Changes between Version 64 and Version 65 of BluePrintAuthorization
- Timestamp:
- 06/19/10 23:39:06 (13 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
BluePrintAuthorization
v64 v65 147 147 148 148 * For single records modify {{{shn_has_permission()}}} (called from {{{shn_create()}}}, {{{shn_delete()}}}, {{{shn_read()}}} & {{{shn_update()}}}, but also available for other functions) 149 * Q: Can we merge this with the reading of the record to have a single DAL hit instead of 1 for the permissions check & another for the actual read? 149 150 {{{ 150 151 def shn_has_permission(name, tablename, record_id = 0): … … 201 202 record = None 202 203 203 if "deleted" in table.fields: 204 _fields = table.fields 205 206 if "deleted" in _fields: 204 207 # Check if record is deleted 205 record = db(table.id == record_id).select(table.deleted, table.reader_id, table.writer_id, limitby=(0, 1)).first() 208 if "reader_id" in _fields and "created_by" in _fields: 209 record = db(table.id == record_id).select(table.deleted, table.reader_id, table.writer_id, table.created_by, limitby=(0, 1)).first() 210 elif "reader_id" in _fields: 211 record = db(table.id == record_id).select(table.deleted, table.reader_id, table.writer_id, limitby=(0, 1)).first() 212 elif "created_by" in _fields: 213 record = db(table.id == record_id).select(table.deleted, table.created_by, limitby=(0, 1)).first() 214 else: 215 record = db(table.id == record_id).select(table.deleted, limitby=(0, 1)).first() 216 206 217 if record.deleted: 207 218 authorised = False … … 214 225 215 226 # Check the record's auth fields 227 if not "reader_id" in _fields: 228 # No record-level permissions (we assume that reader_id & writer_id fields always present/absent together via use of 'permissions_id') 229 authorised = True 230 return authorised 231 216 232 if not record: 217 record = db(table.id == record_id).select(table.reader_id, table.writer_id, limitby=(0, 1)).first() 233 if "created_by" in _fields: 234 record = db(table.id == record_id).select(table.reader_id, table.writer_id, table.created_by, limitby=(0, 1)).first() 235 else: 236 record = db(table.id == record_id).select(table.reader_id, table.writer_id, limitby=(0, 1)).first() 218 237 if name == "read": 219 238 if not table.reader_id: … … 226 245 if restriction in roles: 227 246 authorised = True 247 elif restriction == "2" and "created_by" in _fields: 248 # 'Creator' restriction 249 if auth.user.id == table.created_by: 250 authorised = True 228 251 229 252 elif name in ["delete", "update"]: … … 238 261 # restriction 0 is anonymous 239 262 authorised = True 263 elif restriction == "2" and "created_by" in _fields: 264 # 'Creator' restriction 265 if auth.user.id == table.created_by: 266 authorised = True 240 267 241 268 else: