1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60

# -*- coding: utf-8 -*-

"""
Kay generics.

:Copyright: (c) 2009 Takashi Matsuo <tmatsuo@candit.jp> All rights reserved.
:license: BSD, see LICENSE for more details.
"""

from kay.exceptions import NotAuthorized

OP_LIST = 'list'
OP_SHOW = 'show'
OP_CREATE = 'create'
OP_UPDATE = 'update'
OP_DELETE = 'delete'

# presets for authorization

def login_required(self, request, operation, obj=None, model_name=None,
                   prop_name=None):
  if request.user.is_anonymous():
    raise NotAuthorized()

def admin_required(self, request, operation, obj=None, model_name=None,
                   prop_name=None):
  if not request.user.is_admin:
    raise NotAuthorized()

def only_admin_can_write(self, request, operation, obj=None, model_name=None,
                         prop_name=None):
  if operation == OP_CREATE or operation == OP_UPDATE or \
        operation == OP_DELETE:
    if not request.user.is_admin:
      raise NotAuthorized()

def only_owner_can_write(self, request, operation, obj=None, model_name=None,
                         prop_name=None):
  if operation == OP_CREATE:
    if request.user.is_anonymous():
      raise NotAuthorized()
  elif operation == OP_UPDATE or operation == OP_DELETE:
    if self.owner_attr:
      owner = getattr(obj, self.owner_attr)
    else:
      owner = None
      for key, val in obj.fields().iteritems():
        if isinstance(val, OwnerProperty):
          owner = getattr(obj, key)
      if owner is None:
        raise NotAuthorized()
    if owner != request.user:
      raise NotAuthorized()

def only_owner_can_write_except_for_admin(self, request, operation, obj=None,
                                          model_name=None, prop_name=None):
  if request.user.is_admin:
    return True
  else:
    return only_owner_can_write(self, request, operation, obj)