Commits

Anonymous committed 651433f

[per-object-permissions] Fixed two bugs (noticed by Robert). 1) has_add_permission was not part of the new add user context and was causing an error when rendering the submit_row, changed view to have the has_add_permission 2) Custom SQL for checking if permissions exist was causing an error due to an incorrect False statment, corrected now.
[per-object-permissions] Fixed a bug where delete row level permission was giving a PermissionDenied error falsely

Comments (0)

Files changed (2)

django/contrib/admin/views/auth.py

         'is_popup': request.REQUEST.has_key('_popup'),
         'add': True,
         'change': False,
+        'has_add_permission': True,
         'has_delete_permission': False,
         'has_change_permission': True,
         'has_file_field': False,

django/contrib/auth/models.py

          #FROM "auth_user_groups" ug, "auth_rowlevelpermission" rlp, "django_content_type" ct
          #WHERE rlp."owner_id" = ug."group_id"
              #AND ug."user_id"=%s
-             #AND rlp."negative" = 0
+             #AND rlp."negative" = False
              #AND rlp."owner_ct_id" = %s
              #AND rlp."model_ct_id" = %s
         
             FROM %s ug, %s rlp, %s ct
             WHERE rlp.%s = ug.%s
                 AND ug.%s=%%s
-                AND rlp.%s = 0
+                AND rlp.%s = %%s
                 AND rlp.%s = %%s
                 AND rlp.%s = %%s
                 AND rlp.%s = %%s""" % (
             backend.quote_name('auth_user_groups'), backend.quote_name('auth_rowlevelpermission'), 
             backend.quote_name('django_content_type'), backend.quote_name('owner_id'),
             backend.quote_name('group_id'), backend.quote_name('user_id'),
-            backend.quote_name('negative'), backend.quote_name('owner_ct_id'),
+            backend.quote_name('negative'),  backend.quote_name('owner_ct_id'),
             backend.quote_name('model_ct_id'), backend.quote_name('permission_id'))
-        
-        cursor.execute(sql, [self.id, ContentType.objects.get_for_model(Group).id, ct.id, perm.id])
+        cursor.execute(sql, [self.id, False, ContentType.objects.get_for_model(Group).id, ct.id, perm.id])
         count = int(cursor.fetchone()[0])
         return (count>0)
 
         #FROM "django_content_type" ct, "auth_rowlevelpermission" rlp
         #WHERE rlp."model_ct_id" = ct."id"
             #AND ct."app_label"=%s
-            #AND rlp."negative" = 0
+            #AND rlp."negative" = False
             #AND rlp."owner_ct_id" = %s
             #AND rlp."owner_id" = %s
         cursor = connection.cursor()        
             FROM %s ct, %s rlp
             WHERE rlp.%s = ct.%s
                 AND ct.%s=%%s
-                AND rlp.%s = 0
                 AND rlp.%s = %%s
                 AND rlp.%s = %%s
-                """ % (
+                AND rlp.%s = %%s
+                """ % (                    
             backend.quote_name('django_content_type'), backend.quote_name('auth_rowlevelpermission'),
             backend.quote_name('model_ct_id'), backend.quote_name('id'),
-            backend.quote_name('app_label'), backend.quote_name('negative'),
+            backend.quote_name('app_label'), 
             backend.quote_name('owner_ct_id'),
-            backend.quote_name('owner_id'), )
-        cursor.execute(sql, [app_label, ContentType.objects.get_for_model(User).id, self.id]) 
+            backend.quote_name('owner_id'),backend.quote_name('negative'), )
+        #import pdb
+        #pdb.set_trace()
+        cursor.execute(sql, [app_label, ContentType.objects.get_for_model(User).id, self.id, False]) 
         count = int(cursor.fetchone()[0])
+        print "User. App: %s, Count: %d" % (app_label, count)
         if count>0:
             return True
         return self.has_module_group_row_level_perms(app_label)
             #AND ug."user_id"=%s
             #AND rlp."model_ct_id" = ct."id"
             #AND ct."app_label"=%s
-            #AND rlp."negative" = 0
+            #AND rlp."negative" = False
             #AND rlp."owner_ct_id" = %s
         cursor = connection.cursor() 
         sql = """
                 AND ug.%s=%%s
                 AND rlp.%s = ct.%s
                 AND ct.%s=%%s
-                AND rlp.%s = 0
+                AND rlp.%s = %%s
                 AND rlp.%s = %%s""" % (
             backend.quote_name('auth_user_groups'), backend.quote_name('auth_rowlevelpermission'), 
             backend.quote_name('django_content_type'), backend.quote_name('owner_id'),
             backend.quote_name('model_ct_id'), backend.quote_name('id'),
             backend.quote_name('app_label'), backend.quote_name('negative'),
             backend.quote_name('owner_ct_id'))
-        cursor.execute(sql, [app_label, self.id, ContentType.objects.get_for_model(Group).id,])
+        cursor.execute(sql, [app_label, self.id, False, ContentType.objects.get_for_model(Group).id])
         count = int(cursor.fetchone()[0])
+        print "Group. App: %s, Count: %d" % (app_label, count)
         return (count>0)