#26057: Template {% if perms.app_label.permission %} check failing, but {% if
'app_label.permission' in perms %} works
---------------------------------+--------------------------------------
Reporter: McAnix | Owner: nobody
Type: Bug | Status: new
Component: Template system | Version: 1.8
Severity: Normal | Resolution:
Keywords: permissions | Triage Stage: Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
---------------------------------+--------------------------------------
Description changed by McAnix:
Old description:
> I'm encountering the issue above for dynamically generated permissions.
>
> I have a Zone model (see below) in a project named "Core" that holds some
> content and dynamically builds row-level-like permissions for each entry
> using a post_save and post_delete hook to manage it. Please don't judge
> me on the usage, it was the simplest solution at the time and the Zone
> model content changes infrequently.
>
> The issue I'm facing is when using the dynamic permissions in a template,
> even as admin. I've tested the following in the template:
>
> {{{
> {% if 'core.can_view_myzone' in perms %}Check passes{% endif %} <- WORKS
> {% perms.core.can_view_myzone %}Check fails{% endif %} <- DOESN'T WORK
> }}}
>
> Also in the view:
>
> {{{
> print "CAN VIEW: %s" % request.user.has_perm('core.can_view_myzone') <-
> WORKS
> }}}
>
> Other permissions that are created via the permissions variable in the
> Meta class work fine '''BUT''' not if they're in the Zone model. I have
> checked migrations and the db tables for
> django_content_type/auth_permission and everything exists there and links
> correctly.
>
> Middleware as follows:
>
> {{{
> MIDDLEWARE_CLASSES = (
> 'django.middleware.common.CommonMiddleware',
> 'django.contrib.sessions.middleware.SessionMiddleware',
> 'django.contrib.auth.middleware.AuthenticationMiddleware',
> 'django.contrib.messages.middleware.MessageMiddleware',
> )
> }}}
>
> Template Context Processors:
>
> {{{
> TEMPLATE_CONTEXT_PROCESSORS =
> ('django.contrib.auth.context_processors.auth',
> 'django.core.context_processors.debug',
> 'django.core.context_processors.i18n',
> 'django.core.context_processors.media',
> 'django.core.context_processors.static',
> 'django.contrib.messages.context_processors.messages',
> 'djutils.context_processors.settings_loader') # This just exposes
> selected settings to the templates
> }}}
>
> {{{
> class Zone(models.Model):
> """A holder model for zone information as well as permission slips for
> each zone"""
>
> class Meta:
> permissions = ()
>
> cdate = models.DateTimeField(auto_now_add=True)
> name = models.CharField(max_length=63)
> url = models.CharField(max_length=255, verbose_name="Zone URL")
> enabled = models.BooleanField()
>
> def __unicode__(self):
> return "%s (Enabled: %s)" % (self.name, self.enabled)
>
> def create_zone_permission(sender, instance, created, raw, using,
> **kwargs):
> """Creates a new zone permission entry for the new zone"""
> content_type = ContentType.objects.get(app_label='core', model='zone')
> codename = 'can_view_%s' % (instance.name, )
> name='Can View %s' % (instance.name, )
>
> if not Permission.objects.using(using).filter(codename=codename,
> content_type=content_type).exists():
> logger.info("Creating zone specific permissions for %s" % (codename,
> ))
> Permission.objects.using(using).create(codename=codename, name=name,
> content_type=content_type)
>
> def delete_zone_permission(sender, instance, using, **kwargs):
> """Creates a new zone permission entry for the new zone"""
> content_type = ContentType.objects.get(app_label='core', model='zone')
> codename = 'can_view_%s' % (instance.name, )
>
> if Permission.objects.using(using).filter(codename=codename,
> content_type=content_type).exists():
> logger.info("Deleting zone specific permissions for %s" % (codename,
> ))
> permission =
> Permission.objects.using(using).filter(codename=codename,
> content_type=content_type)
>
> permission.delete(using=using)
>
> post_save.connect(create_zone_permission, sender=Zone)
> post_delete.connect(delete_zone_permission, sender=Zone)
> }}}
New description:
I'm encountering the issue above for dynamically generated permissions.
I have a Zone model (see below) in a project named "Core" that holds some
content and dynamically builds row-level-like permissions for each entry
using a post_save and post_delete hook to manage it. Please don't judge me
on the usage, it was the simplest solution at the time and the Zone model
content changes infrequently.
The issue I'm facing is when using the dynamic permissions in a template,
even as admin. I've tested the following in the template:
{{{
{% if 'core.can_view_myzone' in perms %}Check passes{% endif %} <- WORKS
{% if perms.core.can_view_myzone %}Check fails{% endif %} <- DOESN'T WORK
}}}
Also in the view:
{{{
print "CAN VIEW: %s" % request.user.has_perm('core.can_view_myzone') <-
WORKS
}}}
Other permissions that are created via the permissions variable in the
Meta class work fine '''BUT''' not if they're in the Zone model. I have
checked migrations and the db tables for
django_content_type/auth_permission and everything exists there and links
correctly.
Middleware as follows:
{{{
MIDDLEWARE_CLASSES = (
'django.middleware.common.CommonMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
)
}}}
Template Context Processors:
{{{
TEMPLATE_CONTEXT_PROCESSORS =
('django.contrib.auth.context_processors.auth',
'django.core.context_processors.debug',
'django.core.context_processors.i18n',
'django.core.context_processors.media',
'django.core.context_processors.static',
'django.contrib.messages.context_processors.messages',
'djutils.context_processors.settings_loader') # This just exposes selected
settings to the templates
}}}
{{{
class Zone(models.Model):
"""A holder model for zone information as well as permission slips for
each zone"""
class Meta:
permissions = ()
cdate = models.DateTimeField(auto_now_add=True)
name = models.CharField(max_length=63)
url = models.CharField(max_length=255, verbose_name="Zone URL")
enabled = models.BooleanField()
def __unicode__(self):
return "%s (Enabled: %s)" % (self.name, self.enabled)
def create_zone_permission(sender, instance, created, raw, using,
**kwargs):
"""Creates a new zone permission entry for the new zone"""
content_type = ContentType.objects.get(app_label='core', model='zone')
codename = 'can_view_%s' % (instance.name, )
name='Can View %s' % (instance.name, )
if not Permission.objects.using(using).filter(codename=codename,
content_type=content_type).exists():
logger.info("Creating zone specific permissions for %s" % (codename,
))
Permission.objects.using(using).create(codename=codename, name=name,
content_type=content_type)
def delete_zone_permission(sender, instance, using, **kwargs):
"""Creates a new zone permission entry for the new zone"""
content_type = ContentType.objects.get(app_label='core', model='zone')
codename = 'can_view_%s' % (instance.name, )
if Permission.objects.using(using).filter(codename=codename,
content_type=content_type).exists():
logger.info("Deleting zone specific permissions for %s" % (codename,
))
permission = Permission.objects.using(using).filter(codename=codename,
content_type=content_type)
permission.delete(using=using)
post_save.connect(create_zone_permission, sender=Zone)
post_delete.connect(delete_zone_permission, sender=Zone)
}}}
--
--
Ticket URL: <https://code.djangoproject.com/ticket/26057#comment:2>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/064.d693cf0de2d0bfb92038bdc05021a371%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.
