From 8cf80e3bfba58d0cf31645b405897d69a7a1dedd Mon Sep 17 00:00:00 2001 From: Gabriel von Heijne Date: Tue, 27 May 2014 11:47:30 +0200 Subject: [PATCH] [#584] Replace deprecated perms codenames resolver methods Django 1.6 deprecates Model._meta.get_add_permission(), .get_change_permission() and .get_delete_permission(). Instead django.contrib.auth.get_permission_codename() is provided. Replace the deprecated methods with get_permission_codename(). Remove akvo.utils.get_rsr_limited_change_permission() and replace uses of it with get_permission_codename(). --- akvo/api/resources/project.py | 10 +++-- akvo/rsr/admin.py | 70 ++++++++++++++++------------------- akvo/rsr/views.py | 12 ------ akvo/utils.py | 5 --- 4 files changed, 37 insertions(+), 60 deletions(-) diff --git a/akvo/api/resources/project.py b/akvo/api/resources/project.py index 05ee47e4d0..b19ee44e12 100644 --- a/akvo/api/resources/project.py +++ b/akvo/api/resources/project.py @@ -3,10 +3,12 @@ # Akvo RSR is covered by the GNU Affero General Public License. # See more details in the license.txt file located at the root folder of the Akvo RSR module. # For additional details on the GNU license please see < http://www.gnu.org/licenses/agpl.html >. + + from decimal import Decimal +from django.contrib.auth import get_permission_codename from django.core.exceptions import ObjectDoesNotExist - from django.forms.models import ModelForm from tastypie import fields @@ -26,7 +28,7 @@ from akvo.rsr.models import ( Project, Benchmarkname, Category, Goal, Partnership, BudgetItem, ProjectLocation, Benchmark ) -from akvo.utils import get_rsr_limited_change_permission +from akvo.utils import RSR_LIMITED_CHANGE from .resources import ConditionalFullResource, get_extra_thumbnails from .partnership import FIELD_NAME, FIELD_LONG_NAME @@ -285,9 +287,9 @@ def get_object_list(self, request): object_list = super(ProjectResource, self).get_object_list(request) if self._meta.authentication.is_authenticated(request): opts = Project._meta - if request.user.has_perm(opts.app_label + '.' + opts.get_change_permission()): + if request.user.has_perm(opts.app_label + '.' + get_permission_codename('change', opts)): return object_list - elif request.user.has_perm(opts.app_label + '.' + get_rsr_limited_change_permission(opts)): + elif request.user.has_perm(opts.app_label + '.' + get_permission_codename(RSR_LIMITED_CHANGE, opts)): object_list = object_list.published() | object_list.of_partner( request.user.get_profile().organisation ) diff --git a/akvo/rsr/admin.py b/akvo/rsr/admin.py index 63a66ca01e..5592967eca 100644 --- a/akvo/rsr/admin.py +++ b/akvo/rsr/admin.py @@ -5,6 +5,7 @@ from django.contrib import admin from django.contrib.admin import helpers, widgets from django.contrib.admin.util import unquote, flatten_fieldsets +from django.contrib.auth import get_permission_codename from django.contrib.auth.admin import GroupAdmin from django.contrib.auth.models import Group from django.contrib.contenttypes import generic @@ -28,7 +29,7 @@ from akvo.rsr.forms import PartnerSiteAdminForm from akvo.rsr.mixins import TimestampsAdminDisplayMixin -from akvo.utils import get_rsr_limited_change_permission, permissions, custom_get_or_create_country +from akvo.utils import permissions, custom_get_or_create_country, RSR_LIMITED_CHANGE NON_FIELD_ERRORS = '__all__' csrf_protect_m = method_decorator(csrf_protect) @@ -59,7 +60,7 @@ def get_actions(self, request): """ Remove delete admin action for "non certified" users""" actions = super(CountryAdmin, self).get_actions(request) opts = self.opts - if not request.user.has_perm(opts.app_label + '.' + opts.get_delete_permission()): + if not request.user.has_perm(opts.app_label + '.' + get_permission_codename('delete', opts)): del actions['delete_selected'] return actions @@ -140,7 +141,7 @@ def get_actions(self, request): """ Remove delete admin action for "non certified" users""" actions = super(OrganisationAdmin, self).get_actions(request) opts = self.opts - if not request.user.has_perm(opts.app_label + '.' + opts.get_delete_permission()): + if not request.user.has_perm(opts.app_label + '.' + get_permission_codename('delete', opts)): del actions['delete_selected'] return actions @@ -158,13 +159,13 @@ def allowed_partner_types(self, obj): def get_list_display(self, request): # see the notes fields in the change list if you have the right permissions - if request.user.has_perm(self.opts.app_label + '.' + self.opts.get_change_permission()): + if request.user.has_perm(self.opts.app_label + '.' + get_permission_codename('change', self.opts)): return list(self.list_display) + ['allowed_partner_types'] return super(OrganisationAdmin, self).get_list_display(request) def get_readonly_fields(self, request, obj=None): # parter_types is read only unless you have change permission for organisations - if not request.user.has_perm(self.opts.app_label + '.' + self.opts.get_change_permission()): + if not request.user.has_perm(self.opts.app_label + '.' + get_permission_codename('change', self.opts)): self.readonly_fields = ('partner_types', 'created_at', 'last_modified_at',) # hack to set the help text #try: @@ -188,9 +189,9 @@ def get_readonly_fields(self, request, obj=None): def queryset(self, request): qs = super(OrganisationAdmin, self).queryset(request) opts = self.opts - if request.user.has_perm(opts.app_label + '.' + opts.get_change_permission()): + if request.user.has_perm(opts.app_label + '.' + get_permission_codename('change', opts)): return qs - elif request.user.has_perm(opts.app_label + '.' + get_rsr_limited_change_permission(opts)): + elif request.user.has_perm(opts.app_label + '.' + get_permission_codename(RSR_LIMITED_CHANGE, opts)): organisation = request.user.get_profile().organisation return qs.filter(pk=organisation.id) else: @@ -203,14 +204,12 @@ def has_change_permission(self, request, obj=None): If `obj` is None, this should return True if the given request has permission to change *any* object of the given type. - - get_rsr_limited_change_permission is used for partner orgs to limit their listing and editing to - "own" projects, organisation and user profiles """ opts = self.opts - if request.user.has_perm(opts.app_label + '.' + opts.get_change_permission()): + if request.user.has_perm(opts.app_label + '.' + get_permission_codename('change', opts)): return True - if request.user.has_perm(opts.app_label + '.' + get_rsr_limited_change_permission(opts)): + # RSR Partner admins/editors: limit their listing and editing to "own" projects, organisation and user profiles + if request.user.has_perm(opts.app_label + '.' + get_permission_codename(RSR_LIMITED_CHANGE, opts)): if obj: return obj == request.user.get_profile().organisation else: @@ -677,7 +676,7 @@ def get_actions(self, request): """ Remove delete admin action for "non certified" users""" actions = super(ProjectAdmin, self).get_actions(request) opts = self.opts - if not request.user.has_perm(opts.app_label + '.' + opts.get_delete_permission()): + if not request.user.has_perm(opts.app_label + '.' + get_permission_codename('delete', opts)): del actions['delete_selected'] return actions @@ -697,9 +696,9 @@ def queryset(self, request): qs = super(ProjectAdmin, self).queryset(request) opts = self.opts user_profile = request.user.get_profile() - if request.user.has_perm(opts.app_label + '.' + opts.get_change_permission()): + if request.user.has_perm(opts.app_label + '.' + get_permission_codename('change', opts)): return qs - elif request.user.has_perm(opts.app_label + '.' + get_rsr_limited_change_permission(opts)): + elif request.user.has_perm(opts.app_label + '.' + get_permission_codename(RSR_LIMITED_CHANGE, opts)): projects = user_profile.organisation.all_projects() # Access to Partner users may be limited by Support partner "ownership" allowed_projects = [project.pk for project in projects if user_profile.allow_edit(project)] @@ -714,20 +713,17 @@ def has_change_permission(self, request, obj=None): If `obj` is None, this should return True if the given request has permission to change *any* object of the given type. - - get_rsr_limited_change_permission is used for partner orgs to limit their listing and editing to - "own" projects, organisation and user profiles """ opts = self.opts user = request.user user_profile = user.get_profile() # RSR editors/managers - if user.has_perm(opts.app_label + '.' + opts.get_change_permission()): + if user.has_perm(opts.app_label + '.' + get_permission_codename('change', opts)): return True - # RSR Partner admins/editors - if user.has_perm(opts.app_label + '.' + get_rsr_limited_change_permission(opts)): + # RSR Partner admins/editors: limit their listing and editing to "own" projects, organisation and user profiles + if user.has_perm(opts.app_label + '.' + get_permission_codename(RSR_LIMITED_CHANGE, opts)): # On the Project form if obj: return user_profile.allow_edit(obj) @@ -966,7 +962,7 @@ def get_actions(self, request): """ Remove delete admin action for "non certified" users""" actions = super(UserProfileAdmin, self).get_actions(request) opts = self.opts - if not request.user.has_perm(opts.app_label + '.' + opts.get_delete_permission()): + if not request.user.has_perm(opts.app_label + '.' + get_permission_codename('delete', opts)): del actions['delete_selected'] return actions @@ -984,9 +980,9 @@ def queryset(self, request): """ qs = super(UserProfileAdmin, self).queryset(request) opts = self.opts - if request.user.has_perm(opts.app_label + '.' + opts.get_change_permission()): + if request.user.has_perm(opts.app_label + '.' + get_permission_codename('change', opts)): return qs - elif request.user.has_perm(opts.app_label + '.' + get_rsr_limited_change_permission(opts)): + elif request.user.has_perm(opts.app_label + '.' + get_permission_codename(RSR_LIMITED_CHANGE, opts)): organisation = request.user.get_profile().organisation return qs.filter(organisation=organisation) else: @@ -999,14 +995,12 @@ def has_change_permission(self, request, obj=None): If `obj` is None, this should return True if the given request has permission to change *any* object of the given type. - - get_rsr_limited_change_permission is used for partner orgs to limit their listing and editing to - "own" projects, organisation and user profiles """ opts = self.opts - if request.user.has_perm(opts.app_label + '.' + opts.get_change_permission()): + if request.user.has_perm(opts.app_label + '.' + get_permission_codename('change', opts)): return True - if request.user.has_perm(opts.app_label + '.' + get_rsr_limited_change_permission(opts)): + # RSR Partner admins/editors: limit their listing and editing to "own" projects, organisation and user profiles + if request.user.has_perm(opts.app_label + '.' + get_permission_codename(RSR_LIMITED_CHANGE, opts)): my_org = request.user.get_profile().organisation if obj: return obj.organisation == my_org @@ -1148,7 +1142,7 @@ def get_fieldsets(self, request, obj=None): # don't show the notes field unless you have "add" permission on the PartnerSite model # (currently means an Akvo staff user (or superuser)) # note that this is somewhat fragile as it relies on adding/removing from the _first_ fieldset - if request.user.has_perm(self.opts.app_label + '.' + self.opts.get_add_permission()): + if request.user.has_perm(self.opts.app_label + '.' + get_permission_codename('add', self.opts)): self.fieldsets[0][1]['fields'] = ('organisation', 'enabled', 'notes',) else: self.fieldsets[0][1]['fields'] = ('organisation', 'enabled',) @@ -1170,7 +1164,7 @@ def get_form(self, request, obj=None, **kwargs): def get_list_display(self, request): # see the notes fields in the change list if you have the right permissions - if request.user.has_perm(self.opts.app_label + '.' + self.opts.get_add_permission()): + if request.user.has_perm(self.opts.app_label + '.' + get_permission_codename('add', self.opts)): return list(self.list_display) + ['notes'] return super(PartnerSiteAdmin, self).get_list_display(request) @@ -1178,16 +1172,16 @@ def get_actions(self, request): """ Remove delete admin action for "non certified" users""" actions = super(PartnerSiteAdmin, self).get_actions(request) opts = self.opts - if not request.user.has_perm(opts.app_label + '.' + opts.get_delete_permission()): + if not request.user.has_perm(opts.app_label + '.' + get_permission_codename('delete', opts)): del actions['delete_selected'] return actions def queryset(self, request): qs = super(PartnerSiteAdmin, self).queryset(request) opts = self.opts - if request.user.has_perm(opts.app_label + '.' + opts.get_change_permission()): + if request.user.has_perm(opts.app_label + '.' + get_permission_codename('change', opts)): return qs - elif request.user.has_perm(opts.app_label + '.' + get_rsr_limited_change_permission(opts)): + elif request.user.has_perm(opts.app_label + '.' + get_permission_codename(RSR_LIMITED_CHANGE, opts)): organisation = request.user.get_profile().organisation return qs.filter(organisation=organisation) else: @@ -1200,14 +1194,12 @@ def has_change_permission(self, request, obj=None): If `obj` is None, this should return True if the given request has permission to change *any* object of the given type. - - get_rsr_limited_change_permission is used for partner orgs to limit their listing and editing to - "own" projects, organisation, patner_site and user profiles """ opts = self.opts - if request.user.has_perm(opts.app_label + '.' + opts.get_change_permission()): + if request.user.has_perm(opts.app_label + '.' + get_permission_codename('change', opts)): return True - if request.user.has_perm(opts.app_label + '.' + get_rsr_limited_change_permission(opts)): + # RSR Partner admins/editors: limit their listing and editing to "own" projects, organisation and user profiles + if request.user.has_perm(opts.app_label + '.' + get_permission_codename(RSR_LIMITED_CHANGE, opts)): if obj: return obj.organisation == request.user.get_profile().organisation else: diff --git a/akvo/rsr/views.py b/akvo/rsr/views.py index e82c46e853..ddd9d147fa 100644 --- a/akvo/rsr/views.py +++ b/akvo/rsr/views.py @@ -18,9 +18,6 @@ from akvo.rsr.decorators import fetch_project, project_viewing_permissions from akvo.rsr.iso3166 import COUNTRY_CONTINENTS -from akvo.utils import (wordpress_get_lastest_posts, get_rsr_limited_change_permission, - get_random_from_qs, state_equals, right_now_in_akvo) - from django import forms from django import http from django.conf import settings @@ -828,18 +825,9 @@ def projectmain(request, project, draft=False, can_add_update=False): if project.benchmarks.filter(category=category).aggregate(Sum('value'))['value__sum'] ]) - # a little model meta data magic - opts = project._meta - if request.user.has_perm(opts.app_label + '.' + get_rsr_limited_change_permission(opts)): - admin_change_url = reverse('admin:rsr_project_change', args=(project.id,)), - admin_change_url = admin_change_url[0] # don't friggin ask why!!! - else: - admin_change_url = None - can_add_update = project.connected_to_user(request.user) return { - 'admin_change_url': admin_change_url, 'benchmarks': benchmarks, 'can_add_update': can_add_update, 'draft': draft, diff --git a/akvo/utils.py b/akvo/utils.py index 10578fa60c..358d391c11 100644 --- a/akvo/utils.py +++ b/akvo/utils.py @@ -136,11 +136,6 @@ def groups_from_user(user): return [group.name for group in user.groups.all()] -#Modeled on Options method get_change_permission in django/db/models/options.py -def get_rsr_limited_change_permission(obj): - return '%s_%s' % (RSR_LIMITED_CHANGE, obj.object_name.lower()) - - def rsr_image_path(instance, file_name, path_template='db/project/%s/%s'): """ Use to set ImageField upload_to attribute.