Commits

Kai Diefenbach committed ad1c4d8

Changed API (order of passed objects)

Comments (0)

Files changed (4)

permissions/backend.py

         obj
             The object for which the permission should be checked.
         """
-        return permissions.utils.has_permission(permission_codename, user, obj)
+        return permissions.utils.has_permission(obj, permission_codename, user)

permissions/models.py

         codename
             The unique codename of the permission. This is used internal to
             identify a permission.
+        content_types
+            The content types for which the permission is active. This can be
+            used to display only reasonable permissions for an object.
     """
     name = models.CharField(_(u"Name"), max_length=100, unique=True)
     codename = models.CharField(_(u"Codename"), max_length=100, unique=True)
+    content_types = models.ManyToManyField(ContentType, verbose_name=_(u"Content Types"), blank=True, null=True, related_name="content_types")
 
     def __unicode__(self):
         return "%s (%s)" % (self.name, self.codename)
     def test_has_permission_group(self):
         """
         """
-        result = permissions.utils.has_permission("view", self.user, self.page_1)
+        result = permissions.utils.has_permission(self.page_1, "view", self.user)
         self.assertEqual(result, False)
 
-        result = permissions.utils.grant_permission(self.permission, self.group_1, self.page_1)
+        result = permissions.utils.grant_permission(self.page_1, self.permission, self.group_1)
         self.assertEqual(result, True)
 
-        result = permissions.utils.has_permission("view", self.user, self.page_1)
+        result = permissions.utils.has_permission(self.page_1, "view", self.user)
         self.assertEqual(result, True)
 
-        result = permissions.utils.remove_permission("view", self.group_1, self.page_1)
+        result = permissions.utils.remove_permission(self.page_1, "view", self.group_1)
         self.assertEqual(result, True)
 
-        result = permissions.utils.has_permission("view", self.user, self.page_1)
+        result = permissions.utils.has_permission(self.page_1, "view", self.user)
         self.assertEqual(result, False)
 
     def test_has_permission_owner(self):
         """
         creator = User.objects.create(username="jane")
 
-        result = permissions.utils.has_permission("view", creator, self.page_1)
+        result = permissions.utils.has_permission(self.page_1, "view", creator)
         self.assertEqual(result, False)
 
         owner = permissions.utils.register_group("Owner")
-        permissions.utils.grant_permission("view", owner, self.page_1)
+        permissions.utils.grant_permission(self.page_1, "view", owner)
 
-        result = permissions.utils.has_permission("view", creator, self.page_1, [owner])
+        result = permissions.utils.has_permission(self.page_1, "view", creator, [owner])
         self.assertEqual(result, True)
 
     def test_has_permission_user(self):
         """
         """
-        result = permissions.utils.has_permission("view", self.user, self.page_1)
+        result = permissions.utils.has_permission(self.page_1, "view", self.user)
         self.assertEqual(result, False)
 
-        result = permissions.utils.grant_permission(self.permission, self.user, self.page_1)
+        result = permissions.utils.grant_permission(self.page_1, self.permission, self.user)
         self.assertEqual(result, True)
 
-        result = permissions.utils.has_permission("view", self.user, self.page_1)
+        result = permissions.utils.has_permission(self.page_1, "view", self.user)
         self.assertEqual(result, True)
 
-        result = permissions.utils.remove_permission("view", self.user, self.page_1)
+        result = permissions.utils.remove_permission(self.page_1, "view", self.user)
         self.assertEqual(result, True)
 
-        result = permissions.utils.has_permission("view", self.user, self.page_1)
+        result = permissions.utils.has_permission(self.page_1, "view", self.user)
         self.assertEqual(result, False)
 
     def test_ineritance(self):
         """
         """
-        result = permissions.utils.is_inherited("view", self.page_1)
+        result = permissions.utils.is_inherited(self.page_1, "view")
         self.assertEqual(result, True)
 
-        permissions.utils.add_inheritance_block(self.permission, self.page_1)
+        permissions.utils.add_inheritance_block(self.page_1, self.permission)
 
-        result = permissions.utils.is_inherited("view", self.page_1)
+        result = permissions.utils.is_inherited(self.page_1, "view")
         self.assertEqual(result, False)
 
 class RegistrationTestCase(TestCase):
 
 # Permission #################################################################
 
-def grant_permission(permission, user_group, obj):
+def grant_permission(obj, permission, user_group):
     """Adds passed permission to passed group and object. Returns True if the
     permission was able to be added, otherwise False.
 
     **Parameters:**
 
+        obj
+            The content object for which the permission should be granted.
+
         permission
             The permission which should be granted. Either a permission
             object or the codename of a permission.
+
         user_group
             The user or group for which the permission should be granted.
-        obj
-            The content object for which the permission should be granted.
     """
     if not isinstance(permission, Permission):
         try:
                 return False
     return True
 
-def remove_permission(permission, user_group, obj):
+def remove_permission(obj, permission, user_group):
     """Removes passed permission from passed group and object. Returns True if
     the permission has been removed.
 
     **Parameters:**
 
+        obj
+            The content object for which a permission should be removed.
+
         permission
             The permission which should be removed. Either a permission object
             or the codename of a permission.
+
         user_group
             The user or group for which a permission should be removed.
-        obj
-            The content object for which a permission should be removed.
     """
     if not isinstance(permission, Permission):
         try:
     op.delete()
     return True
 
-def has_permission(codename, user, obj=None, groups=[]):
+def has_permission(obj, codename, user, groups=[]):
     """Checks whether the passed user has passed permission for passed object.
 
     **Parameters:**
 
+    obj
+        The object for which the permission should be checked.
+
     codename
         The permission's codename which should be checked.
+
     user
         The user for which the permission should be checked.
-    obj
-        The object for which the permission should be checked.
+
     groups
-        If given these groups will be assigned to the user temporarily before 
+        If given these groups will be assigned to the user temporarily before
         the permissions are checked. If you don't know why this is need you
         can safely ignore it.
     """
-
-    if obj is None:
-        return False
-
     if user.is_superuser:
         return True
 
+    if user.is_anonymous():
+        user = User.objects.get(username="anonymous")
+
     user_groups = list(Group.objects.filter(user=user))
     user_groups.extend(groups)
 
 
         if p.count() > 0:
             return True
-        
-        if is_inherited(codename, obj) == False:
+
+        if is_inherited(obj, codename) == False:
             return False
 
         try:
 
 # Inheritance ################################################################
 
-def add_inheritance_block(permission, obj):
+def add_inheritance_block(obj, permission):
     """Adds an inheritance for the passed permission on the passed obj.
 
     **Parameters:**
             return False
     return True
 
-def remove_inheritance_block(permission, obj):
+def remove_inheritance_block(obj, permission):
     """Removes a inheritance block for the passed permission from the passed
     object.
 
     **Parameters:**
 
+        obj
+            The content object for which an inheritance block should be added.
+
         permission
             The permission for which an inheritance block should be removed.
             Either a permission object or the codename of a permission.
-        obj
-            The content object for which an inheritance block should be added.
     """
     if not isinstance(permission, Permission):
         try:
     opi.delete()
     return True
 
-def is_inherited(codename, obj):
+def is_inherited(obj, codename):
     """Returns True if the passed permission is inherited for passed object.
 
     **Parameters:**
 
+        obj
+            The content object for which the permission should be checked.
+
         codename
             The permission which should be checked. Must be the codename of
             the permission.
-        obj
-            The content object for which the permission should be checked.
     """
     ct = ContentType.objects.get_for_model(obj)
     try:
         return Group.objects.get(name=name)
     except Group.DoesNotExist:
         return None
-    
+
 # Registering ################################################################
 
-def register_permission(name, codename):
+def register_permission(name, codename, ctypes=[]):
     """Registers a permission to the framework. Returns the permission if the
     registration was successfully, otherwise False.
 
         name
             The unique name of the permission. This is displayed to the
             customer.
-
         codename
             The unique codename of the permission. This is used internally to
             identify the permission.
+        content_types
+            The content type for which the permission is active. This can be
+            used to display only reasonable permissions for an object.
     """
     try:
         p = Permission.objects.create(name=name, codename=codename)
+        p.content_types = ctypes
+        p.save()
     except IntegrityError:
         return False
     return p