heckyel/mediagoblin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix #923 - add allow_admin to user_has_privilege decorator

Browse Source
This commit is contained in:
Jessica Tallon 2014-07-25 18:58:57 +01:00
parent 97650abd78
commit 7bfc81b21a
5 changed files with 35 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
mediagoblin/db/models.py
View File

@ -106,25 +106,26 @@ class User(Base, UserMixin):
super(User, self).delete(**kwargs) super(User, self).delete(**kwargs)
_log.info('Deleted user "{0}" account'.format(self.username)) _log.info('Deleted user "{0}" account'.format(self.username))
def has_privilege(self,*priv_names): def has_privilege(self, privilege, allow_admin=True):
""" """
This method checks to make sure a user has all the correct privileges This method checks to make sure a user has all the correct privileges
to access a piece of content. to access a piece of content.
:param priv_names A variable number of unicode objects which rep- :param privilege A unicode object which represent the different
-resent the different privileges which may give privileges which may give the user access to
the user access to this content. If you pass content.
multiple arguments, the user will be granted
access if they have ANY of the privileges :param allow_admin If this is set to True the then if the user is
passed. an admin, then this will always return True
even if the user hasn't been given the
privilege. (defaults to True)
""" """
if len(priv_names) == 1: priv = Privilege.query.filter_by(privilege_name=privilege).one()
priv = Privilege.query.filter( if priv in self.all_privileges:
Privilege.privilege_name==priv_names[0]).one() return True
return (priv in self.all_privileges) elif allow_admin and self.has_privilege(u'admin', allow_admin=False):
elif len(priv_names) > 1: return True
return self.has_privilege(priv_names[0]) or \
self.has_privilege(*priv_names[1:])
return False return False
def is_banned(self): def is_banned(self):

12
mediagoblin/decorators.py
View File

@ -74,7 +74,7 @@ def require_active_login(controller):
return new_controller_func return new_controller_func
def user_has_privilege(privilege_name): def user_has_privilege(privilege_name, allow_admin=True):
""" """
Requires that a user have a particular privilege in order to access a page. Requires that a user have a particular privilege in order to access a page.
In order to require that a user have multiple privileges, use this In order to require that a user have multiple privileges, use this
@ -85,14 +85,17 @@ def user_has_privilege(privilege_name):
the privilege object. This object is the privilege object. This object is
the name of the privilege, as assigned the name of the privilege, as assigned
in the Privilege.privilege_name column in the Privilege.privilege_name column
:param allow_admin If this is true then if the user is an admin
it will allow the user even if the user doesn't
have the privilage given in privilage_name.
""" """
def user_has_privilege_decorator(controller): def user_has_privilege_decorator(controller):
@wraps(controller) @wraps(controller)
@require_active_login @require_active_login
def wrapper(request, *args, **kwargs): def wrapper(request, *args, **kwargs):
user_id = request.user.id if not request.user.has_privilege(privilege_name, allow_admin):
if not request.user.has_privilege(privilege_name):
raise Forbidden() raise Forbidden()
return controller(request, *args, **kwargs) return controller(request, *args, **kwargs)
@ -369,7 +372,8 @@ def require_admin_or_moderator_login(controller):
@wraps(controller) @wraps(controller)
def new_controller_func(request, *args, **kwargs): def new_controller_func(request, *args, **kwargs):
if request.user and \ if request.user and \
not request.user.has_privilege(u'admin',u'moderator'): not (request.user.has_privilege(u'admin')
or request.user.has_privilege(u'moderator')):
raise Forbidden() raise Forbidden()
elif not request.user: elif not request.user:

6
mediagoblin/templates/mediagoblin/base.html
View File

@ -72,8 +72,8 @@
</div> </div>
<div class="header_right"> <div class="header_right">
{%- if request.user %} {%- if request.user %}
{% if request.user and {% if request.user and
request.user.has_privilege('active') and request.user.has_privilege('active') and
not request.user.is_banned() %} not request.user.is_banned() %}
{% set notification_count = get_notification_count(request.user.id) %} {% set notification_count = get_notification_count(request.user.id) %}
@ -158,7 +158,7 @@
{%- trans %}Create new collection{% endtrans -%} {%- trans %}Create new collection{% endtrans -%}
</a> </a>
{% template_hook("header_dropdown_buttons") %} {% template_hook("header_dropdown_buttons") %}
{% if request.user.has_privilege('admin','moderator') %} {% if request.user.has_privilege('moderator') %}
<p> <p>
<span class="dropdown_title">{% trans %}Moderation powers:{% endtrans %}</span> <span class="dropdown_title">{% trans %}Moderation powers:{% endtrans %}</span>
<a href="{{ request.urlgen('mediagoblin.moderation.media_panel') }}"> <a href="{{ request.urlgen('mediagoblin.moderation.media_panel') }}">

4
mediagoblin/templates/mediagoblin/moderation/user.html
View File

@ -175,7 +175,7 @@
{% for privilege in privileges %} {% for privilege in privileges %}
<tr> <tr>
<td>{{ privilege.privilege_name }}</td> <td>{{ privilege.privilege_name }}</td>
{% if privilege in user.all_privileges %} {% if user.has_privilege(privilege.privilege_name) %}
<td class="user_with_privilege"> <td class="user_with_privilege">
{% trans %}Yes{% endtrans %}{% else %} {% trans %}Yes{% endtrans %}{% else %}
<td class="user_without_privilege"> <td class="user_without_privilege">
@ -183,7 +183,7 @@
</td> </td>
{% if request.user.has_privilege('admin') %} {% if request.user.has_privilege('admin') %}
<td> <td>
{% if privilege in user.all_privileges %} {% if user.has_privilege(privilege.privilege_name) %}
<input type=submit id="{{ privilege.privilege_name }}" <input type=submit id="{{ privilege.privilege_name }}"
class="submit_button button_action" class="submit_button button_action"
value =" -" /> value =" -" />

17
mediagoblin/tests/test_modelmethods.py
View File

@ -179,20 +179,17 @@ class TestUserHasPrivilege:
self._setup() self._setup()
# then test out the user.has_privilege method for one privilege # then test out the user.has_privilege method for one privilege
assert not self.natalie_user.has_privilege(u'commenter') assert not self.aeva_user.has_privilege(u'admin')
assert self.aeva_user.has_privilege(u'active') assert self.natalie_user.has_privilege(u'active')
def test_allow_admin(self, test_app):
def test_user_has_privileges_multiple(self, test_app):
self._setup() self._setup()
# when multiple args are passed to has_privilege, the method returns # This should work because she is an admin.
# True if the user has ANY of the privileges assert self.natalie_user.has_privilege(u'commenter')
assert self.natalie_user.has_privilege(u'admin',u'commenter')
assert self.aeva_user.has_privilege(u'moderator',u'active')
assert not self.natalie_user.has_privilege(u'commenter',u'uploader')
# Test that we can look this out ignoring that she's an admin
assert not self.natalie_user.has_privilege(u'commenter', allow_admin=False)
def test_media_data_init(test_app): def test_media_data_init(test_app):
Session.rollback() Session.rollback()