# coding=utf-8
"""
"""
from permission.logics import PermissionLogic
from permission.logics import AuthorPermissionLogic
[ドキュメント]class PersonaPermissionLogic(PermissionLogic):
"""
Permission logics which check the user's role and return corresponding
permission
"""
def _has_add_perm(self, user_obj, perm, obj):
# ゼーレ権限以上のスタッフのみ手作業でユーザーを追加可能
# (ユーザーの手動追加はAdminページのみで可能)
return user_obj.role in ('adam', 'seele',)
def _has_change_perm(self, user_obj, perm, obj):
# 自分自身のPersonaのみ編集権限を持つ
if obj is None:
# Non object permission
return user_obj.is_member
else:
return (obj == user_obj and user_obj.is_member)
def _has_delete_perm(self, user_obj, perm, obj):
# スーパーユーザー以外は削除権限を持たない
return False
def _has_activate_perm(self, user_obj, perm, obj):
# ネルフ権限以上のスタッフのみ手作業でユーザーのアクティベイト
# が可能(Adminページ限定)
return user_obj.role in ('seele', 'nerv',)
def _has_view_retired_perm(self, user_obj, perm, obj):
return user_obj.role in ('children', 'seele', 'nerv')
def _has_assign_role_perm(self, user_obj, perm, obj):
# ゼーレ権限以上の場合のみ役職を変更することができる
return user_obj.role in ('seele',)
[ドキュメント] def has_perm(self, user_obj, perm, obj=None):
if not user_obj.is_authenticated():
return False
permission_methods = {
'personas.add_persona': self._has_add_perm,
'personas.change_persona': self._has_change_perm,
'personas.delete_persona': self._has_delete_perm,
'personas.activate_persona': self._has_activate_perm,
'personas.assign_role_persona': self._has_assign_role_perm,
'personas.view_retired_persona': self._has_view_retired_perm,
}
if perm in permission_methods:
return permission_methods[perm](user_obj, perm, obj)
return False
[ドキュメント]class BaseRolePermissionLogic(PermissionLogic):
"""
Permission logic class for role based permission system
It is checked by user_obj.role
"""
role_names = []
def __init__(self,
any_permission=False,
add_permission=False,
change_permission=False,
delete_permission=False):
"""
Constructor
Parameters
----------
any_permission : boolean
True for give any permission of the specified object or model to
the role. Default value will be `False`
add_permission : boolean
True for give add permission of the specified model to the role.
Default value will be 'False'
change_permission : boolean
True for give change permission of the specified object to the
role. Default value will be 'False'
delete_permission : boolean
True for give delete permission of the specified object to the
role. Default value will be 'False'
"""
self.any_permission = any_permission
self.add_permission = add_permission
self.change_permission = change_permission
self.delete_permission = delete_permission
[ドキュメント] def has_perm(self, user_obj, perm, obj=None):
"""
Check if user have permission (of object)
It is determined from the `user_obj.role`.
If no object is specified, if any_permission is True it returns
``True``. if else returns ``False``.
If an object is specified, it will return ``True`` if the user's role
is contained in ``role_names``.
Parameters
----------
user_obj : django user model instance
A django user model instance which be checked
perm : string
`app_label.codename` formatted permission string
obj : None or django model instance
None or django model instance for object permission
Returns
-------
boolean
Wheter the specified user have specified permission (of specified
object).
"""
add_name = self.get_full_permission_string('add')
change_name = self.get_full_permission_string('change')
delete_name = self.get_full_permission_string('delete')
if not user_obj.is_active:
return False
role = getattr(user_obj, 'role', None)
if obj is None:
if self.any_permission and role in self.role_names:
return True
if self.add_permission and perm == add_name:
if role and role in self.role_names:
return True
return False
else:
if role and role in self.role_names:
if self.any_permission:
# have any kind of permissions to the obj
return True
if self.change_permission and perm == change_name:
return True
if self.delete_permission and perm == delete_name:
return True
return False
[ドキュメント]class ChildrenPermissionLogic(BaseRolePermissionLogic):
"""
Permission logic class to allow permissions to over `Children` role user.
"""
role_names = ['adam', 'seele', 'nerv', 'children']
[ドキュメント]class NervPermissionLogic(BaseRolePermissionLogic):
"""
Permission logic class to allow permissions to over `Nerv`(staff) role user
"""
role_names = ['adam', 'seele', 'nerv']
[ドキュメント]class SeelePermissionLogic(BaseRolePermissionLogic):
"""
Permission logic class to allow permissions to over `Seele` role user.
"""
role_names = ['adam', 'seele']
[ドキュメント]class AdamPermissionLogic(BaseRolePermissionLogic):
"""
Permission logic class to allow permissions to over `Adam`(superuser) role
user
"""
role_names = ['adam']
[ドキュメント]class KawazAuthorPermissionLogic(AuthorPermissionLogic):
"""
Kawaz用AuthorPermissionLogic
Kawazの仕様では、willeがauthorになることは現段階ではない。
通常のAuthorPermissionLogicを利用すると、willeであっても
ログインユーザーであればモデルパーミッションがTrueになり
使い勝手が悪い
そのため、wille以下の場合はFalseが返るようにした
"""
role_names = ['adam', 'seele', 'nerv', 'children']
[ドキュメント] def has_perm(self, user_obj, perm, obj=None):
if (user_obj.is_authenticated() and
user_obj.role not in self.role_names):
return False
return super().has_perm(user_obj, perm, obj)