Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Add pluggable authorization

  • Loading branch information...
commit a424f41afb1ede8320393e4b9cf6ddabc2859c65 1 parent bd8fb73
@paltman paltman authored
Showing with 54 additions and 1 deletion.
  1. +48 −0 dialogos/authorization.py
  2. +6 −1 dialogos/views.py
View
48 dialogos/authorization.py
@@ -0,0 +1,48 @@
+from django.conf import settings
+from django.core.exceptions import ImproperlyConfigured
+try:
+ from django.utils.importlib import import_module
+except ImportError:
+ from importlib import import_module
+
+
+def load_path_attr(path):
+ i = path.rfind(".")
+ module, attr = path[:i], path[i+1:]
+ try:
+ mod = import_module(module)
+ except ImportError, e:
+ raise ImproperlyConfigured("Error importing %s: '%s'" % (module, e))
+ try:
+ attr = getattr(mod, attr)
+ except AttributeError:
+ raise ImproperlyConfigured("Module '%s' does not define a '%s'" % (module, attr))
+ return attr
+
+
+def default_can_delete(user, comment):
+ if user.is_superuser():
+ return True
+ return user == comment.author
+
+
+def default_can_edit(user, comment):
+ return user == comment.author
+
+
+def load_can_delete():
+ import_path = getattr(settings, "COMMENTS_CAN_DELETE_CALLABLE", None)
+
+ if import_path is None:
+ return default_can_delete
+
+ return load_path_attr(import_path)
+
+
+def load_can_edit():
+ import_path = getattr(settings, "COMMENTS_CAN_EDIT_CALLABLE", None)
+
+ if import_path is None:
+ return default_can_edit
+
+ return load_path_attr(import_path)
View
7 dialogos/views.py
@@ -8,11 +8,16 @@
from django.contrib.auth.decorators import login_required
from django.contrib.contenttypes.models import ContentType
+from dialogos.authorization import load_can_delete, load_can_edit
from dialogos.forms import CommentForm
from dialogos.models import Comment
from dialogos.signals import commented
+can_delete = load_can_delete()
+can_edit = load_can_edit()
+
+
@require_POST
def post_comment(request, content_type_id, object_id, form_class=CommentForm):
content_type = get_object_or_404(ContentType, pk=content_type_id)
@@ -52,6 +57,6 @@ def post_comment(request, content_type_id, object_id, form_class=CommentForm):
def delete_comment(request, comment_id):
comment = get_object_or_404(Comment, pk=comment_id)
obj = comment.content_object
- if comment.author == request.user:
+ if can_delete(request.user, comment):
comment.delete()
return redirect(obj)
Please sign in to comment.
Something went wrong with that request. Please try again.