Python permissions.get_object_owner函数代码示例

 def test_management_command_with_dry_run(self):
     """Check that command works fine."""
     ObjectAccess.objects.all().delete()
     mbox = models.Mailbox.objects.all()[0]
     # assert mbox has no owner
     self.assertIs(get_object_owner(mbox), None)
     # show problems. run in quiet mode because we dont want output in tests
     management.call_command("modo", "repair", "--quiet", "--dry-run")
     # assert its not fixed
     self.assertIs(get_object_owner(mbox), None)

 def test_management_command(self):
     """Check that command works fine."""
     ObjectAccess.objects.all().delete()
     mbox = models.Mailbox.objects.first()
     alias = models.Alias.objects.first()
     # assert mbox has no owner
     self.assertIs(get_object_owner(mbox), None)
     # fix it. run in quiet mode because we dont want output in tests
     ret = management.call_command("modo", "repair", "--quiet")
     assert ret is None
     # assert it's fixed
     self.assertIsNot(get_object_owner(mbox), None)
     self.assertIsNot(get_object_owner(alias), None)

def update_permissions(sender, instance, **kwargs):
    """Permissions cleanup."""
    request = get_request()
    # request migth be None (management command context)
    if request:
        from_user = request.user
        if from_user == instance:
            raise exceptions.PermDeniedException(
                _("You can't delete your own account")
            )

        if not from_user.can_access(instance):
            raise exceptions.PermDeniedException

    # We send an additional signal before permissions are removed
    core_signals.account_deleted.send(
        sender="update_permissions", user=instance)
    owner = permissions.get_object_owner(instance)
    if owner == instance:
        # The default admin is being removed...
        owner = from_user
    # Change ownership of existing objects
    for ooentry in instance.objectaccess_set.filter(is_owner=True):
        if ooentry.content_object is not None:
            permissions.grant_access_to_object(
                owner, ooentry.content_object, True)
            permissions.ungrant_access_to_object(
                ooentry.content_object, instance)
    # Remove existing permissions on this user
    permissions.ungrant_access_to_object(instance)

 def fix_owner(self, model, dry_run=False, **options):
     for obj in model.objects.all():
         kw = dict(
             cls=model.__name__,
             obj=obj
         )
         if get_object_owner(obj) is None:
             if dry_run:
                 self.log(
                     "  {cls} {obj} has no owner".format(**kw),
                     **options)
             else:
                 if isinstance(obj, User):
                     admin = User.objects.filter(is_superuser=True,
                                                 is_active=True).first()
                 elif isinstance(obj, models.Domain):
                     admin = obj.admins.first()
                 elif isinstance(obj, models.DomainAlias):
                     admin = obj.target.admins.first()
                 else:
                     admin = obj.domain.admins.first()
                 if not admin:
                     # domain has no admin. use the first superuser found
                     admin = User.objects.filter(is_superuser=True,
                                                 is_active=True).first()
                 grant_access_to_object(admin, obj, is_owner=True)
                 kw['admin'] = admin
                 self.log(
                     "  {cls} {obj} is now owned by {admin}".format(**kw),
                     **options)

def fix_owner(qs, dry_run=False, **options):
    """Fix ownership for orphan objects."""
    model = qs.model
    for obj in qs:
        kw = {"cls": model.__name__, "obj": obj}
        if get_object_owner(obj) is not None:
            continue
        if dry_run:
            log("  {cls} {obj} has no owner".format(**kw), **options)
            continue
        if isinstance(obj, User):
            admin = User.objects.filter(
                is_superuser=True, is_active=True).first()
        elif isinstance(obj, models.Domain):
            admin = obj.admins.first()
        elif isinstance(obj, models.DomainAlias):
            admin = obj.target.admins.first()
        else:
            admin = obj.domain.admins.first()
        if not admin:
            # Fallback: use the first superuser found
            admin = User.objects.filter(
                is_superuser=True, is_active=True).first()
        grant_access_to_object(admin, obj, is_owner=True)
        kw["admin"] = admin
        log("  {cls} {obj} is now owned by {admin}".format(**kw),
            **options)

def on_account_modified(old, new):
    """Update limits when roles are updated"""
    owner = get_object_owner(old)
    if owner.group not in ["SuperAdmins", "Resellers"]:
        # Domain admins can't change the role so nothing to check.
        return

    if new.group != "SuperAdmins":
        # Check if account needs a pool (case: a superadmin is
        # downgraded)
        try:
            pool = new.limitspool
        except LimitsPool.DoesNotExist:
            p = LimitsPool(user=new)
            p.save()
            p.create_limits(owner)

    if new.group not in ["DomainAdmins", "Resellers"]:
        move_pool_resource(owner, new)

    if old.oldgroup == "DomainAdmins":
        if new.group != "DomainAdmins":
            dec_limit_usage(owner, 'domain_admins_limit')
        return

    if new.group == "DomainAdmins":
        check_limit(owner, 'domain_admins_limit')
        inc_limit_usage(owner, 'domain_admins_limit')

    def delete(self, fromuser, *args, **kwargs):
        """Custom delete method

        To check permissions properly, we need to make a distinction
        between 2 cases:

        * If the user owns a mailbox, the check is made on that object
          (useful for domain admins)

        * Otherwise, the check is made on the user
        """
        from modoboa.lib.permissions import \
            get_object_owner, grant_access_to_object, ungrant_access_to_object

        if fromuser == self:
            raise PermDeniedException(
                _("You can't delete your own account")
            )

        if not fromuser.can_access(self):
            raise PermDeniedException

        owner = get_object_owner(self)
        for ooentry in self.objectaccess_set.filter(is_owner=True):
            if ooentry.content_object is not None:
                grant_access_to_object(owner, ooentry.content_object, True)

        events.raiseEvent("AccountDeleted", self, fromuser, **kwargs)
        ungrant_access_to_object(self)
        super(User, self).delete()

def dec_nb_mailboxes(mailboxes):
    from modoboa.extensions.admin.models import Mailbox

    if isinstance(mailboxes, Mailbox):
        mailboxes = [mailboxes]
    for mailbox in mailboxes:
        owner = get_object_owner(mailbox)
        dec_limit_usage(owner, 'mailboxes_limit')

def dec_nb_mbaliases(mailboxaliases):
    from modoboa.extensions.admin.models import Alias

    if isinstance(mailboxaliases, Alias):
        mailboxaliases = [mailboxaliases]
    for alias in mailboxaliases:
        owner = get_object_owner(alias)
        dec_limit_usage(owner, 'mailbox_aliases_limit')

def dec_nb_domaliases(domainaliases):
    from modoboa.extensions.admin.models import DomainAlias

    if isinstance(domainaliases, DomainAlias):
        domainaliases = [domainaliases]
    for domainalias in domainaliases:
        owner = get_object_owner(domainalias)
        dec_limit_usage(owner, 'domain_aliases_limit')

def on_account_deleted(account, byuser, **kwargs):
    owner = get_object_owner(account)
    if owner.group not in ["SuperAdmins", "Resellers"]:
        return

    move_pool_resource(owner, account)

    if account.group == "DomainAdmins":
        dec_limit_usage(owner, 'domain_admins_limit')

def on_account_deleted(account):
    owner = get_object_owner(account)
    if not owner.group in ["SuperAdmins", "Resellers"]:
        return

    move_pool_resource(owner, account)

    if account.group == "DomainAdmins":
        dec_limit(owner, 'domain_admins_limit')

def move_pool_resource(sender, account, role, **kwargs):
    """Move remaining resource to owner if needed."""
    owner = permissions.get_object_owner(account)
    if not owner or owner.is_superuser or owner.role != "Resellers":
        # Domain admins can't change the role so nothing to check.
        return

    if role not in ["DomainAdmins", "Resellers"]:
        utils.move_pool_resource(owner, account)

def on_account_modified(old, new):
    """Update limits when roles are updated"""
    owner = get_object_owner(old)
    if owner.group not in ["SuperAdmins", "Resellers"]:
        # Domain admins can't change the role so nothing to check.
        return

    if new.group not in ["DomainAdmins", "Resellers"]:
        move_pool_resource(owner, new)

def dec_nb_domains(domain):
    owner = get_object_owner(domain)
    dec_limit(owner, 'domains_limit')
    for domalias in domain.domainalias_set.all():
        dec_nb_domaliases(domalias)
    for mailbox in domain.mailbox_set.all():
        dec_nb_mailboxes(mailbox)
    for mbalias in domain.alias_set.all():
        dec_nb_mbaliases(mbalias)