Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Add auth backend and use of has_perm

  • Loading branch information...
commit 68d607fa7a6469b05be0923b5520ef8b291a295e 1 parent f9ac174
@paltman paltman authored
View
14 docs/changelog.rst
@@ -3,6 +3,20 @@
ChangeLog
=========
+0.4
+---
+
+- Added permission checking
+
+
+Backward Incompatibilities
+^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+- Added an auth_backend to check permissions, you can just add the `phileo.auth_backends.PermCheckBackend`
+ and do nothing else, or you can implement you own backend checking the `phileo.can_like`
+ permission against the object and user according to your own business logic.
+
+
0.3
---
9 docs/installation.rst
@@ -14,6 +14,15 @@ Installation
"phileo",
)
+* Add ``'phileo.auth_backends.CanLikeBackend'`` to your ``AUTHENTICATION_BACKENDS``
+ (or use your own custom version checking against the ``phileo.can_like`` permission):
+
+ AUTHENTICATION_BACKENDS = [
+ ...
+ "phileo.auth_backends.CanLikeBackend",
+ ...
+ ]
+
* Lastly you will want to add `phileo.urls` to your urls definition::
...
View
15 phileo/auth_backends.py
@@ -0,0 +1,15 @@
+from django.contrib.auth.backends import ModelBackend
+
+from phileo.utils import _allowed
+
+
+class CanLikeBackend(ModelBackend):
+ supports_object_permissions = True
+ supports_anonymous_user = True
+
+ def has_perm(self, user, perm, obj=None):
+ if perm == "phileo.can_like":
+ return _allowed(
+ "%s.%s" % (s.__class__.__module__, s.__class__.__name__)
+ )
+ return super(SitePermissionsBackend, self).has_perm(user, perm)
View
27 phileo/views.py
@@ -1,29 +1,28 @@
-from django.contrib.auth.decorators import login_required
-from django.contrib.contenttypes.models import ContentType
-
-from django.conf import settings
from django.http import HttpResponse, HttpResponseForbidden
from django.utils import simplejson as json
from django.shortcuts import get_object_or_404, redirect
from django.views.decorators.http import require_POST
+from django.contrib.auth.decorators import login_required
+from django.contrib.contenttypes.models import ContentType
+
from phileo.models import Like
from phileo.signals import object_liked, object_unliked
-from phileo.utils import _allowed
-@require_POST
@login_required
+@require_POST
def like_toggle(request, content_type_id, object_id):
content_type = get_object_or_404(ContentType, pk=content_type_id)
+ obj = content_type.get_object_for_this_type(pk=object_id)
- if not _allowed(content_type.model_class()):
+ if not request.user.has_perm("phileo.can_like", obj):
return HttpResponseForbidden()
like, created = Like.objects.get_or_create(
- sender = request.user,
- receiver_content_type = content_type,
- receiver_object_id = object_id
+ sender=request.user,
+ receiver_content_type=content_type,
+ receiver_object_id=object_id
)
if created:
@@ -32,17 +31,15 @@ def like_toggle(request, content_type_id, object_id):
like.delete()
object_unliked.send(
sender=Like,
- object=content_type.get_object_for_this_type(
- pk=object_id
- ),
+ object=obj,
request=request
)
if request.is_ajax():
return HttpResponse(json.dumps({
"likes_count": Like.objects.filter(
- receiver_content_type = content_type,
- receiver_object_id = object_id
+ receiver_content_type=content_type,
+ receiver_object_id=object_id
).count(),
"liked": created,
Please sign in to comment.
Something went wrong with that request. Please try again.