Эхлэл Бүгдийг харах Тусламж
Нэвтрэх
LBP
/
netbox
-ын хуулбар https://github.com/netbox-community/netbox.git
2
0
Салаа 0
Файлууд Асуудлууд 0 Мэдлэгийн сан
Мод: b3c770216e
Салаанууд Тагууд
netbox
/
netbox
/
utilities
/
views.py

views.py 4.8 KB
Түүх Анхны өгөгдөл

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125 
  1. from django.contrib.auth.mixins import AccessMixin
    2. 

  2. from django.core.exceptions import ImproperlyConfigured
    3. 

  3. from django.urls import reverse
    4. 

  4. from django.urls.exceptions import NoReverseMatch
    5. 

  5. from django.utils.http import is_safe_url
    6. 

  6. 

  7. from .permissions import resolve_permission
    8. 

  8. 

  9. 

  10. #
    11. 

  11. # View Mixins
    12. 

  12. #
    13. 

  13. 

  14. class ContentTypePermissionRequiredMixin(AccessMixin):
    15. 

  15.     """
    16. 

  16.     Similar to Django's built-in PermissionRequiredMixin, but extended to check model-level permission assignments.
    17. 

  17.     This is related to ObjectPermissionRequiredMixin, except that is does not enforce object-level permissions,
    18. 

  18.     and fits within NetBox's custom permission enforcement system.
    19. 

  19. 

  20.     additional_permissions: An optional iterable of statically declared permissions to evaluate in addition to those
    21. 

  21.                             derived from the object type
    22. 

  22.     """
    23. 

  23.     additional_permissions = list()
    24. 

  24. 

  25.     def get_required_permission(self):
    26. 

  26.         """
    27. 

  27.         Return the specific permission necessary to perform the requested action on an object.
    28. 

  28.         """
    29. 

  29.         raise NotImplementedError(f"{self.__class__.__name__} must implement get_required_permission()")
    30. 

  30. 

  31.     def has_permission(self):
    32. 

  32.         user = self.request.user
    33. 

  33.         permission_required = self.get_required_permission()
    34. 

  34. 

  35.         # Check that the user has been granted the required permission(s).
    36. 

  36.         if user.has_perms((permission_required, *self.additional_permissions)):
    37. 

  37.             return True
    38. 

  38. 

  39.         return False
    40. 

  40. 

  41.     def dispatch(self, request, *args, **kwargs):
    42. 

  42.         if not self.has_permission():
    43. 

  43.             return self.handle_no_permission()
    44. 

  44. 

  45.         return super().dispatch(request, *args, **kwargs)
    46. 

  46. 

  47. 

  48. class ObjectPermissionRequiredMixin(AccessMixin):
    49. 

  49.     """
    50. 

  50.     Similar to Django's built-in PermissionRequiredMixin, but extended to check for both model-level and object-level
    51. 

  51.     permission assignments. If the user has only object-level permissions assigned, the view's queryset is filtered
    52. 

  52.     to return only those objects on which the user is permitted to perform the specified action.
    53. 

  53. 

  54.     additional_permissions: An optional iterable of statically declared permissions to evaluate in addition to those
    55. 

  55.                             derived from the object type
    56. 

  56.     """
    57. 

  57.     additional_permissions = list()
    58. 

  58. 

  59.     def get_required_permission(self):
    60. 

  60.         """
    61. 

  61.         Return the specific permission necessary to perform the requested action on an object.
    62. 

  62.         """
    63. 

  63.         raise NotImplementedError(f"{self.__class__.__name__} must implement get_required_permission()")
    64. 

  64. 

  65.     def has_permission(self):
    66. 

  66.         user = self.request.user
    67. 

  67.         permission_required = self.get_required_permission()
    68. 

  68. 

  69.         # Check that the user has been granted the required permission(s).
    70. 

  70.         if user.has_perms((permission_required, *self.additional_permissions)):
    71. 

  71. 

  72.             # Update the view's QuerySet to filter only the permitted objects
    73. 

  73.             action = resolve_permission(permission_required)[1]
    74. 

  74.             self.queryset = self.queryset.restrict(user, action)
    75. 

  75. 

  76.             return True
    77. 

  77. 

  78.         return False
    79. 

  79. 

  80.     def dispatch(self, request, *args, **kwargs):
    81. 

  81. 

  82.         if not hasattr(self, 'queryset'):
    83. 

  83.             raise ImproperlyConfigured(
    84. 

  84.                 '{} has no queryset defined. ObjectPermissionRequiredMixin may only be used on views which define '
    85. 

  85.                 'a base queryset'.format(self.__class__.__name__)
    86. 

  86.             )
    87. 

  87. 

  88.         if not self.has_permission():
    89. 

  89.             return self.handle_no_permission()
    90. 

  90. 

  91.         return super().dispatch(request, *args, **kwargs)
    92. 

  92. 

  93. 

  94. class GetReturnURLMixin:
    95. 

  95.     """
    96. 

  96.     Provides logic for determining where a user should be redirected after processing a form.
    97. 

  97.     """
    98. 

  98.     default_return_url = None
    99. 

  99. 

  100.     def get_return_url(self, request, obj=None):
    101. 

  101. 

  102.         # First, see if `return_url` was specified as a query parameter or form data. Use this URL only if it's
    103. 

  103.         # considered safe.
    104. 

  104.         query_param = request.GET.get('return_url') or request.POST.get('return_url')
    105. 

  105.         if query_param and is_safe_url(url=query_param, allowed_hosts=request.get_host()):
    106. 

  106.             return query_param
    107. 

  107. 

  108.         # Next, check if the object being modified (if any) has an absolute URL.
    109. 

  109.         if obj is not None and obj.pk and hasattr(obj, 'get_absolute_url'):
    110. 

  110.             return obj.get_absolute_url()
    111. 

  111. 

  112.         # Fall back to the default URL (if specified) for the view.
    113. 

  113.         if self.default_return_url is not None:
    114. 

  114.             return reverse(self.default_return_url)
    115. 

  115. 

  116.         # Attempt to dynamically resolve the list view for the object
    117. 

  117.         if hasattr(self, 'queryset'):
    118. 

  118.             model_opts = self.queryset.model._meta
    119. 

  119.             try:
    120. 

  120.                 return reverse(f'{model_opts.app_label}:{model_opts.model_name}_list')
    121. 

  121.             except NoReverseMatch:
    122. 

  122.                 pass
    123. 

  123. 

  124.         # If all else fails, return home. Ideally this should never happen.
    125. 

  125.         return reverse('home')
    126.