1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
|
'''
Created on Apr 5, 2011
@author: leifj
'''
from django.db import models
from django.db.models.fields import CharField, URLField, DateTimeField, IntegerField
from django.contrib.auth.models import Group
from django.db.models.fields.related import OneToOneRel
from django.dispatch.dispatcher import Signal
class AccessControlEntry(models.Model):
group = OneToOneRel(Group,related_name='acl',blank=True,null=True)
permission = CharField(max_length=256)
modify_time = DateTimeField(auto_now=True)
create_time = DateTimeField(auto_now_add=True)
def __unicode__(self):
return "%s can %s" % (self.group.__unicode__(),self.permission)
class Meta:
unique_together = ('group','permission')
def allow(object,group,permission):
if not hasattr(object,'acl'):
raise Exception,"no acl property"
if group == 'anyone':
ace = object.acl.filter(group=None,permission=permission)
if not ace:
ace = AccessControlEntry.objects.create(group=None,permission=permission)
object.acl.append(ace)
else:
ace = object.acl.filter(group=group,permission=permission)
if not ace:
ace = AccessControlEntry.objects.create(group=group,permission=permission)
object.acl.append(ace)
def deny(object,group,permission):
if not hasattr(object,'acl'):
raise Exception,"no acl property"
if group == 'anyone':
ace = object.acl.filter(group=None,permission=permission)
if ace:
object.acl.remove(ace)
else:
ace = object.acl.filter(group=group,permission=permission)
if ace:
object.acl.remove(ace)
def can(object,user,permission):
if not hasattr(object,'acl'):
raise Exception,"no acl property"
for ace in object.acl:
if ace.permission == permission and not ace.group:
return True
if ace.permission == permission and ace.group in user.groups:
return True
return False
class GroupConnector(models.Model):
ttl = IntegerField(blank=True)
uri = URLField(unique=True)
member_feed = URLField(blank=True)
group = OneToOneRel(Group,related_name='connector')
modify_time = DateTimeField(auto_now=True)
create_time = DateTimeField(auto_now_add=True)
def __unicode__(self):
return "%s for %s" % (self.uri,self.group.name)
def fetch_updates(self):
return ([],[])
def fetch_all(self):
return []
def fetch_meta(self):
return {}
def update(self):
# pull JSON to get display and ttl (?)
(added,removed) = self.fetch_updates()
for user in added:
if not self.group in user.groups:
add_member.send(sender=self.group,user=user)
user.groups.append(self.group)
for user in removed:
if self.group in user.groups:
remove_member.send(sender=self.group,user=user)
user.groups.remove(self.group)
def contains(self,user):
return user in self.members
add_member = Signal(providing_args=['user'])
remove_member = Signal(providing_args=['user'])
def co_import_from_request(request):
epes = request.META.get('HTTP_ENTITLEMENT')
for uri in epes.split(';'):
co_import(uri,members=[request.user])
## import urn:x-avp:attribute:value URIs aswell
def co_import(uri,members=None):
gco = GroupConnector.objects.get(uri=uri)
if not gco:
group = Group.objects.create(name=uri)
gco = GroupConnector.objects.create(uri=uri,ttl=0,group=group)
obj = gco.fetch_meta()
changed = False
if obj.has_key('name'):
gco.group.name = obj['name']
changed = True
if obj.has_key('ttl'):
gco.ttl = obj['ttl']
changed = True
if obj.has_key('member-feed'):
gco.member_feed = obj['member-feed']
changed = True
if not members:
members = gco.fetch_all()
for user in members:
if not gco.group in user.groups:
add_member.send(sender=gco,user=user)
user.groups.apppend(gco.group)
user.save()
if changed:
gco.save()
gco.group.save()
return gco
|
