Permalink
Browse files

improve permission management, fix admin command run view access cont…

…rol and only admin commands for which the user has permission appear in the changelist
  • Loading branch information...
1 parent 3ec63c1 commit e823b0d697ddf4bf1a3e40045a1d2e73f5c2c917 @amirouche amirouche committed Jul 9, 2012
Showing with 39 additions and 8 deletions.
  1. +8 −0 README.rst
  2. +8 −2 admincommand/admin.py
  3. +4 −5 admincommand/models.py
  4. +19 −1 admincommand/query.py
View
@@ -87,3 +87,11 @@ specify it in the AdminCommand configuration class with the
You also need to run periodically ``flush_queue`` from ``django-async`` application for that matter don't forget to install the application.
+
+Permissions
+===========
+
+You MUST add to every user or groups that should have access to the list of commands
+«Can change admincommand» permission. Every admin command gets it's own permission
+«Can Run AnAdminCommand», so you can add it to proper users or group. Users will
+only see and be able to execute admin commands for which they have the permission.
View
@@ -18,9 +18,14 @@
class AdminCommandAdmin(SneakAdmin):
- QuerySet = CommandQuerySet
list_display = ('command_name',)
+ def queryset(self, request):
+ # user current user to construct the queryset
+ # so that only commands the user can execute
+ # will be visible
+ return CommandQuerySet(request.user)
+
def get_urls(self):
def wrap(view):
def wrapper(*args, **kwargs):
@@ -39,7 +44,8 @@ def wrapper(*args, **kwargs):
def run_command_view(self, request, url_name):
admin_command = core.get_admin_commands()[url_name]
- if not request.user.has_perm(admin_command.permission_codename()):
+ full_permission_codename = 'admincommand.%s' % admin_command.permission_codename()
+ if not request.user.has_perm(full_permission_codename):
return HttpResponseForbidden()
# original needed ``change_form`` context variables
opts = self.model._meta
View
@@ -45,8 +45,9 @@ def __init__(self, *args, **kwargs):
content_type=ct,
)
if created:
- perm.name = 'Can Run %s' % self.command_name()
- perm.save()
+ import pdb; pdb.set_trace()
+ self.perm.name = 'Can run %s' % self.command_name()
+ self.perm.save()
def get_help(self):
if hasattr(self, 'help'):
@@ -74,7 +75,5 @@ def permission_codename(self):
@classmethod
def all(cls):
import core
- all = []
for runnable_command in core.get_admin_commands().values():
- all.append(runnable_command)
- return all
+ yield runnable_command
View
@@ -1,4 +1,5 @@
from django.conf import settings
+from django.contrib.auth.models import Permission
from sneak.query import ListQuerySet
@@ -8,5 +9,22 @@
class CommandQuerySet(ListQuerySet):
"""Custom QuerySet to list runnable commands"""
+ def __init__(self, user, value=None):
+ self.user = user
+ if value is None:
+ self.value = self.filter().value
+ else:
+ self.value = value
+
+ def _clone(self):
+ return type(self)(self.user, self.value)
+
def filter(self, *args, **kwargs):
- return ListQuerySet(AdminCommand.all())
+ all = []
+ for command in AdminCommand.all():
+ # only list commands that the user can run
+ # to avoid useless 503 messages
+ full_permission_codename = 'admincommand.%s' % command.permission_codename()
+ if self.user.has_perm(full_permission_codename):
+ all.append(command)
+ return type(self)(self.user, all)

0 comments on commit e823b0d

Please sign in to comment.