8
0
Fork 0
mirror of https://gitlab2.federez.net/re2o/re2o synced 2024-11-25 12:53:11 +00:00
re2o/api/acl.py

80 lines
2.7 KiB
Python
Raw Normal View History

2018-06-30 01:25:46 +00:00
# -*- mode: python; coding: utf-8 -*-
# Re2o est un logiciel d'administration développé initiallement au rezometz. Il
# se veut agnostique au réseau considéré, de manière à être installable en
# quelques clics.
#
2018-06-17 01:06:58 +00:00
# Copyright © 2018 Maël Kervella
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along
# with this program; if not, write to the Free Software Foundation, Inc.,
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
2018-06-17 01:06:58 +00:00
"""Defines the ACL for the whole API.
2018-06-17 01:06:58 +00:00
Importing this module, creates the 'can view api' permission if not already
done.
"""
from django.conf import settings
from django.contrib.auth.models import Permission
from django.contrib.contenttypes.models import ContentType
2019-01-08 23:37:45 +00:00
from django.utils.translation import ugettext as _
2018-06-17 01:06:58 +00:00
def _create_api_permission():
"""Creates the 'use_api' permission if not created.
2019-09-06 12:52:41 +00:00
2018-06-17 01:06:58 +00:00
The 'use_api' is a fake permission in the sense it is not associated with an
existing model and this ensure the permission is created every time this file
is imported.
"""
api_content_type, created = ContentType.objects.get_or_create(
app_label=settings.API_CONTENT_TYPE_APP_LABEL,
model=settings.API_CONTENT_TYPE_MODEL,
2018-06-17 01:06:58 +00:00
)
if created:
api_content_type.save()
api_permission, created = Permission.objects.get_or_create(
name=settings.API_PERMISSION_NAME,
content_type=api_content_type,
codename=settings.API_PERMISSION_CODENAME,
2018-06-17 01:06:58 +00:00
)
if created:
api_permission.save()
2018-06-17 01:06:58 +00:00
_create_api_permission()
def can_view(user):
"""Check if an user can view the application.
Args:
user: The user who wants to view the application.
Returns:
A couple (allowed, msg) where allowed is a boolean which is True if
viewing is granted and msg is a message (can be None).
"""
kwargs = {
"app_label": settings.API_CONTENT_TYPE_APP_LABEL,
"codename": settings.API_PERMISSION_CODENAME,
}
permission = "%(app_label)s.%(codename)s" % kwargs
2019-09-06 12:52:41 +00:00
can = user.has_perm(permission)
return (
can,
2019-11-16 14:01:07 +00:00
None if can else _("You don't have the right to view this application."),
(permission,),
)