Commit 94753ae8e998c63b43db42d8921dd6c8804c59b3 - django-guardian

+17

-10

.travis.yml less more

0	0	language: python
	1	sudo: false
1	2	python:
2	3	- 2.6
3	4	- 2.7
4	5	- 3.3
	6	- 3.4
5	7
6	8	env:
7	9	- DJANGO_VERSION=1.2.7
8	10	- DJANGO_VERSION=1.3.7
9		- DJANGO_VERSION=1.4.16
10		- DJANGO_VERSION=1.5.11
11		- DJANGO_VERSION=1.6.8
	11	- DJANGO_VERSION=1.4.19
	12	- DJANGO_VERSION=1.5.12
	13	- DJANGO_VERSION=1.6.10
	14	- DJANGO_VERSION=1.7.4
	15	- DJANGO_VERSION=1.8
12	16
13	17	install:
14		- pip install -q mock==0.8 Django==$DJANGO_VERSION coverage coveralls
15		- pip install . --use-mirrors
	18	- travis_retry pip install -q mock==1.0.1 Django==$DJANGO_VERSION coverage coveralls
	19	- travis_retry pip install --use-mirrors
16	20
17	21	script:
18	22	- coverage run --source=guardian setup.py test

32	36	- python: 3.3
33	37	env: DJANGO_VERSION=1.3.7
34	38	- python: 3.3
35		env: DJANGO_VERSION=1.4.16
36		include:
37		- python: 3.3
38		env: DJANGO_VERSION=1.7.1
	39	env: DJANGO_VERSION=1.4.19
39	40	- python: 3.4
40		env: DJANGO_VERSION=1.7.1
	41	env: DJANGO_VERSION=1.2.7
	42	- python: 3.4
	43	env: DJANGO_VERSION=1.3.7
	44	- python: 3.4
	45	env: DJANGO_VERSION=1.4.19
	46	- python: 2.6
	47	- env: DJANGO_VERSION=1.7.4

+4

-0

AUTHORS less more

49	49	- Morgan Aubert <morgan.aubert@zoho.com>
50	50	- Brian May <brian@microcomaustralia.com.au>
51	51	- Troy Grosfield <troy.grosfield@gmail.com>
	52	- Michael Drescher <kaesemeister@gmail.com>
	53	- Verena Jaspersen <verena.jaspersen@gmail.com>
	54	- Bertrand Svetchine <bertrand.svetchine@gmail.com>
	55	- Frank Wickström <frank@bambuser.com>

+9

-2

CHANGES less more

0		Release DEV
1		===========
	0	Release 1.3 (Jun 3, 2015)
	1	=========================
	2
	3	* Official Django 1.8 support (thanks to multiple contributors)
	4
	5
	6	Release 1.2.5 (Dec 28, 2014)
	7	============================
2	8
3	9	* Official Django 1.7 support (thanks Troy Grosfield and Brian May)
4	10	* Allow to override ``PermissionRequiredMixin.get_permission_object``, part
5	11	of ``PermissionRequiredMixin.check_permissions`` method, responsible for
6	12	retrieving single object (Thanks zauddelig)
7	13	* French translations (Thanks Morgan Aubert)
	14	* Added support for ``User.get_all_permissions`` (thanks Michael Drescher)
8	15
9	16	Release 1.2.4 (Jul 14, 2014)
10	17	============================

+13

-1

benchmarks/run_benchmarks.py less more

33	33	)
34	34
35	35	from utils import show_settings
	36	import django
36	37	from django.contrib.auth.models import User, Group
37	38	from django.utils.termcolors import colorize
38	39	from benchmarks.models import TestModel

44	45
45	46	def random_string(length=25, chars=string.ascii_letters+string.digits):
46	47	return ''.join(random.choice(chars) for i in range(length))
	48
	49
	50	def get_model_name(model):
	51	"""
	52	Returns the name of the model
	53	"""
	54	# model._meta.module_name is deprecated in django version 1.7 and removed in django version 1.8.
	55	# It is replaced by model._meta.model_name
	56	if django.VERSION < (1, 7):
	57	return model._meta.module_name
	58	return model._meta.model_name
47	59
48	60
49	61	class Call(object):

93	105	self.objects_with_perms_count = objects_with_perms_count
94	106
95	107	self.Model = model
96		self.perm = 'auth.change_%s' % model._meta.module_name
	108	self.perm = 'auth.change_%s' % get_model_name(model)
97	109
98	110	def info(self, msg):
99	111	print(colorize(msg + '\n', fg='green'))

+3

-2

docs/userguide/assign.rst less more

35	35	('view_task', 'View task'),
36	36	)
37	37
38		After we call ``syncdb`` management command our view_task permission would be
39		added to default set of permissions.
	38	After we call ``syncdb`` (with a ``--all`` switch if you are using south)
	39	management command our view_task permission would be added to default set of
	40	permissions.
40	41
41	42	.. note::
42	43	By default, Django adds 3 permissions for each registered model:

+4

-2

example_project/settings.py less more

32	32	'django.contrib.sites',
33	33	'django.contrib.admin',
34	34	'django.contrib.messages',
35		'django.contrib.staticfiles',
36	35	'guardian',
37	36	'guardian.testapp',
38	37	'posts',

103	102
104	103	LOGIN_REDIRECT_URL = '/'
105	104
106		TEST_RUNNER = 'django.test.simple.DjangoTestSuiteRunner'
	105	if django.VERSION < (1, 8):
	106	TEST_RUNNER = 'django.test.simple.DjangoTestSuiteRunner'
	107	else:
	108	TEST_RUNNER = 'django.test.runner.DiscoverRunner'
107	109
108	110	AUTHENTICATION_BACKENDS = (
109	111	'django.contrib.auth.backends.ModelBackend',

+1

-1

guardian/__init__.py less more

2	2	"""
3	3	from __future__ import unicode_literals
4	4
5		VERSION = (1, 2, 5, 'dev')
	5	VERSION = (1, 3)
6	6
7	7	__version__ = '.'.join((str(each) for each in VERSION[:4]))
8	8

+8

-8

guardian/admin.py less more

0	0	from __future__ import unicode_literals
1	1
	2	import django
2	3	from django import forms
3	4	from django.conf import settings
4	5	from guardian.compat import url, patterns

11	12	from django.utils.datastructures import SortedDict
12	13	from django.utils.translation import ugettext, ugettext_lazy as _
13	14
14		from guardian.compat import get_user_model
	15	from guardian.compat import get_user_model, get_model_name
15	16	from guardian.forms import UserObjectPermissionsForm
16	17	from guardian.forms import GroupObjectPermissionsForm
17	18	from guardian.shortcuts import get_perms

64	65	# backward compatibility
65	66	method = getattr(
66	67	super(GuardedModelAdminMixin, self), 'get_queryset',
67		super(GuardedModelAdminMixin, self).queryset)
	68	getattr(super(GuardedModelAdminMixin, self), 'queryset', None))
68	69	qs = method(request)
69	70
70	71	if request.user.is_superuser:

84	85	# Allow queryset method as fallback for Django versions < 1.6
85	86	# for versions >= 1.6 this is taken care of by Django itself
86	87	# and triggers a warning message automatically.
87		import django
88	88	if django.VERSION < (1, 6):
89	89	queryset = get_queryset
90	90

103	103	"""
104	104	urls = super(GuardedModelAdminMixin, self).get_urls()
105	105	if self.include_object_permissions_urls:
106		info = self.model._meta.app_label, self.model._meta.module_name
	106	info = self.model._meta.app_label, get_model_name(self.model)
107	107	myurls = patterns('',
108	108	url(r'^(?P<object_pk>.+)/permissions/$',
109	109	view=self.admin_site.admin_view(self.obj_perms_manage_view),

164	164	info = (
165	165	self.admin_site.name,
166	166	self.model._meta.app_label,
167		self.model._meta.module_name
	167	get_model_name(self.model)
168	168	)
169	169	if user_form.is_valid():
170	170	user_id = user_form.cleaned_data['user'].pk

179	179	info = (
180	180	self.admin_site.name,
181	181	self.model._meta.app_label,
182		self.model._meta.module_name
	182	get_model_name(self.model)
183	183	)
184	184	if group_form.is_valid():
185	185	group_id = group_form.cleaned_data['group'].id

231	231	info = (
232	232	self.admin_site.name,
233	233	self.model._meta.app_label,
234		self.model._meta.module_name
	234	get_model_name(self.model)
235	235	)
236	236	url = reverse(
237	237	'%s:%s_%s_permissions_manage_user' % info,

284	284	info = (
285	285	self.admin_site.name,
286	286	self.model._meta.app_label,
287		self.model._meta.module_name
	287	get_model_name(self.model)
288	288	)
289	289	url = reverse(
290	290	'%s:%s_%s_permissions_manage_group' % info,

+53

-17

guardian/backends.py less more

5	5	from guardian.conf import settings
6	6	from guardian.exceptions import WrongAppError
7	7	from guardian.core import ObjectPermissionChecker
	8
	9
	10	def check_object_support(obj):
	11	"""
	12	Returns ``True`` if given ``obj`` is supported
	13	"""
	14	# Backend checks only object permissions (isinstance implies that obj
	15	# is not None)
	16	# Backend checks only permissions for Django models
	17	return isinstance(obj, models.Model)
	18
	19
	20	def check_user_support(user_obj):
	21	"""
	22	Returns a tuple of checkresult and ``user_obj`` which should be used for
	23	permission checks
	24
	25	Checks if the given user is supported. Anonymous users need explicit
	26	activation via ANONYMOUS_USER_ID
	27	"""
	28	# This is how we support anonymous users - simply try to retrieve User
	29	# instance and perform checks for that predefined user
	30	if not user_obj.is_authenticated():
	31	# If anonymous user permission is disabled then they are always unauthorized
	32	if settings.ANONYMOUS_USER_ID is None:
	33	return False, user_obj
	34	user_obj = get_user_model().objects.get(pk=settings.ANONYMOUS_USER_ID)
	35
	36	return True, user_obj
	37
	38
	39	def check_support(user_obj, obj):
	40	"""
	41	Combination of ``check_object_support`` and ``check_user_support``
	42	"""
	43	obj_support = check_object_support(obj)
	44	user_support, user_obj = check_user_support(user_obj)
	45	return obj_support and user_support, user_obj
	46
8	47
9	48	class ObjectPermissionBackend(object):
10	49	supports_object_permissions = True

33	72	If user is authenticated but inactive at the same time, all checks
34	73	always returns ``False``.
35	74	"""
36		# Backend checks only object permissions
37		if obj is None:
38		return False
39	75
40		# Backend checks only permissions for Django models
41		if not isinstance(obj, models.Model):
42		return False
43
44		# This is how we support anonymous users - simply try to retrieve User
45		# instance and perform checks for that predefined user
46		if not user_obj.is_authenticated():
47		# If anonymous user permission is disabled then they are always unauthorized
48		if settings.ANONYMOUS_USER_ID is None:
49		return False
50		user_obj = get_user_model().objects.get(pk=settings.ANONYMOUS_USER_ID)
51
52		# Do not check any further if user is not active
53		if not user_obj.is_active:
	76	# check if user_obj and object are supported
	77	support, user_obj = check_support(user_obj, obj)
	78	if not support:
54	79	return False
55	80
56	81	if '.' in perm:

62	87	check = ObjectPermissionChecker(user_obj)
63	88	return check.has_perm(perm, obj)
64	89
	90	def get_all_permissions(self, user_obj, obj=None):
	91	"""
	92	Returns a set of permission strings that the given ``user_obj`` has for ``obj``
	93	"""
	94	# check if user_obj and object are supported
	95	support, user_obj = check_support(user_obj, obj)
	96	if not support:
	97	return set()
	98
	99	check = ObjectPermissionChecker(user_obj)
	100	return check.get_perms(obj)

+17

-1

guardian/compat.py less more

0	0	from __future__ import unicode_literals
1	1
	2	import django
2	3	from django.conf import settings
3	4	from django.contrib.auth.models import Group
4	5	from django.contrib.auth.models import Permission
5	6	from django.contrib.auth.models import AnonymousUser
6		from django.utils.importlib import import_module
7	7	import six
8	8	import sys
	9
	10	try:
	11	from importlib import import_module
	12	except ImportError:
	13	from django.utils.importlib import import_module
9	14
10	15	try:
11	16	from django.conf.urls import url, patterns, include, handler404, handler500

128	133	return original_create_permissions(args, *kwargs)
129	134
130	135	__all__ = ['User', 'Group', 'Permission', 'AnonymousUser']
	136
	137
	138	def get_model_name(model):
	139	"""
	140	Returns the name of the model
	141	"""
	142	# model._meta.module_name is deprecated in django version 1.7 and removed in django version 1.8.
	143	# It is replaced by model._meta.model_name
	144	if django.VERSION < (1, 7):
	145	return model._meta.module_name
	146	return model._meta.model_name

+2

-3

guardian/management/__init__.py less more

30	30	User.objects.get(pk=guardian_settings.ANONYMOUS_USER_ID)
31	31	except User.DoesNotExist:
32	32	if django.VERSION >= (1, 5):
33		retrieve_anonymous_functon = import_string(
	33	retrieve_anonymous_function = import_string(
34	34	guardian_settings.GET_INIT_ANONYMOUS_USER)
35		user = retrieve_anonymous_functon(User)
	35	user = retrieve_anonymous_function(User)
36	36	# Always set pk to the one pointed at settings
37	37	user.pk = guardian_settings.ANONYMOUS_USER_ID
38	38	user.save()

44	44	if guardian_settings.ANONYMOUS_USER_ID is not None:
45	45	signals.post_syncdb.connect(create_anonymous_user, sender=guardian_app,
46	46	dispatch_uid="guardian.management.create_anonymous_user")
47

+46

-107

guardian/migrations/0001_initial.py less more

0		# encoding: utf-8
1		from south.db import db
2		from south.v2 import SchemaMigration
	0	# -- coding: utf-8 --
	1	from __future__ import unicode_literals
3	2
4		from guardian.compat import user_model_label
5		from guardian.compat import get_user_model
6
7		User = get_user_model()
	3	from django.db import models, migrations
	4	from django.conf import settings
8	5
9	6
10		class Migration(SchemaMigration):
	7	class Migration(migrations.Migration):
11	8
12		def forwards(self, orm):
	9	dependencies = [
	10	('contenttypes', '0001_initial'),
	11	('auth', '0001_initial'),
	12	migrations.swappable_dependency(settings.AUTH_USER_MODEL),
	13	]
13	14
14		# Adding model 'UserObjectPermission'
15		db.create_table('guardian_userobjectpermission', (
16		('id', self.gf('django.db.models.fields.AutoField')(primary_key=True)),
17		('permission', self.gf('django.db.models.fields.related.ForeignKey')(to=orm['auth.Permission'])),
18		('content_type', self.gf('django.db.models.fields.related.ForeignKey')(to=orm['contenttypes.ContentType'])),
19		('object_id', self.gf('django.db.models.fields.PositiveIntegerField')()),
20		('user', self.gf('django.db.models.fields.related.ForeignKey')(to=orm[user_model_label])),
21		))
22		db.send_create_signal('guardian', ['UserObjectPermission'])
23
24		# Adding unique constraint on 'UserObjectPermission', fields ['user', 'permission', 'content_type', 'object_id']
25		db.create_unique('guardian_userobjectpermission', ['user_id', 'permission_id', 'content_type_id', 'object_id'])
26
27		# Adding model 'GroupObjectPermission'
28		db.create_table('guardian_groupobjectpermission', (
29		('id', self.gf('django.db.models.fields.AutoField')(primary_key=True)),
30		('permission', self.gf('django.db.models.fields.related.ForeignKey')(to=orm['auth.Permission'])),
31		('content_type', self.gf('django.db.models.fields.related.ForeignKey')(to=orm['contenttypes.ContentType'])),
32		('object_id', self.gf('django.db.models.fields.PositiveIntegerField')()),
33		('group', self.gf('django.db.models.fields.related.ForeignKey')(to=orm['auth.Group'])),
34		))
35		db.send_create_signal('guardian', ['GroupObjectPermission'])
36
37		# Adding unique constraint on 'GroupObjectPermission', fields ['group', 'permission', 'content_type', 'object_id']
38		db.create_unique('guardian_groupobjectpermission', ['group_id', 'permission_id', 'content_type_id', 'object_id'])
39
40
41		def backwards(self, orm):
42
43		# Removing unique constraint on 'GroupObjectPermission', fields ['group', 'permission', 'content_type', 'object_id']
44		db.delete_unique('guardian_groupobjectpermission', ['group_id', 'permission_id', 'content_type_id', 'object_id'])
45
46		# Removing unique constraint on 'UserObjectPermission', fields ['user', 'permission', 'content_type', 'object_id']
47		db.delete_unique('guardian_userobjectpermission', ['user_id', 'permission_id', 'content_type_id', 'object_id'])
48
49		# Deleting model 'UserObjectPermission'
50		db.delete_table('guardian_userobjectpermission')
51
52		# Deleting model 'GroupObjectPermission'
53		db.delete_table('guardian_groupobjectpermission')
54
55
56		models = {
57		'auth.group': {
58		'Meta': {'object_name': 'Group'},
59		'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
60		'name': ('django.db.models.fields.CharField', [], {'unique': 'True', 'max_length': '80'}),
61		'permissions': ('django.db.models.fields.related.ManyToManyField', [], {'to': "orm['auth.Permission']", 'symmetrical': 'False', 'blank': 'True'})
62		},
63		'auth.permission': {
64		'Meta': {'ordering': "('content_type__app_label', 'content_type__model', 'codename')", 'unique_together': "(('content_type', 'codename'),)", 'object_name': 'Permission'},
65		'codename': ('django.db.models.fields.CharField', [], {'max_length': '100'}),
66		'content_type': ('django.db.models.fields.related.ForeignKey', [], {'to': "orm['contenttypes.ContentType']"}),
67		'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
68		'name': ('django.db.models.fields.CharField', [], {'max_length': '50'})
69		},
70		user_model_label: {
71		'Meta': {'object_name': user_model_label.split('.')[-1], 'db_table': "'%s'" % User._meta.db_table},
72		'date_joined': ('django.db.models.fields.DateTimeField', [], {'default': 'datetime.datetime.now'}),
73		'email': ('django.db.models.fields.EmailField', [], {'max_length': '75', 'blank': 'True'}),
74		'first_name': ('django.db.models.fields.CharField', [], {'max_length': '30', 'blank': 'True'}),
75		'groups': ('django.db.models.fields.related.ManyToManyField', [], {'to': "orm['auth.Group']", 'symmetrical': 'False', 'blank': 'True'}),
76		'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
77		'is_active': ('django.db.models.fields.BooleanField', [], {'default': 'True'}),
78		'is_staff': ('django.db.models.fields.BooleanField', [], {'default': 'False'}),
79		'is_superuser': ('django.db.models.fields.BooleanField', [], {'default': 'False'}),
80		'last_login': ('django.db.models.fields.DateTimeField', [], {'default': 'datetime.datetime.now'}),
81		'last_name': ('django.db.models.fields.CharField', [], {'max_length': '30', 'blank': 'True'}),
82		'password': ('django.db.models.fields.CharField', [], {'max_length': '128'}),
83		'user_permissions': ('django.db.models.fields.related.ManyToManyField', [], {'to': "orm['auth.Permission']", 'symmetrical': 'False', 'blank': 'True'}),
84		'username': ('django.db.models.fields.CharField', [], {'unique': 'True', 'max_length': '30'})
85		},
86		'contenttypes.contenttype': {
87		'Meta': {'ordering': "('name',)", 'unique_together': "(('app_label', 'model'),)", 'object_name': 'ContentType', 'db_table': "'django_content_type'"},
88		'app_label': ('django.db.models.fields.CharField', [], {'max_length': '100'}),
89		'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
90		'model': ('django.db.models.fields.CharField', [], {'max_length': '100'}),
91		'name': ('django.db.models.fields.CharField', [], {'max_length': '100'})
92		},
93		'guardian.groupobjectpermission': {
94		'Meta': {'unique_together': "(['group', 'permission', 'content_type', 'object_id'],)", 'object_name': 'GroupObjectPermission'},
95		'content_type': ('django.db.models.fields.related.ForeignKey', [], {'to': "orm['contenttypes.ContentType']"}),
96		'group': ('django.db.models.fields.related.ForeignKey', [], {'to': "orm['auth.Group']"}),
97		'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
98		'object_id': ('django.db.models.fields.PositiveIntegerField', [], {}),
99		'permission': ('django.db.models.fields.related.ForeignKey', [], {'to': "orm['auth.Permission']"})
100		},
101		'guardian.userobjectpermission': {
102		'Meta': {'unique_together': "(['user', 'permission', 'content_type', 'object_id'],)", 'object_name': 'UserObjectPermission'},
103		'content_type': ('django.db.models.fields.related.ForeignKey', [], {'to': "orm['contenttypes.ContentType']"}),
104		'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
105		'object_id': ('django.db.models.fields.PositiveIntegerField', [], {}),
106		'permission': ('django.db.models.fields.related.ForeignKey', [], {'to': "orm['auth.Permission']"}),
107		'user': ('django.db.models.fields.related.ForeignKey', [], {'to': "orm['%s']" % user_model_label})
108		}
109		}
110
111		complete_apps = ['guardian']
	15	operations = [
	16	migrations.CreateModel(
	17	name='GroupObjectPermission',
	18	fields=[
	19	('id', models.AutoField(primary_key=True, serialize=False, auto_created=True, verbose_name='ID')),
	20	('object_pk', models.CharField(max_length=255, verbose_name='object ID')),
	21	('content_type', models.ForeignKey(to='contenttypes.ContentType')),
	22	('group', models.ForeignKey(to='auth.Group')),
	23	('permission', models.ForeignKey(to='auth.Permission')),
	24	],
	25	options={
	26	},
	27	bases=(models.Model,),
	28	),
	29	migrations.CreateModel(
	30	name='UserObjectPermission',
	31	fields=[
	32	('id', models.AutoField(primary_key=True, serialize=False, auto_created=True, verbose_name='ID')),
	33	('object_pk', models.CharField(max_length=255, verbose_name='object ID')),
	34	('content_type', models.ForeignKey(to='contenttypes.ContentType')),
	35	('permission', models.ForeignKey(to='auth.Permission')),
	36	('user', models.ForeignKey(to=settings.AUTH_USER_MODEL)),
	37	],
	38	options={
	39	},
	40	bases=(models.Model,),
	41	),
	42	migrations.AlterUniqueTogether(
	43	name='userobjectpermission',
	44	unique_together=set([('user', 'permission', 'object_pk')]),
	45	),
	46	migrations.AlterUniqueTogether(
	47	name='groupobjectpermission',
	48	unique_together=set([('group', 'permission', 'object_pk')]),
	49	),
	50	]

+0

-85

~~guardian/migrations/0002_auto__add_field_groupobjectpermission_object_pk__add_field_userobjectp.py~~ less more

0		# encoding: utf-8
1		from south.db import db
2		from south.v2 import SchemaMigration
3
4		from guardian.compat import user_model_label
5
6
7		class Migration(SchemaMigration):
8
9		def forwards(self, orm):
10
11		# Adding field 'GroupObjectPermission.object_pk'
12		db.add_column('guardian_groupobjectpermission', 'object_pk', self.gf('django.db.models.fields.TextField')(default=''), keep_default=False)
13
14		# Adding field 'UserObjectPermission.object_pk'
15		db.add_column('guardian_userobjectpermission', 'object_pk', self.gf('django.db.models.fields.TextField')(default=''), keep_default=False)
16
17
18		def backwards(self, orm):
19
20		# Deleting field 'GroupObjectPermission.object_pk'
21		db.delete_column('guardian_groupobjectpermission', 'object_pk')
22
23		# Deleting field 'UserObjectPermission.object_pk'
24		db.delete_column('guardian_userobjectpermission', 'object_pk')
25
26
27		models = {
28		'auth.group': {
29		'Meta': {'object_name': 'Group'},
30		'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
31		'name': ('django.db.models.fields.CharField', [], {'unique': 'True', 'max_length': '80'}),
32		'permissions': ('django.db.models.fields.related.ManyToManyField', [], {'to': "orm['auth.Permission']", 'symmetrical': 'False', 'blank': 'True'})
33		},
34		'auth.permission': {
35		'Meta': {'ordering': "('content_type__app_label', 'content_type__model', 'codename')", 'unique_together': "(('content_type', 'codename'),)", 'object_name': 'Permission'},
36		'codename': ('django.db.models.fields.CharField', [], {'max_length': '100'}),
37		'content_type': ('django.db.models.fields.related.ForeignKey', [], {'to': "orm['contenttypes.ContentType']"}),
38		'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
39		'name': ('django.db.models.fields.CharField', [], {'max_length': '50'})
40		},
41		user_model_label: {
42		'Meta': {'object_name': user_model_label.split('.')[-1]},
43		'date_joined': ('django.db.models.fields.DateTimeField', [], {'default': 'datetime.datetime.now'}),
44		'email': ('django.db.models.fields.EmailField', [], {'max_length': '75', 'blank': 'True'}),
45		'first_name': ('django.db.models.fields.CharField', [], {'max_length': '30', 'blank': 'True'}),
46		'groups': ('django.db.models.fields.related.ManyToManyField', [], {'to': "orm['auth.Group']", 'symmetrical': 'False', 'blank': 'True'}),
47		'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
48		'is_active': ('django.db.models.fields.BooleanField', [], {'default': 'True'}),
49		'is_staff': ('django.db.models.fields.BooleanField', [], {'default': 'False'}),
50		'is_superuser': ('django.db.models.fields.BooleanField', [], {'default': 'False'}),
51		'last_login': ('django.db.models.fields.DateTimeField', [], {'default': 'datetime.datetime.now'}),
52		'last_name': ('django.db.models.fields.CharField', [], {'max_length': '30', 'blank': 'True'}),
53		'password': ('django.db.models.fields.CharField', [], {'max_length': '128'}),
54		'user_permissions': ('django.db.models.fields.related.ManyToManyField', [], {'to': "orm['auth.Permission']", 'symmetrical': 'False', 'blank': 'True'}),
55		'username': ('django.db.models.fields.CharField', [], {'unique': 'True', 'max_length': '30'})
56		},
57		'contenttypes.contenttype': {
58		'Meta': {'ordering': "('name',)", 'unique_together': "(('app_label', 'model'),)", 'object_name': 'ContentType', 'db_table': "'django_content_type'"},
59		'app_label': ('django.db.models.fields.CharField', [], {'max_length': '100'}),
60		'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
61		'model': ('django.db.models.fields.CharField', [], {'max_length': '100'}),
62		'name': ('django.db.models.fields.CharField', [], {'max_length': '100'})
63		},
64		'guardian.groupobjectpermission': {
65		'Meta': {'unique_together': "(['group', 'permission', 'content_type', 'object_id'],)", 'object_name': 'GroupObjectPermission'},
66		'content_type': ('django.db.models.fields.related.ForeignKey', [], {'to': "orm['contenttypes.ContentType']"}),
67		'group': ('django.db.models.fields.related.ForeignKey', [], {'to': "orm['auth.Group']"}),
68		'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
69		'object_id': ('django.db.models.fields.PositiveIntegerField', [], {}),
70		'object_pk': ('django.db.models.fields.TextField', [], {'default': "''"}),
71		'permission': ('django.db.models.fields.related.ForeignKey', [], {'to': "orm['auth.Permission']"})
72		},
73		'guardian.userobjectpermission': {
74		'Meta': {'unique_together': "(['user', 'permission', 'content_type', 'object_id'],)", 'object_name': 'UserObjectPermission'},
75		'content_type': ('django.db.models.fields.related.ForeignKey', [], {'to': "orm['contenttypes.ContentType']"}),
76		'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
77		'object_id': ('django.db.models.fields.PositiveIntegerField', [], {}),
78		'object_pk': ('django.db.models.fields.TextField', [], {'default': "''"}),
79		'permission': ('django.db.models.fields.related.ForeignKey', [], {'to': "orm['auth.Permission']"}),
80		'user': ('django.db.models.fields.related.ForeignKey', [], {'to': "orm['%s']" % user_model_label})
81		}
82		}
83
84		complete_apps = ['guardian']

+0

-86

~~guardian/migrations/0003_update_objectpermission_object_pk.py~~ less more

0		# encoding: utf-8
1		from south.v2 import DataMigration
2
3		from guardian.compat import user_model_label
4
5
6		class Migration(DataMigration):
7
8		def forwards(self, orm):
9		"""
10		Updates ``object_pk`` fields on both ``UserObjectPermission`` and
11		``GroupObjectPermission`` from ``object_id`` values.
12		"""
13		for Model in [orm.UserObjectPermission, orm.GroupObjectPermission]:
14		for obj in Model.objects.all():
15		obj.object_pk = str(obj.object_id)
16		obj.save()
17
18		def backwards(self, orm):
19		"""
20		Updates ``object_id`` fields on both ``UserObjectPermission`` and
21		``GroupObjectPermission`` from ``object_pk`` values.
22		"""
23		for Model in [orm.UserObjectPermission, orm.GroupObjectPermission]:
24		for obj in Model.objects.all():
25		obj.object_id = int(obj.object_pk)
26		obj.save()
27
28		models = {
29		'auth.group': {
30		'Meta': {'object_name': 'Group'},
31		'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
32		'name': ('django.db.models.fields.CharField', [], {'unique': 'True', 'max_length': '80'}),
33		'permissions': ('django.db.models.fields.related.ManyToManyField', [], {'to': "orm['auth.Permission']", 'symmetrical': 'False', 'blank': 'True'})
34		},
35		'auth.permission': {
36		'Meta': {'ordering': "('content_type__app_label', 'content_type__model', 'codename')", 'unique_together': "(('content_type', 'codename'),)", 'object_name': 'Permission'},
37		'codename': ('django.db.models.fields.CharField', [], {'max_length': '100'}),
38		'content_type': ('django.db.models.fields.related.ForeignKey', [], {'to': "orm['contenttypes.ContentType']"}),
39		'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
40		'name': ('django.db.models.fields.CharField', [], {'max_length': '50'})
41		},
42		user_model_label: {
43		'Meta': {'object_name': user_model_label.split('.')[-1]},
44		'date_joined': ('django.db.models.fields.DateTimeField', [], {'default': 'datetime.datetime.now'}),
45		'email': ('django.db.models.fields.EmailField', [], {'max_length': '75', 'blank': 'True'}),
46		'first_name': ('django.db.models.fields.CharField', [], {'max_length': '30', 'blank': 'True'}),
47		'groups': ('django.db.models.fields.related.ManyToManyField', [], {'to': "orm['auth.Group']", 'symmetrical': 'False', 'blank': 'True'}),
48		'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
49		'is_active': ('django.db.models.fields.BooleanField', [], {'default': 'True'}),
50		'is_staff': ('django.db.models.fields.BooleanField', [], {'default': 'False'}),
51		'is_superuser': ('django.db.models.fields.BooleanField', [], {'default': 'False'}),
52		'last_login': ('django.db.models.fields.DateTimeField', [], {'default': 'datetime.datetime.now'}),
53		'last_name': ('django.db.models.fields.CharField', [], {'max_length': '30', 'blank': 'True'}),
54		'password': ('django.db.models.fields.CharField', [], {'max_length': '128'}),
55		'user_permissions': ('django.db.models.fields.related.ManyToManyField', [], {'to': "orm['auth.Permission']", 'symmetrical': 'False', 'blank': 'True'}),
56		'username': ('django.db.models.fields.CharField', [], {'unique': 'True', 'max_length': '30'})
57		},
58		'contenttypes.contenttype': {
59		'Meta': {'ordering': "('name',)", 'unique_together': "(('app_label', 'model'),)", 'object_name': 'ContentType', 'db_table': "'django_content_type'"},
60		'app_label': ('django.db.models.fields.CharField', [], {'max_length': '100'}),
61		'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
62		'model': ('django.db.models.fields.CharField', [], {'max_length': '100'}),
63		'name': ('django.db.models.fields.CharField', [], {'max_length': '100'})
64		},
65		'guardian.groupobjectpermission': {
66		'Meta': {'unique_together': "(['group', 'permission', 'content_type', 'object_id'],)", 'object_name': 'GroupObjectPermission'},
67		'content_type': ('django.db.models.fields.related.ForeignKey', [], {'to': "orm['contenttypes.ContentType']"}),
68		'group': ('django.db.models.fields.related.ForeignKey', [], {'to': "orm['auth.Group']"}),
69		'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
70		'object_id': ('django.db.models.fields.PositiveIntegerField', [], {}),
71		'object_pk': ('django.db.models.fields.TextField', [], {'default': "''"}),
72		'permission': ('django.db.models.fields.related.ForeignKey', [], {'to': "orm['auth.Permission']"})
73		},
74		'guardian.userobjectpermission': {
75		'Meta': {'unique_together': "(['user', 'permission', 'content_type', 'object_id'],)", 'object_name': 'UserObjectPermission'},
76		'content_type': ('django.db.models.fields.related.ForeignKey', [], {'to': "orm['contenttypes.ContentType']"}),
77		'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
78		'object_id': ('django.db.models.fields.PositiveIntegerField', [], {}),
79		'object_pk': ('django.db.models.fields.TextField', [], {'default': "''"}),
80		'permission': ('django.db.models.fields.related.ForeignKey', [], {'to': "orm['auth.Permission']"}),
81		'user': ('django.db.models.fields.related.ForeignKey', [], {'to': "orm['%s']" % user_model_label})
82		}
83		}
84
85		complete_apps = ['guardian']

+0

-107

~~guardian/migrations/0004_auto__del_field_groupobjectpermission_object_id__del_unique_groupobjec.py~~ less more

0		# encoding: utf-8
1		from south.db import db
2		from south.v2 import SchemaMigration
3
4		from guardian.compat import user_model_label
5
6
7		class Migration(SchemaMigration):
8
9		def forwards(self, orm):
10
11		# Changing field 'GroupObjectPermission.object_pk'
12		db.alter_column('guardian_groupobjectpermission', 'object_pk', self.gf('django.db.models.fields.CharField')(max_length=255))
13
14		# Changing field 'UserObjectPermission.object_pk'
15		db.alter_column('guardian_userobjectpermission', 'object_pk', self.gf('django.db.models.fields.CharField')(max_length=255))
16
17		# Removing unique constraint on 'UserObjectPermission', fields ['object_id', 'user', 'content_type', 'permission']
18		db.delete_unique('guardian_userobjectpermission', ['object_id', 'user_id', 'content_type_id', 'permission_id'])
19
20		# Removing unique constraint on 'GroupObjectPermission', fields ['group', 'object_id', 'content_type', 'permission']
21		db.delete_unique('guardian_groupobjectpermission', ['group_id', 'object_id', 'content_type_id', 'permission_id'])
22
23		# Adding unique constraint on 'GroupObjectPermission', fields ['object_pk', 'group', 'content_type', 'permission']
24		db.create_unique('guardian_groupobjectpermission', ['object_pk', 'group_id', 'content_type_id', 'permission_id'])
25
26		# Adding unique constraint on 'UserObjectPermission', fields ['object_pk', 'user', 'content_type', 'permission']
27		db.create_unique('guardian_userobjectpermission', ['object_pk', 'user_id', 'content_type_id', 'permission_id'])
28
29
30		def backwards(self, orm):
31
32		# Changing field 'GroupObjectPermission.object_pk'
33		db.alter_column('guardian_groupobjectpermission', 'object_pk', self.gf('django.db.models.fields.TextField')())
34
35		# Changing field 'UserObjectPermission.object_pk'
36		db.alter_column('guardian_userobjectpermission', 'object_pk', self.gf('django.db.models.fields.TextField')())
37
38		# Removing unique constraint on 'UserObjectPermission', fields ['object_pk', 'user', 'content_type', 'permission']
39		db.delete_unique('guardian_userobjectpermission', ['object_pk', 'user_id', 'content_type_id', 'permission_id'])
40
41		# Removing unique constraint on 'GroupObjectPermission', fields ['object_pk', 'group', 'content_type', 'permission']
42		db.delete_unique('guardian_groupobjectpermission', ['object_pk', 'group_id', 'content_type_id', 'permission_id'])
43
44		# Adding unique constraint on 'GroupObjectPermission', fields ['group', 'object_id', 'content_type', 'permission']
45		db.create_unique('guardian_groupobjectpermission', ['group_id', 'object_id', 'content_type_id', 'permission_id'])
46
47		# Adding unique constraint on 'UserObjectPermission', fields ['object_id', 'user', 'content_type', 'permission']
48		db.create_unique('guardian_userobjectpermission', ['object_id', 'user_id', 'content_type_id', 'permission_id'])
49
50
51		models = {
52		'auth.group': {
53		'Meta': {'object_name': 'Group'},
54		'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
55		'name': ('django.db.models.fields.CharField', [], {'unique': 'True', 'max_length': '80'}),
56		'permissions': ('django.db.models.fields.related.ManyToManyField', [], {'to': "orm['auth.Permission']", 'symmetrical': 'False', 'blank': 'True'})
57		},
58		'auth.permission': {
59		'Meta': {'ordering': "('content_type__app_label', 'content_type__model', 'codename')", 'unique_together': "(('content_type', 'codename'),)", 'object_name': 'Permission'},
60		'codename': ('django.db.models.fields.CharField', [], {'max_length': '100'}),
61		'content_type': ('django.db.models.fields.related.ForeignKey', [], {'to': "orm['contenttypes.ContentType']"}),
62		'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
63		'name': ('django.db.models.fields.CharField', [], {'max_length': '50'})
64		},
65		user_model_label: {
66		'Meta': {'object_name': user_model_label.split('.')[-1]},
67		'date_joined': ('django.db.models.fields.DateTimeField', [], {'default': 'datetime.datetime.now'}),
68		'email': ('django.db.models.fields.EmailField', [], {'max_length': '75', 'blank': 'True'}),
69		'first_name': ('django.db.models.fields.CharField', [], {'max_length': '30', 'blank': 'True'}),
70		'groups': ('django.db.models.fields.related.ManyToManyField', [], {'to': "orm['auth.Group']", 'symmetrical': 'False', 'blank': 'True'}),
71		'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
72		'is_active': ('django.db.models.fields.BooleanField', [], {'default': 'True'}),
73		'is_staff': ('django.db.models.fields.BooleanField', [], {'default': 'False'}),
74		'is_superuser': ('django.db.models.fields.BooleanField', [], {'default': 'False'}),
75		'last_login': ('django.db.models.fields.DateTimeField', [], {'default': 'datetime.datetime.now'}),
76		'last_name': ('django.db.models.fields.CharField', [], {'max_length': '30', 'blank': 'True'}),
77		'password': ('django.db.models.fields.CharField', [], {'max_length': '128'}),
78		'user_permissions': ('django.db.models.fields.related.ManyToManyField', [], {'to': "orm['auth.Permission']", 'symmetrical': 'False', 'blank': 'True'}),
79		'username': ('django.db.models.fields.CharField', [], {'unique': 'True', 'max_length': '30'})
80		},
81		'contenttypes.contenttype': {
82		'Meta': {'ordering': "('name',)", 'unique_together': "(('app_label', 'model'),)", 'object_name': 'ContentType', 'db_table': "'django_content_type'"},
83		'app_label': ('django.db.models.fields.CharField', [], {'max_length': '100'}),
84		'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
85		'model': ('django.db.models.fields.CharField', [], {'max_length': '100'}),
86		'name': ('django.db.models.fields.CharField', [], {'max_length': '100'})
87		},
88		'guardian.groupobjectpermission': {
89		'Meta': {'unique_together': "(['group', 'permission', 'content_type', 'object_pk'],)", 'object_name': 'GroupObjectPermission'},
90		'content_type': ('django.db.models.fields.related.ForeignKey', [], {'to': "orm['contenttypes.ContentType']"}),
91		'group': ('django.db.models.fields.related.ForeignKey', [], {'to': "orm['auth.Group']"}),
92		'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
93		'object_pk': ('django.db.models.fields.CharField', [], {'max_length': '255'}),
94		'permission': ('django.db.models.fields.related.ForeignKey', [], {'to': "orm['auth.Permission']"})
95		},
96		'guardian.userobjectpermission': {
97		'Meta': {'unique_together': "(['user', 'permission', 'content_type', 'object_pk'],)", 'object_name': 'UserObjectPermission'},
98		'content_type': ('django.db.models.fields.related.ForeignKey', [], {'to': "orm['contenttypes.ContentType']"}),
99		'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
100		'object_pk': ('django.db.models.fields.CharField', [], {'max_length': '255'}),
101		'permission': ('django.db.models.fields.related.ForeignKey', [], {'to': "orm['auth.Permission']"}),
102		'user': ('django.db.models.fields.related.ForeignKey', [], {'to': "orm['%s']" % user_model_label})
103		}
104		}
105
106		complete_apps = ['guardian']

+0

-84

~~guardian/migrations/0005_auto__chg_field_groupobjectpermission_object_pk__chg_field_userobjectp.py~~ less more

0		# encoding: utf-8
1		from south.db import db
2		from south.v2 import SchemaMigration
3
4		from guardian.compat import user_model_label
5
6
7		class Migration(SchemaMigration):
8
9		def forwards(self, orm):
10
11		# Deleting field 'GroupObjectPermission.object_id'
12		db.delete_column('guardian_groupobjectpermission', 'object_id')
13
14		# Deleting field 'UserObjectPermission.object_id'
15		db.delete_column('guardian_userobjectpermission', 'object_id')
16
17
18		def backwards(self, orm):
19
20		# We cannot add back in field 'GroupObjectPermission.object_id'
21		raise RuntimeError(
22		"Cannot reverse this migration. 'GroupObjectPermission.object_id' and its values cannot be restored.")
23
24		# We cannot add back in field 'UserObjectPermission.object_id'
25		raise RuntimeError(
26		"Cannot reverse this migration. 'UserObjectPermission.object_id' and its values cannot be restored.")
27
28		models = {
29		'auth.group': {
30		'Meta': {'object_name': 'Group'},
31		'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
32		'name': ('django.db.models.fields.CharField', [], {'unique': 'True', 'max_length': '80'}),
33		'permissions': ('django.db.models.fields.related.ManyToManyField', [], {'to': "orm['auth.Permission']", 'symmetrical': 'False', 'blank': 'True'})
34		},
35		'auth.permission': {
36		'Meta': {'ordering': "('content_type__app_label', 'content_type__model', 'codename')", 'unique_together': "(('content_type', 'codename'),)", 'object_name': 'Permission'},
37		'codename': ('django.db.models.fields.CharField', [], {'max_length': '100'}),
38		'content_type': ('django.db.models.fields.related.ForeignKey', [], {'to': "orm['contenttypes.ContentType']"}),
39		'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
40		'name': ('django.db.models.fields.CharField', [], {'max_length': '50'})
41		},
42		user_model_label: {
43		'Meta': {'object_name': user_model_label.split('.')[-1]},
44		'date_joined': ('django.db.models.fields.DateTimeField', [], {'default': 'datetime.datetime.now'}),
45		'email': ('django.db.models.fields.EmailField', [], {'max_length': '75', 'blank': 'True'}),
46		'first_name': ('django.db.models.fields.CharField', [], {'max_length': '30', 'blank': 'True'}),
47		'groups': ('django.db.models.fields.related.ManyToManyField', [], {'to': "orm['auth.Group']", 'symmetrical': 'False', 'blank': 'True'}),
48		'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
49		'is_active': ('django.db.models.fields.BooleanField', [], {'default': 'True'}),
50		'is_staff': ('django.db.models.fields.BooleanField', [], {'default': 'False'}),
51		'is_superuser': ('django.db.models.fields.BooleanField', [], {'default': 'False'}),
52		'last_login': ('django.db.models.fields.DateTimeField', [], {'default': 'datetime.datetime.now'}),
53		'last_name': ('django.db.models.fields.CharField', [], {'max_length': '30', 'blank': 'True'}),
54		'password': ('django.db.models.fields.CharField', [], {'max_length': '128'}),
55		'user_permissions': ('django.db.models.fields.related.ManyToManyField', [], {'to': "orm['auth.Permission']", 'symmetrical': 'False', 'blank': 'True'}),
56		'username': ('django.db.models.fields.CharField', [], {'unique': 'True', 'max_length': '30'})
57		},
58		'contenttypes.contenttype': {
59		'Meta': {'ordering': "('name',)", 'unique_together': "(('app_label', 'model'),)", 'object_name': 'ContentType', 'db_table': "'django_content_type'"},
60		'app_label': ('django.db.models.fields.CharField', [], {'max_length': '100'}),
61		'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
62		'model': ('django.db.models.fields.CharField', [], {'max_length': '100'}),
63		'name': ('django.db.models.fields.CharField', [], {'max_length': '100'})
64		},
65		'guardian.groupobjectpermission': {
66		'Meta': {'unique_together': "(['group', 'permission', 'content_type', 'object_pk'],)", 'object_name': 'GroupObjectPermission'},
67		'content_type': ('django.db.models.fields.related.ForeignKey', [], {'to': "orm['contenttypes.ContentType']"}),
68		'group': ('django.db.models.fields.related.ForeignKey', [], {'to': "orm['auth.Group']"}),
69		'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
70		'object_pk': ('django.db.models.fields.CharField', [], {'max_length': '255'}),
71		'permission': ('django.db.models.fields.related.ForeignKey', [], {'to': "orm['auth.Permission']"})
72		},
73		'guardian.userobjectpermission': {
74		'Meta': {'unique_together': "(['user', 'permission', 'content_type', 'object_pk'],)", 'object_name': 'UserObjectPermission'},
75		'content_type': ('django.db.models.fields.related.ForeignKey', [], {'to': "orm['contenttypes.ContentType']"}),
76		'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
77		'object_pk': ('django.db.models.fields.CharField', [], {'max_length': '255'}),
78		'permission': ('django.db.models.fields.related.ForeignKey', [], {'to': "orm['auth.Permission']"}),
79		'user': ('django.db.models.fields.related.ForeignKey', [], {'to': "orm['%s']" % user_model_label})
80		}
81		}
82
83		complete_apps = ['guardian']

+6

-1

guardian/models.py less more

4	4	from django.contrib.auth.models import Group
5	5	from django.contrib.auth.models import Permission
6	6	from django.contrib.contenttypes.models import ContentType
7		from django.contrib.contenttypes.generic import GenericForeignKey
	7
	8	try:
	9	from django.contrib.contenttypes.fields import GenericForeignKey
	10	except ImportError:
	11	from django.contrib.contenttypes.generic import GenericForeignKey
	12
8	13	from django.utils.translation import ugettext_lazy as _
9	14
10	15	from guardian.compat import user_model_label

+72

-6

guardian/shortcuts.py less more

284	284
285	285
286	286	def get_objects_for_user(user, perms, klass=None, use_groups=True, any_perm=False,
287		with_superuser=True):
	287	with_superuser=True, accept_global_perms=True):
288	288	"""
289	289	Returns queryset of objects for which a given ``user`` has all
290	290	permissions present at ``perms``.

301	301	this parameter would be computed based on given ``params``.
302	302	:param use_groups: if ``False``, wouldn't check user's groups object
303	303	permissions. Default is ``True``.
304		:param any_perm: if True, any of permission in sequence is accepted
	304	:param any_perm: if True, any of permission in sequence is accepted. Default is ``False``.
305	305	:param with_superuser: if ``True`` returns the entire queryset if not it will
306		only return objects the user has explicit permissions.
	306	only return objects the user has explicit permissions. Default is ``True``.
	307	:param accept_global_perms: if ``True`` takes global permissions into account.
	308	Object based permissions are taken into account if more than one permission is handed in in perms and at least
	309	one of these perms is not globally set. If any_perm is set to false then the intersection of matching object
	310	is returned. Note, that if with_superuser is False, accept_global_perms will be ignored, which means that only
	311	object permissions will be checked! Default is ``True``.
307	312
308	313	:raises MixedContentTypeError: when computed content type for ``perms``
309	314	and/or ``klass`` clashes.

323	328	>>> get_objects_for_user(joe, 'auth.change_group')
324	329	[<Group some group>]
325	330
	331
326	332	The permission string can also be an iterable. Continuing with the previous example:
327	333
328	334	>>> get_objects_for_user(joe, ['auth.change_group', 'auth.delete_group'])

332	338	>>> assign_perm('auth.delete_group', joe, group)
333	339	>>> get_objects_for_user(joe, ['auth.change_group', 'auth.delete_group'])
334	340	[<Group some group>]
	341
	342	Take global permissions into account:
	343	>>> jack = User.objects.get(username='jack')
	344	>>> assign_perm('auth.change_group', jack) # this will set a global permission
	345	>>> get_objects_for_user(jack, 'auth.change_group')
	346	[<Group some group>]
	347	>>> group2 = Group.objects.create('other group')
	348	>>> assign_perm('auth.delete_group', jack, group2)
	349	>>> get_objects_for_user(jack, ['auth.change_group', 'auth.delete_group']) # this retrieves intersection
	350	[<Group other group>]
	351	>>> get_objects_for_user(jack, ['auth.change_group', 'auth.delete_group'], any_perm) # this retrieves union
	352	[<Group some group>, <Group other group>]
335	353
336	354	"""
337	355	if isinstance(perms, basestring):

389	407	if user.is_anonymous():
390	408	user = get_anonymous_user()
391	409
	410	global_perms = set()
	411	has_global_perms = False
	412	# a superuser has by default assigned global perms for any
	413	if accept_global_perms and with_superuser:
	414	for code in codenames:
	415	if user.has_perm(app_label + '.' + code):
	416	global_perms.add(code)
	417	for code in global_perms:
	418	codenames.remove(code)
	419	## prerequisite: there must be elements in global_perms otherwise just follow the procedure for
	420	# object based permissions only AND
	421	# 1. codenames is empty, which means that permissions are ONLY set globally, therefore return the full queryset.
	422	# OR
	423	# 2. any_perm is True, then the global permission beats the object based permission anyway,
	424	# therefore return full queryset
	425	if len(global_perms) > 0 and (len(codenames) == 0 or any_perm):
	426	return queryset
	427	# if we have global perms and still some object based perms differing from global perms and any_perm is set
	428	# to false, then we have to flag that global perms exist in order to merge object based permissions by user
	429	# and by group correctly. Scenario: global perm change_xx and object based perm delete_xx on object A for user,
	430	# and object based permission delete_xx on object B for group, to which user is assigned.
	431	# get_objects_for_user(user, [change_xx, delete_xx], use_groups=True, any_perm=False, accept_global_perms=True)
	432	# must retrieve object A and B.
	433	elif len(global_perms) > 0 and (len(codenames) > 0):
	434	has_global_perms = True
	435
	436
392	437	# Now we should extract list of pk values for which we would filter queryset
393	438	user_model = get_user_obj_perms_model(queryset.model)
394	439	user_obj_perms_queryset = (user_model.objects

412	457	fields = ['object_pk', 'permission__codename']
413	458	else:
414	459	fields = ['content_object__pk', 'permission__codename']
415		if not any_perm:
	460	if not any_perm and not has_global_perms:
416	461	user_obj_perms = user_obj_perms_queryset.values_list(*fields)
417	462	groups_obj_perms = groups_obj_perms_queryset.values_list(*fields)
418	463	data = list(user_obj_perms) + list(groups_obj_perms)

443	488	return objects
444	489
445	490
446		def get_objects_for_group(group, perms, klass=None, any_perm=False):
	491	def get_objects_for_group(group, perms, klass=None, any_perm=False, accept_global_perms=True):
447	492	"""
448	493	Returns queryset of objects for which a given ``group`` has all
449	494	permissions present at ``perms``.

458	503	:param klass: may be a Model, Manager or QuerySet object. If not given
459	504	this parameter would be computed based on given ``params``.
460	505	:param any_perm: if True, any of permission in sequence is accepted
	506	:param accept_global_perms: if ``True`` takes global permissions into account.
	507	If any_perm is set to false then the intersection of matching objects based on global and object based permissions
	508	is returned. Default is ``True``.
461	509
462	510	:raises MixedContentTypeError: when computed content type for ``perms``
463	511	and/or ``klass`` clashes.

486	534	[]
487	535	>>> assign_perm('tasker.delete_task', group, task)
488	536	>>> get_objects_for_group(group, ['tasker.add_task', 'tasker.delete_task'])
	537	[<Task some task>]
	538
	539	Global permissions assigned to the group are also taken into account. Continuing with previous example:
	540	>>> task_other = Task.objects.create('other task')
	541	>>> assign_perm('tasker.change_task', group)
	542	>>> get_objects_for_group(group, ['tasker.change_task'])
	543	[<Task some task>, <Task other task>]
	544	>>> get_objects_for_group(group, ['tasker.change_task'], accept_global_perms=False)
489	545	[<Task some task>]
490	546
491	547	"""

534	590	# match which means: ctype.model_class() == queryset.model
535	591	# we should also have ``codenames`` list
536	592
	593	global_perms = set()
	594	if accept_global_perms:
	595	global_perm_set = group.permissions.values_list('codename', flat=True)
	596	for code in codenames:
	597	if code in global_perm_set:
	598	global_perms.add(code)
	599	for code in global_perms:
	600	codenames.remove(code)
	601	if len(global_perms) > 0 and (len(codenames) == 0 or any_perm):
	602	return queryset
	603
537	604	# Now we should extract list of pk values for which we would filter queryset
538	605	group_model = get_group_obj_perms_model(queryset.model)
539	606	groups_obj_perms_queryset = (group_model.objects

554	621	obj_codenames = set((e[1] for e in group))
555	622	if any_perm or codenames.issubset(obj_codenames):
556	623	pk_list.append(pk)
557
558	624	objects = queryset.filter(pk__in=pk_list)
559	625	return objects

+112

-0

guardian/south_migrations/0001_initial.py less more

	0	# encoding: utf-8
	1	from south.db import db
	2	from south.v2 import SchemaMigration
	3
	4	from guardian.compat import user_model_label
	5	from guardian.compat import get_user_model
	6
	7	User = get_user_model()
	8
	9
	10	class Migration(SchemaMigration):
	11
	12	def forwards(self, orm):
	13
	14	# Adding model 'UserObjectPermission'
	15	db.create_table('guardian_userobjectpermission', (
	16	('id', self.gf('django.db.models.fields.AutoField')(primary_key=True)),
	17	('permission', self.gf('django.db.models.fields.related.ForeignKey')(to=orm['auth.Permission'])),
	18	('content_type', self.gf('django.db.models.fields.related.ForeignKey')(to=orm['contenttypes.ContentType'])),
	19	('object_id', self.gf('django.db.models.fields.PositiveIntegerField')()),
	20	('user', self.gf('django.db.models.fields.related.ForeignKey')(to=orm[user_model_label])),
	21	))
	22	db.send_create_signal('guardian', ['UserObjectPermission'])
	23
	24	# Adding unique constraint on 'UserObjectPermission', fields ['user', 'permission', 'content_type', 'object_id']
	25	db.create_unique('guardian_userobjectpermission', ['user_id', 'permission_id', 'content_type_id', 'object_id'])
	26
	27	# Adding model 'GroupObjectPermission'
	28	db.create_table('guardian_groupobjectpermission', (
	29	('id', self.gf('django.db.models.fields.AutoField')(primary_key=True)),
	30	('permission', self.gf('django.db.models.fields.related.ForeignKey')(to=orm['auth.Permission'])),
	31	('content_type', self.gf('django.db.models.fields.related.ForeignKey')(to=orm['contenttypes.ContentType'])),
	32	('object_id', self.gf('django.db.models.fields.PositiveIntegerField')()),
	33	('group', self.gf('django.db.models.fields.related.ForeignKey')(to=orm['auth.Group'])),
	34	))
	35	db.send_create_signal('guardian', ['GroupObjectPermission'])
	36
	37	# Adding unique constraint on 'GroupObjectPermission', fields ['group', 'permission', 'content_type', 'object_id']
	38	db.create_unique('guardian_groupobjectpermission', ['group_id', 'permission_id', 'content_type_id', 'object_id'])
	39
	40
	41	def backwards(self, orm):
	42
	43	# Removing unique constraint on 'GroupObjectPermission', fields ['group', 'permission', 'content_type', 'object_id']
	44	db.delete_unique('guardian_groupobjectpermission', ['group_id', 'permission_id', 'content_type_id', 'object_id'])
	45
	46	# Removing unique constraint on 'UserObjectPermission', fields ['user', 'permission', 'content_type', 'object_id']
	47	db.delete_unique('guardian_userobjectpermission', ['user_id', 'permission_id', 'content_type_id', 'object_id'])
	48
	49	# Deleting model 'UserObjectPermission'
	50	db.delete_table('guardian_userobjectpermission')
	51
	52	# Deleting model 'GroupObjectPermission'
	53	db.delete_table('guardian_groupobjectpermission')
	54
	55
	56	models = {
	57	'auth.group': {
	58	'Meta': {'object_name': 'Group'},
	59	'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
	60	'name': ('django.db.models.fields.CharField', [], {'unique': 'True', 'max_length': '80'}),
	61	'permissions': ('django.db.models.fields.related.ManyToManyField', [], {'to': "orm['auth.Permission']", 'symmetrical': 'False', 'blank': 'True'})
	62	},
	63	'auth.permission': {
	64	'Meta': {'ordering': "('content_type__app_label', 'content_type__model', 'codename')", 'unique_together': "(('content_type', 'codename'),)", 'object_name': 'Permission'},
	65	'codename': ('django.db.models.fields.CharField', [], {'max_length': '100'}),
	66	'content_type': ('django.db.models.fields.related.ForeignKey', [], {'to': "orm['contenttypes.ContentType']"}),
	67	'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
	68	'name': ('django.db.models.fields.CharField', [], {'max_length': '50'})
	69	},
	70	user_model_label: {
	71	'Meta': {'object_name': user_model_label.split('.')[-1], 'db_table': "'%s'" % User._meta.db_table},
	72	'date_joined': ('django.db.models.fields.DateTimeField', [], {'default': 'datetime.datetime.now'}),
	73	'email': ('django.db.models.fields.EmailField', [], {'max_length': '75', 'blank': 'True'}),
	74	'first_name': ('django.db.models.fields.CharField', [], {'max_length': '30', 'blank': 'True'}),
	75	'groups': ('django.db.models.fields.related.ManyToManyField', [], {'to': "orm['auth.Group']", 'symmetrical': 'False', 'blank': 'True'}),
	76	'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
	77	'is_active': ('django.db.models.fields.BooleanField', [], {'default': 'True'}),
	78	'is_staff': ('django.db.models.fields.BooleanField', [], {'default': 'False'}),
	79	'is_superuser': ('django.db.models.fields.BooleanField', [], {'default': 'False'}),
	80	'last_login': ('django.db.models.fields.DateTimeField', [], {'default': 'datetime.datetime.now'}),
	81	'last_name': ('django.db.models.fields.CharField', [], {'max_length': '30', 'blank': 'True'}),
	82	'password': ('django.db.models.fields.CharField', [], {'max_length': '128'}),
	83	'user_permissions': ('django.db.models.fields.related.ManyToManyField', [], {'to': "orm['auth.Permission']", 'symmetrical': 'False', 'blank': 'True'}),
	84	'username': ('django.db.models.fields.CharField', [], {'unique': 'True', 'max_length': '30'})
	85	},
	86	'contenttypes.contenttype': {
	87	'Meta': {'ordering': "('name',)", 'unique_together': "(('app_label', 'model'),)", 'object_name': 'ContentType', 'db_table': "'django_content_type'"},
	88	'app_label': ('django.db.models.fields.CharField', [], {'max_length': '100'}),
	89	'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
	90	'model': ('django.db.models.fields.CharField', [], {'max_length': '100'}),
	91	'name': ('django.db.models.fields.CharField', [], {'max_length': '100'})
	92	},
	93	'guardian.groupobjectpermission': {
	94	'Meta': {'unique_together': "(['group', 'permission', 'content_type', 'object_id'],)", 'object_name': 'GroupObjectPermission'},
	95	'content_type': ('django.db.models.fields.related.ForeignKey', [], {'to': "orm['contenttypes.ContentType']"}),
	96	'group': ('django.db.models.fields.related.ForeignKey', [], {'to': "orm['auth.Group']"}),
	97	'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
	98	'object_id': ('django.db.models.fields.PositiveIntegerField', [], {}),
	99	'permission': ('django.db.models.fields.related.ForeignKey', [], {'to': "orm['auth.Permission']"})
	100	},
	101	'guardian.userobjectpermission': {
	102	'Meta': {'unique_together': "(['user', 'permission', 'content_type', 'object_id'],)", 'object_name': 'UserObjectPermission'},
	103	'content_type': ('django.db.models.fields.related.ForeignKey', [], {'to': "orm['contenttypes.ContentType']"}),
	104	'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
	105	'object_id': ('django.db.models.fields.PositiveIntegerField', [], {}),
	106	'permission': ('django.db.models.fields.related.ForeignKey', [], {'to': "orm['auth.Permission']"}),
	107	'user': ('django.db.models.fields.related.ForeignKey', [], {'to': "orm['%s']" % user_model_label})
	108	}
	109	}
	110
	111	complete_apps = ['guardian']

+85

-0

guardian/south_migrations/0002_auto__add_field_groupobjectpermission_object_pk__add_field_userobjectp.py less more

	0	# encoding: utf-8
	1	from south.db import db
	2	from south.v2 import SchemaMigration
	3
	4	from guardian.compat import user_model_label
	5
	6
	7	class Migration(SchemaMigration):
	8
	9	def forwards(self, orm):
	10
	11	# Adding field 'GroupObjectPermission.object_pk'
	12	db.add_column('guardian_groupobjectpermission', 'object_pk', self.gf('django.db.models.fields.TextField')(default=''), keep_default=False)
	13
	14	# Adding field 'UserObjectPermission.object_pk'
	15	db.add_column('guardian_userobjectpermission', 'object_pk', self.gf('django.db.models.fields.TextField')(default=''), keep_default=False)
	16
	17
	18	def backwards(self, orm):
	19
	20	# Deleting field 'GroupObjectPermission.object_pk'
	21	db.delete_column('guardian_groupobjectpermission', 'object_pk')
	22
	23	# Deleting field 'UserObjectPermission.object_pk'
	24	db.delete_column('guardian_userobjectpermission', 'object_pk')
	25
	26
	27	models = {
	28	'auth.group': {
	29	'Meta': {'object_name': 'Group'},
	30	'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
	31	'name': ('django.db.models.fields.CharField', [], {'unique': 'True', 'max_length': '80'}),
	32	'permissions': ('django.db.models.fields.related.ManyToManyField', [], {'to': "orm['auth.Permission']", 'symmetrical': 'False', 'blank': 'True'})
	33	},
	34	'auth.permission': {
	35	'Meta': {'ordering': "('content_type__app_label', 'content_type__model', 'codename')", 'unique_together': "(('content_type', 'codename'),)", 'object_name': 'Permission'},
	36	'codename': ('django.db.models.fields.CharField', [], {'max_length': '100'}),
	37	'content_type': ('django.db.models.fields.related.ForeignKey', [], {'to': "orm['contenttypes.ContentType']"}),
	38	'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
	39	'name': ('django.db.models.fields.CharField', [], {'max_length': '50'})
	40	},
	41	user_model_label: {
	42	'Meta': {'object_name': user_model_label.split('.')[-1]},
	43	'date_joined': ('django.db.models.fields.DateTimeField', [], {'default': 'datetime.datetime.now'}),
	44	'email': ('django.db.models.fields.EmailField', [], {'max_length': '75', 'blank': 'True'}),
	45	'first_name': ('django.db.models.fields.CharField', [], {'max_length': '30', 'blank': 'True'}),
	46	'groups': ('django.db.models.fields.related.ManyToManyField', [], {'to': "orm['auth.Group']", 'symmetrical': 'False', 'blank': 'True'}),
	47	'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
	48	'is_active': ('django.db.models.fields.BooleanField', [], {'default': 'True'}),
	49	'is_staff': ('django.db.models.fields.BooleanField', [], {'default': 'False'}),
	50	'is_superuser': ('django.db.models.fields.BooleanField', [], {'default': 'False'}),
	51	'last_login': ('django.db.models.fields.DateTimeField', [], {'default': 'datetime.datetime.now'}),
	52	'last_name': ('django.db.models.fields.CharField', [], {'max_length': '30', 'blank': 'True'}),
	53	'password': ('django.db.models.fields.CharField', [], {'max_length': '128'}),
	54	'user_permissions': ('django.db.models.fields.related.ManyToManyField', [], {'to': "orm['auth.Permission']", 'symmetrical': 'False', 'blank': 'True'}),
	55	'username': ('django.db.models.fields.CharField', [], {'unique': 'True', 'max_length': '30'})
	56	},
	57	'contenttypes.contenttype': {
	58	'Meta': {'ordering': "('name',)", 'unique_together': "(('app_label', 'model'),)", 'object_name': 'ContentType', 'db_table': "'django_content_type'"},
	59	'app_label': ('django.db.models.fields.CharField', [], {'max_length': '100'}),
	60	'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
	61	'model': ('django.db.models.fields.CharField', [], {'max_length': '100'}),
	62	'name': ('django.db.models.fields.CharField', [], {'max_length': '100'})
	63	},
	64	'guardian.groupobjectpermission': {
	65	'Meta': {'unique_together': "(['group', 'permission', 'content_type', 'object_id'],)", 'object_name': 'GroupObjectPermission'},
	66	'content_type': ('django.db.models.fields.related.ForeignKey', [], {'to': "orm['contenttypes.ContentType']"}),
	67	'group': ('django.db.models.fields.related.ForeignKey', [], {'to': "orm['auth.Group']"}),
	68	'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
	69	'object_id': ('django.db.models.fields.PositiveIntegerField', [], {}),
	70	'object_pk': ('django.db.models.fields.TextField', [], {'default': "''"}),
	71	'permission': ('django.db.models.fields.related.ForeignKey', [], {'to': "orm['auth.Permission']"})
	72	},
	73	'guardian.userobjectpermission': {
	74	'Meta': {'unique_together': "(['user', 'permission', 'content_type', 'object_id'],)", 'object_name': 'UserObjectPermission'},
	75	'content_type': ('django.db.models.fields.related.ForeignKey', [], {'to': "orm['contenttypes.ContentType']"}),
	76	'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
	77	'object_id': ('django.db.models.fields.PositiveIntegerField', [], {}),
	78	'object_pk': ('django.db.models.fields.TextField', [], {'default': "''"}),
	79	'permission': ('django.db.models.fields.related.ForeignKey', [], {'to': "orm['auth.Permission']"}),
	80	'user': ('django.db.models.fields.related.ForeignKey', [], {'to': "orm['%s']" % user_model_label})
	81	}
	82	}
	83
	84	complete_apps = ['guardian']

+86

-0

guardian/south_migrations/0003_update_objectpermission_object_pk.py less more

	0	# encoding: utf-8
	1	from south.v2 import DataMigration
	2
	3	from guardian.compat import user_model_label
	4
	5
	6	class Migration(DataMigration):
	7
	8	def forwards(self, orm):
	9	"""
	10	Updates ``object_pk`` fields on both ``UserObjectPermission`` and
	11	``GroupObjectPermission`` from ``object_id`` values.
	12	"""
	13	for Model in [orm.UserObjectPermission, orm.GroupObjectPermission]:
	14	for obj in Model.objects.all():
	15	obj.object_pk = str(obj.object_id)
	16	obj.save()
	17
	18	def backwards(self, orm):
	19	"""
	20	Updates ``object_id`` fields on both ``UserObjectPermission`` and
	21	``GroupObjectPermission`` from ``object_pk`` values.
	22	"""
	23	for Model in [orm.UserObjectPermission, orm.GroupObjectPermission]:
	24	for obj in Model.objects.all():
	25	obj.object_id = int(obj.object_pk)
	26	obj.save()
	27
	28	models = {
	29	'auth.group': {
	30	'Meta': {'object_name': 'Group'},
	31	'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
	32	'name': ('django.db.models.fields.CharField', [], {'unique': 'True', 'max_length': '80'}),
	33	'permissions': ('django.db.models.fields.related.ManyToManyField', [], {'to': "orm['auth.Permission']", 'symmetrical': 'False', 'blank': 'True'})
	34	},
	35	'auth.permission': {
	36	'Meta': {'ordering': "('content_type__app_label', 'content_type__model', 'codename')", 'unique_together': "(('content_type', 'codename'),)", 'object_name': 'Permission'},
	37	'codename': ('django.db.models.fields.CharField', [], {'max_length': '100'}),
	38	'content_type': ('django.db.models.fields.related.ForeignKey', [], {'to': "orm['contenttypes.ContentType']"}),
	39	'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
	40	'name': ('django.db.models.fields.CharField', [], {'max_length': '50'})
	41	},
	42	user_model_label: {
	43	'Meta': {'object_name': user_model_label.split('.')[-1]},
	44	'date_joined': ('django.db.models.fields.DateTimeField', [], {'default': 'datetime.datetime.now'}),
	45	'email': ('django.db.models.fields.EmailField', [], {'max_length': '75', 'blank': 'True'}),
	46	'first_name': ('django.db.models.fields.CharField', [], {'max_length': '30', 'blank': 'True'}),
	47	'groups': ('django.db.models.fields.related.ManyToManyField', [], {'to': "orm['auth.Group']", 'symmetrical': 'False', 'blank': 'True'}),
	48	'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
	49	'is_active': ('django.db.models.fields.BooleanField', [], {'default': 'True'}),
	50	'is_staff': ('django.db.models.fields.BooleanField', [], {'default': 'False'}),
	51	'is_superuser': ('django.db.models.fields.BooleanField', [], {'default': 'False'}),
	52	'last_login': ('django.db.models.fields.DateTimeField', [], {'default': 'datetime.datetime.now'}),
	53	'last_name': ('django.db.models.fields.CharField', [], {'max_length': '30', 'blank': 'True'}),
	54	'password': ('django.db.models.fields.CharField', [], {'max_length': '128'}),
	55	'user_permissions': ('django.db.models.fields.related.ManyToManyField', [], {'to': "orm['auth.Permission']", 'symmetrical': 'False', 'blank': 'True'}),
	56	'username': ('django.db.models.fields.CharField', [], {'unique': 'True', 'max_length': '30'})
	57	},
	58	'contenttypes.contenttype': {
	59	'Meta': {'ordering': "('name',)", 'unique_together': "(('app_label', 'model'),)", 'object_name': 'ContentType', 'db_table': "'django_content_type'"},
	60	'app_label': ('django.db.models.fields.CharField', [], {'max_length': '100'}),
	61	'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
	62	'model': ('django.db.models.fields.CharField', [], {'max_length': '100'}),
	63	'name': ('django.db.models.fields.CharField', [], {'max_length': '100'})
	64	},
	65	'guardian.groupobjectpermission': {
	66	'Meta': {'unique_together': "(['group', 'permission', 'content_type', 'object_id'],)", 'object_name': 'GroupObjectPermission'},
	67	'content_type': ('django.db.models.fields.related.ForeignKey', [], {'to': "orm['contenttypes.ContentType']"}),
	68	'group': ('django.db.models.fields.related.ForeignKey', [], {'to': "orm['auth.Group']"}),
	69	'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
	70	'object_id': ('django.db.models.fields.PositiveIntegerField', [], {}),
	71	'object_pk': ('django.db.models.fields.TextField', [], {'default': "''"}),
	72	'permission': ('django.db.models.fields.related.ForeignKey', [], {'to': "orm['auth.Permission']"})
	73	},
	74	'guardian.userobjectpermission': {
	75	'Meta': {'unique_together': "(['user', 'permission', 'content_type', 'object_id'],)", 'object_name': 'UserObjectPermission'},
	76	'content_type': ('django.db.models.fields.related.ForeignKey', [], {'to': "orm['contenttypes.ContentType']"}),
	77	'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
	78	'object_id': ('django.db.models.fields.PositiveIntegerField', [], {}),
	79	'object_pk': ('django.db.models.fields.TextField', [], {'default': "''"}),
	80	'permission': ('django.db.models.fields.related.ForeignKey', [], {'to': "orm['auth.Permission']"}),
	81	'user': ('django.db.models.fields.related.ForeignKey', [], {'to': "orm['%s']" % user_model_label})
	82	}
	83	}
	84
	85	complete_apps = ['guardian']

+107

-0

guardian/south_migrations/0004_auto__del_field_groupobjectpermission_object_id__del_unique_groupobjec.py less more

	0	# encoding: utf-8
	1	from south.db import db
	2	from south.v2 import SchemaMigration
	3
	4	from guardian.compat import user_model_label
	5
	6
	7	class Migration(SchemaMigration):
	8
	9	def forwards(self, orm):
	10
	11	# Changing field 'GroupObjectPermission.object_pk'
	12	db.alter_column('guardian_groupobjectpermission', 'object_pk', self.gf('django.db.models.fields.CharField')(max_length=255))
	13
	14	# Changing field 'UserObjectPermission.object_pk'
	15	db.alter_column('guardian_userobjectpermission', 'object_pk', self.gf('django.db.models.fields.CharField')(max_length=255))
	16
	17	# Removing unique constraint on 'UserObjectPermission', fields ['object_id', 'user', 'content_type', 'permission']
	18	db.delete_unique('guardian_userobjectpermission', ['object_id', 'user_id', 'content_type_id', 'permission_id'])
	19
	20	# Removing unique constraint on 'GroupObjectPermission', fields ['group', 'object_id', 'content_type', 'permission']
	21	db.delete_unique('guardian_groupobjectpermission', ['group_id', 'object_id', 'content_type_id', 'permission_id'])
	22
	23	# Adding unique constraint on 'GroupObjectPermission', fields ['object_pk', 'group', 'content_type', 'permission']
	24	db.create_unique('guardian_groupobjectpermission', ['object_pk', 'group_id', 'content_type_id', 'permission_id'])
	25
	26	# Adding unique constraint on 'UserObjectPermission', fields ['object_pk', 'user', 'content_type', 'permission']
	27	db.create_unique('guardian_userobjectpermission', ['object_pk', 'user_id', 'content_type_id', 'permission_id'])
	28
	29
	30	def backwards(self, orm):
	31
	32	# Changing field 'GroupObjectPermission.object_pk'
	33	db.alter_column('guardian_groupobjectpermission', 'object_pk', self.gf('django.db.models.fields.TextField')())
	34
	35	# Changing field 'UserObjectPermission.object_pk'
	36	db.alter_column('guardian_userobjectpermission', 'object_pk', self.gf('django.db.models.fields.TextField')())
	37
	38	# Removing unique constraint on 'UserObjectPermission', fields ['object_pk', 'user', 'content_type', 'permission']
	39	db.delete_unique('guardian_userobjectpermission', ['object_pk', 'user_id', 'content_type_id', 'permission_id'])
	40
	41	# Removing unique constraint on 'GroupObjectPermission', fields ['object_pk', 'group', 'content_type', 'permission']
	42	db.delete_unique('guardian_groupobjectpermission', ['object_pk', 'group_id', 'content_type_id', 'permission_id'])
	43
	44	# Adding unique constraint on 'GroupObjectPermission', fields ['group', 'object_id', 'content_type', 'permission']
	45	db.create_unique('guardian_groupobjectpermission', ['group_id', 'object_id', 'content_type_id', 'permission_id'])
	46
	47	# Adding unique constraint on 'UserObjectPermission', fields ['object_id', 'user', 'content_type', 'permission']
	48	db.create_unique('guardian_userobjectpermission', ['object_id', 'user_id', 'content_type_id', 'permission_id'])
	49
	50
	51	models = {
	52	'auth.group': {
	53	'Meta': {'object_name': 'Group'},
	54	'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
	55	'name': ('django.db.models.fields.CharField', [], {'unique': 'True', 'max_length': '80'}),
	56	'permissions': ('django.db.models.fields.related.ManyToManyField', [], {'to': "orm['auth.Permission']", 'symmetrical': 'False', 'blank': 'True'})
	57	},
	58	'auth.permission': {
	59	'Meta': {'ordering': "('content_type__app_label', 'content_type__model', 'codename')", 'unique_together': "(('content_type', 'codename'),)", 'object_name': 'Permission'},
	60	'codename': ('django.db.models.fields.CharField', [], {'max_length': '100'}),
	61	'content_type': ('django.db.models.fields.related.ForeignKey', [], {'to': "orm['contenttypes.ContentType']"}),
	62	'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
	63	'name': ('django.db.models.fields.CharField', [], {'max_length': '50'})
	64	},
	65	user_model_label: {
	66	'Meta': {'object_name': user_model_label.split('.')[-1]},
	67	'date_joined': ('django.db.models.fields.DateTimeField', [], {'default': 'datetime.datetime.now'}),
	68	'email': ('django.db.models.fields.EmailField', [], {'max_length': '75', 'blank': 'True'}),
	69	'first_name': ('django.db.models.fields.CharField', [], {'max_length': '30', 'blank': 'True'}),
	70	'groups': ('django.db.models.fields.related.ManyToManyField', [], {'to': "orm['auth.Group']", 'symmetrical': 'False', 'blank': 'True'}),
	71	'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
	72	'is_active': ('django.db.models.fields.BooleanField', [], {'default': 'True'}),
	73	'is_staff': ('django.db.models.fields.BooleanField', [], {'default': 'False'}),
	74	'is_superuser': ('django.db.models.fields.BooleanField', [], {'default': 'False'}),
	75	'last_login': ('django.db.models.fields.DateTimeField', [], {'default': 'datetime.datetime.now'}),
	76	'last_name': ('django.db.models.fields.CharField', [], {'max_length': '30', 'blank': 'True'}),
	77	'password': ('django.db.models.fields.CharField', [], {'max_length': '128'}),
	78	'user_permissions': ('django.db.models.fields.related.ManyToManyField', [], {'to': "orm['auth.Permission']", 'symmetrical': 'False', 'blank': 'True'}),
	79	'username': ('django.db.models.fields.CharField', [], {'unique': 'True', 'max_length': '30'})
	80	},
	81	'contenttypes.contenttype': {
	82	'Meta': {'ordering': "('name',)", 'unique_together': "(('app_label', 'model'),)", 'object_name': 'ContentType', 'db_table': "'django_content_type'"},
	83	'app_label': ('django.db.models.fields.CharField', [], {'max_length': '100'}),
	84	'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
	85	'model': ('django.db.models.fields.CharField', [], {'max_length': '100'}),
	86	'name': ('django.db.models.fields.CharField', [], {'max_length': '100'})
	87	},
	88	'guardian.groupobjectpermission': {
	89	'Meta': {'unique_together': "(['group', 'permission', 'content_type', 'object_pk'],)", 'object_name': 'GroupObjectPermission'},
	90	'content_type': ('django.db.models.fields.related.ForeignKey', [], {'to': "orm['contenttypes.ContentType']"}),
	91	'group': ('django.db.models.fields.related.ForeignKey', [], {'to': "orm['auth.Group']"}),
	92	'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
	93	'object_pk': ('django.db.models.fields.CharField', [], {'max_length': '255'}),
	94	'permission': ('django.db.models.fields.related.ForeignKey', [], {'to': "orm['auth.Permission']"})
	95	},
	96	'guardian.userobjectpermission': {
	97	'Meta': {'unique_together': "(['user', 'permission', 'content_type', 'object_pk'],)", 'object_name': 'UserObjectPermission'},
	98	'content_type': ('django.db.models.fields.related.ForeignKey', [], {'to': "orm['contenttypes.ContentType']"}),
	99	'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
	100	'object_pk': ('django.db.models.fields.CharField', [], {'max_length': '255'}),
	101	'permission': ('django.db.models.fields.related.ForeignKey', [], {'to': "orm['auth.Permission']"}),
	102	'user': ('django.db.models.fields.related.ForeignKey', [], {'to': "orm['%s']" % user_model_label})
	103	}
	104	}
	105
	106	complete_apps = ['guardian']

+84

-0

guardian/south_migrations/0005_auto__chg_field_groupobjectpermission_object_pk__chg_field_userobjectp.py less more

	0	# encoding: utf-8
	1	from south.db import db
	2	from south.v2 import SchemaMigration
	3
	4	from guardian.compat import user_model_label
	5
	6
	7	class Migration(SchemaMigration):
	8
	9	def forwards(self, orm):
	10
	11	# Deleting field 'GroupObjectPermission.object_id'
	12	db.delete_column('guardian_groupobjectpermission', 'object_id')
	13
	14	# Deleting field 'UserObjectPermission.object_id'
	15	db.delete_column('guardian_userobjectpermission', 'object_id')
	16
	17
	18	def backwards(self, orm):
	19
	20	# We cannot add back in field 'GroupObjectPermission.object_id'
	21	raise RuntimeError(
	22	"Cannot reverse this migration. 'GroupObjectPermission.object_id' and its values cannot be restored.")
	23
	24	# We cannot add back in field 'UserObjectPermission.object_id'
	25	raise RuntimeError(
	26	"Cannot reverse this migration. 'UserObjectPermission.object_id' and its values cannot be restored.")
	27
	28	models = {
	29	'auth.group': {
	30	'Meta': {'object_name': 'Group'},
	31	'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
	32	'name': ('django.db.models.fields.CharField', [], {'unique': 'True', 'max_length': '80'}),
	33	'permissions': ('django.db.models.fields.related.ManyToManyField', [], {'to': "orm['auth.Permission']", 'symmetrical': 'False', 'blank': 'True'})
	34	},
	35	'auth.permission': {
	36	'Meta': {'ordering': "('content_type__app_label', 'content_type__model', 'codename')", 'unique_together': "(('content_type', 'codename'),)", 'object_name': 'Permission'},
	37	'codename': ('django.db.models.fields.CharField', [], {'max_length': '100'}),
	38	'content_type': ('django.db.models.fields.related.ForeignKey', [], {'to': "orm['contenttypes.ContentType']"}),
	39	'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
	40	'name': ('django.db.models.fields.CharField', [], {'max_length': '50'})
	41	},
	42	user_model_label: {
	43	'Meta': {'object_name': user_model_label.split('.')[-1]},
	44	'date_joined': ('django.db.models.fields.DateTimeField', [], {'default': 'datetime.datetime.now'}),
	45	'email': ('django.db.models.fields.EmailField', [], {'max_length': '75', 'blank': 'True'}),
	46	'first_name': ('django.db.models.fields.CharField', [], {'max_length': '30', 'blank': 'True'}),
	47	'groups': ('django.db.models.fields.related.ManyToManyField', [], {'to': "orm['auth.Group']", 'symmetrical': 'False', 'blank': 'True'}),
	48	'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
	49	'is_active': ('django.db.models.fields.BooleanField', [], {'default': 'True'}),
	50	'is_staff': ('django.db.models.fields.BooleanField', [], {'default': 'False'}),
	51	'is_superuser': ('django.db.models.fields.BooleanField', [], {'default': 'False'}),
	52	'last_login': ('django.db.models.fields.DateTimeField', [], {'default': 'datetime.datetime.now'}),
	53	'last_name': ('django.db.models.fields.CharField', [], {'max_length': '30', 'blank': 'True'}),
	54	'password': ('django.db.models.fields.CharField', [], {'max_length': '128'}),
	55	'user_permissions': ('django.db.models.fields.related.ManyToManyField', [], {'to': "orm['auth.Permission']", 'symmetrical': 'False', 'blank': 'True'}),
	56	'username': ('django.db.models.fields.CharField', [], {'unique': 'True', 'max_length': '30'})
	57	},
	58	'contenttypes.contenttype': {
	59	'Meta': {'ordering': "('name',)", 'unique_together': "(('app_label', 'model'),)", 'object_name': 'ContentType', 'db_table': "'django_content_type'"},
	60	'app_label': ('django.db.models.fields.CharField', [], {'max_length': '100'}),
	61	'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
	62	'model': ('django.db.models.fields.CharField', [], {'max_length': '100'}),
	63	'name': ('django.db.models.fields.CharField', [], {'max_length': '100'})
	64	},
	65	'guardian.groupobjectpermission': {
	66	'Meta': {'unique_together': "(['group', 'permission', 'content_type', 'object_pk'],)", 'object_name': 'GroupObjectPermission'},
	67	'content_type': ('django.db.models.fields.related.ForeignKey', [], {'to': "orm['contenttypes.ContentType']"}),
	68	'group': ('django.db.models.fields.related.ForeignKey', [], {'to': "orm['auth.Group']"}),
	69	'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
	70	'object_pk': ('django.db.models.fields.CharField', [], {'max_length': '255'}),
	71	'permission': ('django.db.models.fields.related.ForeignKey', [], {'to': "orm['auth.Permission']"})
	72	},
	73	'guardian.userobjectpermission': {
	74	'Meta': {'unique_together': "(['user', 'permission', 'content_type', 'object_pk'],)", 'object_name': 'UserObjectPermission'},
	75	'content_type': ('django.db.models.fields.related.ForeignKey', [], {'to': "orm['contenttypes.ContentType']"}),
	76	'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
	77	'object_pk': ('django.db.models.fields.CharField', [], {'max_length': '255'}),
	78	'permission': ('django.db.models.fields.related.ForeignKey', [], {'to': "orm['auth.Permission']"}),
	79	'user': ('django.db.models.fields.related.ForeignKey', [], {'to': "orm['%s']" % user_model_label})
	80	}
	81	}
	82
	83	complete_apps = ['guardian']

+0

-0

guardian/south_migrations/__init__.py less more

(New empty file)

+8

-2

guardian/templatetags/guardian_tags.py less more

7	7	from __future__ import unicode_literals
8	8	from django import template
9	9	from django.contrib.auth.models import Group, AnonymousUser
10		from django.template import get_library
11		from django.template import InvalidTemplateLibrary
	10	try:
	11	# Django < 1.8
	12	from django.template import get_library
	13	from django.template import InvalidTemplateLibrary
	14	except ImportError:
	15	# Django >= 1.8
	16	from django.template.base import get_library
	17	from django.template.base import InvalidTemplateLibrary
12	18	from django.template.defaulttags import LoadNode
13	19
14	20	from guardian.compat import get_user_model

+1

-1

guardian/testapp/migrations/0001_initial.py less more

20	20	name='CustomUser',
21	21	fields=[
22	22	('password', models.CharField(max_length=128, verbose_name='password')),
23		('last_login', models.DateTimeField(default=django.utils.timezone.now, verbose_name='last login')),
	23	('last_login', models.DateTimeField(default=django.utils.timezone.now, verbose_name='last login', null=True)),
24	24	('is_superuser', models.BooleanField(default=False, help_text='Designates that this user has all permissions without explicitly assigning them.', verbose_name='superuser status')),
25	25	('username', models.CharField(help_text='Required. 30 characters or fewer. Letters, digits and @/./+/-/_ only.', unique=True, max_length=30, verbose_name='username', validators=[django.core.validators.RegexValidator('^[\\w.@-]+$', 'Enter a valid username.', 'invalid')])),
26	26	('first_name', models.CharField(max_length=30, verbose_name='first name', blank=True)),

+2

-2

guardian/testapp/tests/admin_test.py less more

10	10	from django.test.client import Client
11	11
12	12	from guardian.admin import GuardedModelAdmin
13		from guardian.compat import get_user_model
	13	from guardian.compat import get_user_model, get_model_name
14	14	from guardian.compat import str
15	15	from guardian.shortcuts import get_perms
16	16	from guardian.shortcuts import get_perms_for_model

42	42	self.client = Client()
43	43	self.obj = ContentType.objects.create(name='foo', model='bar',
44	44	app_label='fake-for-guardian-tests')
45		self.obj_info = self.obj._meta.app_label, self.obj._meta.module_name
	45	self.obj_info = self.obj._meta.app_label, get_model_name(self.obj)
46	46
47	47	def tearDown(self):
48	48	self.client.logout()

+16

-0

guardian/testapp/tests/direct_rel_test.py less more

100	100	result = get_objects_for_user(self.joe, 'testapp.add_project')
101	101	self.assertEqual(sorted(p.pk for p in result), sorted([foo.pk, bar.pk]))
102	102
	103	def test_get_all_permissions(self):
	104	foo = Project.objects.create(name='foo')
	105	assign_perm('add_project', self.joe, foo)
	106	assign_perm('change_project', self.joe, foo)
	107
	108	result = self.joe.get_all_permissions(foo)
	109	self.assertEqual(result, set(('add_project', 'change_project')))
	110
	111	def test_get_all_permissions_no_object(self):
	112	foo = Project.objects.create(name='foo')
	113	assign_perm('add_project', self.joe, foo)
	114	assign_perm('change_project', self.joe, foo)
	115
	116	result = self.joe.get_all_permissions()
	117	self.assertEqual(result, set())
	118
103	119
104	120	@skipUnlessTestApp
105	121	class TestDirectGroupPermissions(TestCase):

+2

-3

guardian/testapp/tests/orphans_test.py less more

9	9	from django.core.management import call_command
10	10	from django.test import TestCase
11	11
12		from guardian.compat import get_user_model, create_permissions
	12	from guardian.compat import get_user_model, create_permissions, get_model_name
13	13	from guardian.utils import clean_orphan_obj_perms
14	14	from guardian.shortcuts import assign_perm
15	15	from guardian.models import Group

17	17
18	18
19	19	User = get_user_model()
20		user_module_name = User._meta.module_name
	20	user_module_name = get_model_name(User)
21	21
22	22	@skipUnlessTestApp
23	23	class OrphanedObjectPermissionsTest(TestCase):

98	98	target.save()
99	99	for perm in perms:
100	100	self.assertFalse(self.user.has_perm(perm, target))
101

+154

-5

guardian/testapp/tests/shortcuts_test.py less more

7	7	from guardian.shortcuts import get_perms_for_model
8	8	from guardian.core import ObjectPermissionChecker
9	9	from guardian.compat import get_user_model
10		from guardian.compat import get_user_permission_full_codename
	10	from guardian.compat import get_user_permission_full_codename, get_model_name
11	11	from guardian.shortcuts import assign
12	12	from guardian.shortcuts import assign_perm
13	13	from guardian.shortcuts import remove_perm

28	28
29	29	User = get_user_model()
30	30	user_app_label = User._meta.app_label
31		user_module_name = User._meta.module_name
	31	user_module_name = get_model_name(User)
32	32
33	33	class ShortcutsTests(ObjectPermissionTestCase):
34	34

475	475	['change_group'])
476	476
477	477	def test_empty_perms_sequence(self):
478		self.assertEqual(
479		set(get_objects_for_user(self.user, [], Group.objects.all())),
	478	objects = get_objects_for_user(self.user, [], Group.objects.all())
	479	self.assertEqual(
	480	set(objects),
480	481	set()
481	482	)
	483
482	484
483	485	def test_perms_single(self):
484	486	perm = 'auth.change_group'

577	579
578	580	# Objects to operate on
579	581	ctypes = list(ContentType.objects.all().order_by('id'))
580
	582	assign_perm('auth.change_group', self.user)
581	583	assign_perm('change_contenttype', self.user, ctypes[0])
582	584	assign_perm('change_contenttype', self.user, ctypes[1])
583	585	assign_perm('delete_contenttype', self.user, ctypes[1])

606	608	self.assertEqual(
607	609	set(objects.values_list('id', flat=True)),
608	610	set(ctypes[i].id for i in [0, 1, 3, 4]))
	611
	612	def test_has_global_permission_only(self):
	613	group_names = ['group1', 'group2', 'group3']
	614	groups = [Group.objects.create(name=name) for name in group_names]
	615	#global permission to change any group
	616	perm = 'auth.change_group'
	617
	618	assign_perm(perm, self.user)
	619	objects = get_objects_for_user(self.user, perm)
	620	remove_perm(perm, self.user)
	621	self.assertEqual(set(objects),
	622	set(Group.objects.all()))
	623
	624	def test_has_global_permission_and_object_based_permission(self):
	625	group_names = ['group1', 'group2', 'group3']
	626	groups = [Group.objects.create(name=name) for name in group_names]
	627	#global permission to change any group
	628	perm_global = 'auth.change_group'
	629	perm_obj = 'delete_group'
	630	assign_perm(perm_global, self.user)
	631	assign_perm(perm_obj, self.user, groups[0])
	632	objects = get_objects_for_user(self.user, [perm_global, perm_obj])
	633	remove_perm(perm_global, self.user)
	634	self.assertEqual(set(objects.values_list('name', flat=True)),
	635	set([groups[0].name]))
	636
	637	def test_has_global_permission_and_object_based_permission_any_perm(self):
	638	group_names = ['group1', 'group2', 'group3']
	639	groups = [Group.objects.create(name=name) for name in group_names]
	640	#global permission to change any group
	641	perm_global = 'auth.change_group'
	642	#object based permission to change only a specific group
	643	perm_obj = 'auth.delete_group'
	644	assign_perm(perm_global, self.user)
	645	assign_perm(perm_obj, self.user, groups[0])
	646	objects = get_objects_for_user(self.user, [perm_global, perm_obj], any_perm=True, accept_global_perms=True)
	647	remove_perm(perm_global, self.user)
	648	self.assertEqual(set(objects),
	649	set(Group.objects.all()))
	650
	651	def test_object_based_permission_without_global_permission(self):
	652	group_names = ['group1', 'group2', 'group3']
	653	groups = [Group.objects.create(name=name) for name in group_names]
	654	#global permission to delete any group
	655	perm_global = 'auth.delete_group'
	656	perm_obj = 'auth.delete_group'
	657	assign_perm(perm_global, self.user)
	658	assign_perm(perm_obj, self.user, groups[0])
	659	objects = get_objects_for_user(self.user, [perm_obj], accept_global_perms=False)
	660	remove_perm(perm_global, self.user)
	661	self.assertEqual(set(objects.values_list('name', flat=True)),
	662	set([groups[0].name]))
	663
	664	def test_object_based_permission_with_groups_2perms(self):
	665	group_names = ['group1', 'group2', 'group3']
	666	groups = [Group.objects.create(name=name) for name in group_names]
	667	for group in groups:
	668	self.user.groups.add(group)
	669	# Objects to operate on
	670	ctypes = list(ContentType.objects.all().order_by('id'))
	671	assign_perm('contenttypes.change_contenttype', self.user)
	672	assign_perm('change_contenttype', self.user, ctypes[0])
	673	assign_perm('change_contenttype', self.user, ctypes[1])
	674	assign_perm('delete_contenttype', self.user, ctypes[1])
	675	assign_perm('delete_contenttype', self.user, ctypes[2])
	676
	677	assign_perm('change_contenttype', groups[0], ctypes[3])
	678	assign_perm('change_contenttype', groups[1], ctypes[3])
	679	assign_perm('change_contenttype', groups[2], ctypes[4])
	680	assign_perm('delete_contenttype', groups[0], ctypes[0])
	681
	682	objects = get_objects_for_user(self.user,
	683	['contenttypes.change_contenttype',
	684	'contenttypes.delete_contenttype'], accept_global_perms=True)
	685	self.assertEqual(
	686	set(objects.values_list('id', flat=True)),
	687	set([ctypes[0].id, ctypes[1].id, ctypes[2].id]))
	688
	689	def test_object_based_permission_with_groups_3perms(self):
	690
	691	group_names = ['group1', 'group2', 'group3']
	692	groups = [Group.objects.create(name=name) for name in group_names]
	693	for group in groups:
	694	self.user.groups.add(group)
	695	# Objects to operate on
	696	ctypes = list(ContentType.objects.all().order_by('id'))
	697	assign_perm('contenttypes.change_contenttype', self.user)
	698	assign_perm('change_contenttype', self.user, ctypes[0])
	699	assign_perm('change_contenttype', self.user, ctypes[1])
	700	assign_perm('delete_contenttype', self.user, ctypes[1])
	701	assign_perm('delete_contenttype', self.user, ctypes[2])
	702	# add_contenttype does not make sense, here just for testing purposes, to also cover one if branch in function.
	703	assign_perm('add_contenttype', self.user, ctypes[1])
	704
	705	assign_perm('change_contenttype', groups[0], ctypes[3])
	706	assign_perm('change_contenttype', groups[1], ctypes[3])
	707	assign_perm('change_contenttype', groups[2], ctypes[4])
	708	assign_perm('delete_contenttype', groups[0], ctypes[0])
	709	assign_perm('add_contenttype', groups[0], ctypes[0])
	710
	711	objects = get_objects_for_user(self.user,
	712	['contenttypes.change_contenttype',
	713	'contenttypes.delete_contenttype', 'contenttypes.add_contenttype'], accept_global_perms=True)
	714	self.assertEqual(
	715	set(objects.values_list('id', flat=True)),
	716	set([ctypes[0].id, ctypes[1].id]))
	717
609	718
610	719	def test_non_integer_primary_key(self):
611	720	"""

659	768	self.assertEqual(
660	769	set(objects.values_list('pk', flat=True)),
661	770	set([obj_with_char_pk.pk]))
	771
	772	def test_exception_different_ctypes(self):
	773	self.assertRaises(MixedContentTypeError, get_objects_for_user,
	774	self.user, ['auth.change_permission', 'auth.change_group'])
662	775
663	776
664	777	class GetObjectsForGroup(TestCase):

794	907	self.assertEqual(set(get_objects_for_group(self.group2, 'contenttypes.delete_contenttype')),
795	908	set([self.obj2]))
796	909
	910	def test_has_global_permission(self):
	911	assign_perm('contenttypes.change_contenttype', self.group1)
	912
	913	objects = get_objects_for_group(self.group1, ['contenttypes.change_contenttype'])
	914	self.assertEquals(set(objects),
	915	set(ContentType.objects.all()))
	916
	917	def test_has_global_permission_and_object_based_permission(self):
	918	assign_perm('contenttypes.change_contenttype', self.group1)
	919	assign_perm('contenttypes.delete_contenttype', self.group1, self.obj1)
	920
	921	objects = get_objects_for_group(self.group1, ['contenttypes.change_contenttype', 'contenttypes.delete_contenttype'], any_perm=False)
	922	self.assertEquals(set(objects),
	923	set([self.obj1]))
	924
	925	def test_has_global_permission_and_object_based_permission_any_perm(self):
	926	assign_perm('contenttypes.change_contenttype', self.group1)
	927	assign_perm('contenttypes.delete_contenttype', self.group1, self.obj1)
	928
	929	objects = get_objects_for_group(self.group1, ['contenttypes.change_contenttype', 'contenttypes.delete_contenttype'], any_perm=True)
	930	self.assertEquals(set(objects),
	931	set(ContentType.objects.all()))
	932
	933	def test_has_global_permission_and_object_based_permission_3perms(self):
	934	assign_perm('contenttypes.change_contenttype', self.group1)
	935	assign_perm('contenttypes.delete_contenttype', self.group1, self.obj1)
	936	assign_perm('contenttypes.add_contenttype', self.group1, self.obj2)
	937
	938
	939	objects = get_objects_for_group(self.group1, ['contenttypes.change_contenttype', 'contenttypes.delete_contenttype', 'contenttypes.add_contenttype'], any_perm=False)
	940	self.assertEquals(set(objects),
	941	set())
	942
	943	def test_exception_different_ctypes(self):
	944	self.assertRaises(MixedContentTypeError, get_objects_for_group,
	945	self.group1, ['auth.change_permission', 'auth.change_group'])⏎

+4

-1

guardian/testsettings.py less more

34	34	'django.contrib.messages.middleware.MessageMiddleware',
35	35	)
36	36
37		TEST_RUNNER = 'django.test.simple.DjangoTestSuiteRunner'
	37	if django.VERSION < (1, 8):
	38	TEST_RUNNER = 'django.test.simple.DjangoTestSuiteRunner'
	39	else:
	40	TEST_RUNNER = 'django.test.runner.DiscoverRunner'
38	41
39	42	DATABASES = {
40	43	'default': {

+7

-2

tests.py less more

38	38
39	39	TestRunner = get_runner(settings)
40	40	test_runner = TestRunner(interactive=False)
41		failures = test_runner.run_tests(['auth', 'guardian', 'testapp'])
	41	# As we use different TestRunners for django < 1.8 and >= 1.8
	42	# the arguments run_tests differs
	43	if django.VERSION < (1, 8):
	44	failures = test_runner.run_tests(['auth', 'guardian', 'testapp'])
	45	else:
	46	failures = test_runner.run_tests([
	47	'django.contrib.auth', 'guardian', 'guardian.testapp'])
42	48	return failures
43	49
44	50	def main():

47	53
48	54	if __name__ == '__main__':
49	55	main()
50

+18

-0

tox.ini less more

14	14	py27-django15,
15	15	py27-django16,
16	16	py27-django17,
	17	py27-django18,
17	18	py33-django15,
18	19	py33-django16,
19	20	py33-django17,
	21	py33-django18,
20	22	py34-django16,
21	23	py34-django17,
	24	py34-django18,
22	25	custom-user-model,
23	26	no-tests-app,
24	27	migrations,

67	70	[django17]
68	71	deps = django==1.7.1
69	72
	73	[django18]
	74	deps = django==1.8
	75
70	76
71	77	[testenv:py26-grappelli]
72	78	basepython = python2.6

120	126	basepython = python2.7
121	127	deps = {[django17]deps}
122	128
	129	[testenv:py27-django18]
	130	basepython = python2.7
	131	deps = {[django18]deps}
	132
123	133	[testenv:py33-django15]
124	134	basepython = python3.3
125	135	deps = {[django15]deps}

132	142	basepython = python3.3
133	143	deps = {[django17]deps}
134	144
	145	[testenv:py33-django18]
	146	basepython = python3.3
	147	deps = {[django18]deps}
	148
135	149	[testenv:py34-django16]
136	150	basepython = python3.4
137	151	deps = {[django16]deps}

139	153	[testenv:py34-django17]
140	154	basepython = python3.4
141	155	deps = {[django17]deps}
	156
	157	[testenv:py34-django18]
	158	basepython = python3.4
	159	deps = {[django18]deps}
142	160
143	161	[testenv:custom-user-model]
144	162	basepython = python3.4