Author: eduardo.padoan
Date: Sun Sep 21 14:58:08 2008
New Revision: 164
Modified:
trunk/wiki/views.py
Log:
Views now receibe is_member and is_private functions to determine if the
user have read/write permissions.
Modified: trunk/wiki/views.py
==============================================================================
--- trunk/wiki/views.py (original)
+++ trunk/wiki/views.py Sun Sep 21 14:58:08 2008
@@ -42,7 +42,7 @@
def get_real_ip(request):
""" Returns the real user IP, even if behind a proxy.
Set BEHIND_PROXY to True in your settings if Django is
- running begind a proxy.
+ running behind a proxy.
"""
if getattr(settings, 'BEHIND_PROXY', False):
return request.META['HTTP_X_FORWARDED_FOR']
@@ -104,6 +104,25 @@
return self.user_ip == get_real_ip(request)
+def has_read_perm(user, group, is_member, is_private):
+ """ Return True if the user has permission to *read*
+ Articles, False otherwise.
+ """
+ if (group is None) or (is_member is None) or is_member(user, group):
+ return True
+ if (is_private is not None) and is_private(group):
+ return False
+ return True
+
+def has_write_perm(user, group, is_member):
+ """ Return True if the user have permission to edit Articles,
+ False otherwise.
+ """
+ if (group is None) or (is_member is None) or is_member(user, group):
+ return True
+ return False
+
+
@login_required
def article_list(request,
group_slug=None, group_slug_field=None, group_qs=None,
@@ -113,6 +132,8 @@
template_name='index.html',
template_dir='wiki',
extra_context=None,
+ is_member=None,
+ is_private=None,
*args, **kw):
if request.method == 'GET':
@@ -120,12 +141,19 @@
article_qs, group_slug,
group_slug_field, group_qs)
+ allow_read = has_read_perm(request.user, group, is_member,
is_private)
+ allow_write = has_write_perm(request.user, group, is_member)
+
+ if not allow_read:
+ return Http404() # @@@ Shouldn't it be forbidden or something?
+
articles = articles.order_by('-created_at')
search_form = SearchFormClass()
template_params = {'articles': articles,
- 'search_form': search_form}
+ 'search_form': search_form,
+ 'allow_write': allow_write}
if group_slug is not None:
template_params['group'] = group
@@ -152,6 +180,8 @@
template_name='view.html',
template_dir='wiki',
extra_context=None,
+ is_member=None,
+ is_private=None,
*args, **kw):
if request.method == 'GET':
@@ -160,6 +190,15 @@
group = get_object_or_404(group_qs,**{group_slug_field:
group_slug})
article_args.update({'content_type': get_ct(group),
'object_id': group.id})
+ allow_read = has_read_perm(request.user, group, is_member,
+ is_private)
+ allow_write = has_write_perm(request.user, group, is_member)
+ else:
+ allow_read, allow_write = True
+
+ if not allow_read:
+ return Http404()
+
try:
article = article_qs.get(**article_args)
if notification is not None:
@@ -170,7 +209,8 @@
article = ArticleClass(**article_args)
is_observing = False
- template_params = {'article': article}
+ template_params = {'article': article,
+ 'allow_write': allow_write}
if notification is not None:
template_params.update({'is_observing': is_observing,
@@ -196,16 +236,28 @@
template_name='edit.html',
template_dir='wiki',
extra_context=None,
+ check_membership=False,
+ is_member=None,
+ is_private=None,
*args, **kw):
group = None
+ article_args = {'title': title}
+ if group_slug is not None:
+ group = get_object_or_404(group_qs,**{group_slug_field:
group_slug})
+ group_ct = get_ct(group)
+ article_args.update({'content_type': group_ct,
+ 'object_id': group.id})
+ allow_read = has_read_perm(request.user, group, is_member,
+ is_private)
+ allow_write = has_write_perm(request.user, group, is_member)
+ else:
+ allow_read, allow_write = True
+
+ if not (allow_read or allow_write):
+ return Http404()
+
try:
- article_args = {'title': title}
- if group_slug is not None:
- group = get_object_or_404(group_qs,**{group_slug_field:
group_slug})
- group_ct = get_ct(group)
- article_args.update({'content_type': group_ct,
- 'object_id': group.id})
article = article_qs.get(**article_args)
except ArticleClass.DoesNotExist:
article = None
@@ -278,6 +330,8 @@
template_name='changeset.html',
template_dir='wiki',
extra_context=None,
+ is_member=None,
+ is_private=None,
*args, **kw):
if request.method == "GET":
@@ -296,10 +350,20 @@
group = get_object_or_404(group_qs,**{group_slug_field:
group_slug})
article_args.update({'content_type': get_ct(group),
'object_id': group.id})
+ allow_read = has_read_perm(request.user, group, is_member,
+ is_private)
+ allow_write = has_write_perm(request.user, group, is_member)
+ else:
+ allow_read, allow_write = True
+
+ if not allow_read:
+ return Http404()
+
article = article_qs.get(**article_args)
template_params = {'article.title': article.title,
- 'changeset': changeset}
+ 'changeset': changeset,
+ 'allow_write': allow_write}
if group_slug is not None:
template_params['group'] = group
@@ -319,6 +383,8 @@
template_name='history.html',
template_dir='wiki',
extra_context=None,
+ is_member=None,
+ is_private=None,
*args, **kw):
if request.method == 'GET':
@@ -328,12 +394,22 @@
group = get_object_or_404(group_qs,**{group_slug_field:
group_slug})
article_args.update({'content_type': get_ct(group),
'object_id': group.id})
+ allow_read = has_read_perm(request.user, group, is_member,
+ is_private)
+ allow_write = has_write_perm(request.user, group, is_member)
+ else:
+ allow_read, allow_write = True
+
+ if not allow_read:
+ return Http404()
+
article = get_object_or_404(article_qs, **article_args)
changes = article.changeset_set.filter(
reverted=False).order_by('-revision')
template_params = {'article': article,
- 'changes': changes}
+ 'changes': changes,
+ 'allow_write': allow_write}
if group_slug is not None:
template_params['group'] = group
if extra_context is not None:
@@ -351,6 +427,8 @@
group_slug=None, group_slug_field=None,
group_qs=None,
article_qs=ALL_ARTICLES,
extra_context=None,
+ is_member=None,
+ is_private=None,
*args, **kw):
if request.method == 'POST':
@@ -364,6 +442,14 @@
group = get_object_or_404(group_qs,**{group_slug_field:
group_slug})
article_args.update({'content_type': get_ct(group),
'object_id': group.id})
+ allow_read = has_read_perm(request.user, group, is_member,
+ is_private)
+ allow_write = has_write_perm(request.user, group, is_member)
+ else:
+ allow_read, allow_write = True
+
+ if not (allow_read or allow_write):
+ return Http404()
article = get_object_or_404(article_qs, **article_args)
@@ -392,6 +478,8 @@
article_qs=ALL_ARTICLES,
SearchFormClass=SearchForm,
extra_context=None,
+ is_member=None,
+ is_private=None,
*args, **kw):
if request.method == 'POST':
search_form = SearchFormClass(request.POST)
@@ -402,6 +490,13 @@
if group_slug is not None:
group = get_object_or_404(group_qs,
**{group_slug_field: group_slug})
+ allow_read = has_read_perm(request.user, group, is_member,
+ is_private)
+ else:
+ allow_read = True
+
+ if not allow_read:
+ return Http404()
# go to article by title
url = get_url('wiki_article', group,
@@ -427,10 +522,18 @@
group = get_object_or_404(group_qs,
**{group_slug_field : group_slug})
changes_qs =
changes_qs.filter(article__content_type=get_ct(group),
- article__object_id=group.id)
- template_params = {'changes': changes_qs.order_by('-modified'),
- }
+ article__object_id=group.id)
+ allow_read = has_read_perm(request.user, group, is_member,
+ is_private)
+ allow_write = has_write_perm(request.user, group, is_member)
+ else:
+ allow_read, allow_write = True
+ if not allow_read:
+ return Http404()
+
+ template_params = {'changes': changes_qs.order_by('-modified'),
+ 'allow_write': allow_write}
if group_slug is not None:
template_params['group'] = group_slug
@@ -450,6 +553,8 @@
template_name='recentchanges.html',
template_dir='wiki',
extra_context=None,
+ is_member=None,
+ is_private=None,
*args, **kw):
if request.method == 'POST':
@@ -459,6 +564,14 @@
group = get_object_or_404(group_qs,**{group_slug_field:
group_slug})
article_args.update({'content_type': get_ct(group),
'object_id': group.id})
+ allow_read = has_read_perm(request.user, group, is_member,
+ is_private)
+ else:
+ allow_read = True
+
+ if not allow_read:
+ return Http404()
+
article = get_object_or_404(article_qs, **article_args)
notification.observe(article, request.user,
@@ -480,6 +593,8 @@
template_name='recentchanges.html',
template_dir='wiki',
extra_context=None,
+ is_member=None,
+ is_private=None,
*args, **kw):
if request.method == 'POST':
@@ -489,6 +604,14 @@
group = get_object_or_404(group_qs,**{group_slug_field:
group_slug})
article_args.update({'content_type': get_ct(group),
'object_id': group.id})
+ allow_read = has_read_perm(request.user, group, is_member,
+ is_private)
+ else:
+ allow_read = True
+
+ if not allow_read:
+ return Http404()
+
article = get_object_or_404(article_qs, **article_args)
notification.stop_observing(article, request.user)
@@ -502,10 +625,12 @@
def article_history_feed(request, feedtype, title,
- group_slug=None, group_slug_field=None, group_qs=None,
- article_qs=ALL_ARTICLES, changes_qs=ALL_CHANGES,
- extra_context=None,
- *args, **kw):
+ group_slug=None, group_slug_field=None,
group_qs=None,
+ article_qs=ALL_ARTICLES, changes_qs=ALL_CHANGES,
+ extra_context=None,
+ is_member=None,
+ is_private=None,
+ *args, **kw):
feeds = {'rss' : RssArticleHistoryFeed,
'atom' : AtomArticleHistoryFeed}
@@ -526,10 +651,12 @@
def history_feed(request, feedtype,
- group_slug=None, group_slug_field=None, group_qs=None,
- article_qs=ALL_ARTICLES, changes_qs=ALL_CHANGES,
- extra_context=None,
- *args, **kw):
+ group_slug=None, group_slug_field=None, group_qs=None,
+ article_qs=ALL_ARTICLES, changes_qs=ALL_CHANGES,
+ extra_context=None,
+ is_member=None,
+ is_private=None,
+ *args, **kw):
feeds = {'rss' : RssHistoryFeed,
'atom' : AtomHistoryFeed}
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"pinax-updates" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/pinax-updates?hl=en
-~----------~----~----~----~------~----~------~--~---
