mixins.py 4.4 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139
  1. # coding: utf-8
  2. from __future__ import print_function
  3. from __future__ import absolute_import
  4. from __future__ import division
  5. from __future__ import unicode_literals
  6. from django.views.generic import TemplateView
  7. from django.core.exceptions import PermissionDenied
  8. from . import models as bmodels
  9. class VisitorMixin(object):
  10. """
  11. Add self.visitor and self.impersonator to the View for the person visiting
  12. the site
  13. """
  14. # Define to "dd" "am" or "admin" to raise PermissionDenied if the
  15. # given test on the visitor fails
  16. require_visitor = None
  17. def set_visitor_info(self):
  18. self.impersonator = None
  19. if not self.request.user.is_authenticated():
  20. self.visitor = None
  21. else:
  22. self.visitor = self.request.user
  23. # Implement impersonation if requested in session
  24. if self.visitor.is_admin:
  25. key = self.request.session.get("impersonate", None)
  26. if key is not None:
  27. p = bmodels.Person.lookup(key)
  28. if p is not None:
  29. self.impersonator = self.visitor
  30. self.visitor = p
  31. def load_objects(self):
  32. """
  33. Hook to set self.* members from request parameters, so that they are
  34. available to the rest of the view members.
  35. """
  36. self.set_visitor_info()
  37. def check_permissions(self):
  38. """
  39. Raise PermissionDenied if some of the permissions requested by the view
  40. configuration are not met.
  41. Subclasses can extend this to check their own permissions.
  42. """
  43. if self.require_visitor and (self.visitor is None or self.require_visitor not in self.visitor.perms):
  44. raise PermissionDenied
  45. def pre_dispatch(self):
  46. pass
  47. def dispatch(self, request, *args, **kwargs):
  48. self.load_objects()
  49. self.check_permissions()
  50. self.pre_dispatch()
  51. return super(VisitorMixin, self).dispatch(request, *args, **kwargs)
  52. def get_context_data(self, **kw):
  53. ctx = super(VisitorMixin, self).get_context_data(**kw)
  54. ctx["visitor"] = self.visitor
  55. ctx["impersonator"] = self.impersonator
  56. return ctx
  57. class VisitorTemplateView(VisitorMixin, TemplateView):
  58. pass
  59. class VisitPersonMixin(VisitorMixin):
  60. """
  61. Visit a person record. Adds self.person and self.visit_perms with the
  62. permissions the visitor has over the person
  63. """
  64. # Define to "edit_bio" "edit_ldap" or "view_person_audit_log" to raise
  65. # PermissionDenied if the given test on the person-visitor fails
  66. require_visit_perms = None
  67. def get_person(self):
  68. key = self.kwargs.get("key", None)
  69. if key is None:
  70. if self.visitor is None: raise PermissionDenied
  71. return self.visitor
  72. else:
  73. return bmodels.Person.lookup_or_404(key)
  74. def get_visit_perms(self):
  75. return self.person.permissions_of(self.visitor)
  76. def load_objects(self):
  77. super(VisitPersonMixin, self).load_objects()
  78. self.person = self.get_person()
  79. self.visit_perms = self.get_visit_perms()
  80. def check_permissions(self):
  81. super(VisitPersonMixin, self).check_permissions()
  82. if self.require_visit_perms and self.require_visit_perms not in self.visit_perms:
  83. raise PermissionDenied
  84. def get_context_data(self, **kw):
  85. ctx = super(VisitPersonMixin, self).get_context_data(**kw)
  86. ctx["person"] = self.person
  87. ctx["visit_perms"] = self.visit_perms
  88. return ctx
  89. class VisitPersonTemplateView(VisitPersonMixin, TemplateView):
  90. pass
  91. class VisitProcessMixin(VisitPersonMixin):
  92. """
  93. Visit a person process. Adds self.person, self.process and self.visit_perms with
  94. the permissions the visitor has over the person
  95. """
  96. def get_person(self):
  97. return self.process.person
  98. def get_process(self):
  99. return bmodels.Process.lookup_or_404(self.kwargs["key"])
  100. def get_visit_perms(self):
  101. return self.process.permissions_of(self.visitor)
  102. def load_objects(self):
  103. self.process = self.get_process()
  104. super(VisitProcessMixin, self).load_objects()
  105. def get_context_data(self, **kw):
  106. ctx = super(VisitProcessMixin, self).get_context_data(**kw)
  107. ctx["process"] = self.process
  108. return ctx
  109. class VisitProcessTemplateView(VisitProcessMixin, TemplateView):
  110. template_name = "process/show.html"