/usr/lib/python3/dist-packages/guardian/managers.py is in python3-django-guardian 1.4.9-2.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 | from __future__ import unicode_literals
from django.db import models
from django.db.models import Q
from guardian.core import ObjectPermissionChecker
from guardian.ctypes import get_content_type
from guardian.exceptions import ObjectNotPersisted
from guardian.models import Permission
import warnings
class BaseObjectPermissionManager(models.Manager):
@property
def user_or_group_field(self):
try:
self.model._meta.get_field('user')
return 'user'
except models.fields.FieldDoesNotExist:
return 'group'
def is_generic(self):
try:
self.model._meta.get_field('object_pk')
return True
except models.fields.FieldDoesNotExist:
return False
def assign_perm(self, perm, user_or_group, obj):
"""
Assigns permission with given ``perm`` for an instance ``obj`` and
``user``.
"""
if getattr(obj, 'pk', None) is None:
raise ObjectNotPersisted("Object %s needs to be persisted first"
% obj)
ctype = get_content_type(obj)
if not isinstance(perm, Permission):
permission = Permission.objects.get(content_type=ctype, codename=perm)
else:
permission = perm
kwargs = {'permission': permission, self.user_or_group_field: user_or_group}
if self.is_generic():
kwargs['content_type'] = ctype
kwargs['object_pk'] = obj.pk
else:
kwargs['content_object'] = obj
obj_perm, _ = self.get_or_create(**kwargs)
return obj_perm
def bulk_assign_perm(self, perm, user_or_group, queryset):
"""
Bulk assigns permissions with given ``perm`` for an objects in ``queryset`` and
``user_or_group``.
"""
ctype = get_content_type(queryset.model)
if not isinstance(perm, Permission):
permission = Permission.objects.get(content_type=ctype, codename=perm)
else:
permission = perm
checker = ObjectPermissionChecker(user_or_group)
checker.prefetch_perms(queryset)
assigned_perms = []
for instance in queryset:
if not checker.has_perm(permission.codename, instance):
kwargs = {'permission': permission, self.user_or_group_field: user_or_group}
if self.is_generic():
kwargs['content_type'] = ctype
kwargs['object_pk'] = instance.pk
else:
kwargs['content_object'] = instance
assigned_perms.append(self.model(**kwargs))
self.model.objects.bulk_create(assigned_perms)
return assigned_perms
def assign(self, perm, user_or_group, obj):
""" Depreciated function name left in for compatibility"""
warnings.warn("UserObjectPermissionManager method 'assign' is being renamed to 'assign_perm'. Update your code accordingly as old name will be depreciated in 2.0 version.", DeprecationWarning)
return self.assign_perm(perm, user_or_group, obj)
def remove_perm(self, perm, user_or_group, obj):
"""
Removes permission ``perm`` for an instance ``obj`` and given ``user_or_group``.
Please note that we do NOT fetch object permission from database - we
use ``Queryset.delete`` method for removing it. Main implication of this
is that ``post_delete`` signals would NOT be fired.
"""
if getattr(obj, 'pk', None) is None:
raise ObjectNotPersisted("Object %s needs to be persisted first"
% obj)
filters = Q(**{self.user_or_group_field: user_or_group})
if isinstance(perm, Permission):
filters &= Q(permission=perm)
else:
filters &= Q(permission__codename=perm,
permission__content_type=get_content_type(obj))
if self.is_generic():
filters &= Q(object_pk=obj.pk)
else:
filters &= Q(content_object__pk=obj.pk)
return self.filter(filters).delete()
def bulk_remove_perm(self, perm, user_or_group, queryset):
"""
Removes permission ``perm`` for a ``queryset`` and given ``user_or_group``.
Please note that we do NOT fetch object permission from database - we
use ``Queryset.delete`` method for removing it. Main implication of this
is that ``post_delete`` signals would NOT be fired.
"""
filters = Q(**{self.user_or_group_field: user_or_group})
if isinstance(perm, Permission):
filters &= Q(permission=perm)
else:
ctype = get_content_type(queryset.model)
filters &= Q(permission__codename=perm,
permission__content_type=ctype)
if self.is_generic():
filters &= Q(object_pk__in = [str(pk) for pk in queryset.values_list('pk', flat=True)])
else:
filters &= Q(content_object__in=queryset)
return self.filter(filters).delete()
class UserObjectPermissionManager(BaseObjectPermissionManager):
pass
class GroupObjectPermissionManager(BaseObjectPermissionManager):
pass
|