a6405ccfc7
Something like
request.user.has_perm('reviews.can_manage_%s' % proposal.kind.section.slug)
Will aways return false as the backend does a lookup of team membership
(member or manager) but only grabs the 'permissions' and not the
'manager_permissions' field
45 lines
1.6 KiB
Python
45 lines
1.6 KiB
Python
from django.db.models import Q
|
|
|
|
from .models import Team
|
|
|
|
|
|
class TeamPermissionsBackend(object):
|
|
|
|
def authenticate(self, username=None, password=None):
|
|
return None
|
|
|
|
def get_team_permissions(self, user_obj, obj=None):
|
|
"""
|
|
Returns a set of permission strings that this user has through his/her
|
|
team memberships.
|
|
"""
|
|
if user_obj.is_anonymous() or obj is not None:
|
|
return set()
|
|
if not hasattr(user_obj, "_team_perm_cache"):
|
|
# Member permissions
|
|
memberships = Team.objects.filter(
|
|
Q(memberships__user=user_obj),
|
|
Q(memberships__state="member"),
|
|
)
|
|
perms = memberships.values_list(
|
|
"permissions__content_type__app_label",
|
|
"permissions__codename"
|
|
).order_by()
|
|
permissions = ["%s.%s" % (ct, name) for ct, name in perms]
|
|
# Manager permissions
|
|
memberships = Team.objects.filter(
|
|
Q(memberships__user=user_obj),
|
|
Q(memberships__state="manager"),
|
|
)
|
|
perms = memberships.values_list(
|
|
"manager_permissions__content_type__app_label",
|
|
"manager_permissions__codename"
|
|
).order_by()
|
|
permissions += ["%s.%s" % (ct, name) for ct, name in perms]
|
|
user_obj._team_perm_cache = set(permissions)
|
|
return user_obj._team_perm_cache
|
|
|
|
def has_perm(self, user_obj, perm, obj=None):
|
|
if not user_obj.is_active:
|
|
return False
|
|
return perm in self.get_team_permissions(user_obj, obj)
|