Issue #6 resolved

Error in permissions_tags

Anonymous created an issue

Line 38 of PermissionComparisonNode.render is {{{

!python

if permissions.utils.has_permission(self.permission, request.user, obj): }}}

but the signature of has_permission is {{{

!python

def has_permission(obj, user, codename, roles=None): }}}

The order of the arguments passed should be reversed.

Comments (6)

  1. Anonymous

    I have modded the {% ifhasperm %} tag to accept context variables as well as strings:

    class PermissionComparisonNode(template.Node):
        """Implements a node to provide an if current user has passed permission
        for current object.
        """
        @classmethod
        def handle_token(cls, parser, token):
            bits = token.split_contents()
            if len(bits) != 2:
                raise template.TemplateSyntaxError(
                    "'%s' tag takes one argument" % bits[0])
            end_tag = 'endifhasperm'
            nodelist_true = parser.parse(('else', end_tag))
            token = parser.next_token()
            if token.contents == 'else': # there is an 'else' clause in the tag
                nodelist_false = parser.parse((end_tag,))
                parser.delete_first_token()
            else:
                nodelist_false = ""
    
            return cls(bits[1], nodelist_true, nodelist_false)
    
        def __init__(self, permission, nodelist_true, nodelist_false):
            self.permission = template.Variable(permission.strip("\"' "))
            self.nodelist_true = nodelist_true
            self.nodelist_false = nodelist_false
    
        def render(self, context):
            obj = context.get("obj")
            request = context.get("request")
            try:
                perm = self.permission.resolve(context)
            except template.VariableDoesNotExist:
                # If context variable lookup fails, look up permission with string passed
                perm = self.permission.var
    
            if permissions.utils.has_permission(obj, request.user, self.permission):
                return self.nodelist_true.render(context)
            else:
                return self.nodelist_false
    
  2. Log in to comment