Author: clong
Date: 2006-07-29 13:27:50 -0500 (Sat, 29 Jul 2006)
New Revision: 3487
Modified:
django/branches/per-object-permissions/django/contrib/admin/templates/admin/change_form.html
django/branches/per-object-permissions/django/contrib/admin/views/main.py
django/branches/per-object-permissions/django/contrib/admin/views/row_level_permissions.py
Log:
[per-object-permissions] Fixed some problems with checking of permissions
Modified:
django/branches/per-object-permissions/django/contrib/admin/templates/admin/change_form.html
===================================================================
---
django/branches/per-object-permissions/django/contrib/admin/templates/admin/change_form.html
2006-07-29 16:00:23 UTC (rev 3486)
+++
django/branches/per-object-permissions/django/contrib/admin/templates/admin/change_form.html
2006-07-29 18:27:50 UTC (rev 3487)
@@ -66,7 +66,7 @@
</div>
</form>
-{% if rlp_form_list %}
+{% if new_rlp_form %}
{% include "admin/row_level_permission.html" %}
{% endif %}
Modified:
django/branches/per-object-permissions/django/contrib/admin/views/main.py
===================================================================
--- django/branches/per-object-permissions/django/contrib/admin/views/main.py
2006-07-29 16:00:23 UTC (rev 3486)
+++ django/branches/per-object-permissions/django/contrib/admin/views/main.py
2006-07-29 18:27:50 UTC (rev 3487)
@@ -391,7 +391,6 @@
'object_id': object_id,
'original': manipulator.original_object,
'is_popup': request.REQUEST.has_key('_popup'),
- 'is_row_level_perm': model._meta.row_level_permissions,
})
if model._meta.row_level_permissions:
Modified:
django/branches/per-object-permissions/django/contrib/admin/views/row_level_permissions.py
===================================================================
---
django/branches/per-object-permissions/django/contrib/admin/views/row_level_permissions.py
2006-07-29 16:00:23 UTC (rev 3486)
+++
django/branches/per-object-permissions/django/contrib/admin/views/row_level_permissions.py
2006-07-29 18:27:50 UTC (rev 3487)
@@ -4,6 +4,7 @@
from django.contrib.contenttypes.models import ContentType
from django.contrib.auth.models import RowLevelPermission
from django.contrib.admin.row_level_perm_manipulator import AddRLPManipulator,
ChangeRLPManipulator
+from django.core.exceptions import ImproperlyConfigured, ObjectDoesNotExist,
PermissionDenied
import simplejson
def delete_row_level_permission(request, ct_id, rlp_id, hash, ajax=None):
@@ -15,7 +16,7 @@
opts = rlp._meta
if not request.user.has_perm(opts.app_label + '.' +
opts.get_delete_permission()):
raise PermissionDenied
- if not request.user.has_perm(obj._meta.app_label + '.' +
obj._meta.get_delete_permission()):
+ if not request.user.has_perm(obj._meta.app_label + '.' +
obj._meta.get_change_permission()()):
raise PermissionDenied
rlp.delete()
msg = {"result":True, "text":_("Row level permission was successful
deleted"), "id":rlp_id}
@@ -38,9 +39,12 @@
ct = get_object_or_404(ContentType, pk=ct_id)
obj = get_object_or_404(ct.model_class(), pk=obj_id)
-
- if not request.user.has_perm(obj._meta.app_label + '.' +
obj._meta.get_add_permission()):
+
+ if not request.user.has_perm(obj._meta.app_label + '.' +
obj._meta.get_change_permission()):
raise PermissionDenied
+
+ if not request.user.has_perm(RowLevelPermission._meta.app_label + '.' +
RowLevelPermission._meta.get_add_permission()):
+ raise PermissionDenied
manip = AddRLPManipulator(obj, ct)
@@ -54,7 +58,10 @@
except validators.ValidationError:
msg = {"result":False, "text":_("A row level permission already exists
with the specified values.")}
else:
- msg = {"result":True, "text":_("Row level permission has successful
been added.")}
+ if len(rlp_list) is 1:
+ msg = {"result":True, "text":_("Row level permission has
successfully been added.")}
+ else:
+ msg = {"result":True, "text":_("Row level permissions have
successfully been added.")}
if not ajax:
request.user.message_set.create(message=msg['text'])
return HttpResponseRedirect("../../../../../%s/%s/%s" %
(obj._meta.app_label, obj._meta.module_name , str(obj.id)))
@@ -80,12 +87,14 @@
request.user.message_set.create(message=msg['text'])
return HttpResponseRedirect("/edit/%s/%s" % (obj_type, obj_id))
- obj = get_object_or_404(RowLevelPermission, pk=rlp_id)
- opts = obj._meta
+ rlp = get_object_or_404(RowLevelPermission, pk=rlp_id)
+ opts = rlp._meta
+ if not request.user.has_perm(opts.app_label + '.' +
opts.get_add_permission()):
+ raise PermissionDenied
- #if not request.user.has_perm(app_label + '.' +
opts.get_change_permission()):
- #if not request.user.has_perm(opts.get_change_permission()):
- #raise PermissionDenied
+ object_model = rlp.type_ct.model_class()
+ if not request.user.has_perm(object_model._meta.app_label + '.' +
object_model._meta.get_change_permission()):
+ raise PermissionDenied
manip = ChangeRLPManipulator()
new_data = request.POST.copy()
@@ -102,4 +111,4 @@
if ajax:
return HttpResponse(simplejson.dumps(msg), 'text/javascript')
request.user.message_set.create(message=msg['text'])
- return HttpResponseRedirect("../../../../../../%s/%s/%s" %
(new_rlp.type._meta.app_label, new_rlp.type._meta.module_name ,
str(rlp.type_id)))
\ No newline at end of file
+ return HttpResponseRedirect("../../../../../../%s/%s/%s" %
(object_model._meta.app_label, object_model._meta.module_name ,
str(rlp.type_id)))
\ No newline at end of file
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/django-updates
-~----------~----~----~----~------~----~------~--~---
