X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=planetstack%2Fcore%2Fmodels%2Fplcorebase.py;h=2ad6f7692e1f29f5e5f45d12e5d2d0d9d152b34a;hb=4df786ffd7b10707a21667dfb4494b1d05ff4eae;hp=51240addec73c544dfaf02d7f09f6670a321a10a;hpb=130278134f19945d61e26bbd80d3f5416a8294df;p=plstackapi.git

diff --git a/planetstack/core/models/plcorebase.py b/planetstack/core/models/plcorebase.py
index 51240ad..2ad6f76 100644
--- a/planetstack/core/models/plcorebase.py
+++ b/planetstack/core/models/plcorebase.py
@@ -1,10 +1,12 @@
-import datetime
 import os
 import sys
 from django.db import models
 from django.forms.models import model_to_dict
 from django.core.urlresolvers import reverse
 from django.forms.models import model_to_dict
+from django.utils import timezone
+from django.core.exceptions import PermissionDenied
+import model_policy
 
 try:
     # This is a no-op if observer_disabled is set to 1 in the config file
@@ -18,36 +20,50 @@ except:
     def notify_observer(*args, **kwargs):
         pass
 
+# This manager will be inherited by all subclasses because
+# the core model is abstract.
+class PlCoreBaseDeletionManager(models.Manager):
+    def get_queryset(self):
+        parent=super(PlCoreBaseDeletionManager, self)
+        if hasattr(parent, "get_queryset"):
+            return parent.get_queryset().filter(deleted=True)
+        else:
+            return parent.get_query_set().filter(deleted=True)
+
+    # deprecated in django 1.7 in favor of get_queryset().
+    def get_query_set(self):
+        return self.get_queryset()
+
 # This manager will be inherited by all subclasses because
 # the core model is abstract.
 class PlCoreBaseManager(models.Manager):
+    def get_queryset(self):
+        parent=super(PlCoreBaseManager, self)
+        if hasattr(parent, "get_queryset"):
+            return parent.get_queryset().filter(deleted=False)
+        else:
+            return parent.get_query_set().filter(deleted=False)
+
+    # deprecated in django 1.7 in favor of get_queryset().
     def get_query_set(self):
-        return super(PlCoreBaseManager, self).get_query_set().filter(deleted=False)
+        return self.get_queryset()
 
-    # default values for created and updated are only there to keep evolution
-    # from failing.
-class PlCoreBase(models.Model):
-    objects = PlCoreBaseManager()
-    created = models.DateTimeField(auto_now_add=True, default=datetime.datetime.now())
-    updated = models.DateTimeField(auto_now=True, default=datetime.datetime.now())
-    enacted = models.DateTimeField(null=True, default=None)
-    backend_status = models.CharField(max_length=140,
-                                      default="Provisioning in progress")
-    deleted = models.BooleanField(default=False)
+class DiffModelMixIn:
+    # Provides useful methods for computing which objects in a model have
+    # changed. Make sure to do self._initial = self._dict in the __init__
+    # method.
 
-    class Meta:
-        # Changing abstract to False would require the managers of subclasses of
-        # PlCoreBase to be customized individually.
-        abstract = True
-        app_label = "core"
+    # This is broken out of PlCoreBase into a Mixin so the User model can
+    # also make use of it.
 
-    def __init__(self, *args, **kwargs):
-        super(PlCoreBase, self).__init__(*args, **kwargs)
-        self.__initial = self._dict
+    @property
+    def _dict(self):
+        return model_to_dict(self, fields=[field.name for field in
+                             self._meta.fields])
 
     @property
     def diff(self):
-        d1 = self.__initial
+        d1 = self._initial
         d2 = self._dict
         diffs = [(k, (v, d2[k])) for k, v in d1.items() if v != d2[k]]
         return dict(diffs)
@@ -60,9 +76,38 @@ class PlCoreBase(models.Model):
     def changed_fields(self):
         return self.diff.keys()
 
+    @property
+    def has_field_changed(self, field_name):
+        return field_name in self.diff.keys()
+
     def get_field_diff(self, field_name):
         return self.diff.get(field_name, None)
 
+
+class PlCoreBase(models.Model, DiffModelMixIn):
+    objects = PlCoreBaseManager()
+    deleted_objects = PlCoreBaseDeletionManager()
+
+    # default values for created and updated are only there to keep evolution
+    # from failing.
+    created = models.DateTimeField(auto_now_add=True, default=timezone.now)
+    updated = models.DateTimeField(auto_now=True, default=timezone.now)
+    enacted = models.DateTimeField(null=True, default=None)
+    backend_status = models.CharField(max_length=140,
+                                      default="Provisioning in progress")
+    deleted = models.BooleanField(default=False)
+
+    class Meta:
+        # Changing abstract to False would require the managers of subclasses of
+        # PlCoreBase to be customized individually.
+        abstract = True
+        app_label = "core"
+
+    def __init__(self, *args, **kwargs):
+        super(PlCoreBase, self).__init__(*args, **kwargs)
+        self._initial = self._dict # for DiffModelMixIn
+        self.silent = False
+
     def can_update(self, user):
         if user.is_readonly:
             return False
@@ -70,37 +115,63 @@ class PlCoreBase(models.Model):
             return True
         return False
 
+    def can_update_field(self, user, fieldName):
+        # Give us the opportunity to implement fine-grained permission checking.
+        # Default to True, and let can_update() permit or deny the whole object.
+        return True
+
     def delete(self, *args, **kwds):
         # so we have something to give the observer
-        purge = kwds.get('purge',True)
-        if (observer_disabled or purge):
-            super(PlCoreBase, self).delete(*args, **kwargs)
+        purge = kwds.get('purge',False)
+        silent = kwds.get('silent',False)
+        try:
+            purge = purge or observer_disabled
+        except NameError:
+            pass
+
+        if (purge):
+            del kwds['purge']
+            super(PlCoreBase, self).delete(*args, **kwds)
         else:
             self.deleted = True
             self.enacted=None
-            self.save(update_fields=['enacted','deleted'])
-
+            self.save(update_fields=['enacted','deleted'], silent=silent)
 
     def save(self, *args, **kwargs):
+        # let the user specify silence as either a kwarg or an instance varible
+        silent = self.silent
+        if "silent" in kwargs:
+            silent=silent or kwargs.pop("silent")
+
         super(PlCoreBase, self).save(*args, **kwargs)
 
         # This is a no-op if observer_disabled is set
-        notify_observer()
+        if not silent:
+            notify_observer()
 
-        self.__initial = self._dict
+        self._initial = self._dict
 
     def save_by_user(self, user, *args, **kwds):
-        if self.can_update(user):
-            self.save(*args, **kwds)
+        if not self.can_update(user):
+            raise PermissionDenied("You do not have permission to update %s objects" % self.__class__.__name__)
+
+        for fieldName in self.changed_fields:
+            if not self.can_update_field(user, fieldName):
+                raise PermissionDenied("You do not have permission to update field %s in object %s" % (fieldName, self.__class__.__name__))
+
+        self.save(*args, **kwds)
 
     def delete_by_user(self, user, *args, **kwds):
-        if self.can_update(user):
-            self.delete(*args, **kwds)
+        if not self.can_update(user):
+            raise PermissionDenied("You do not have permission to delete %s objects" % self.__class__.__name__)
+        self.delete(*args, **kwds)
+
+    @classmethod
+    def select_by_user(cls, user):
+        # This should be overridden by descendant classes that want to perform
+        # filtering of visible objects by user.
+        return cls.objects.all()
 
-    @property
-    def _dict(self):
-        return model_to_dict(self, fields=[field.name for field in
-                             self._meta.fields])