\j:(ddlmZddlmZddlmZmZddlmZddl m Z m Z m Z ddl mZddlmZddlmZmZmZmZdd lmZej0Zej2ZGd d ej4ZGd d eZddZdddefdZdZy)wraps)settings)REDIRECT_FIELD_NAMEmixins)redirect_to_login) FieldErrorImproperlyConfiguredPermissionDenied)get_object_or_404) force_str) CreateView DeleteView DetailView UpdateView)BaseCreateViewceZdZdZdZdZy)PermissionRequiredMixina CBV mixin to provide object-level permission checking to views. Best used with views that inherit from ``SingleObjectMixin`` (``DetailView``, ``UpdateView``, etc.), though not required. The single requirement is for a ``get_object`` method to be available in the view. If there's no ``get_object`` method, permission checking is model-level, that is exactly like Django's ``PermissionRequiredMixin``. ct|ts1t|dr%t|jr|j Sy)z Override this method to provide the object to check for permission against. By default uses ``self.get_object()`` as provided by ``SingleObjectMixin``. Returns None if there's no ``get_object`` method. get_objectN) isinstancerhasattrcallabler)selfs =/root/env/lib/python3.12/site-packages/rules/contrib/views.pyget_permission_objectz-PermissionRequiredMixin.get_permission_objects3$/t\*x/H((c|j}|j}|jjj ||SN)rget_permission_requiredrequestuser has_perms)robjpermss rhas_permissionz&PermissionRequiredMixin.has_permission,s;((*,,.||  **5#66rN)__name__ __module__ __qualname____doc__rr&rrrrs 7rrc>eZdZdZedfedfedfedfgZfdZ xZ S)AutoPermissionRequiredMixina An extended variant of PermissionRequiredMixin which automatically determines the permission to check based on the type of view it's used with. It works by checking the current view for being an instance of a pre-defined list of view types. On a match, the corresponding permission type (such as "add" or "change") is converted into the full model-specific permission name and checked. See the permission_type_map attribute for the default view type -> permission type mappings. When a view using this mixin has an attribute ``permission_type``, that type is used directly and overwrites the permission_type_map for the particular view. A permission type of ``None`` (either as ``permission_type`` or in ``permission_type_map``) causes permission checking to be skipped. If the type of permission to check for should depend on dynamic factors other than the view type, you may overwrite the ``permission_type`` attribute with a ``@property``. The ``permission_required`` attribute behaves like it does in ``PermissionRequiredMixin`` and can be used to specify concrete permission name(s) to be checked in addition to the automatically derived one. NOTE: The model-based permission registration from ``rules.contrib.models`` must be used with the models for which you create views using this mixin, because the permission names are derived via ``RulesModelMixin.get_perm()`` internally. The second requirement is the presence of either an attribute ``model`` holding the ``Model`` the view acts on, or the ``get_queryset()`` method as provided by Django's ``SingleObjectMixin``. Hence with the normal model views, you don't need to care about anything. addchangedeleteviewc |j}g}|It|dd}||jj}|j|j||j|jt|A|S#t$rU|jD]\}}t||s|}n/t dj |j jYwxYw)zDV//>   s B'C%/3C%$C%) r'r(r)r*rrrrr6r __classcell__)r8s@rr-r-2s=P U X X V rr-cfd}|S)a Helper that returns a function suitable for use as the ``fn`` argument to the ``permission_required`` decorator. Internally uses ``get_object_or_404``, so keep in mind that this may raise ``Http404``. ``model`` can be a model class, manager or queryset. ``attr_name`` is the name of the view attribute. ``field_name`` is the model's field name by which the lookup is made, eg. "id", "slug", etc. c |vr8tdjdj|j t fi|iS#t $rtdjwxYw)Nz5Argument {0} is not available. Given arguments: [{1}]z, z Model {0} has no field named {1})r r7joinkeysr r )r! view_args view_kwargs attr_name field_namer3s r_getterzobjectgetter.._getters K '&GNNtyy)9)9);<   $USz;y;Q.RS S &299%L  s A%A5r+)r3rJrKrLs``` r objectgetterrMs  NrNFc"fd}|S)a View decorator that checks for the given permissions before allowing the view to execute. Use it like this:: from django.shortcuts import get_object_or_404 from rules.contrib.views import permission_required from posts.models import Post def get_post_by_pk(request, post_id): return get_object_or_404(Post, pk=post_id) @permission_required('posts.change_post', fn=get_post_by_pk) def post_update(request, post_id): # ... ``perm`` is either a permission name as a string, or a list of permission names. ``fn`` is an optional callback that receives the same arguments as those passed to the decorated view and must return the object to check permissions against. If omitted, the decorator behaves just like Django's ``permission_required`` decorator, i.e. checks for model-level permissions. ``raise_exception`` is a boolean specifying whether to raise a ``django.core.exceptions.PermissionDenied`` exception if the check fails. You will most likely want to set this argument to ``True`` if you have specified a custom 403 response handler in your urlconf. If ``False``, the user will be redirected to the URL specified by ``login_url``. ``login_url`` is an optional custom URL to redirect the user to if permissions check fails. If omitted or empty, ``settings.LOGIN_URL`` is used. c:tfd}|S)Ncttrf}n}tr |g|i|}n}|j}|j ||s$ r t t | j S |g|i|Sr)rstrrr"r#r _redirect_to_loginr') r!argskwargsr%r$r"fn login_urlpermraise_exceptionredirect_field_name view_funcs r _wrapped_viewz=permission_required..decorator.._wrapped_views$$|24262<>%-"*,,-!3!3Y@S !:4:6::rr)rZr[rUrVrWrXrYs` r decoratorz&permission_required..decorators' y  ; ;  ;:rr+)rWrUrVrXrYr\s````` rr=r=sRB rc|xstj}|stdj|t |}t |j ||S)Nzpermission_required({0}): You must either provide the "login_url" argument to the "permission_required" decorator or configure settings.LOGIN_URL)r LOGIN_URLr r7r r get_full_path)r! view_namerVrY redirect_urls rrRrRsV2 2 2L " 88>y8I  \*L W224lDW XXr)pkrb) functoolsr django.confrdjango.contrib.authrrdjango.contrib.auth.viewsrdjango.core.exceptionsr r r django.shortcutsr django.utils.encodingr django.views.genericrrrrdjango.views.generic.editrLoginRequiredMixinUserPassesTestMixinrr-rMr=rRr+rrrns ;7UU.+OO5..007f<<7>M"9M`B + JZ Yr