Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

[per-object-permissions] New method: get_model_list in the RowLevelPe…

…rmission manager. This returns a list of ids for the given model that the user has the given permission on. It should work better then doing something like has_perm or {% if_has_perm %}

[per-object-permissions] Modified the change_list to use get_model_list instead of the current checking each perm. Note: this method has not been tested extensively, and might cause some problems

git-svn-id: http://code.djangoproject.com/svn/django/branches/per-object-permissions@3674 bcc190cf-cafb-0310-a4f2-bffc1f526a37
  • Loading branch information...
commit 64be2e2881fe39857fc70478198b86cc13b0ec24 1 parent 61d6f59
Christopher Long authored
6 django/contrib/admin/templatetags/admin_list.py
View
@@ -105,11 +105,7 @@ def items_for_result(cl, result):
first = True
pk = cl.lookup_opts.pk.attname
#If show_all_rows is set to False, then we have to check the permission on the object
- if not cl.opts.admin.show_all_rows:
- if not cl.user.has_perm(cl.opts.app_label + "." + cl.opts.get_change_permission(), object=result):
- return
- #Update the count
- cl.result_count = cl.result_count +1
+
for field_name in cl.lookup_opts.admin.list_display:
row_class = ''
try:
14 django/contrib/admin/views/main.py
View
@@ -651,10 +651,8 @@ def get_results(self, request):
#This is set to 0 if show_all_rows is false, checking of which rows to be shown
#is done later in the result_list tag at which point it will calculate the correct
#number of rows shown
- if self.opts.admin.show_all_rows:
- self.result_count = result_count
- else:
- self.result_count = 0
+
+ self.result_count = result_count
self.full_result_count = full_result_count
self.result_list = result_list
self.can_show_all = can_show_all
@@ -692,7 +690,13 @@ def get_ordering(self):
return order_field, order_type
def get_query_set(self):
- qs = self.manager.get_query_set()
+ if (not self.opts.admin.show_all_rows) and self.opts.row_level_permissions and (not self.user.has_perm(self.opts.app_label + "."+self.opts.get_change_permission()):
+ from django.contrib.auth.models import RowLevelPermission
+ qs = self.manager.filter(id__in=RowLevelPermission.objects.get_model_list(self.user,
+ self.model,
+ self.opts.get_change_permission()))
+ else:
+ qs = self.manager.get_query_set()
lookup_params = self.params.copy() # a dictionary of the query string
for i in (ALL_VAR, ORDER_VAR, ORDER_TYPE_VAR, SEARCH_VAR, IS_POPUP_VAR):
if lookup_params.has_key(i):
16 django/contrib/auth/models.py
View
@@ -71,6 +71,22 @@ def create_default_row_permissions(self, model_instance, owner, change=True, del
delete_str = "delete_%s" % (model_ct.model)
ret_dict[delete_str]=self.create_row_level_permission(model_instance, owner, delete_str, negative=negDel)
return ret_dict
+
+ def get_model_list(self,user, model, perm):
+ model_ct=ContentType.objects.get_for_model(model)
+ if isinstance(perm, str):
+ perm = Permission.objects.get(codename__exact=perm, content_type=model_ct.id)
+ user_model_ids = RowLevelPermission.objects.filter(owner_ct=ContentType.objects.get_for_model(User),
+ owner_id=user.id, permission=perm.id,
+ model_ct=model_ct
+ ).values('model_id')
+ user_group_list = [g['id'] for g in user.groups.select_related().values('id')]
+ group_model_ids = RowLevelPermission.objects.filter(owner_ct=ContentType.objects.get_for_model(Group).id,
+ owner_id__in=user_group_list,
+ model_ct = model_ct
+ ).values('model_id')
+ id_list = [o['model_id'] for o in user_model_ids] + [o['model_id'] for o in group_model_ids]
+ return id_list
class RowLevelPermission(models.Model):
"""
Please sign in to comment.
Something went wrong with that request. Please try again.