Skip to content

D
django-wiki
Commit c83ad432 by benjaoming
Options

Checking read permissions on page list

parent b37e140b
Showing with 60 additions and 14 deletions
wiki/conf/settings.py
......@@ -49,6 +49,8 @@ else:
LOGIN_URL = getattr(django_settings, "LOGIN_URL", "/")
# Maximum amount of children to display in a menu before going "+more"
# NEVER set this to 0 as it will wrongly inform the user that there are no
# children and for instance that an article can be safely deleted.
SHOW_MAX_CHILDREN = getattr(django_settings, 'WIKI_SHOW_MAX_CHILDREN', 20)
####################
......
wiki/managers.py
from django.db import models
from django.db.models import Q
from django.db.models.query import QuerySet
from django.db.models.query import QuerySet, EmptyQuerySet
from mptt.managers import TreeManager
class ArticleEmptyQuerySet(QuerySet):
def can_read(self, user):
return self
def can_write(self, user):
return self
class ArticleQuerySet(QuerySet):
def can_read(self, user):
......@@ -36,7 +42,7 @@ class ArticleQuerySet(QuerySet):
def active(self):
return self.filter(current_revision__deleted=False)
class ArticleFkQuerySet(QuerySet):
class ArticleFkQuerySetMixin():
def can_read(self, user):
"""Filter objects so only the ones with a user's reading access
......@@ -69,7 +75,23 @@ class ArticleFkQuerySet(QuerySet):
def active(self):
return self.filter(article__current_revision__deleted=False)
class ArticleFkEmptyQuerySetMixin():
def can_read(self, user):
return self
def can_write(self, user):
return self
def active(self, user):
return self
class ArticleFkQuerySet(ArticleFkQuerySetMixin, QuerySet):
pass
class ArticleFkEmptyQuerySet(ArticleFkEmptyQuerySetMixin, EmptyQuerySet):
pass
class ArticleManager(models.Manager):
def get_empty_query_set(self):
return ArticleEmptyQuerySet()
def get_query_set(self):
return ArticleQuerySet(self.model, using=self._db)
def active(self):
......@@ -80,6 +102,8 @@ class ArticleManager(models.Manager):
return self.get_query_set().can_write(user)
class ArticleFkManager(models.Manager):
def get_empty_query_set(self):
return ArticleFkEmptyQuerySet()
def get_query_set(self):
return ArticleFkQuerySet(self.model, using=self._db)
def active(self):
......@@ -90,16 +114,31 @@ class ArticleFkManager(models.Manager):
return self.get_query_set().can_write(user)
class URLPathQuerySet(QuerySet):
class URLPathEmptyQuerySet(EmptyQuerySet, ArticleFkEmptyQuerySetMixin):
def select_related_common(self):
return self
class URLPathQuerySet(QuerySet, ArticleFkQuerySetMixin):
def select_related_common(self):
return self.select_related("parent", "article__current_revision", "article__owner")
class URLPathManager(TreeManager):
def get_empty_query_set(self):
return URLPathEmptyQuerySet()
def get_query_set(self):
"""Return a QuerySet with the same ordering as the TreeManager."""
return URLPathQuerySet(self.model, using=self._db).order_by(
self.tree_id_attr, self.left_attr)
def select_related_common(self):
return self.get_query_set().common_select_related()
def active(self):
return self.get_query_set().active()
def can_read(self, user):
return self.get_query_set().can_read(user)
def can_write(self, user):
return self.get_query_set().can_write(user)
wiki/models/urlpath.py
......@@ -27,6 +27,7 @@ class URLPath(MPTTModel):
INHERIT_PERMISSIONS = True
objects = managers.URLPathManager()
_default_manager = objects
articles = generic.GenericRelation(ArticleForObject)
......@@ -38,6 +39,10 @@ class URLPath(MPTTModel):
site = models.ForeignKey(Site)
parent = TreeForeignKey('self', null=True, blank=True, related_name='children')
def __init__(self, *args, **kwargs):
self._tree_manager = URLPath.objects
return super(URLPath, self).__init__(*args, **kwargs)
@property
def cached_ancestors(self):
"""
......
wiki/templates/wiki/list.html
......@@ -2,14 +2,14 @@
{% load wiki_tags i18n sekizai_tags %}
{% load url from future %}
{% block pagetitle %}{% trans "Children of" %} {{ article.current_revision.title }}{% endblock %}
{% block pagetitle %}{% trans "Sub-articles of" %} {{ article.current_revision.title }}{% endblock %}
{% block wiki_contents_tab %}
<ul>
{% for child in children %}
{% for article in articles %}
<li>
<a href="{% url 'wiki:get' child.path %}"> {{ child.article.current_revision.title }} </a>
<a href="{% url 'wiki:get' child.path %}"> {{ article.article.current_revision.title }} </a>
</li>
{% endfor %}
</ul>
......
wiki/views/article.py
......@@ -395,15 +395,13 @@ class List(ListView, ArticleMixin):
template_name="wiki/list.html"
allow_empty = True
context_object_name = 'children'
paginate_by = 50
context_object_name = 'articles'
paginate_by = 30
def get_queryset(self):
return self.urlpath.get_children().order_by('slug').select_related_common()
return self.urlpath.get_children().can_read(self.request.user).select_related_common().order_by('slug')
def get_context_data(self, **kwargs):
# Is this a bit of a hack? Use better inheritance?
kwargs_article = ArticleMixin.get_context_data(self, **kwargs)
kwargs_listview = ListView.get_context_data(self, **kwargs)
kwargs.update(kwargs_article)
......@@ -415,14 +413,15 @@ class List(ListView, ArticleMixin):
new_ancestors = self.urlpath.cached_ancestors + [self.urlpath]
for child in updated_children:
child.cached_ancestors = new_ancestors
kwargs['object_list'] = kwargs[self.context_object_name] = updated_children
kwargs[self.context_object_name] = updated_children
return kwargs
@method_decorator(get_article(can_read=True))
def dispatch(self, request, article, *args, **kwargs):
return super(List, self).dispatch(request, article, *args, **kwargs)
class Plugin(View):
def dispatch(self, request, path=None, slug=None, **kwargs):
......@@ -431,6 +430,7 @@ class Plugin(View):
if getattr(plugin, 'slug', None) == slug:
return plugin.article_view(request, **kwargs)
class Settings(ArticleMixin, TemplateView):
permission_form_class = forms.PermissionsForm
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment