Changes between Version 38 and Version 39 of BluePrintAuthorization


Ignore:
Timestamp:
06/19/10 17:47:59 (11 years ago)
Author:
Fran Boon
Comment:

Handle tables without 'deleted' field

Legend:

Unmodified
Added
Removed
Modified
  • BluePrintAuthorization

    v38 v39  
    7272    """
    7373
    74     deleted = (table.deleted == None)
     74    if "deleted" in table.fields:
     75        deleted = (table.deleted == None)
     76    else:
     77        deleted = 1
    7578
    7679    try:
     
    172175    # Options 1 & 2:
    173176    if record_id and authorised:
    174         record = db(table.id == record_id).select(table.deleted, table.reader_id, table.writer_id, limitby=(0, 1)).first()
    175         # Check if record is deleted
    176         if record.deleted:
    177             authorised = False
     177
     178        record = None
     179
     180        if "deleted" in table.fields:
     181            # Check if record is deleted
     182            record = db(table.id == record_id).select(table.deleted, table.reader_id, table.writer_id, limitby=(0, 1)).first()
     183            if record.deleted:
     184                authorised = False
     185                return authorised
     186
    178187        elif 1 in roles:
    179188            # Admin is always authorised to view undeleted data (deleted data accessible through alternate UI)
    180189            authorised = True
     190            return authorised
     191
     192        # Check the record's auth fields
     193        if not record:
     194            record = db(table.id == record_id).select(table.reader_id, table.writer_id, limitby=(0, 1)).first()
     195        if name == "read":
     196            if not table.reader_id:
     197                authorised = True
     198            else:
     199                authorised = False
     200                restrictions = re.split("\|", table.reader_id)[1:-1]
     201                # Assume we generally have fewer restrictions than roles
     202                for restriction in restrictions:
     203                    if restriction in roles:
     204                        authorised = True
     205               
     206        elif name in ["delete", "update"]:
     207            if not table.writer_id:
     208                authorised = True
     209            else:
     210                authorised = False
     211                restrictions = re.split("\|", table.writer_id)[1:-1]
     212                # Assume we generally have fewer restrictions than roles
     213                for restriction in restrictions:
     214                    if restriction == "0" or int(restriction) in roles:
     215                        # restriction 0 is anonymous
     216                        authorised = True
     217
    181218        else:
    182             # Need to check the record's auth fields
    183             if name == "read":
    184                 if not table.reader_id:
    185                     authorised = True
    186                 else:
    187                     authorised = False
    188                     restrictions = re.split("\|", table.reader_id)[1:-1]
    189                     # Assume we generally have fewer restrictions than roles
    190                     for restriction in restrictions:
    191                         if restriction in roles:
    192                             authorised = True
    193                    
    194             elif name in ["delete", "update"]:
    195                 if not table.writer_id:
    196                     authorised = True
    197                 else:
    198                     authorised = False
    199                     restrictions = re.split("\|", table.writer_id)[1:-1]
    200                     # Assume we generally have fewer restrictions than roles
    201                     for restriction in restrictions:
    202                         if restriction == "0" or int(restriction) in roles:
    203                             # restriction 0 is anonymous
    204                             authorised = True
    205 
    206             else:
    207                 # Something went wrong
    208                 session.error = str(T("Invalid mode sent to")) + " shn_has_permission(): " + name
    209                 redirect(URL(r=request, f="index"))
     219            # Something went wrong
     220            session.error = str(T("Invalid mode sent to")) + " shn_has_permission(): " + name
     221            redirect(URL(r=request, f="index"))
    210222
    211223return authorised