Author: adrian
Date: 2007-01-14 14:49:23 -0600 (Sun, 14 Jan 2007)
New Revision: 4324

Modified:
  django/branches/newforms-admin/django/contrib/admin/views/main.py
Log:
newforms-admin: Added has_add_permission(), has_change_permission() and 
has_delete_permission() hooks to ModelAdminView. This hook can be used to 
implement per-object permissions.

Modified: django/branches/newforms-admin/django/contrib/admin/views/main.py
===================================================================
--- django/branches/newforms-admin/django/contrib/admin/views/main.py   
2007-01-14 20:36:08 UTC (rev 4323)
+++ django/branches/newforms-admin/django/contrib/admin/views/main.py   
2007-01-14 20:49:23 UTC (rev 4324)
@@ -118,6 +118,7 @@
    "Class that encapsulates all admin views for a given model."
    def __init__(self, model):
        self.model = model
+        self.opts = model._meta

    def __call__(self, request, url):
        if url is None:
@@ -131,17 +132,38 @@
        else:
            return self.change_view(request, unquote(url))

+    def has_add_permission(self, request):
+        "Returns True if the given request has permission to add an object."
+        opts = self.opts
+        return request.user.has_perm(opts.app_label + '.' + 
opts.get_add_permission())
+
+    def has_change_permission(self, request, object_id):
+        """
+        Returns True if the given request has permission to change the object
+        with the given object_id.
+        """
+        opts = self.opts
+        return request.user.has_perm(opts.app_label + '.' + 
opts.get_change_permission())
+
+    def has_delete_permission(self, request, object_id):
+        """
+        Returns True if the given request has permission to change the object
+        with the given object_id.
+        """
+        opts = self.opts
+        return request.user.has_perm(opts.app_label + '.' + 
opts.get_delete_permission())
+
    def add_view(self, request, show_delete=False, form_url='', post_url=None, 
post_url_continue='../%s/', object_id_override=None):
        "The 'add' admin view for this model."
        model = self.model
        opts = model._meta
        app_label = opts.app_label

-        if not request.user.has_perm(app_label + '.' + 
opts.get_add_permission()):
+        if not self.has_add_permission(request):
            raise PermissionDenied

        if post_url is None:
-            if request.user.has_perm(app_label + '.' + 
opts.get_change_permission()):
+            if self.has_change_permission(request, None):
                # redirect to list view
                post_url = '../'
            else:
@@ -211,7 +233,7 @@
        opts = model._meta
        app_label = opts.app_label

-        if not request.user.has_perm(app_label + '.' + 
opts.get_change_permission()):
+        if not self.has_change_permission(request, object_id):
            raise PermissionDenied

        if request.POST and request.POST.has_key("_saveasnew"):
@@ -305,7 +327,7 @@
        "The 'change list' admin view for this model."
        opts = self.model._meta
        app_label = opts.app_label
-        if not request.user.has_perm(app_label + '.' + 
opts.get_change_permission()):
+        if not self.has_change_permission(request, None):
            raise PermissionDenied
        try:
            cl = ChangeList(request, self.model)
@@ -332,7 +354,7 @@
        "The 'delete' admin view for this model."
        opts = self.model._meta
        app_label = opts.app_label
-        if not request.user.has_perm(app_label + '.' + 
opts.get_delete_permission()):
+        if not self.has_delete_permission(request, object_id):
            raise PermissionDenied
        obj = get_object_or_404(self.model, pk=object_id)



--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Django 
updates" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/django-updates?hl=en
-~----------~----~----~----~------~----~------~--~---

Reply via email to