mirror of
				https://github.com/django/django.git
				synced 2025-10-26 15:16:09 +00:00 
			
		
		
		
	newforms-admin: Implemented rough draft version of AdminSite has_permission(), root(), login() and index() methods.
The admin index page and login functionality now works via the new scheme. To try it, put this in your URLconf:
from django.contrib import admin
urlpatterns = (
    # ...
    ('^admin/(.*)', admin.site.root),
)
git-svn-id: http://code.djangoproject.com/svn/django/branches/newforms-admin@4642 bcc190cf-cafb-0310-a4f2-bffc1f526a37
			
			
This commit is contained in:
		| @@ -1,5 +1,17 @@ | |||||||
|  | from django import http, template | ||||||
| from django.contrib.admin import ModelAdmin | from django.contrib.admin import ModelAdmin | ||||||
|  | from django.contrib.auth import authenticate, login | ||||||
| from django.db.models import Model | from django.db.models import Model | ||||||
|  | from django.shortcuts import render_to_response | ||||||
|  | from django.utils.text import capfirst | ||||||
|  | from django.utils.translation import gettext_lazy | ||||||
|  | import base64 | ||||||
|  | import cPickle as pickle | ||||||
|  | import datetime | ||||||
|  | import md5 | ||||||
|  |  | ||||||
|  | ERROR_MESSAGE = gettext_lazy("Please enter a correct username and password. Note that both fields are case-sensitive.") | ||||||
|  | LOGIN_FORM_KEY = 'this_is_the_login_form' | ||||||
|  |  | ||||||
| class AlreadyRegistered(Exception): | class AlreadyRegistered(Exception): | ||||||
|     pass |     pass | ||||||
| @@ -7,6 +19,38 @@ class AlreadyRegistered(Exception): | |||||||
| class NotRegistered(Exception): | class NotRegistered(Exception): | ||||||
|     pass |     pass | ||||||
|  |  | ||||||
|  | def _display_login_form(request, error_message=''): | ||||||
|  |     request.session.set_test_cookie() | ||||||
|  |     if request.POST and request.POST.has_key('post_data'): | ||||||
|  |         # User has failed login BUT has previously saved post data. | ||||||
|  |         post_data = request.POST['post_data'] | ||||||
|  |     elif request.POST: | ||||||
|  |         # User's session must have expired; save their post data. | ||||||
|  |         post_data = _encode_post_data(request.POST) | ||||||
|  |     else: | ||||||
|  |         post_data = _encode_post_data({}) | ||||||
|  |     return render_to_response('admin/login.html', { | ||||||
|  |         'title': _('Log in'), | ||||||
|  |         'app_path': request.path, | ||||||
|  |         'post_data': post_data, | ||||||
|  |         'error_message': error_message | ||||||
|  |     }, context_instance=template.RequestContext(request)) | ||||||
|  |  | ||||||
|  | def _encode_post_data(post_data): | ||||||
|  |     from django.conf import settings | ||||||
|  |     pickled = pickle.dumps(post_data) | ||||||
|  |     pickled_md5 = md5.new(pickled + settings.SECRET_KEY).hexdigest() | ||||||
|  |     return base64.encodestring(pickled + pickled_md5) | ||||||
|  |  | ||||||
|  | def _decode_post_data(encoded_data): | ||||||
|  |     from django.conf import settings | ||||||
|  |     encoded_data = base64.decodestring(encoded_data) | ||||||
|  |     pickled, tamper_check = encoded_data[:-32], encoded_data[-32:] | ||||||
|  |     if md5.new(pickled + settings.SECRET_KEY).hexdigest() != tamper_check: | ||||||
|  |         from django.core.exceptions import SuspiciousOperation | ||||||
|  |         raise SuspiciousOperation, "User may have tampered with session cookie." | ||||||
|  |     return pickle.loads(pickled) | ||||||
|  |  | ||||||
| class AdminSite(object): | class AdminSite(object): | ||||||
|     def __init__(self): |     def __init__(self): | ||||||
|         self._registry = {} # model_class -> admin_class |         self._registry = {} # model_class -> admin_class | ||||||
| @@ -31,6 +75,11 @@ class AdminSite(object): | |||||||
|             self._registry[model] = admin_class |             self._registry[model] = admin_class | ||||||
|  |  | ||||||
|     def unregister(self, model_or_iterable): |     def unregister(self, model_or_iterable): | ||||||
|  |         """ | ||||||
|  |         Unregisters the given model(s). | ||||||
|  |  | ||||||
|  |         If a model isn't already registered, this will raise NotRegistered. | ||||||
|  |         """ | ||||||
|         if issubclass(model_or_iterable, Model): |         if issubclass(model_or_iterable, Model): | ||||||
|             model_or_iterable = [model_or_iterable] |             model_or_iterable = [model_or_iterable] | ||||||
|         for model in model_or_iterable: |         for model in model_or_iterable: | ||||||
| @@ -38,6 +87,110 @@ class AdminSite(object): | |||||||
|                 raise NotRegistered('The model %s is not registered' % model.__class__.__name__) |                 raise NotRegistered('The model %s is not registered' % model.__class__.__name__) | ||||||
|             del self._registry[model] |             del self._registry[model] | ||||||
|  |  | ||||||
|  |     def has_permission(self, request): | ||||||
|  |         """ | ||||||
|  |         Returns True if the given HttpRequest has permission to view | ||||||
|  |         *at least one* page in the admin site. | ||||||
|  |         """ | ||||||
|  |         return request.user.is_authenticated() and request.user.is_staff | ||||||
|  |  | ||||||
|  |     def root(self, request, url): | ||||||
|  |         """ | ||||||
|  |         Handles main URL routing for the admin app. | ||||||
|  |  | ||||||
|  |         `url` is the remainder of the URL -- e.g. 'comments/comment/'. | ||||||
|  |         """ | ||||||
|  |         if not self.has_permission(request): | ||||||
|  |             return self.login(request) | ||||||
|  |         url = url.rstrip('/') # Trim trailing slash, if it exists. | ||||||
|  |         if url == '': | ||||||
|  |             return self.index(request) | ||||||
|  |         raise NotImplementedError('Only the admin index page is implemented.') | ||||||
|  |  | ||||||
|  |     def login(self, request): | ||||||
|  |         """ | ||||||
|  |         Displays the login form for the given HttpRequest. | ||||||
|  |         """ | ||||||
|  |         # If this isn't already the login page, display it. | ||||||
|  |         if not request.POST.has_key(LOGIN_FORM_KEY): | ||||||
|  |             if request.POST: | ||||||
|  |                 message = _("Please log in again, because your session has expired. Don't worry: Your submission has been saved.") | ||||||
|  |             else: | ||||||
|  |                 message = "" | ||||||
|  |             return _display_login_form(request, message) | ||||||
|  |  | ||||||
|  |         # Check that the user accepts cookies. | ||||||
|  |         if not request.session.test_cookie_worked(): | ||||||
|  |             message = _("Looks like your browser isn't configured to accept cookies. Please enable cookies, reload this page, and try again.") | ||||||
|  |             return _display_login_form(request, message) | ||||||
|  |  | ||||||
|  |         # Check the password. | ||||||
|  |         username = request.POST.get('username', None) | ||||||
|  |         password = request.POST.get('password', None) | ||||||
|  |         user = authenticate(username=username, password=password) | ||||||
|  |         if user is None: | ||||||
|  |             message = ERROR_MESSAGE | ||||||
|  |             if '@' in username: | ||||||
|  |                 # Mistakenly entered e-mail address instead of username? Look it up. | ||||||
|  |                 try: | ||||||
|  |                     user = User.objects.get(email=username) | ||||||
|  |                 except User.DoesNotExist: | ||||||
|  |                     message = _("Usernames cannot contain the '@' character.") | ||||||
|  |                 else: | ||||||
|  |                     message = _("Your e-mail address is not your username. Try '%s' instead.") % user.username | ||||||
|  |             return _display_login_form(request, message) | ||||||
|  |  | ||||||
|  |         # The user data is correct; log in the user in and continue. | ||||||
|  |         else: | ||||||
|  |             if user.is_active and user.is_staff: | ||||||
|  |                 login(request, user) | ||||||
|  |                 # TODO: set last_login with an event. | ||||||
|  |                 user.last_login = datetime.datetime.now() | ||||||
|  |                 user.save() | ||||||
|  |                 if request.POST.has_key('post_data'): | ||||||
|  |                     post_data = _decode_post_data(request.POST['post_data']) | ||||||
|  |                     if post_data and not post_data.has_key(LOGIN_FORM_KEY): | ||||||
|  |                         # overwrite request.POST with the saved post_data, and continue | ||||||
|  |                         request.POST = post_data | ||||||
|  |                         request.user = user | ||||||
|  |                         return view_func(request, *args, **kwargs) | ||||||
|  |                     else: | ||||||
|  |                         request.session.delete_test_cookie() | ||||||
|  |                         return http.HttpResponseRedirect(request.path) | ||||||
|  |             else: | ||||||
|  |                 return _display_login_form(request, ERROR_MESSAGE) | ||||||
|  |  | ||||||
|  |     def index(self, request): | ||||||
|  |         app_list = [] | ||||||
|  |         user = request.user | ||||||
|  |         for model, model_admin in self._registry.items(): | ||||||
|  |             app_label = model._meta.app_label | ||||||
|  |             has_module_perms = user.has_module_perms(app_label) | ||||||
|  |             if has_module_perms: | ||||||
|  |                 perms = { | ||||||
|  |                     'add': user.has_perm("%s.%s" % (app_label, model._meta.get_add_permission())), | ||||||
|  |                     'change': user.has_perm("%s.%s" % (app_label, model._meta.get_change_permission())), | ||||||
|  |                     'delete': user.has_perm("%s.%s" % (app_label, model._meta.get_delete_permission())), | ||||||
|  |                 } | ||||||
|  |  | ||||||
|  |                 # Check whether user has any perm for this module. | ||||||
|  |                 # If so, add the module to the model_list. | ||||||
|  |                 if True in perms.values(): | ||||||
|  |                     model_dict = { | ||||||
|  |                         'name': capfirst(model._meta.verbose_name_plural), | ||||||
|  |                         'admin_url': '%s/%s/' % (app_label, model.__name__.lower()), | ||||||
|  |                         'perms': perms, | ||||||
|  |                     } | ||||||
|  |                     app_list.append({ | ||||||
|  |                         'name': app_label.title(), | ||||||
|  |                         'has_module_perms': has_module_perms, | ||||||
|  |                         'models': [model_dict], | ||||||
|  |                     }) | ||||||
|  |         return render_to_response('admin/index.html', { | ||||||
|  |             'title': _('Site administration'), | ||||||
|  |             'app_list': app_list, | ||||||
|  |         }, context_instance=template.RequestContext(request)) | ||||||
|  |  | ||||||
| # This global object represents the default admin site, for the common case. | # This global object represents the default admin site, for the common case. | ||||||
| # You can instantiate AdminSite in your own code to create a custom admin site. | # You can instantiate AdminSite in your own code to create a custom admin site. | ||||||
| site = AdminSite() | site = AdminSite() | ||||||
|   | |||||||
| @@ -12,9 +12,6 @@ | |||||||
| {% block content %} | {% block content %} | ||||||
| <div id="content-main"> | <div id="content-main"> | ||||||
|  |  | ||||||
| {% load adminapplist %} |  | ||||||
|  |  | ||||||
| {% get_admin_app_list as app_list %} |  | ||||||
| {% if app_list %} | {% if app_list %} | ||||||
|     {% for app in app_list %} |     {% for app in app_list %} | ||||||
|         <div class="module"> |         <div class="module"> | ||||||
|   | |||||||
| @@ -1,79 +0,0 @@ | |||||||
| from django import template |  | ||||||
| from django.db.models import get_models |  | ||||||
|  |  | ||||||
| register = template.Library() |  | ||||||
|  |  | ||||||
| class AdminApplistNode(template.Node): |  | ||||||
|     def __init__(self, varname): |  | ||||||
|         self.varname = varname |  | ||||||
|  |  | ||||||
|     def render(self, context): |  | ||||||
|         from django.db import models |  | ||||||
|         from django.utils.text import capfirst |  | ||||||
|         app_list = [] |  | ||||||
|         user = context['user'] |  | ||||||
|  |  | ||||||
|         for app in models.get_apps(): |  | ||||||
|             # Determine the app_label. |  | ||||||
|             app_models = get_models(app) |  | ||||||
|             if not app_models: |  | ||||||
|                 continue |  | ||||||
|             app_label = app_models[0]._meta.app_label |  | ||||||
|  |  | ||||||
|             has_module_perms = user.has_module_perms(app_label) |  | ||||||
|  |  | ||||||
|             if has_module_perms: |  | ||||||
|                 model_list = [] |  | ||||||
|                 for m in app_models: |  | ||||||
|                     if m._meta.admin: |  | ||||||
|                         perms = { |  | ||||||
|                             'add': user.has_perm("%s.%s" % (app_label, m._meta.get_add_permission())), |  | ||||||
|                             'change': user.has_perm("%s.%s" % (app_label, m._meta.get_change_permission())), |  | ||||||
|                             'delete': user.has_perm("%s.%s" % (app_label, m._meta.get_delete_permission())), |  | ||||||
|                         } |  | ||||||
|  |  | ||||||
|                         # Check whether user has any perm for this module. |  | ||||||
|                         # If so, add the module to the model_list. |  | ||||||
|                         if True in perms.values(): |  | ||||||
|                             model_list.append({ |  | ||||||
|                                 'name': capfirst(m._meta.verbose_name_plural), |  | ||||||
|                                 'admin_url': '%s/%s/' % (app_label, m.__name__.lower()), |  | ||||||
|                                 'perms': perms, |  | ||||||
|                             }) |  | ||||||
|  |  | ||||||
|                 if model_list: |  | ||||||
|                     # Sort using verbose decorate-sort-undecorate pattern |  | ||||||
|                     # instead of key argument to sort() for python 2.3 compatibility |  | ||||||
|                     decorated = [(x['name'], x) for x in model_list] |  | ||||||
|                     decorated.sort() |  | ||||||
|                     model_list = [x for key, x in decorated] |  | ||||||
|  |  | ||||||
|                     app_list.append({ |  | ||||||
|                         'name': app_label.title(), |  | ||||||
|                         'has_module_perms': has_module_perms, |  | ||||||
|                         'models': model_list, |  | ||||||
|                     }) |  | ||||||
|         context[self.varname] = app_list |  | ||||||
|         return '' |  | ||||||
|  |  | ||||||
| def get_admin_app_list(parser, token): |  | ||||||
|     """ |  | ||||||
|     Returns a list of installed applications and models for which the current user |  | ||||||
|     has at least one permission. |  | ||||||
|  |  | ||||||
|     Syntax:: |  | ||||||
|      |  | ||||||
|         {% get_admin_app_list as [context_var_containing_app_list] %} |  | ||||||
|  |  | ||||||
|     Example usage:: |  | ||||||
|  |  | ||||||
|         {% get_admin_app_list as admin_app_list %} |  | ||||||
|     """ |  | ||||||
|     tokens = token.contents.split() |  | ||||||
|     if len(tokens) < 3: |  | ||||||
|         raise template.TemplateSyntaxError, "'%s' tag requires two arguments" % tokens[0] |  | ||||||
|     if tokens[1] != 'as': |  | ||||||
|         raise template.TemplateSyntaxError, "First argument to '%s' tag must be 'as'" % tokens[0] |  | ||||||
|     return AdminApplistNode(tokens[2]) |  | ||||||
|  |  | ||||||
| register.tag('get_admin_app_list', get_admin_app_list) |  | ||||||
		Reference in New Issue
	
	Block a user