-
Notifications
You must be signed in to change notification settings - Fork 1
/
membership.py
82 lines (56 loc) 路 2.6 KB
/
membership.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
from __future__ import annotations
from django.contrib import messages
from django.contrib.auth.mixins import UserPassesTestMixin
from django.utils.translation import gettext as _
from apps.plugins.middleware.plugin import HttpRequest
from apps.sections.models import SectionMembership
class UserPassesMembershipTestMixin(UserPassesTestMixin):
"""
View mixin checking whenever is logged user in current section space and passes test_membership method.
"""
request: HttpRequest
def test_func(self):
membership = self.request.membership
if self.request.user.is_superuser:
# superuser can do anything
if not self.request.htmx:
# TODO: fallback to superuser (w/message) only if test_membership fails?
messages.warning(self.request, _("Accessing as superuser, be aware!"))
return True
if not membership:
# no membership? definitely no access
return False
if membership.section != self.request.in_space_of_section:
# TODO: should not happen? is always True?
# !membership OR (membership.section==in_space_of_section)
return False
if not self.test_membership(membership=membership):
# right section, but without sufficient role
return False
return True
def test_membership(self, membership: SectionMembership) -> bool:
raise NotImplementedError("To be overriden")
class EnsureLocalUserViewMixin(UserPassesMembershipTestMixin):
request: HttpRequest
def test_membership(self, membership: SectionMembership) -> bool:
return membership.is_local
class EnsureInternationalUserViewMixin(UserPassesMembershipTestMixin):
request: HttpRequest
def test_membership(self, membership: SectionMembership) -> bool:
return membership.is_international
class EnsurePrivilegedUserViewMixin(UserPassesMembershipTestMixin):
"""
View mixin checking wheever is logged user in privileged role (editor or admin)
in current section space.
"""
permission_denied_message = _("Page is restricted to privileged users.")
def test_membership(self, membership: SectionMembership) -> bool:
return membership.is_privileged
class EnsureSectionAdminViewMixin(UserPassesMembershipTestMixin):
"""
View mixin checking wheever is logged user in admin role
in current section space.
"""
permission_denied_message = _("Page is restricted to section admins.")
def test_membership(self, membership: SectionMembership) -> bool:
return membership.is_section_admin