[#2711] Global permissions
authorEric Mc Sween <eric.mcsween@auf.org>
Wed, 29 Feb 2012 23:56:01 +0000 (18:56 -0500)
committerEric Mc Sween <eric.mcsween@auf.org>
Wed, 29 Feb 2012 23:56:01 +0000 (18:56 -0500)
auf/django/permissions/__init__.py
auf/django/permissions/models.py

index 8398acf..d0d5606 100644 (file)
@@ -5,6 +5,9 @@ from collections import defaultdict
 from django.conf import settings
 from django.utils.importlib import import_module
 
+from auf.django.permissions.models import GlobalGroupPermission
+
+
 class Predicate(object):
     """
     Wrapper pour une fonction ``f(user, obj, cls)``.
@@ -134,12 +137,30 @@ class AuthenticationBackend(object):
     supports_anonymous_user = True
     supports_inactive_user = True
     supports_object_permissions = True
-    rules = None
 
     def has_perm(self, user, perm, obj=None):
-        if self.rules is None:
+        if not user.is_active:
             return False
-        return self.rules.user_has_perm(user, perm, obj)
+        if obj is None and perm in self.get_all_permissions(user):
+            return True
+        return get_rules().user_has_perm(user, perm, obj)
+
+    def get_group_permissions(self, user, obj=None):
+        if user.is_anonymous() or obj is not None:
+            return set()
+        if not hasattr(user, '_auf_global_group_perm_cache'):
+            user._auf_global_group_perm_cache = set(
+                p.codename for p in GlobalGroupPermission.objects.filter(group__user=user)
+            )
+        return user._auf_global_group_perm_cache
+
+    def get_all_permissions(self, user, obj=None):
+        if user.is_anonymous() or obj is not None:
+            return set()
+        if not hasattr(user, '_auf_global_user_perm_cache'):
+            user._auf_global_user_perm_cache = set(p.codename for p in user.global_permissions.all())
+            user._auf_global_user_perm_cache.update(self.get_group_permissions(user))
+        return user._auf_global_user_perm_cache
 
     def authenticate(self, username=None, password=None):
         # We don't authenticate
index e69de29..cc4454e 100644 (file)
@@ -0,0 +1,11 @@
+from django.contrib.auth.models import User, Group
+from django.db import models
+
+
+class GlobalUserPermission(models.Model):
+    user = models.ForeignKey(User, related_name='global_permissions')
+    codename = models.CharField(max_length=100)
+
+class GlobalGroupPermission(models.Model):
+    group = models.ForeignKey(Group, related_name='global_permissions')
+    codename = models.CharField(max_length=100)