acl.py 2.33 KB
Newer Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
# -*- mode: python; coding: utf-8 -*-
# Re2o est un logiciel d'administration développé initiallement au rezometz. Il
# se veut agnostique au réseau considéré, de manière à être installable en
# quelques clics.
#
# Copyright © 2018  Maël Kervella
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along
# with this program; if not, write to the Free Software Foundation, Inc.,
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.

"""api.acl

Here are defined some functions to check acl on the application.
"""

27

28
from django.conf import settings
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
from django.contrib.contenttypes.models import ContentType
from django.contrib.auth.models import Permission


# Creates the 'use_api' permission if not created
# The 'use_api' is a fake permission in the sense
# it is not associated with an existing model and
# this ensure the permission is created every tun
api_content_type, created = ContentType.objects.get_or_create(
    app_label=settings.API_CONTENT_TYPE_APP_LABEL,
    model=settings.API_CONTENT_TYPE_MODEL
)
if created:
    api_content_type.save()
api_permission, created = Permission.objects.get_or_create(
    name=settings.API_PERMISSION_NAME,
    content_type=api_content_type,
    codename=settings.API_PERMISSION_CODENAME
)
if created:
    api_permission.save()
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67


def can_view(user):
    """Check if an user can view the application.

    Args:
        user: The user who wants to view the application.

    Returns:
        A couple (allowed, msg) where allowed is a boolean which is True if
        viewing is granted and msg is a message (can be None).
    """
    kwargs = {
        'app_label': settings.API_CONTENT_TYPE_APP_LABEL,
        'codename': settings.API_PERMISSION_CODENAME
    }
    can = user.has_perm('%(app_label)s.%(codename)s' % kwargs)
    return can, None if can else "Vous ne pouvez pas voir cette application."