Kai Diefenbach avatar Kai Diefenbach committed 0b4bc77

Added optional additional groups to has_permission

Comments (0)

Files changed (2)

permissions/tests.py

         self.group_1 = permissions.utils.register_group("Group 1")
         self.group_2 = permissions.utils.register_group("Group 2")
 
-        self.user = User.objects.create(username="doe")
+        self.user = User.objects.create(username="john")
         self.user.groups.add(self.group_1)
         self.user.groups.add(self.group_2)
         self.user.save()
         result = permissions.utils.has_permission("view", self.user, self.page_1)
         self.assertEqual(result, False)
 
+    def test_has_permission_owner(self):
+        """
+        """
+        creator = User.objects.create(username="jane")
+
+        result = permissions.utils.has_permission("view", creator, self.page_1)
+        self.assertEqual(result, False)
+
+        owner = permissions.utils.register_group("Owner")
+        permissions.utils.grant_permission("view", owner, self.page_1)
+
+        result = permissions.utils.has_permission("view", creator, self.page_1, [owner])
+        self.assertEqual(result, True)
+
     def test_has_permission_user(self):
         """
         """
 
         result = permissions.utils.has_permission("view", self.user, self.page_1)
         self.assertEqual(result, False)
-        
+
     def test_ineritance(self):
         """
         """

permissions/utils.py

             return False
 
     ct = ContentType.objects.get_for_model(obj)
-    
+
     if isinstance(user_group, Group):
         try:
             op = ObjectPermission.objects.get(group=user_group, content_type = ct, content_id=obj.id, permission = permission)
         try:
             op = ObjectPermission.objects.get(user=user_group, content_type = ct, content_id=obj.id, permission = permission)
         except ObjectPermission.DoesNotExist:
-            return False                
+            return False
     op.delete()
     return True
 
-def has_permission(codename, user, obj=None):
+def has_permission(codename, user, obj=None, groups=[]):
     """Checks whether the passed user has passed permission for passed object.
 
     **Parameters:**
         The user for which the permission should be checked.
     obj
         The object for which the permission should be checked.
+    groups
+        If given these groups will be assigned to the user temporarily before 
+        the permissions are checked.
     """
+    if obj is None:
+        return False
+
     if user.is_superuser:
         return True
 
     if not user.is_authenticated():
         user = User.objects.get(username="anonymous")
 
-    if obj is None:
-        return False
+    user_groups = list(Group.objects.filter(user=user))
+    user_groups.extend(groups)
 
-    groups = Group.objects.filter(user=user)
     ct = ContentType.objects.get_for_model(obj)
 
     while obj is not None:
             return True
 
         p = ObjectPermission.objects.filter(
-            content_type=ct, content_id=obj.id, group__in=groups, permission__codename = codename)
+            content_type=ct, content_id=obj.id, group__in=user_groups, permission__codename = codename)
 
         if p.exists():
             return True
Tip: Filter by directory path e.g. /media app.js to search for public/media/app.js.
Tip: Use camelCasing e.g. ProjME to search for ProjectModifiedEvent.java.
Tip: Filter by extension type e.g. /repo .js to search for all .js files in the /repo directory.
Tip: Separate your search with spaces e.g. /ssh pom.xml to search for src/ssh/pom.xml.
Tip: Use ↑ and ↓ arrow keys to navigate and return to view the file.
Tip: You can also navigate files with Ctrl+j (next) and Ctrl+k (previous) and view the file with Ctrl+o.
Tip: You can also navigate files with Alt+j (next) and Alt+k (previous) and view the file with Alt+o.