on_same_level_permission = True
+
+ if not has_add_on_same_level_permission and page.parent_id:
+ has_add_on_same_level_permission = has_generic_permission(page.parent_id, request.user, "add", page.site)
+ #has_add_on_same_level_permission = has_add_page_on_same_level_permission(request, page)
context = {
'page': page,
61 cms/utils/permissions.py
View
@@ -7,6 +7,8 @@
from django.contrib.sites.models import Site
+
+
try:
from threading import local
except ImportError:
@@ -39,9 +41,7 @@ def has_page_add_permission(request):
add page under target page will occur.
"""
opts = Page._meta
- if request.user.is_superuser or \
- (request.user.has_perm(opts.app_label + '.' + opts.get_add_permission()) and
- GlobalPagePermission.objects.with_user(request.user).filter(can_add=True)):
+ if request.user.is_superuser:
return True
# if add under page
@@ -53,10 +53,35 @@ def has_page_add_permission(request):
page = Page.objects.get(pk=target)
except:
return False
+ if (request.user.has_perm(opts.app_label + '.' + opts.get_add_permission()) and
+ GlobalPagePermission.objects.with_user(request.user).filter(can_add=True, sites__in=[page.site_id])):
+ return True
if position in ("first-child", "last-child"):
return page.has_add_permission(request)
elif position in ("left", "right"):
- return has_add_page_on_same_level_permission(request, page)
+ if page.parent_id:
+ return has_generic_permission(page.parent_id, request.user, "add", page.site)
+ #return page.parent.has_add_permission(request)
+ else:
+ from cms.admin.utils import current_site
+ site = current_site(request)
+ if (request.user.has_perm(opts.app_label + '.' + opts.get_add_permission()) and
+ GlobalPagePermission.objects.with_user(request.user).filter(can_add=True, sites__in=[site])):
+ return True
+ return False
+
+
+def has_page_change_permission(request):
+ """Return true if the current user has permission to change any page. This is
+ just used for building the tree - only superuser, or user with can_change in
+ globalpagepermission can change a page.
+ """
+ from cms.admin.utils import current_site
+ opts = Page._meta
+ if request.user.is_superuser or \
+ (request.user.has_perm(opts.app_label + '.' + opts.get_change_permission()) and
+ GlobalPagePermission.objects.with_user(request.user).filter(can_change=True, sites__in=[current_site(request)]).count()>0):
+ return True
return False
@@ -162,26 +187,7 @@ def has_global_change_permissions_permission(user):
return True
return False
-def has_add_page_on_same_level_permission(request, page):
- """Checks if there can be page added under page parent.
- """
- if not settings.CMS_PERMISSION or request.user.is_superuser \
- or GlobalPagePermission.objects.with_user(request.user).filter(can_add=True).count():
- return True
- try:
- return has_generic_permission(page.parent_id, request.user, "add")
- except AttributeError:
- # if page doesnt have parent...
- pass
- """
- if page.level == 0:
- # we are in the root, check if user haves add PAGE paermisson for
- # this page
- for perm in PagePermission.objects.with_user(request.user).filter(page=page, can_add=True):
- if perm.grant_on & MASK_PAGE:
- return True
- """
- return False
+
def mail_page_user_change(user, created=False, password=""):
"""Send email notification to given user. Used it PageUser profile creation/
@@ -202,11 +208,11 @@ def mail_page_user_change(user, created=False, password=""):
send_mail(subject, 'admin/cms/mail/page_user_change.txt', [user.email], context, 'admin/cms/mail/page_user_change.html')
-def has_generic_permission(page_id, user, attr):
+def has_generic_permission(page_id, user, attr, site):
"""Permission getter for single page with given id.
"""
func = getattr(Page.permissions, "get_%s_id_list" % attr)
- permission = func(user)
+ permission = func(user, site)
return permission == Page.permissions.GRANT_ALL or page_id in permission
@@ -237,8 +243,7 @@ def get_user_sites_queryset(user):
# add some pages if he haves permission to add / change her
q |= Q(Q(page__pagepermission__user=user) | Q(page__pagepermission__group__user=user)) & \
- Q(Q(page__pagepermission__can_add=True) | Q(page__pagepermission__can_change=True))
-
+ (Q(Q(page__pagepermission__can_add=True) | Q(page__pagepermission__can_change=True)))
return qs.filter(q).distinct()
Please sign in to comment.
Something went wrong with that request. Please try again.