Creating access app for permissions-related utils, decorators and hel…

…pers.

apps/access/__init__.py

@@ -0,0 +1,17 @@
+from authority import get_check
+
+
+def has_perm_or_owns(user, perm, obj, perm_obj,
+                     field_name='creator'):
+    """
+    Given a user, a permission, an object (obj) and another object to check
+    permissions against (perm_obj), returns True if the user has perm on
+    obj.
+    """
+    if user == getattr(obj, field_name):
+        return True
+
+    check = get_check(user, perm)
+    if not check:
+        return False
+    return check(perm_obj)

apps/sumo/decorators.py → apps/access/decorators.py

@@ -5,7 +5,7 @@
 from django.http import HttpResponseForbidden
 from django.shortcuts import get_object_or_404
 
-from sumo import utils
+import access
 
 
 def has_perm_or_owns_or_403(perm, field_name, lookup_obj, lookup_perm_obj,
@@ -37,9 +37,9 @@ def _wrapped_view(request, *args, **kwargs):
                             'The argument %s needs to be a model.' % model)
                     obj = get_object_or_404(model_class, **{lookup: value})
                     params.append(obj)
-                granted = utils.has_perm_or_owns(request.user, perm,
-                                                 params[0], params[1],
-                                                 field_name)
+                granted = access.has_perm_or_owns(request.user, perm,
+                                                  params[0], params[1],
+                                                  field_name)
                 if granted or request.user.has_perm(perm):
                     return view_func(request, *args, **kwargs)
 

apps/access/helpers.py

@@ -0,0 +1,30 @@
+import authority
+import jinja2
+from jingo import register
+
+import access
+
+
+@register.function
+@jinja2.contextfunction
+def has_perm(context, perm, obj):
+    """
+    Check if the user has a permission on a specific object.
+
+    Returns boolean.
+    """
+    check = authority.get_check(context['request'].user, perm)
+    return check(obj)
+
+
+@register.function
+@jinja2.contextfunction
+def has_perm_or_owns(context, perm, obj, perm_obj, field_name='creator'):
+    """
+    Check if the user has a permission or owns the object.
+
+    Ownership is determined by comparing perm_obj.field_name to the user in
+    context.
+    """
+    return access.has_perm_or_owns(context['request'].user, perm, obj,
+                                   perm_obj, field_name)

apps/forums/tests/test_permissions.py → apps/access/tests.py

@@ -1,12 +1,12 @@
-from nose.tools import eq_
-import test_utils
-
 from django.test import TestCase
 from django.contrib.auth.models import User
 
-from sumo.helpers import has_perm, has_perm_or_owns
+from nose.tools import eq_
+import test_utils
+
+import access
+from .helpers import has_perm, has_perm_or_owns
 from sumo.urlresolvers import reverse
-from sumo import utils
 from forums.models import Forum, Thread
 
 
@@ -143,7 +143,7 @@ def test_util_has_perm_or_owns_sanity(self):
         my_t = Thread.objects.filter(creator=me)[0]
         other_t = Thread.objects.exclude(creator=me)[0]
         perm = 'forums_forum.thread_edit_forum'
-        allowed = utils.has_perm_or_owns(me, perm, my_t, self.forum_1)
+        allowed = access.has_perm_or_owns(me, perm, my_t, self.forum_1)
         eq_(allowed, True)
-        allowed = utils.has_perm_or_owns(me, perm, other_t, self.forum_1)
+        allowed = access.has_perm_or_owns(me, perm, other_t, self.forum_1)
         eq_(allowed, False)

apps/forums/views.py

@@ -9,7 +9,7 @@
 import jingo
 from authority.decorators import permission_required_or_403
 
-from sumo.decorators import has_perm_or_owns_or_403
+from access.decorators import has_perm_or_owns_or_403
 from sumo.urlresolvers import reverse
 from sumo.utils import paginate
 from .models import Forum, Thread, Post

apps/sumo/helpers.py

@@ -11,11 +11,9 @@
 from babel import localedata
 from babel.dates import format_date, format_time, format_datetime
 from pytz import timezone
-import authority
 
-from sumo.urlresolvers import reverse
-from sumo.utils import urlencode
-from sumo import utils
+from .urlresolvers import reverse
+from .utils import urlencode
 
 
 class DateTimeFormatError(Exception):
@@ -191,28 +189,3 @@ def datetimeformat(context, value, format='shortdatetime'):
     else:
         # Unknown format
         raise DateTimeFormatError
-
-
-@register.function
-@jinja2.contextfunction
-def has_perm(context, perm, obj):
-    """
-    Check if the user has a permission on a specific object.
-
-    Returns boolean.
-    """
-    check = authority.get_check(context['request'].user, perm)
-    return check(obj)
-
-
-@register.function
-@jinja2.contextfunction
-def has_perm_or_owns(context, perm, obj, perm_obj, field_name='creator'):
-    """
-    Check if the user has a permission or owns the object.
-
-    Ownership is determined by comparing perm_obj.field_name to the user in
-    context.
-    """
-    return utils.has_perm_or_owns(context['request'].user, perm, obj,
-                                  perm_obj, field_name)

apps/sumo/utils.py

@@ -1,7 +1,5 @@
 import urllib
 
-from authority import get_check
-
 from django.core import paginator
 from django.utils.encoding import smart_str
 
@@ -44,22 +42,6 @@ def urlencode(items):
         return urllib.urlencode([(k, smart_str(v)) for k, v in items])
 
 
-def has_perm_or_owns(user, perm, obj, perm_obj,
-                     field_name='creator'):
-    """
-    Given a user, a permission, an object (obj) and another object to check
-    permissions against (perm_obj), returns True if the user has perm on
-    obj.
-    """
-    if user == getattr(obj, field_name):
-        return True
-
-    check = get_check(user, perm)
-    if not check:
-        return False
-    return check(perm_obj)
-
-
 class WikiParser(object):
     """
     Wrapper for wikimarkup. Adds Kitsune-specific callbacks and setup.

settings.py

@@ -160,6 +160,7 @@
     'jingo_minify',
     ROOT_PACKAGE,
     'authority',
+    'access',
     'sumo',
     'search',
     'forums',