2020-06-01 12:31:18 -04:00
|
|
|
from django.conf import settings
|
2020-05-28 10:35:59 -04:00
|
|
|
from django.contrib.contenttypes.models import ContentType
|
|
|
|
|
|
|
|
|
|
|
2020-05-21 13:12:15 -04:00
|
|
|
def get_permission_for_model(model, action):
|
|
|
|
|
"""
|
|
|
|
|
Resolve the named permission for a given model (or instance) and action (e.g. view or add).
|
|
|
|
|
|
|
|
|
|
:param model: A model or instance
|
|
|
|
|
:param action: View, add, change, or delete (string)
|
|
|
|
|
"""
|
|
|
|
|
return '{}.{}_{}'.format(
|
|
|
|
|
model._meta.app_label,
|
|
|
|
|
action,
|
|
|
|
|
model._meta.model_name
|
|
|
|
|
)
|
2020-05-28 10:35:59 -04:00
|
|
|
|
|
|
|
|
|
2020-06-02 09:26:45 -04:00
|
|
|
def resolve_permission(name):
|
2020-06-01 13:09:34 -04:00
|
|
|
"""
|
2020-06-02 09:26:45 -04:00
|
|
|
Given a permission name, return the app_label, action, and model_name components. For example, "dcim.view_site"
|
|
|
|
|
returns ("dcim", "view", "site").
|
2020-06-01 13:09:34 -04:00
|
|
|
|
|
|
|
|
:param name: Permission name in the format <app_label>.<action>_<model>
|
|
|
|
|
"""
|
|
|
|
|
try:
|
2020-06-02 09:26:45 -04:00
|
|
|
app_label, codename = name.split('.')
|
|
|
|
|
action, model_name = codename.rsplit('_', 1)
|
2020-06-01 13:09:34 -04:00
|
|
|
except ValueError:
|
|
|
|
|
raise ValueError(
|
|
|
|
|
f"Invalid permission name: {name}. Must be in the format <app_label>.<action>_<model>"
|
|
|
|
|
)
|
|
|
|
|
|
2020-06-02 09:26:45 -04:00
|
|
|
return app_label, action, model_name
|
2020-06-01 13:09:34 -04:00
|
|
|
|
2020-06-02 09:26:45 -04:00
|
|
|
|
|
|
|
|
def resolve_permission_ct(name):
|
2020-05-28 10:35:59 -04:00
|
|
|
"""
|
|
|
|
|
Given a permission name, return the relevant ContentType and action. For example, "dcim.view_site" returns
|
|
|
|
|
(Site, "view").
|
|
|
|
|
|
2020-06-01 13:09:34 -04:00
|
|
|
:param name: Permission name in the format <app_label>.<action>_<model>
|
2020-05-28 10:35:59 -04:00
|
|
|
"""
|
2020-06-02 09:26:45 -04:00
|
|
|
app_label, action, model_name = resolve_permission(name)
|
2020-05-28 10:35:59 -04:00
|
|
|
try:
|
|
|
|
|
content_type = ContentType.objects.get(app_label=app_label, model=model_name)
|
|
|
|
|
except ContentType.DoesNotExist:
|
2020-06-02 09:26:45 -04:00
|
|
|
raise ValueError(f"Unknown app_label/model_name for {name}")
|
2020-05-28 10:35:59 -04:00
|
|
|
|
|
|
|
|
return content_type, action
|
2020-06-01 12:31:18 -04:00
|
|
|
|
|
|
|
|
|
|
|
|
|
def permission_is_exempt(name):
|
|
|
|
|
"""
|
|
|
|
|
Determine whether a specified permission is exempt from evaluation.
|
|
|
|
|
|
2020-06-01 13:09:34 -04:00
|
|
|
:param name: Permission name in the format <app_label>.<action>_<model>
|
2020-06-01 12:31:18 -04:00
|
|
|
"""
|
2020-06-02 09:26:45 -04:00
|
|
|
app_label, action, model_name = resolve_permission(name)
|
2020-06-01 12:31:18 -04:00
|
|
|
|
|
|
|
|
if action == 'view':
|
|
|
|
|
if (
|
2020-07-21 17:39:56 -04:00
|
|
|
# All models (excluding those in EXEMPT_EXCLUDE_MODELS) are exempt from view permission enforcement
|
2020-07-22 12:13:07 -04:00
|
|
|
'*' in settings.EXEMPT_VIEW_PERMISSIONS and (app_label, model_name) not in settings.EXEMPT_EXCLUDE_MODELS
|
2020-06-01 12:31:18 -04:00
|
|
|
) or (
|
|
|
|
|
# This specific model is exempt from view permission enforcement
|
2020-07-21 17:39:56 -04:00
|
|
|
f'{app_label}.{model_name}' in settings.EXEMPT_VIEW_PERMISSIONS
|
2020-06-01 12:31:18 -04:00
|
|
|
):
|
|
|
|
|
return True
|
|
|
|
|
|
|
|
|
|
return False
|
