python
/
rapid-django


			
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129
							# coding=utf-8

__author__ = 'marcos.medeiros'


class Permission(object):
    """
    A permission for an registry entry.
    """
    def __init__(self, model, instances):
        self.model = model
        self.instances = instances


def all_instances(model):
    """
    Shortcut function for granting permission over all instances of a model.
    For that use, create a permission with this function at its "instances" attribute.
    """
    def i(request):
        if model(request):
            return {}
        else:
            return None
    return i


def apply_instances_permission(model, perm):
    """
    Returns the set of objects that a resolved permission has access to.
    :param model: ModelData of the model that'll be filtered
    :param perm: Resolved permission (that is, the result of evaluating permission.instances(request))
    """
    if perm is None:
        return []
    if hasattr(perm, 'keys'):
        return model.default_manager().filter(**perm)
    if hasattr(perm, '__iter__'):
        return perm
    if hasattr(perm, 'all'):
        return perm
    return []


def has_instance(model, perm, instance):
    """
    Verifies if an object instance access is permitted
    :param model: ModelData of the desired model
    :param perm: Resolved permission (that is, the result of evaluating permission.instances(request))
    :param instance: Instance that'll be verified.
    """
    p = apply_instances_permission(model, perm)
    if hasattr(p, 'filter'):
        return p.filter(pk=instance.pk).exists()
    if hasattr(p, '__iter__'):
        return bool([f for f in p if f.pk == instance.pk])
    return False


def to_profile(profile):
    """
    Grants permission over the model and all instances to the given profile(s)
    :param profile: A profile.id or an iterable of those.
    """
    if hasattr(profile, "__iter__"):
        def m(request):
            if not request.user.is_authenticated():
                return False
            up = [p.pk for p in request.user.profile_set]
            for p in up:
                if p in profile:
                    return True
            return False
    else:
        def m(request):
            if not request.user.is_authenticated():
                return False
            up = [p.pk for p in request.user.profile_set.all()]
            if profile in up:
                return True
            return False
    return Permission(m, all_instances(m))


def to_staff():
    """
    Grants permission over the model and all instances to every user with is_staff set.
    """
    def m(request):
        if request.user.is_authenticated() and request.user.is_staff:
            return True
        return False
    return Permission(m, all_instances(m))


def to_all():
    """
    Grants permission over the model and all instances to all users.
    """
    # noinspection PyUnusedLocal
    def m(request):
        return True
    return Permission(m, all_instances(m))


def to_superusers():
    """
    Grants permission over the model and all instances to every user with superuser set.
    """
    def m(request):
        if request.user.is_authenticated() and request.user.is_superuser:
            return True
        return False
    return Permission(m, all_instances(m))


def to_application_managers(app):
    """
    Grants permission over the model and all instances to the manager of the given application
    :param app: Application.id of the desired application
    """
    def m(request):
        if not request.user.is_authenticated():
            return False
        up = [a.pk for a in request.user.managed_applications.all()]
        if app in up:
            return True
        return False
    return Permission(m, all_instances(m))