modified files for app permissions update
diff --git a/app_mgr/__init__.py b/app_mgr/__init__.py
index e69de29..f47b747 100644
--- a/app_mgr/__init__.py
+++ b/app_mgr/__init__.py
@@ -0,0 +1 @@
+default_app_config = 'app_mgr.apps.AppMgrConfig'
diff --git a/app_mgr/admin.py b/app_mgr/admin.py
index eb2e0de..f09e67d 100644
--- a/app_mgr/admin.py
+++ b/app_mgr/admin.py
@@ -33,6 +33,7 @@
class ApplicationAdmin(GuardedModelAdmin):
inlines = [ApplicationInline]
search_fields = ['name']
+ list_display = ['id', 'name', 'isPublic']
class AppVersionAdmin(admin.ModelAdmin):
model = AppVersion
diff --git a/app_mgr/models.py b/app_mgr/models.py
index 7f04115..ca7d735 100644
--- a/app_mgr/models.py
+++ b/app_mgr/models.py
@@ -6,70 +6,11 @@
from django.contrib.contenttypes.fields import GenericForeignKey
from django.contrib.auth import get_user_model
-
-from django.apps import apps
+from django.contrib.auth.models import Group
from custom_user.models import AbstractEmailUser
from guardian.mixins import GuardianUserMixin
-from guardian.shortcuts import assign_perm, get_user_perms, get_users_with_perms, remove_perm, get_perms_for_model
-
-from django.db.models.signals import post_save, pre_delete
-from django.dispatch import receiver
-from rest_framework.authtoken.models import Token
-
-# Define signals here
-@receiver(post_save, sender=settings.AUTH_USER_MODEL)
-def set_user_perms(sender, instance=None, created=False, **kwargs):
- perms = get_perms_for_model(apps.get_model('app_mgr', 'UserProfile'))
- for perm in perms:
- assign_perm(perm.codename, instance, instance)
-
-@receiver(post_save, sender=settings.AUTH_USER_MODEL)
-def create_auth_token(sender, instance=None, created=False, **kwargs):
- if created:
- Token.objects.create(user=instance)
-
-@receiver(post_save, sender='app_mgr.Organization')
-def set_owner_perms(sender, instance=None, created=False, **kwargs):
- perms = get_perms_for_model(apps.get_model('app_mgr', 'Organization'))
-
- if not created:
- old_members = get_users_with_perms(instance)
- for member in old_members:
- for perm in perms:
- remove_perm(perm.codename, member, instance)
-
- new_members = instance.members.all()
- for member in (m for m in members if m.is_admin):
- for perm in perms:
- assign_perm(perm.codename, member.user, instance)
- for member in (m for m in members if not m.is_admin):
- assign_perm('view_organization', member.user, instance)
-
-@receiver(post_save, sender='app_mgr.Membership')
-def set_org_perms(sender, instance=None, created=False, **kwargs):
- perms = get_perms_for_model(apps.get_model('app_mgr', 'Organization'))
-
- was_admin = len(get_user_perms(instance.user, instance.org)) > 1
-
- if instance.is_admin and not was_admin:
- for perm in perms:
- assign_perm(perm.codename, instance.user, instance.org)
-
- if not instance.is_admin and was_admin:
- for perm in perms:
- remove_perm(perm.codename, instance.user, instance.org)
-
- assign_perm('view_organization', instance.user, instance.org)
-
-# Create your models here.
-@receiver(pre_delete, sender='app_mgr.Membership')
-def rm_org_perms(sender, instance=None, **kwargs):
- perms = get_perms_for_model(apps.get_model('app_mgr', 'Organization'))
-
- for perm in perms:
- remove_perm(perm.codename, instance.user, instance.org)
# Create your models here.
class UserProfile(AbstractEmailUser, GuardianUserMixin):
@@ -89,6 +30,11 @@
members = models.ManyToManyField(UserProfile, through='Membership')
+ member_group = models.OneToOneField(Group, null=True, blank=True,
+ related_name='members_of')
+ admin_group = models.OneToOneField(Group, null=True, blank=True,
+ related_name='admins_of')
+
class Meta:
permissions = (
("view_organization", "view organization information"),
diff --git a/app_mgr/permissions.py b/app_mgr/permissions.py
index 06c5041..334a662 100644
--- a/app_mgr/permissions.py
+++ b/app_mgr/permissions.py
@@ -3,6 +3,7 @@
from guardian.shortcuts import get_perms, get_perms_for_model, get_users_with_perms
SAFE_METHODS = ('GET', 'HEAD', 'OPTIONS')
+
class ViewControlObjectPermissions(DjangoObjectPermissions):
""" same as base object level permissions, plus read permission """
perms_map = {
@@ -15,6 +16,18 @@
'DELETE': ['%(app_label)s.delete_%(model_name)s'],
}
+class ApplicationObjectPermissions(DjangoObjectPermissions):
+ """ same as base object level permissions, plus read permission """
+ perms_map = {
+ 'GET': ['%(app_label)s.view_%(model_name)s'],
+ 'OPTIONS': [],
+ 'HEAD': [],
+ 'POST': ['%(app_label)s.add_%(model_name)s'],
+ 'PUT': ['%(app_label)s.change_%(model_name)s'],
+ 'PATCH': ['%(app_label)s.change_%(model_name)s'],
+ 'DELETE': ['%(app_label)s.delete_%(model_name)s'],
+ }
+
def has_object_permission(self, request, view, obj):
if hasattr(view, 'get_queryset'):
queryset = view.get_queryset()
@@ -31,6 +44,9 @@
perms = self.get_required_object_permissions(request.method, model_cls)
+ if obj.isPublic and request.method == 'GET':
+ perms = []
+
#print "-----------"
#print request.method, perms
#print obj.id, obj
diff --git a/app_mgr/views.py b/app_mgr/views.py
index bfbb503..a3e0250 100644
--- a/app_mgr/views.py
+++ b/app_mgr/views.py
@@ -9,6 +9,7 @@
from django.conf import settings
from django.db import IntegrityError
+from django.db.models import Q
from django.views.generic.base import RedirectView
@@ -22,6 +23,7 @@
from guardian.shortcuts import assign_perm, get_objects_for_user
from app_mgr.permissions import ViewControlObjectPermissions
+from app_mgr.permissions import ApplicationObjectPermissions
from app_mgr.models import UserProfile, Organization, Application, AppVersion
from app_mgr.serializers import UserProfileSerializer, OrganizationSerializer, ApplicationSerializer
@@ -72,6 +74,16 @@
queryset = Application.objects.all()
serializer_class = ApplicationSerializer
+ def get_queryset(self):
+ # only used for list
+ owned = get_objects_for_user(self.request.user, "view_application",
+ Application.objects.all())
+ public = Application.objects.filter(isPublic=True)
+
+ viewable = list(set(list(owned) + list(public)))
+
+ return viewable
+
# SINGLE RETRIEVE/UPDATE/DESTROY
class UserProfileInstanceView(generics.RetrieveUpdateDestroyAPIView):
"""
@@ -111,7 +123,6 @@
authentication_classes = (TokenAuthentication,)
permission_classes = (ViewControlObjectPermissions,)
_ignore_model_permissions = True
- #permission_classes = (IsAuthenticated,)
queryset = Organization.objects.all()
serializer_class = OrganizationSerializer
@@ -121,7 +132,8 @@
Returns a single app.
"""
authentication_classes = (TokenAuthentication,)
- permission_classes = (IsAuthenticated,)
+ permission_classes = (ApplicationObjectPermissions,)
+ _ignore_model_permissions = True
queryset = Application.objects.all()
serializer_class = ApplicationSerializer