本文整理汇总了Python中modoboa.lib.permissions.grant_access_to_object函数的典型用法代码示例。如果您正苦于以下问题:Python grant_access_to_object函数的具体用法?Python grant_access_to_object怎么用?Python grant_access_to_object使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了grant_access_to_object函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: account_auto_created
def account_auto_created(user):
from modoboa.core.models import User
from modoboa.lib.permissions import grant_access_to_object
localpart, domname = split_mailbox(user.username)
if user.group != 'SimpleUsers' and domname is None:
return
sadmins = User.objects.filter(is_superuser=True)
try:
domain = Domain.objects.get(name=domname)
except Domain.DoesNotExist:
domain = Domain(name=domname, enabled=True, quota=0)
domain.save(creator=sadmins[0])
for su in sadmins[1:]:
grant_access_to_object(su, domain)
try:
mb = Mailbox.objects.get(domain=domain, address=localpart)
except Mailbox.DoesNotExist:
mb = Mailbox(
address=localpart, domain=domain, user=user, use_domain_quota=True
)
mb.set_quota(override_rules=True)
mb.save(creator=sadmins[0])
for su in sadmins[1:]:
grant_access_to_object(su, mb)
示例2: role
def role(self, role):
"""Set administrative role for this account
:param string role: the role to set
"""
if role is None or self.role == role:
return
signals.account_role_changed.send(
sender=self.__class__, account=self, role=role)
self.groups.clear()
if role == "SuperAdmins":
self.is_superuser = True
else:
if self.is_superuser:
ObjectAccess.objects.filter(user=self).delete()
self.is_superuser = False
try:
self.groups.add(Group.objects.get(name=role))
except Group.DoesNotExist:
self.groups.add(Group.objects.get(name="SimpleUsers"))
if role != "SimpleUsers" and not self.can_access(self):
from modoboa.lib.permissions import grant_access_to_object
grant_access_to_object(self, self)
self.save()
self._role = role
示例3: account_auto_created
def account_auto_created(user):
from modoboa.core.models import User
from modoboa.lib.permissions import grant_access_to_object
from .lib import check_if_domain_exists
if parameters.get_admin("AUTO_CREATE_DOMAIN_AND_MAILBOX") == "no":
return
localpart, domname = split_mailbox(user.username)
if user.group != 'SimpleUsers' and domname is None:
return
sadmins = User.objects.filter(is_superuser=True)
try:
domain = Domain.objects.get(name=domname)
except Domain.DoesNotExist:
label = check_if_domain_exists(
domname, [(DomainAlias, _('domain alias'))])
if label is not None:
return
domain = Domain(name=domname, enabled=True, quota=0)
domain.save(creator=sadmins[0])
for su in sadmins[1:]:
grant_access_to_object(su, domain)
try:
mb = Mailbox.objects.get(domain=domain, address=localpart)
except Mailbox.DoesNotExist:
mb = Mailbox(
address=localpart, domain=domain, user=user, use_domain_quota=True
)
mb.set_quota(override_rules=True)
mb.save(creator=sadmins[0])
for su in sadmins[1:]:
grant_access_to_object(su, mb)
示例4: delete
def delete(self, fromuser, *args, **kwargs):
"""Custom delete method
To check permissions properly, we need to make a distinction
between 2 cases:
* If the user owns a mailbox, the check is made on that object
(useful for domain admins)
* Otherwise, the check is made on the user
"""
from modoboa.lib.permissions import \
get_object_owner, grant_access_to_object, ungrant_access_to_object
if fromuser == self:
raise PermDeniedException(
_("You can't delete your own account")
)
if not fromuser.can_access(self):
raise PermDeniedException
owner = get_object_owner(self)
for ooentry in self.objectaccess_set.filter(is_owner=True):
if ooentry.content_object is not None:
grant_access_to_object(owner, ooentry.content_object, True)
events.raiseEvent("AccountDeleted", self, fromuser, **kwargs)
ungrant_access_to_object(self)
super(User, self).delete()
示例5: update_permissions
def update_permissions(sender, instance, **kwargs):
"""Permissions cleanup."""
request = get_request()
# request migth be None (management command context)
if request:
from_user = request.user
if from_user == instance:
raise exceptions.PermDeniedException(
_("You can't delete your own account")
)
if not from_user.can_access(instance):
raise exceptions.PermDeniedException
# We send an additional signal before permissions are removed
core_signals.account_deleted.send(
sender="update_permissions", user=instance)
owner = permissions.get_object_owner(instance)
if owner == instance:
# The default admin is being removed...
owner = from_user
# Change ownership of existing objects
for ooentry in instance.objectaccess_set.filter(is_owner=True):
if ooentry.content_object is not None:
permissions.grant_access_to_object(
owner, ooentry.content_object, True)
permissions.ungrant_access_to_object(
ooentry.content_object, instance)
# Remove existing permissions on this user
permissions.ungrant_access_to_object(instance)
示例6: post_create
def post_create(self, creator):
from modoboa.lib.permissions import grant_access_to_object
grant_access_to_object(creator, self, is_owner=True)
events.raiseEvent("MailboxAliasCreated", creator, self)
if creator.is_superuser:
for admin in self.domain.admins:
grant_access_to_object(admin, self)
示例7: fix_owner
def fix_owner(qs, dry_run=False, **options):
"""Fix ownership for orphan objects."""
model = qs.model
for obj in qs:
kw = {"cls": model.__name__, "obj": obj}
if get_object_owner(obj) is not None:
continue
if dry_run:
log(" {cls} {obj} has no owner".format(**kw), **options)
continue
if isinstance(obj, User):
admin = User.objects.filter(
is_superuser=True, is_active=True).first()
elif isinstance(obj, models.Domain):
admin = obj.admins.first()
elif isinstance(obj, models.DomainAlias):
admin = obj.target.admins.first()
else:
admin = obj.domain.admins.first()
if not admin:
# Fallback: use the first superuser found
admin = User.objects.filter(
is_superuser=True, is_active=True).first()
grant_access_to_object(admin, obj, is_owner=True)
kw["admin"] = admin
log(" {cls} {obj} is now owned by {admin}".format(**kw),
**options)
示例8: account_auto_created
def account_auto_created(sender, user, **kwargs):
"""New account has been auto-created, build the rest."""
if not param_tools.get_global_parameter("auto_create_domain_and_mailbox"):
return
localpart, domname = split_mailbox(user.username)
if user.role != 'SimpleUsers' and domname is None:
return
sadmins = core_models.User.objects.filter(is_superuser=True)
try:
domain = models.Domain.objects.get(name=domname)
except models.Domain.DoesNotExist:
label = lib.check_if_domain_exists(
domname, [(models.DomainAlias, _("domain alias"))])
if label is not None:
return
domain = models.Domain(
name=domname, enabled=True, default_mailbox_quota=0)
domain.save(creator=sadmins[0])
for su in sadmins[1:]:
permissions.grant_access_to_object(su, domain)
qset = models.Mailbox.objects.filter(domain=domain, address=localpart)
if not qset.exists():
mb = models.Mailbox(
address=localpart, domain=domain, user=user, use_domain_quota=True
)
mb.set_quota(override_rules=True)
mb.save(creator=sadmins[0])
for su in sadmins[1:]:
permissions.grant_access_to_object(su, mb)
示例9: fix_owner
def fix_owner(self, model, dry_run=False, **options):
for obj in model.objects.all():
kw = dict(
cls=model.__name__,
obj=obj
)
if get_object_owner(obj) is None:
if dry_run:
self.log(
" {cls} {obj} has no owner".format(**kw),
**options)
else:
if isinstance(obj, User):
admin = User.objects.filter(is_superuser=True,
is_active=True).first()
elif isinstance(obj, models.Domain):
admin = obj.admins.first()
elif isinstance(obj, models.DomainAlias):
admin = obj.target.admins.first()
else:
admin = obj.domain.admins.first()
if not admin:
# domain has no admin. use the first superuser found
admin = User.objects.filter(is_superuser=True,
is_active=True).first()
grant_access_to_object(admin, obj, is_owner=True)
kw['admin'] = admin
self.log(
" {cls} {obj} is now owned by {admin}".format(**kw),
**options)
示例10: fix_permissions
def fix_permissions():
from modoboa.admin.models.domain import Domain
from modoboa.admin.models.mailbox import Mailbox
from modoboa.lib.permissions import grant_access_to_object
for d in Domain.objects.all():
print('Fixing %r' % d)
mailboxes = Mailbox.objects.filter(domain=d)
for admin in d.admins:
for mailbox in mailboxes:
grant_access_to_object(admin, mailbox)
grant_access_to_object(admin, mailbox.user)
示例11: post_create
def post_create(self, creator):
from modoboa.lib.permissions import grant_access_to_object
super(Mailbox, self).post_create(creator)
if creator.is_superuser and not self.user.has_perm("admin.add_domain"):
# A super user is creating a new mailbox. Give
# access to that mailbox (and the associated
# account) to the appropriate domain admins,
# except if the new account has a more important
# role (SuperAdmin, Reseller)
for admin in self.domain.admins:
grant_access_to_object(admin, self)
grant_access_to_object(admin, self.user)
示例12: populate_callback
def populate_callback(user, group='SimpleUsers'):
"""Populate callback
If the LDAP authentication backend is in use, this callback will
be called each time a new user authenticates succesfuly to
Modoboa. This function is in charge of creating the mailbox
associated to the provided ``User`` object.
:param user: a ``User`` instance
"""
from modoboa.lib.permissions import grant_access_to_object
sadmins = User.objects.filter(is_superuser=True)
user.set_role(group)
user.post_create(sadmins[0])
for su in sadmins[1:]:
grant_access_to_object(su, user)
events.raiseEvent("AccountAutoCreated", user)
示例13: post_create
def post_create(self, creator):
from modoboa.lib.permissions import grant_access_to_object
super(Mailbox, self).post_create(creator)
conditions = (
creator.has_perm("admin.add_mailbox"),
not self.user.has_perm("admin.add_domain")
)
if all(conditions):
# An admin is creating a new mailbox. Give
# access to that mailbox (and the associated
# account) to the appropriate domain admins,
# except if the new account has a more important
# role (SuperAdmin, Reseller)
for admin in self.domain.admins:
if admin == creator:
continue
grant_access_to_object(admin, self)
grant_access_to_object(admin, self.user)
示例14: add_admin
def add_admin(self, account):
"""Add a new administrator for this domain
:param User account: the administrotor to add
"""
from modoboa.lib.permissions import grant_access_to_object
grant_access_to_object(account, self)
for mb in self.mailbox_set.all():
if mb.user.has_perm("admin.add_domain"):
continue
grant_access_to_object(account, mb)
grant_access_to_object(account, mb.user)
for al in self.alias_set.all():
grant_access_to_object(account, al)
示例15: populate_callback
def populate_callback(user):
"""Populate callback
If the LDAP authentication backend is in use, this callback will
be called each time a new user authenticates succesfuly to
Modoboa. This function is in charge of creating the mailbox
associated to the provided ``User`` object.
:param user: a ``User`` instance
"""
from modoboa.lib.permissions import grant_access_to_object
sadmins = User.objects.filter(is_superuser=True)
user.set_role("SimpleUsers")
user.post_create(sadmins[0])
for su in sadmins[1:]:
grant_access_to_object(su, user)
localpart, domname = split_mailbox(user.username)
try:
domain = Domain.objects.get(name=domname)
except Domain.DoesNotExist:
domain = Domain(name=domname, enabled=True, quota=0)
domain.save(creator=sadmins[0])
for su in sadmins[1:]:
grant_access_to_object(su, domain)
try:
mb = Mailbox.objects.get(domain=domain, address=localpart)
except Mailbox.DoesNotExist:
mb = Mailbox(address=localpart, domain=domain, user=user, use_domain_quota=True)
mb.set_quota(override_rules=True)
mb.save(creator=sadmins[0])
for su in sadmins[1:]:
grant_access_to_object(su, mb)