Skip to content
GitLab
Explore
Sign in
Primary navigation
Search or go to…
Project
D
djangoldp
Manage
Activity
Members
Labels
Plan
Issues
99
Issue boards
Milestones
Wiki
Code
Merge requests
5
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Snippets
Build
Pipelines
Jobs
Pipeline schedules
Artifacts
Deploy
Releases
Container Registry
Model registry
Operate
Environments
Monitor
Incidents
Analyze
Value stream analytics
Contributor analytics
CI/CD analytics
Repository analytics
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
Community forum
Contribute to GitLab
Provide feedback
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
djangoldp-packages
djangoldp
Commits
8f174fcb
Verified
Commit
8f174fcb
authored
5 years ago
by
Jean-Baptiste Pasquier
Browse files
Options
Downloads
Patches
Plain Diff
update: Fix permissions & add owner_field
parent
800a8312
No related branches found
Branches containing commit
No related tags found
Tags containing commit
1 merge request
!86
update: Fix permissions & add owner_field
Pipeline
#1069
passed with stage
Stage: test
in 1 minute and 21 seconds
Changes
3
Pipelines
1
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
README.md
+5
-1
5 additions, 1 deletion
README.md
djangoldp/__init__.py
+1
-1
1 addition, 1 deletion
djangoldp/__init__.py
djangoldp/permissions.py
+16
-11
16 additions, 11 deletions
djangoldp/permissions.py
with
22 additions
and
13 deletions
README.md
+
5
−
1
View file @
8f174fcb
...
...
@@ -176,17 +176,21 @@ With inherit, Users can herit from Anons. Also Owners can herit from Users.
Eg. with this model Anons can view, Auths can add & Owners can edit & delete.
Note that
`owner_perms`
need a
`owner_field`
meta that point the field with owner user.
```
python
from
djangoldp.models
import
Model
class
Todo
(
Model
):
name
=
models
.
CharField
(
max_length
=
255
)
deadline
=
models
.
DateTimeField
()
user
=
models
.
ForeignKey
(
settings
.
AUTH_USER_MODEL
)
class
Meta
:
anonymous_perms
=
[
'
view
'
]
authenticated_perms
=
[
'
inherit
'
,
'
add
'
]
owner_perms
=
[
'
inherit
'
,
'
change
'
,
'
control
'
,
'
delete
'
]
owner_field
=
'
user
'
```
...
...
This diff is collapsed.
Click to expand it.
djangoldp/__init__.py
+
1
−
1
View file @
8f174fcb
from
django.db.models
import
options
__version__
=
'
0.0.0
'
options
.
DEFAULT_NAMES
+=
(
'
lookup_field
'
,
'
rdf_type
'
,
'
rdf_context
'
,
'
auto_author
'
,
'
view_set
'
,
'
container_path
'
,
'
permission_classes
'
,
'
serializer_fields
'
,
'
nested_fields
'
,
'
depth
'
,
'
anonymous_perms
'
,
'
authenticated_perms
'
,
'
owner_perms
'
)
options
.
DEFAULT_NAMES
+=
(
'
lookup_field
'
,
'
rdf_type
'
,
'
rdf_context
'
,
'
auto_author
'
,
'
owner_field
'
,
'
view_set
'
,
'
container_path
'
,
'
permission_classes
'
,
'
serializer_fields
'
,
'
nested_fields
'
,
'
depth
'
,
'
anonymous_perms
'
,
'
authenticated_perms
'
,
'
owner_perms
'
)
This diff is collapsed.
Click to expand it.
djangoldp/permissions.py
+
16
−
11
View file @
8f174fcb
...
...
@@ -13,21 +13,21 @@ class LDPPermissions(BasePermission):
authenticated_perms
=
[
'
inherit
'
]
owner_perms
=
[
'
inherit
'
]
def
user_permissions
(
self
,
user
,
obj
):
def
user_permissions
(
self
,
user
,
model
,
obj
=
None
):
"""
Filter user permissions for a
given object
Filter user permissions for a
model class
"""
# Get Anonymous permissions from Model's Meta. If not found use default
anonymous_perms
=
getattr
(
obj
.
_meta
,
'
anonymous_perms
'
,
self
.
anonymous_perms
)
anonymous_perms
=
getattr
(
model
.
_meta
,
'
anonymous_perms
'
,
self
.
anonymous_perms
)
# Get Auth permissions from Model's Meta. If not found use default
authenticated_perms
=
getattr
(
obj
.
_meta
,
'
authenticated_perms
'
,
self
.
authenticated_perms
)
authenticated_perms
=
getattr
(
model
.
_meta
,
'
authenticated_perms
'
,
self
.
authenticated_perms
)
# Extend Auth if inherit is given
if
'
inherit
'
in
authenticated_perms
:
authenticated_perms
=
authenticated_perms
+
list
(
set
(
anonymous_perms
)
-
set
(
authenticated_perms
))
# Get Owner permissions from Model's Meta. If not found use default
owner_perms
=
getattr
(
obj
.
_meta
,
'
owner_perms
'
,
self
.
owner_perms
)
owner_perms
=
getattr
(
model
.
_meta
,
'
owner_perms
'
,
self
.
owner_perms
)
# Extend Owner if inherit is given
if
'
inherit
'
in
owner_perms
:
owner_perms
=
owner_perms
+
list
(
set
(
authenticated_perms
)
-
set
(
owner_perms
))
...
...
@@ -36,7 +36,7 @@ class LDPPermissions(BasePermission):
return
anonymous_perms
else
:
if
hasattr
(
obj
.
_meta
,
'
auto_author
'
)
and
getattr
(
obj
,
getattr
(
obj
.
_meta
,
'
auto_author
'
))
==
user
:
if
obj
and
hasattr
(
model
.
_meta
,
'
owner_field
'
)
and
getattr
(
obj
,
getattr
(
model
.
_meta
,
'
owner_field
'
))
==
user
:
return
owner_perms
else
:
...
...
@@ -76,10 +76,15 @@ class LDPPermissions(BasePermission):
"""
Access to containers
"""
perms
=
self
.
get_permissions
(
request
.
method
,
view
.
model
)
# A bit tricky, but feels redondant to redeclarate perms_map
model
=
view
.
model
perms
=
self
.
get_permissions
(
request
.
method
,
model
)
try
:
obj
=
view
.
model
.
resolve_id
(
request
.
_request
.
path
)
except
:
obj
=
None
for
perm
in
perms
:
if
not
perm
.
split
(
'
.
'
)[
1
].
split
(
'
_
'
)[
0
]
in
self
.
user_permissions
(
request
.
user
,
view
.
model
):
if
not
perm
.
split
(
'
.
'
)[
1
].
split
(
'
_
'
)[
0
]
in
self
.
user_permissions
(
request
.
user
,
model
,
obj
):
return
False
return
True
...
...
@@ -91,10 +96,10 @@ class LDPPermissions(BasePermission):
User does not have permission: 403
"""
perms
=
self
.
get_permissions
(
request
.
method
,
obj
)
model
=
obj
# A bit tricky, but feels redondant to redeclarate perms_map
for
perm
in
perms
:
if
not
perm
.
split
(
'
.
'
)[
1
].
split
(
'
_
'
)[
0
]
in
self
.
user_permissions
(
request
.
user
,
obj
):
if
not
perm
.
split
(
'
.
'
)[
1
].
split
(
'
_
'
)[
0
]
in
self
.
user_permissions
(
request
.
user
,
model
,
obj
):
return
False
return
True
This diff is collapsed.
Click to expand it.
Preview
0%
Loading
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment
