acl.py 2.66 KB
Newer Older
Gabriel Detraz's avatar
Gabriel Detraz committed
1
# -*- mode: python; coding: utf-8 -*-
2
3
4
5
# Re2o est un logiciel d'administration développé initiallement au rezometz. Il
# se veut agnostique au réseau considéré, de manière à être installable en
# quelques clics.
#
moamoak's avatar
moamoak committed
6
# Copyright © 2018 Maël Kervella
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along
# with this program; if not, write to the Free Software Foundation, Inc.,
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.

moamoak's avatar
moamoak committed
22
"""Defines the ACL for the whole API.
23

moamoak's avatar
moamoak committed
24
25
Importing this module, creates the 'can view api' permission if not already
done.
26
27
28
"""

from django.conf import settings
29
from django.contrib.auth.models import Permission
Alexandre IOOSS's avatar
Alexandre IOOSS committed
30
from django.contrib.contenttypes.models import ContentType
Laouen Fernet's avatar
Laouen Fernet committed
31
from django.utils.translation import ugettext as _
moamoak's avatar
moamoak committed
32
33
34
35


def _create_api_permission():
    """Creates the 'use_api' permission if not created.
klafyvel's avatar
klafyvel committed
36

moamoak's avatar
moamoak committed
37
38
39
40
41
42
    The 'use_api' is a fake permission in the sense it is not associated with an
    existing model and this ensure the permission is created every time this file
    is imported.
    """
    api_content_type, created = ContentType.objects.get_or_create(
        app_label=settings.API_CONTENT_TYPE_APP_LABEL,
klafyvel's avatar
klafyvel committed
43
        model=settings.API_CONTENT_TYPE_MODEL,
moamoak's avatar
moamoak committed
44
45
46
47
48
49
    )
    if created:
        api_content_type.save()
    api_permission, created = Permission.objects.get_or_create(
        name=settings.API_PERMISSION_NAME,
        content_type=api_content_type,
klafyvel's avatar
klafyvel committed
50
        codename=settings.API_PERMISSION_CODENAME,
moamoak's avatar
moamoak committed
51
52
53
    )
    if created:
        api_permission.save()
54
55


moamoak's avatar
moamoak committed
56
_create_api_permission()
57
58
59
60
61
62
63
64
65
66
67
68
69


def can_view(user):
    """Check if an user can view the application.

    Args:
        user: The user who wants to view the application.

    Returns:
        A couple (allowed, msg) where allowed is a boolean which is True if
        viewing is granted and msg is a message (can be None).
    """
    kwargs = {
klafyvel's avatar
klafyvel committed
70
71
        "app_label": settings.API_CONTENT_TYPE_APP_LABEL,
        "codename": settings.API_PERMISSION_CODENAME,
72
    }
klafyvel's avatar
klafyvel committed
73
    permission = "%(app_label)s.%(codename)s" % kwargs
klafyvel's avatar
klafyvel committed
74
    can = user.has_perm(permission)
klafyvel's avatar
klafyvel committed
75
76
    return (
        can,
77
        None if can else _("You don't have the right to view this application."),
klafyvel's avatar
klafyvel committed
78
79
        (permission,),
    )