2018-06-30 01:25:46 +00:00
|
|
|
# -*- mode: python; coding: utf-8 -*-
|
2018-04-20 23:24:10 +00:00
|
|
|
# Re2o est un logiciel d'administration développé initiallement au rezometz. Il
|
|
|
|
|
# se veut agnostique au réseau considéré, de manière à être installable en
|
|
|
|
|
# quelques clics.
|
|
|
|
|
#
|
2018-06-17 01:06:58 +00:00
|
|
|
# Copyright © 2018 Maël Kervella
|
2018-04-20 23:24:10 +00:00
|
|
|
#
|
|
|
|
|
# This program is free software; you can redistribute it and/or modify
|
|
|
|
|
# it under the terms of the GNU General Public License as published by
|
|
|
|
|
# the Free Software Foundation; either version 2 of the License, or
|
|
|
|
|
# (at your option) any later version.
|
|
|
|
|
#
|
|
|
|
|
# This program is distributed in the hope that it will be useful,
|
|
|
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
|
# GNU General Public License for more details.
|
|
|
|
|
#
|
|
|
|
|
# You should have received a copy of the GNU General Public License along
|
|
|
|
|
# with this program; if not, write to the Free Software Foundation, Inc.,
|
|
|
|
|
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
|
|
|
|
|
2018-06-17 01:06:58 +00:00
|
|
|
"""Defines the ACL for the whole API.
|
2018-04-20 23:24:10 +00:00
|
|
|
|
2018-06-17 01:06:58 +00:00
|
|
|
Importing this module, creates the 'can view api' permission if not already
|
|
|
|
|
done.
|
2018-04-20 23:24:10 +00:00
|
|
|
"""
|
|
|
|
|
|
|
|
|
|
from django.conf import settings
|
2018-04-21 16:32:12 +00:00
|
|
|
from django.contrib.auth.models import Permission
|
2018-09-24 17:14:46 +00:00
|
|
|
from django.contrib.contenttypes.models import ContentType
|
2018-06-17 01:06:58 +00:00
|
|
|
from django.utils.translation import ugettext_lazy as _
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def _create_api_permission():
|
|
|
|
|
"""Creates the 'use_api' permission if not created.
|
|
|
|
|
|
|
|
|
|
The 'use_api' is a fake permission in the sense it is not associated with an
|
|
|
|
|
existing model and this ensure the permission is created every time this file
|
|
|
|
|
is imported.
|
|
|
|
|
"""
|
|
|
|
|
api_content_type, created = ContentType.objects.get_or_create(
|
|
|
|
|
app_label=settings.API_CONTENT_TYPE_APP_LABEL,
|
|
|
|
|
model=settings.API_CONTENT_TYPE_MODEL
|
|
|
|
|
)
|
|
|
|
|
if created:
|
|
|
|
|
api_content_type.save()
|
|
|
|
|
api_permission, created = Permission.objects.get_or_create(
|
|
|
|
|
name=settings.API_PERMISSION_NAME,
|
|
|
|
|
content_type=api_content_type,
|
|
|
|
|
codename=settings.API_PERMISSION_CODENAME
|
|
|
|
|
)
|
|
|
|
|
if created:
|
|
|
|
|
api_permission.save()
|
2018-04-21 16:32:12 +00:00
|
|
|
|
|
|
|
|
|
2018-06-17 01:06:58 +00:00
|
|
|
_create_api_permission()
|
2018-04-20 23:24:10 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
def can_view(user):
|
|
|
|
|
"""Check if an user can view the application.
|
|
|
|
|
|
|
|
|
|
Args:
|
|
|
|
|
user: The user who wants to view the application.
|
|
|
|
|
|
|
|
|
|
Returns:
|
|
|
|
|
A couple (allowed, msg) where allowed is a boolean which is True if
|
|
|
|
|
viewing is granted and msg is a message (can be None).
|
|
|
|
|
"""
|
|
|
|
|
kwargs = {
|
|
|
|
|
'app_label': settings.API_CONTENT_TYPE_APP_LABEL,
|
|
|
|
|
'codename': settings.API_PERMISSION_CODENAME
|
|
|
|
|
}
|
|
|
|
|
can = user.has_perm('%(app_label)s.%(codename)s' % kwargs)
|
2018-06-17 01:06:58 +00:00
|
|
|
return can, None if can else _("You cannot see this application.")
|
