Added head revision of django-permissions and django-workflows. See ietf-tools#535

 - Legacy-Id: 2598

Author: emiliosanchez

ietf/settings.py

@@ -118,6 +118,8 @@
     'django.contrib.admin',
     'django.contrib.humanize',
     'south',
+    'workflows',
+    'permissions',
     'ietf.announcements',
     'ietf.idindex',
     'ietf.idtracker',

permissions/__init__.py

@@ -0,0 +1,148 @@
+import permissions.utils
+
+class PermissionBase(object):
+    """Mix-in class for permissions.
+    """
+    def grant_permission(self, role, permission):
+        """Grants passed permission to passed role. Returns True if the
+        permission was able to be added, otherwise False.
+
+        **Parameters:**
+
+        role
+            The role for which the permission should be granted.
+
+        permission
+            The permission which should be granted. Either a permission
+            object or the codename of a permission.
+        """
+        return permissions.utils.grant_permission(self, role, permission)
+
+    def remove_permission(self, role, permission):
+        """Removes passed permission from passed role. Returns True if the
+        permission has been removed.
+
+        **Parameters:**
+
+        role
+            The role for which a permission should be removed.
+
+        permission
+            The permission which should be removed. Either a permission object
+            or the codename of a permission.
+        """
+        return permissions.utils.remove_permission(self, role, permission)
+
+    def has_permission(self, user, permission, roles=[]):
+        """Returns True if the passed user has passed permission for this
+        instance. Otherwise False.
+
+        **Parameters:**
+
+        permission
+            The permission's codename which should be checked. Must be a
+            string with a valid codename.
+
+        user
+            The user for which the permission should be checked.
+
+        roles
+            If passed, these roles will be assigned to the user temporarily
+            before the permissions are checked.
+        """
+        return permissions.utils.has_permission(self, user, permission, roles)
+
+    def check_permission(self, user, permission, roles=[]):
+        """Raise Unauthorized if the the passed user hasn't passed permission 
+        for this instance.
+
+        **Parameters:**
+
+        permission
+            The permission's codename which should be checked. Must be a
+            string with a valid codename.
+
+        user
+            The user for which the permission should be checked.
+
+        roles
+            If passed, these roles will be assigned to the user temporarily
+            before the permissions are checked.
+        """
+        if not self.has_permission(user, permission, roles):
+            raise Unauthorized("User %s doesn't have permission %s for object %s" % (user, permission, obj.slug))
+
+    def add_inheritance_block(self, permission):
+        """Adds an inheritance block for the passed permission.
+
+        **Parameters:**
+
+        permission
+            The permission for which an inheritance block should be added.
+            Either a permission object or the codename of a permission.
+        """
+        return permissions.utils.add_inheritance_block(self, permission)
+
+    def remove_inheritance_block(self, permission):
+        """Removes a inheritance block for the passed permission.
+
+        **Parameters:**
+
+        permission
+            The permission for which an inheritance block should be removed.
+            Either a permission object or the codename of a permission.
+        """
+        return permissions.utils.remove_inheritance_block(self, permission)
+
+    def is_inherited(self, codename):
+        """Returns True if the passed permission is inherited.
+
+        **Parameters:**
+
+        codename
+            The permission which should be checked. Must be the codename of
+            the permission.
+        """
+        return permissions.utils.is_inherited(self, codename)
+
+    def add_role(self, principal, role):
+        """Adds a local role for the principal.
+
+        **Parameters:**
+
+        principal
+            The principal (user or group) which gets the role.
+
+        role
+            The role which is assigned.
+        """
+        return permissions.utils.add_local_role(self, principal, role)
+
+    def get_roles(self, principal):
+        """Returns *direct* local roles for passed principal (user or group).
+        """
+        return permissions.utils.get_local_roles(self, principal)
+
+    def remove_role(self, principal, role):
+        """Adds a local role for the principal to the object.
+
+        **Parameters:**
+
+        principal
+            The principal (user or group) from which the role is removed.
+
+        role
+            The role which is removed.
+        """
+        return permissions.utils.remove_local_role(self, principal, role)
+
+    def remove_roles(self, principal):
+        """Removes all local roles for the passed principal from the object.
+
+        **Parameters:**
+
+        principal
+            The principal (user or group) from which all local roles are
+            removed.
+        """
+        return permissions.utils.remove_local_roles(self, principal)

permissions/admin.py

@@ -0,0 +1,13 @@
+from django.contrib import admin
+
+from permissions.models import ObjectPermission
+admin.site.register(ObjectPermission)
+
+from permissions.models import Permission
+admin.site.register(Permission)
+
+from permissions.models import Role
+admin.site.register(Role)
+
+from permissions.models import PrincipalRoleRelation
+admin.site.register(PrincipalRoleRelation)

permissions/backend.py

@@ -0,0 +1,45 @@
+# permissions imports
+import permissions.utils
+
+class ObjectPermissionsBackend(object):
+    """Django backend for object permissions. Needs Django 1.2.
+
+
+    Use it together with the default ModelBackend like so::
+
+        AUTHENTICATION_BACKENDS = (
+            'django.contrib.auth.backends.ModelBackend',
+            'permissions.backend.ObjectPermissionsBackend',
+        )
+
+    Then you can use it like:
+
+        user.has_perm("view", your_object)
+
+    """
+    supports_object_permissions = True
+    supports_anonymous_user = True
+
+    def authenticate(self, username, password):
+        return None
+
+    def has_perm(self, user_obj, perm, obj=None):
+        """Checks whether the passed user has passed permission for passed
+        object (obj).
+
+        This should be the primary method to check wether a user has a certain
+        permission.
+
+        Parameters
+        ==========
+
+        perm
+            The permission's codename which should be checked.
+
+        user_obj
+            The user for which the permission should be checked.
+
+        obj
+            The object for which the permission should be checked.
+        """
+        return permissions.utils.has_permission(obj, user_obj, perm)

permissions/exceptions.py

@@ -0,0 +1,3 @@
+class Unauthorized(Exception):
+    def __init__(self, str):
+        super(Unauthorized, self).__init__(str)

permissions/fixtures/initial.xml

@@ -0,0 +1,23 @@
+<?xml version="1.0" encoding="utf-8"?>
+<django-objects version="1.0">
+    <object pk="1" model="permissions.permission">
+        <field type="CharField" name="name">View</field>
+        <field type="CharField" name="codename">view</field>
+    </object>
+    <object pk="2" model="permissions.permission">
+        <field type="CharField" name="name">Edit</field>
+        <field type="CharField" name="codename">edit</field>
+    </object>
+    <object pk="3" model="permissions.permission">
+        <field type="CharField" name="name">Delete</field>
+        <field type="CharField" name="codename">delete</field>
+    </object>
+    <object pk="4" model="permissions.permission">
+        <field type="CharField" name="name">Cut</field>
+        <field type="CharField" name="codename">cut</field>
+    </object>
+    <object pk="5" model="permissions.permission">
+        <field type="CharField" name="name">Copy</field>
+        <field type="CharField" name="codename">copy</field>
+    </object>
+</django-objects>

permissions/locale/de/LC_MESSAGES/django.mo

@@ -0,0 +1,52 @@
+# German translations for django-permissions
+# Copyright (C) 2010 Kai Diefenbach
+# This file is distributed under the same license as the PACKAGE package.
+# Kai Diefenbach <kai.diefenbach@iqpp.de>, 2010.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: 1.0\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2010-03-30 23:12+0200\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language-Team: LANGUAGE <LL@li.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#: models.py:154
+msgid "Name"
+msgstr "Name"
+
+#: models.py:155
+msgid "Codename"
+msgstr "Codename"
+
+#: models.py:156
+msgid "Content Types"
+msgstr "Inhaltstypen"
+
+#: models.py:175 models.py:280
+msgid "Role"
+msgstr "Rolle"
+
+#: models.py:176 models.py:216
+msgid "Permission"
+msgstr "Recht"
+
+#: models.py:178 models.py:218 models.py:282
+msgid "Content type"
+msgstr "Inhaltstyp"
+
+#: models.py:179 models.py:219 models.py:283
+msgid "Content id"
+msgstr "Inhalts-ID"
+
+#: models.py:278
+msgid "User"
+msgstr "Benutzer"
+
+#: models.py:279
+msgid "Group"
+msgstr "Gruppe"