Главная Обзор Помощь
Вход
LBP
/
netbox
зеркало из https://github.com/netbox-community/netbox.git
2
0
Ответвить 0
Файлы Задачи 0 Вики
Дерево: 58203dbcfa
Ветки Метки
netbox
/
netbox
/
utilities
/
views.py

views.py 5.1 KB
История Исходник

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138 
  1. from django.contrib.auth.mixins import AccessMixin
    2. 

  2. from django.core.exceptions import ImproperlyConfigured
    3. 

  3. from django.shortcuts import get_object_or_404, redirect
    4. 

  4. from django.urls import reverse
    5. 

  5. from django.urls.exceptions import NoReverseMatch
    6. 

  6. from django.utils.http import is_safe_url
    7. 

  7. from django.views.generic import View
    8. 

  8. 

  9. from .permissions import resolve_permission
    10. 

  10. 

  11. 

  12. #
    13. 

  13. # View Mixins
    14. 

  14. #
    15. 

  15. 

  16. class ContentTypePermissionRequiredMixin(AccessMixin):
    17. 

  17.     """
    18. 

  18.     Similar to Django's built-in PermissionRequiredMixin, but extended to check model-level permission assignments.
    19. 

  19.     This is related to ObjectPermissionRequiredMixin, except that is does not enforce object-level permissions,
    20. 

  20.     and fits within NetBox's custom permission enforcement system.
    21. 

  21. 

  22.     additional_permissions: An optional iterable of statically declared permissions to evaluate in addition to those
    23. 

  23.                             derived from the object type
    24. 

  24.     """
    25. 

  25.     additional_permissions = list()
    26. 

  26. 

  27.     def get_required_permission(self):
    28. 

  28.         """
    29. 

  29.         Return the specific permission necessary to perform the requested action on an object.
    30. 

  30.         """
    31. 

  31.         raise NotImplementedError(f"{self.__class__.__name__} must implement get_required_permission()")
    32. 

  32. 

  33.     def has_permission(self):
    34. 

  34.         user = self.request.user
    35. 

  35.         permission_required = self.get_required_permission()
    36. 

  36. 

  37.         # Check that the user has been granted the required permission(s).
    38. 

  38.         if user.has_perms((permission_required, *self.additional_permissions)):
    39. 

  39.             return True
    40. 

  40. 

  41.         return False
    42. 

  42. 

  43.     def dispatch(self, request, *args, **kwargs):
    44. 

  44.         if not self.has_permission():
    45. 

  45.             return self.handle_no_permission()
    46. 

  46. 

  47.         return super().dispatch(request, *args, **kwargs)
    48. 

  48. 

  49. 

  50. class ObjectPermissionRequiredMixin(AccessMixin):
    51. 

  51.     """
    52. 

  52.     Similar to Django's built-in PermissionRequiredMixin, but extended to check for both model-level and object-level
    53. 

  53.     permission assignments. If the user has only object-level permissions assigned, the view's queryset is filtered
    54. 

  54.     to return only those objects on which the user is permitted to perform the specified action.
    55. 

  55. 

  56.     additional_permissions: An optional iterable of statically declared permissions to evaluate in addition to those
    57. 

  57.                             derived from the object type
    58. 

  58.     """
    59. 

  59.     additional_permissions = list()
    60. 

  60. 

  61.     def get_required_permission(self):
    62. 

  62.         """
    63. 

  63.         Return the specific permission necessary to perform the requested action on an object.
    64. 

  64.         """
    65. 

  65.         raise NotImplementedError(f"{self.__class__.__name__} must implement get_required_permission()")
    66. 

  66. 

  67.     def has_permission(self):
    68. 

  68.         user = self.request.user
    69. 

  69.         permission_required = self.get_required_permission()
    70. 

  70. 

  71.         # Check that the user has been granted the required permission(s).
    72. 

  72.         if user.has_perms((permission_required, *self.additional_permissions)):
    73. 

  73. 

  74.             # Update the view's QuerySet to filter only the permitted objects
    75. 

  75.             action = resolve_permission(permission_required)[1]
    76. 

  76.             self.queryset = self.queryset.restrict(user, action)
    77. 

  77. 

  78.             return True
    79. 

  79. 

  80.         return False
    81. 

  81. 

  82.     def dispatch(self, request, *args, **kwargs):
    83. 

  83. 

  84.         if not hasattr(self, 'queryset'):
    85. 

  85.             raise ImproperlyConfigured(
    86. 

  86.                 '{} has no queryset defined. ObjectPermissionRequiredMixin may only be used on views which define '
    87. 

  87.                 'a base queryset'.format(self.__class__.__name__)
    88. 

  88.             )
    89. 

  89. 

  90.         if not self.has_permission():
    91. 

  91.             return self.handle_no_permission()
    92. 

  92. 

  93.         return super().dispatch(request, *args, **kwargs)
    94. 

  94. 

  95. 

  96. class GetReturnURLMixin:
    97. 

  97.     """
    98. 

  98.     Provides logic for determining where a user should be redirected after processing a form.
    99. 

  99.     """
    100. 

  100.     default_return_url = None
    101. 

  101. 

  102.     def get_return_url(self, request, obj=None):
    103. 

  103. 

  104.         # First, see if `return_url` was specified as a query parameter or form data. Use this URL only if it's
    105. 

  105.         # considered safe.
    106. 

  106.         query_param = request.GET.get('return_url') or request.POST.get('return_url')
    107. 

  107.         if query_param and is_safe_url(url=query_param, allowed_hosts=request.get_host()):
    108. 

  108.             return query_param
    109. 

  109. 

  110.         # Next, check if the object being modified (if any) has an absolute URL.
    111. 

  111.         if obj is not None and obj.pk and hasattr(obj, 'get_absolute_url'):
    112. 

  112.             return obj.get_absolute_url()
    113. 

  113. 

  114.         # Fall back to the default URL (if specified) for the view.
    115. 

  115.         if self.default_return_url is not None:
    116. 

  116.             return reverse(self.default_return_url)
    117. 

  117. 

  118.         # Attempt to dynamically resolve the list view for the object
    119. 

  119.         if hasattr(self, 'queryset'):
    120. 

  120.             model_opts = self.queryset.model._meta
    121. 

  121.             try:
    122. 

  122.                 return reverse(f'{model_opts.app_label}:{model_opts.model_name}_list')
    123. 

  123.             except NoReverseMatch:
    124. 

  124.                 pass
    125. 

  125. 

  126.         # If all else fails, return home. Ideally this should never happen.
    127. 

  127.         return reverse('home')
    128. 

  128. 

  129. 

  130. #
    131. 

  131. # Views
    132. 

  132. #
    133. 

  133. 

  134. class SlugRedirectView(View):
    135. 

  135. 

  136.     def get(self, request, model, slug):
    137. 

  137.         obj = get_object_or_404(model.objects.restrict(request.user, 'view'), slug=slug)
    138. 

  138.         return redirect(obj.get_absolute_url())
    139.