Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

[per-object-permissions] Removed debug print statement in auth/models.py

[per-object-permissions] Added admin option: show_all_rows which by default is set to True. If False, it will only show the rows the user has permission for. Implemented the changes into change_list to allow this

git-svn-id: http://code.djangoproject.com/svn/django/branches/per-object-permissions@3627 bcc190cf-cafb-0310-a4f2-bffc1f526a37
  • Loading branch information...
commit 736febadc53f571a00c81f74981a4e77bd4bfac6 1 parent 8a38dfa
Christopher Long authored
View
4 django/contrib/admin/templatetags/admin_list.py
@@ -104,6 +104,10 @@ def result_headers(cl):
def items_for_result(cl, result):
first = True
pk = cl.lookup_opts.pk.attname
+ if not cl.opts.admin.show_all_rows:
+ if not cl.user.has_perm(cl.opts.app_label + "." + cl.opts.get_change_permission(), object=result):
+ return
+ cl.result_count = cl.result_count +1
for field_name in cl.lookup_opts.admin.list_display:
row_class = ''
try:
View
7 django/contrib/admin/templatetags/adminapplist.py
@@ -27,12 +27,7 @@ def render(self, context):
for m in app_models:
if m._meta.admin:
if not m._meta.admin.hidden:
- #perms = {
- #'add': user.has_perm("%s.%s" % (app_label, m._meta.get_add_permission())),
- #'change': user.has_perm("%s.%s" % (app_label, m._meta.get_change_permission())),
- #'delete': user.has_perm("%s.%s" % (app_label, m._meta.get_delete_permission())),
- #}
-
+
perms = {
'add': user.contains_permission("%s.%s" % (app_label, m._meta.get_add_permission()), m),
'change': user.contains_permission("%s.%s" % (app_label, m._meta.get_change_permission()), m),
View
12 django/contrib/admin/views/main.py
@@ -433,7 +433,7 @@ def _get_deleted_objects(deleted_objects, perms_needed, user, obj, opts, current
else:
if related.opts.admin:
p = '%s.%s' % (related.opts.app_label, related.opts.get_delete_permission())
- if not user.has_perm(p):
+ if not user.has_perm(p, object=related):
perms_needed.add(related.opts.verbose_name)
# We don't care about populating deleted_objects now.
continue
@@ -464,7 +464,7 @@ def _get_deleted_objects(deleted_objects, perms_needed, user, obj, opts, current
# permission to delete them, add the missing perm to perms_needed.
if related.opts.admin and has_related_objs:
p = '%s.%s' % (related.opts.app_label, related.opts.get_delete_permission())
- if not user.has_perm(p):
+ if not user.has_perm(p, object=related):
perms_needed.add(rel_opts_name)
for related in opts.get_all_related_many_to_many_objects():
if related.opts in opts_seen:
@@ -493,7 +493,7 @@ def _get_deleted_objects(deleted_objects, perms_needed, user, obj, opts, current
# permission to change them, add the missing perm to perms_needed.
if related.opts.admin and has_related_objs:
p = '%s.%s' % (related.opts.app_label, related.opts.get_change_permission())
- if not user.has_perm(p):
+ if not user.has_perm(p, object=related):
perms_needed.add(related.opts.verbose_name)
def delete_stage(request, app_label, model_name, object_id):
@@ -562,6 +562,7 @@ def __init__(self, request, model):
self.opts = model._meta
self.lookup_opts = self.opts
self.manager = self.opts.admin.manager
+ self.user = request.user
# Get search parameters from the query string.
try:
@@ -644,7 +645,10 @@ def get_results(self, request):
except InvalidPage:
result_list = ()
- self.result_count = result_count
+ if self.opts.admin.show_all_rows:
+ self.result_count = result_count
+ else:
+ self.result_count = 0
self.full_result_count = full_result_count
self.result_list = result_list
self.can_show_all = can_show_all
View
2  django/contrib/auth/models.py
@@ -373,7 +373,7 @@ def contains_group_row_level_perms(self, perm, ct):
backend.quote_name('group_id'), backend.quote_name('user_id'),
backend.quote_name('negative'), backend.quote_name('owner_ct_id'),
backend.quote_name('model_ct_id'))
- print sql
+
cursor.execute(sql, [self.id, ContentType.objects.get_for_model(Group).id, ct.id])
count = int(cursor.fetchone()[0])
return (count>0)
View
4 django/db/models/options.py
@@ -203,7 +203,8 @@ class AdminOptions(object):
def __init__(self, fields=None, js=None, list_display=None, list_display_links=None, list_filter=None,
date_hierarchy=None, save_as=False, ordering=None, search_fields=None,
save_on_top=False, list_select_related=False, manager=None, list_per_page=100,
- grant_change_row_level_perm=False, grant_delete_row_level_perm=False, hidden=False):
+ grant_change_row_level_perm=False, grant_delete_row_level_perm=False, hidden=False,
+ show_all_rows=True):
self.fields = fields
self.js = js or []
self.list_display = list_display or ['__str__']
@@ -219,6 +220,7 @@ def __init__(self, fields=None, js=None, list_display=None, list_display_links=N
self.grant_change_row_level_perm=grant_change_row_level_perm
self.grant_delete_row_level_perm=grant_delete_row_level_perm
self.hidden = hidden
+ self.show_all_rows = show_all_rows
def get_field_sets(self, opts):
"Returns a list of AdminFieldSet objects for this AdminOptions object."
Please sign in to comment.
Something went wrong with that request. Please try again.