diefenbach / django-permissions Goto Github PK

A few weeks ago, I stepped into this app, not to be confused with the almost omonymous "django-permission" (without the "s"); it simplicity and neatness impressed me.
But permissions are granted to roles (and through them to users or groups) only for specific content objects: in the Home»Permissions»Object section of the Admin interface, you cannot add an ObjectPermission object without specifying the content_id besides the content_type id.
By inspecting the code, it seems easy to associate permissions to roles in a more "global" way, that is for content types.
I tried a small patch: it works and till now didn't cause side-effects.

Here are the patches:

models.py, class ObjectPermission

-   content_id = models.PositiveIntegerField(verbose_name=_(u"Content id"))
+   content_id = models.PositiveIntegerField(verbose_name=_(u"Content id"), blank=True, null=True)
-   content = generic.GenericForeignKey(ct_field="content_type", fk_field="content_id")

utils.py, def def has_permission; add the following code just after the while statement

    p = ObjectPermission.objects.filter(
        content_type=ctype, content_id__isnull=True, role__in=roles, permission__codename=codename).values("id")
    if len(p) > 0:
        result = True
        break

Being the app already installed and synced, I had also to tweak the schema of the database in order to remove the contraints on the content_id field of the permissions_objectpermission table.

NOTE:
I'm not forking the code, among other things, since for a name conflict I was forced to rename the app.
Moreover, as stated in another issue, I had to make, in the util module, function get_roles, another patch in code that I don't understand fully.

hello,

I'm looking for the equivalent of has_role of permissions 1.0 that has been removed. I tried get_roles but it fails with ony user as argument.
I am using 1.2.2.

from permissions.utils import get_roles
sre=User.objects.get(username="sre")
get_roles(sre)


AttributeError                            Traceback (most recent call last)
<ipython-input-4-d0d05e14a9a3> in <module>()
----> 1 perm.get_roles(sre)

/home/fox/prog/workspace/django-1.8/lib/python2.7/site-packages/permissions/utils.pyc in get_roles(user, obj)
    204     """
    205     # Cached roles
--> 206     ctype = ContentType.objects.get_for_model(obj)
    207     obj_id = "{}|{}".format(obj.id, ctype.id) if obj else "0"
    208     try:

/home/fox/prog/workspace/django-1.8/lib/python2.7/site-packages/django/contrib/contenttypes/models.pyc in get_for_model(self, model, for_concrete_model)
     51         for the same model don't hit the database.
     52         """
---> 53         opts = self._get_opts(model, for_concrete_model)
     54         try:
     55             return self._get_from_cache(opts)

/home/fox/prog/workspace/django-1.8/lib/python2.7/site-packages/django/contrib/contenttypes/models.pyc in _get_opts(self, model, for_concrete_model)
     28     def _get_opts(self, model, for_concrete_model):
     29         if for_concrete_model:
---> 30             model = model._meta.concrete_model
     31         elif model._deferred:
     32             model = model._meta.proxy_for_model

AttributeError: 'NoneType' object has no attribute '_meta'

In version 1.1, module utils.py, function get_roles, I had to change the construction of the queries, in order to make get_roles itself and has_permission work. Here is my code:

groups_ids = [g.id for g in groups]
groups_ids_str = ", ".join([str(id) for id in groups_ids]) # to be used for caching ?
if groups_ids:
    query = Q(user_id=user.id) | Q(group_id__in=groups_ids)
    prrs = PrincipalRoleRelation.objects.filter(
        query, content_id=None
    ).values("role_id")

(around line 217; made similar change around line 231; I imagine that the variable groups_ids_str should be used for caching, but don't know how.)

It seems that the current version, in Github, needs the same fix.
By, Giovanni

in django 1.8 PrincipalRoleRelation.objects.filter in utils.get_roles can't receive a string

hello,

Thanks for providing migration with django-persmissions-.1.2. With an existing database created with django-permissions 1.0, it fails, complaining about existing table :
manage.py migrate permissions
[...]
django.db.utils.OperationalError: table "permissions_objectpermission" already exists