|
|
@ -26,7 +26,11 @@ from sapl.crispy_layout_mixin import CrispyLayoutFormMixin, get_field_display |
|
|
from sapl.crispy_layout_mixin import SaplFormHelper |
|
|
from sapl.crispy_layout_mixin import SaplFormHelper |
|
|
from sapl.rules import (RP_ADD, RP_CHANGE, RP_DELETE, RP_DETAIL, |
|
|
from sapl.rules import (RP_ADD, RP_CHANGE, RP_DELETE, RP_DETAIL, |
|
|
RP_LIST) |
|
|
RP_LIST) |
|
|
from sapl.utils import normalize |
|
|
from sapl.settings import RATE_LIMITER_RATE |
|
|
|
|
|
from sapl.utils import normalize, ratelimit_ip |
|
|
|
|
|
|
|
|
|
|
|
from ratelimit.decorators import ratelimit |
|
|
|
|
|
from django.utils.decorators import method_decorator |
|
|
|
|
|
|
|
|
logger = logging.getLogger(settings.BASE_DIR.name) |
|
|
logger = logging.getLogger(settings.BASE_DIR.name) |
|
|
|
|
|
|
|
|
@ -101,7 +105,6 @@ variáveis do crud: |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
class SearchMixin(models.Model): |
|
|
class SearchMixin(models.Model): |
|
|
|
|
|
|
|
|
search = models.TextField(blank=True, default='') |
|
|
search = models.TextField(blank=True, default='') |
|
|
logger = logging.getLogger(__name__) |
|
|
logger = logging.getLogger(__name__) |
|
|
|
|
|
|
|
|
@ -238,7 +241,7 @@ class PermissionRequiredContainerCrudMixin(PermissionRequiredMixin): |
|
|
|
|
|
|
|
|
@property |
|
|
@property |
|
|
def container_field_set(self): |
|
|
def container_field_set(self): |
|
|
if hasattr(self, 'crud') and\ |
|
|
if hasattr(self, 'crud') and \ |
|
|
not hasattr(self.crud, 'container_field_set'): |
|
|
not hasattr(self.crud, 'container_field_set'): |
|
|
self.crud.container_field_set = '' |
|
|
self.crud.container_field_set = '' |
|
|
if hasattr(self, 'crud'): |
|
|
if hasattr(self, 'crud'): |
|
|
@ -267,7 +270,6 @@ class CrudBaseMixin(CrispyLayoutFormMixin): |
|
|
obj.public = [] |
|
|
obj.public = [] |
|
|
|
|
|
|
|
|
if hasattr(self, 'permission_required') and self.permission_required: |
|
|
if hasattr(self, 'permission_required') and self.permission_required: |
|
|
|
|
|
|
|
|
self.permission_required = tuple( |
|
|
self.permission_required = tuple( |
|
|
( |
|
|
( |
|
|
self.permission(pr) for pr in ( |
|
|
self.permission(pr) for pr in ( |
|
|
@ -337,7 +339,7 @@ class CrudBaseMixin(CrispyLayoutFormMixin): |
|
|
if not obj.DetailView.permission_required: |
|
|
if not obj.DetailView.permission_required: |
|
|
return self.resolve_url(ACTION_DETAIL, args=(self.object.id,)) |
|
|
return self.resolve_url(ACTION_DETAIL, args=(self.object.id,)) |
|
|
else: |
|
|
else: |
|
|
return self.resolve_url(ACTION_DETAIL, args=(self.object.id,))\ |
|
|
return self.resolve_url(ACTION_DETAIL, args=(self.object.id,)) \ |
|
|
if self.request.user.has_perm( |
|
|
if self.request.user.has_perm( |
|
|
self.permission(RP_DETAIL)) else '' |
|
|
self.permission(RP_DETAIL)) else '' |
|
|
|
|
|
|
|
|
@ -347,7 +349,7 @@ class CrudBaseMixin(CrispyLayoutFormMixin): |
|
|
if not obj.UpdateView.permission_required: |
|
|
if not obj.UpdateView.permission_required: |
|
|
return self.resolve_url(ACTION_UPDATE, args=(self.object.id,)) |
|
|
return self.resolve_url(ACTION_UPDATE, args=(self.object.id,)) |
|
|
else: |
|
|
else: |
|
|
return self.resolve_url(ACTION_UPDATE, args=(self.object.id,))\ |
|
|
return self.resolve_url(ACTION_UPDATE, args=(self.object.id,)) \ |
|
|
if self.request.user.has_perm( |
|
|
if self.request.user.has_perm( |
|
|
self.permission(RP_CHANGE)) else '' |
|
|
self.permission(RP_CHANGE)) else '' |
|
|
|
|
|
|
|
|
@ -357,7 +359,7 @@ class CrudBaseMixin(CrispyLayoutFormMixin): |
|
|
if not obj.DeleteView.permission_required: |
|
|
if not obj.DeleteView.permission_required: |
|
|
return self.resolve_url(ACTION_DELETE, args=(self.object.id,)) |
|
|
return self.resolve_url(ACTION_DELETE, args=(self.object.id,)) |
|
|
else: |
|
|
else: |
|
|
return self.resolve_url(ACTION_DELETE, args=(self.object.id,))\ |
|
|
return self.resolve_url(ACTION_DELETE, args=(self.object.id,)) \ |
|
|
if self.request.user.has_perm( |
|
|
if self.request.user.has_perm( |
|
|
self.permission(RP_DELETE)) else '' |
|
|
self.permission(RP_DELETE)) else '' |
|
|
|
|
|
|
|
|
@ -388,6 +390,10 @@ class CrudBaseMixin(CrispyLayoutFormMixin): |
|
|
return self.model._meta.verbose_name_plural |
|
|
return self.model._meta.verbose_name_plural |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@method_decorator(ratelimit(key=ratelimit_ip, |
|
|
|
|
|
rate=RATE_LIMITER_RATE, |
|
|
|
|
|
block=True), |
|
|
|
|
|
name='dispatch') |
|
|
class CrudListView(PermissionRequiredContainerCrudMixin, ListView): |
|
|
class CrudListView(PermissionRequiredContainerCrudMixin, ListView): |
|
|
permission_required = (RP_LIST,) |
|
|
permission_required = (RP_LIST,) |
|
|
logger = logging.getLogger(__name__) |
|
|
logger = logging.getLogger(__name__) |
|
|
@ -516,7 +522,7 @@ class CrudListView(PermissionRequiredContainerCrudMixin, ListView): |
|
|
um formulário de pesquisa herdado ou o próprio ListWithSearchForm. |
|
|
um formulário de pesquisa herdado ou o próprio ListWithSearchForm. |
|
|
Só pode ser usado se o model relativo herdar de SearchMixin""" |
|
|
Só pode ser usado se o model relativo herdar de SearchMixin""" |
|
|
if hasattr(self, 'form_search_class'): |
|
|
if hasattr(self, 'form_search_class'): |
|
|
q = str(self.request.GET.get('q'))\ |
|
|
q = str(self.request.GET.get('q')) \ |
|
|
if 'q' in self.request.GET else '' |
|
|
if 'q' in self.request.GET else '' |
|
|
|
|
|
|
|
|
o = self.request.GET['o'] if 'o' in self.request.GET else '1' |
|
|
o = self.request.GET['o'] if 'o' in self.request.GET else '1' |
|
|
@ -612,7 +618,7 @@ class CrudListView(PermissionRequiredContainerCrudMixin, ListView): |
|
|
) |
|
|
) |
|
|
pass |
|
|
pass |
|
|
|
|
|
|
|
|
if fm and hasattr(fm, 'related_model')\ |
|
|
if fm and hasattr(fm, 'related_model') \ |
|
|
and fm.related_model: |
|
|
and fm.related_model: |
|
|
rmo = fm.related_model._meta.ordering |
|
|
rmo = fm.related_model._meta.ordering |
|
|
if rmo: |
|
|
if rmo: |
|
|
@ -710,7 +716,7 @@ class CrudCreateView(PermissionRequiredContainerCrudMixin, |
|
|
'sem estar em um Container %s' |
|
|
'sem estar em um Container %s' |
|
|
) % container_model._meta.verbose_name) |
|
|
) % container_model._meta.verbose_name) |
|
|
|
|
|
|
|
|
if hasattr(self, 'crud') and\ |
|
|
if hasattr(self, 'crud') and \ |
|
|
hasattr(self.crud, 'is_m2m') and self.crud.is_m2m: |
|
|
hasattr(self.crud, 'is_m2m') and self.crud.is_m2m: |
|
|
setattr( |
|
|
setattr( |
|
|
self.object, container[1], getattr( |
|
|
self.object, container[1], getattr( |
|
|
@ -724,9 +730,12 @@ class CrudCreateView(PermissionRequiredContainerCrudMixin, |
|
|
return super().form_valid(form) |
|
|
return super().form_valid(form) |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@method_decorator(ratelimit(key=ratelimit_ip, |
|
|
|
|
|
rate=RATE_LIMITER_RATE, |
|
|
|
|
|
block=True), |
|
|
|
|
|
name='dispatch') |
|
|
class CrudDetailView(PermissionRequiredContainerCrudMixin, |
|
|
class CrudDetailView(PermissionRequiredContainerCrudMixin, |
|
|
DetailView, MultipleObjectMixin): |
|
|
DetailView, MultipleObjectMixin): |
|
|
|
|
|
|
|
|
permission_required = (RP_DETAIL,) |
|
|
permission_required = (RP_DETAIL,) |
|
|
no_entries_msg = _('Nenhum registro Associado.') |
|
|
no_entries_msg = _('Nenhum registro Associado.') |
|
|
paginate_by = 10 |
|
|
paginate_by = 10 |
|
|
@ -976,9 +985,8 @@ class Crud: |
|
|
view.permission_required and \ |
|
|
view.permission_required and \ |
|
|
hasattr(cls, 'public') and \ |
|
|
hasattr(cls, 'public') and \ |
|
|
cls.public: |
|
|
cls.public: |
|
|
|
|
|
# print(view.permission_required, view) |
|
|
#print(view.permission_required, view) |
|
|
# print(cls.public, cls) |
|
|
#print(cls.public, cls) |
|
|
|
|
|
|
|
|
|
|
|
pr = pr - set(cls.public) |
|
|
pr = pr - set(cls.public) |
|
|
|
|
|
|
|
|
@ -1036,7 +1044,6 @@ class Crud: |
|
|
def build(cls, _model, _help_topic, _model_set=None, list_field_names=[]): |
|
|
def build(cls, _model, _help_topic, _model_set=None, list_field_names=[]): |
|
|
|
|
|
|
|
|
def create_class(_list_field_names): |
|
|
def create_class(_list_field_names): |
|
|
|
|
|
|
|
|
class ModelCrud(cls): |
|
|
class ModelCrud(cls): |
|
|
model = _model |
|
|
model = _model |
|
|
model_set = _model_set |
|
|
model_set = _model_set |
|
|
@ -1080,7 +1087,6 @@ class CrudAux(Crud): |
|
|
|
|
|
|
|
|
@classonlymethod |
|
|
@classonlymethod |
|
|
def build(cls, _model, _help_topic, _model_set=None, list_field_names=[]): |
|
|
def build(cls, _model, _help_topic, _model_set=None, list_field_names=[]): |
|
|
|
|
|
|
|
|
ModelCrud = Crud.build( |
|
|
ModelCrud = Crud.build( |
|
|
_model, _help_topic, _model_set, list_field_names) |
|
|
_model, _help_topic, _model_set, list_field_names) |
|
|
|
|
|
|
|
|
@ -1101,7 +1107,7 @@ class MasterDetailCrud(Crud): |
|
|
obj = self.crud if hasattr(self, 'crud') else self |
|
|
obj = self.crud if hasattr(self, 'crud') else self |
|
|
if not obj.ListView: |
|
|
if not obj.ListView: |
|
|
return '' |
|
|
return '' |
|
|
return self.resolve_url(ACTION_LIST, args=(self.kwargs['pk'],))\ |
|
|
return self.resolve_url(ACTION_LIST, args=(self.kwargs['pk'],)) \ |
|
|
if self.request.user.has_perm(self.permission(RP_LIST)) else '' |
|
|
if self.request.user.has_perm(self.permission(RP_LIST)) else '' |
|
|
|
|
|
|
|
|
@property |
|
|
@property |
|
|
@ -1109,7 +1115,7 @@ class MasterDetailCrud(Crud): |
|
|
obj = self.crud if hasattr(self, 'crud') else self |
|
|
obj = self.crud if hasattr(self, 'crud') else self |
|
|
if not obj.CreateView: |
|
|
if not obj.CreateView: |
|
|
return '' |
|
|
return '' |
|
|
return self.resolve_url(ACTION_CREATE, args=(self.kwargs['pk'],))\ |
|
|
return self.resolve_url(ACTION_CREATE, args=(self.kwargs['pk'],)) \ |
|
|
if self.request.user.has_perm(self.permission(RP_ADD)) else '' |
|
|
if self.request.user.has_perm(self.permission(RP_ADD)) else '' |
|
|
|
|
|
|
|
|
@property |
|
|
@property |
|
|
@ -1118,7 +1124,7 @@ class MasterDetailCrud(Crud): |
|
|
if not obj.DetailView: |
|
|
if not obj.DetailView: |
|
|
return '' |
|
|
return '' |
|
|
pkk = self.request.GET['pkk'] if 'pkk' in self.request.GET else '' |
|
|
pkk = self.request.GET['pkk'] if 'pkk' in self.request.GET else '' |
|
|
return (super().detail_url + (('?pkk=' + pkk) if pkk else ''))\ |
|
|
return (super().detail_url + (('?pkk=' + pkk) if pkk else '')) \ |
|
|
if self.request.user.has_perm( |
|
|
if self.request.user.has_perm( |
|
|
self.permission(RP_DETAIL)) else '' |
|
|
self.permission(RP_DETAIL)) else '' |
|
|
|
|
|
|
|
|
@ -1128,7 +1134,7 @@ class MasterDetailCrud(Crud): |
|
|
if not obj.UpdateView: |
|
|
if not obj.UpdateView: |
|
|
return '' |
|
|
return '' |
|
|
pkk = self.request.GET['pkk'] if 'pkk' in self.request.GET else '' |
|
|
pkk = self.request.GET['pkk'] if 'pkk' in self.request.GET else '' |
|
|
return (super().update_url + (('?pkk=' + pkk) if pkk else ''))\ |
|
|
return (super().update_url + (('?pkk=' + pkk) if pkk else '')) \ |
|
|
if self.request.user.has_perm( |
|
|
if self.request.user.has_perm( |
|
|
self.permission(RP_CHANGE)) else '' |
|
|
self.permission(RP_CHANGE)) else '' |
|
|
|
|
|
|
|
|
@ -1137,7 +1143,7 @@ class MasterDetailCrud(Crud): |
|
|
obj = self.crud if hasattr(self, 'crud') else self |
|
|
obj = self.crud if hasattr(self, 'crud') else self |
|
|
if not obj.DeleteView: |
|
|
if not obj.DeleteView: |
|
|
return '' |
|
|
return '' |
|
|
return super().delete_url\ |
|
|
return super().delete_url \ |
|
|
if self.request.user.has_perm( |
|
|
if self.request.user.has_perm( |
|
|
self.permission(RP_DELETE)) else '' |
|
|
self.permission(RP_DELETE)) else '' |
|
|
|
|
|
|
|
|
@ -1168,7 +1174,7 @@ class MasterDetailCrud(Crud): |
|
|
|
|
|
|
|
|
root_pk = parent_object.pk |
|
|
root_pk = parent_object.pk |
|
|
else: |
|
|
else: |
|
|
root_pk = self.kwargs['pk'] if 'pkk' not in self.request.GET\ |
|
|
root_pk = self.kwargs['pk'] if 'pkk' not in self.request.GET \ |
|
|
else self.request.GET['pkk'] |
|
|
else self.request.GET['pkk'] |
|
|
kwargs.setdefault('root_pk', root_pk) |
|
|
kwargs.setdefault('root_pk', root_pk) |
|
|
|
|
|
|
|
|
@ -1182,6 +1188,10 @@ class MasterDetailCrud(Crud): |
|
|
context['title'] = title |
|
|
context['title'] = title |
|
|
return context |
|
|
return context |
|
|
|
|
|
|
|
|
|
|
|
@method_decorator(ratelimit(key=ratelimit_ip, |
|
|
|
|
|
rate=RATE_LIMITER_RATE, |
|
|
|
|
|
block=True), |
|
|
|
|
|
name='dispatch') |
|
|
class ListView(Crud.ListView): |
|
|
class ListView(Crud.ListView): |
|
|
permission_required = RP_LIST, |
|
|
permission_required = RP_LIST, |
|
|
logger = logging.getLogger(__name__) |
|
|
logger = logging.getLogger(__name__) |
|
|
@ -1414,6 +1424,10 @@ class MasterDetailCrud(Crud): |
|
|
else: |
|
|
else: |
|
|
return self.resolve_url(ACTION_LIST, args=(pk,)) |
|
|
return self.resolve_url(ACTION_LIST, args=(pk,)) |
|
|
|
|
|
|
|
|
|
|
|
@method_decorator(ratelimit(key=ratelimit_ip, |
|
|
|
|
|
rate=RATE_LIMITER_RATE, |
|
|
|
|
|
block=True), |
|
|
|
|
|
name='dispatch') |
|
|
class DetailView(Crud.DetailView): |
|
|
class DetailView(Crud.DetailView): |
|
|
permission_required = RP_DETAIL, |
|
|
permission_required = RP_DETAIL, |
|
|
template_name = 'crud/detail_detail.html' |
|
|
template_name = 'crud/detail_detail.html' |
|
|
@ -1429,7 +1443,7 @@ class MasterDetailCrud(Crud): |
|
|
if not obj.ListView: |
|
|
if not obj.ListView: |
|
|
return '' |
|
|
return '' |
|
|
|
|
|
|
|
|
if obj.ListView.permission_required not in obj.public or\ |
|
|
if obj.ListView.permission_required not in obj.public or \ |
|
|
self.request.user.has_perm(self.permission(RP_LIST)): |
|
|
self.request.user.has_perm(self.permission(RP_LIST)): |
|
|
if '__' in obj.parent_field: |
|
|
if '__' in obj.parent_field: |
|
|
fields = obj.parent_field.split('__') |
|
|
fields = obj.parent_field.split('__') |
|
|
@ -1499,7 +1513,7 @@ class MasterDetailCrud(Crud): |
|
|
@property |
|
|
@property |
|
|
def detail_set_create_url(self): |
|
|
def detail_set_create_url(self): |
|
|
obj = self.crud if hasattr(self, 'crud') else self |
|
|
obj = self.crud if hasattr(self, 'crud') else self |
|
|
if hasattr(obj, 'model_set') and obj.model_set\ |
|
|
if hasattr(obj, 'model_set') and obj.model_set \ |
|
|
and self.request.user.has_perm( |
|
|
and self.request.user.has_perm( |
|
|
self.permission_set(RP_ADD)): |
|
|
self.permission_set(RP_ADD)): |
|
|
root_pk = self.object.pk |
|
|
root_pk = self.object.pk |
|
|
|
