# -*- mode: python; coding: utf-8 -*- # Re2o est un logiciel d'administration développé initiallement au rezometz. Il # se veut agnostique au réseau considéré, de manière à être installable en # quelques clics. # # Copyright © 2018 Maël Kervella # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License along # with this program; if not, write to the Free Software Foundation, Inc., # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. """api.acl Here are defined some functions to check acl on the application. """ from django.conf import settings from django.contrib.contenttypes.models import ContentType from django.contrib.auth.models import Permission # Creates the 'use_api' permission if not created # The 'use_api' is a fake permission in the sense # it is not associated with an existing model and # this ensure the permission is created every tun api_content_type, created = ContentType.objects.get_or_create( app_label=settings.API_CONTENT_TYPE_APP_LABEL, model=settings.API_CONTENT_TYPE_MODEL ) if created: api_content_type.save() api_permission, created = Permission.objects.get_or_create( name=settings.API_PERMISSION_NAME, content_type=api_content_type, codename=settings.API_PERMISSION_CODENAME ) if created: api_permission.save() def can_view(user): """Check if an user can view the application. Args: user: The user who wants to view the application. Returns: A couple (allowed, msg) where allowed is a boolean which is True if viewing is granted and msg is a message (can be None). """ kwargs = { 'app_label': settings.API_CONTENT_TYPE_APP_LABEL, 'codename': settings.API_PERMISSION_CODENAME } can = user.has_perm('%(app_label)s.%(codename)s' % kwargs) return can, None if can else "Vous ne pouvez pas voir cette application."