htf*ddlmZddlmZddlmZmZddlmZm Z ddl m Z e Z ddl m Z mZddlmZGdd ZGd d ZGd d ZGddZy))Iterable)settings)login_requiredREDIRECT_FIELD_NAME)ImproperlyConfiguredPermissionDenied)get_user_obj_perms_model)get_40x_or_Noneget_anonymous_user)get_objects_for_userc>eZdZdZeZejZfdZ xZ S)LoginRequiredMixinay A login required mixin for use with class based views. This Class is a light wrapper around the `login_required` decorator and hence function parameters are just attributes defined on the class. Due to parent class order traversal this mixin must be added as the left most mixin of a view. The mixin has exactly the same flow as `login_required` decorator: If the user isn't logged in, redirect to ``settings.LOGIN_URL``, passing the current absolute path in the query string. Example: ``/accounts/login/?next=/polls/3/``. If the user is logged in, execute the view normally. The view code is free to assume the user is logged in. **Class Settings** ``LoginRequiredMixin.redirect_field_name`` *Default*: ``'next'`` ``LoginRequiredMixin.login_url`` *Default*: ``settings.LOGIN_URL`` cvt|j|jt||g|i|S)N)redirect_field_name login_url)rrrsuperdispatch)selfrequestargskwargs __class__s Y/var/www/html/software/conda/envs/higlass/lib/python3.12/site-packages/guardian/mixins.pyrzLoginRequiredMixin.dispatch,sS 8~$2J2J(,8 G   $$#$ $) __name__ __module__ __qualname____doc__rrr LOGIN_URLrr __classcell__rs@rrr s%8.""I$$rrcreZdZdZej ZdZeZ dZ dZ dZ dZ dZd dZdZdZd dZfdZxZS) PermissionRequiredMixina A view mixin that verifies if the current logged in user has the specified permission by wrapping the ``request.user.has_perm(..)`` method. If a `get_object()` method is defined either manually or by including another mixin (for example ``SingleObjectMixin``) or ``self.object`` is defined then the permission will be tested against that specific instance, alternatively you can specify `get_permission_object()` method if ``self.object`` or `get_object()` does not return the object against you want to test permission .. note: Testing of a permission against a specific object instance requires an authentication backend that supports. Please see ``django-guardian`` to add object level permissions to your project. The mixin does the following: If the user isn't logged in, redirect to settings.LOGIN_URL, passing the current absolute path in the query string. Example: /accounts/login/?next=/polls/3/. If the `raise_exception` is set to True than rather than redirect to login page a `PermissionDenied` (403) is raised. If the user is logged in, and passes the permission check than the view is executed normally. **Example Usage**:: class SecureView(PermissionRequiredMixin, View): ... permission_required = 'auth.change_user' ... **Class Settings** ``PermissionRequiredMixin.permission_required`` *Default*: ``None``, must be set to either a string or list of strings in format: *.*. ``PermissionRequiredMixin.login_url`` *Default*: ``settings.LOGIN_URL`` ``PermissionRequiredMixin.redirect_field_name`` *Default*: ``'next'`` ``PermissionRequiredMixin.return_403`` *Default*: ``False``. Returns 403 error page instead of redirecting user. ``PermissionRequiredMixin.return_404`` *Default*: ``False``. Returns 404 error page instead of redirecting user. ``PermissionRequiredMixin.raise_exception`` *Default*: ``False`` `permission_required` - the permission to check of form "." i.e. 'polls.can_vote' for a permission on a model in the polls application. ``PermissionRequiredMixin.accept_global_perms`` *Default*: ``False``, If accept_global_perms would be set to True, then mixing would first check for global perms, if none found, then it will proceed to check object level permissions. ``PermissionRequiredMixin.permission_object`` *Default*: ``(not set)``, object against which test the permission; if not set fallback to ``self.get_permission_object()`` which return ``self.get_object()`` or ``self.object`` by default. ``PermissionRequiredMixin.any_perm`` *Default*: ``False``. if True, any of permission in sequence is accepted. NFct|jtr|jg}|St|jtr|jDcgc]}|}}|St d|jzcc}wa  Returns list of permissions in format *.* that should be checked against *request.user* and *object*. By default, it returns list from ``permission_required`` attribute. :param request: Original request. z'PermissionRequiredMixin' requires 'permission_required' attribute to be set to '.' but is set to '%s' instead isinstancepermission_requiredstrrrrrpermsps rget_required_permissionsz0PermissionRequiredMixin.get_required_permissions d.. 4--.E 00( ; $ 8 891Q9E9  '(h*.)A)A(BC C: A7ct|dr |jSt|dxr|jxs t|ddS)Npermission_object get_objectobject)hasattrr1r2getattr)rs rget_permission_objectz-PermissionRequiredMixin.get_permission_objectsE 4, -)) )l+A0A.h- /rc @|j}t||j|||j|j|j |j |j|j }|r|j||||r|jr t|S)z Checks if *request.user* has all permissions returned by *get_required_permissions* method. :param request: Original request. )r+objrr return_403 return_404accept_global_permsany_perm)r8) r6r r-rrr9r:r;r<on_permission_check_failraise_exceptionr)rrr8 forbiddens rcheck_permissionsz)PermissionRequiredMixin.check_permissionss((*#G*.*G*G(/+1(+.2nn8<8P8P/3/38<8P8P-1]] &    ) )'9# ) F --"$ $rcy)a Method called upon permission check fail. By default it does nothing and should be overridden, if needed. :param request: Original request :param response: 403 response returned by *check_permissions* method. :param obj: Object that was fetched from the view (using ``get_object`` method or ``object`` attribute, in that order). N)rrresponser8s rr=z0PermissionRequiredMixin.on_permission_check_failsrc~||_||_||_|j|}|r|St ||g|i|SN)rrrr@rr)rrrrrCrs rrz PermissionRequiredMixin.dispatchsJ   ))'2 Ow9$9&99rrE)rrrrrrrr(rrr9r:r>r;r<r-r6r@r=rr r!s@rr#r#3s[Qf""I-JJOH&/ 4  ::rr#c(eZdZedZdZdZy)GuardianUserMixinctSrE)r rBrr get_anonymouszGuardianUserMixin.get_anonymouss !##rcDtjj|||SrE)UserObjectPermissionobjects assign_permrpermr8s r add_obj_permzGuardianUserMixin.add_obj_perm#++77dCHHrcDtjj|||SrE)rKrL remove_permrNs r del_obj_permzGuardianUserMixin.del_obj_permrQrN)rrr staticmethodrIrPrTrBrrrGrGs $$IIrrGc8eZdZdZdZiZddZdZfdZxZ S)PermissionListMixinag A view mixin that filter object in queryset for the current logged by required permission. **Example Usage**:: class SecureView(PermissionListMixin, ListView): ... permission_required = 'articles.view_article' ... or:: class SecureView(PermissionListMixin, ListView): ... permission_required = 'auth.change_user' get_objects_for_user_extra_kwargs = {'use_groups': False} ... **Class Settings** ``PermissionListMixin.permission_required`` *Default*: ``None``, must be set to either a string or list of strings in format: *.*. ``PermissionListMixin.get_objects_for_user_extra_kwargs`` *Default*: ``{}``, A extra params to pass for ```guardian.shortcuts.get_objects_for_user``` Nct|jtr|jg}|St|jtr|jDcgc]}|}}|St d|jzcc}wr%r&r*s rr-z,PermissionListMixin.get_required_permissionsr.r/ctd|jj|j|j|d|jS)z Returns dict of kwargs that should be pass to ```get_objects_for_user```. :param request: Queryset to filter )userr+klassrB)dictrrZr-!get_objects_for_user_extra_kwargs)rquerysets rget_get_objects_for_user_kwargsz3PermissionListMixin.get_get_objects_for_user_kwargssG >**77 E"><<> >rcVt||i|}tdi|j|S)NrB)r get_querysetr r_)rrrqsrs rraz PermissionListMixin.get_queryset%s0 W !4 26 2#Od&J&J2&NOOrrE) rrrrr(r]r-r_rar r!s@rrWrWs,<(*%& >PPrrWN)collections.abcr django.confrdjango.contrib.auth.decoratorsrrdjango.core.exceptionsrrguardian.utilsr rKr r guardian.shortcutsr rr#rGrWrBrrrisU$ NI3/1>3$$$$Nb:b:J I IBPBPr