Users ACL's implemented

docs/developers/acls.rst

@@ -63,7 +63,7 @@ Required. This function is called when change permissions form for role is being
 
 .. function:: build_acl(acl, roles, key_name)
 
-Required. Is used in process of building new ACL. Its supplied dict with incomplete ACL, list of user roles and name of key under which its permissions values are stored in roles ``permissions`` attributes. Its expected to access roles ``permissions`` attributes which are dicts of values coming from permission change forms and update provided ``acl`` dict accordingly.
+Required. Is used in process of building new ACL. Its supplied dict with incomplete ACL, list of user roles and name of key under which its permissions values are stored in roles ``permissions`` attributes. Its expected to access roles ``permissions`` attributes which are dicts of values coming from permission change forms and return updated ``acl`` dict.
 
 
 .. function:: add_acl_to_target(user, acl, target)
@@ -109,9 +109,11 @@ This module provides utilities for summing two acls and supports three most comm
 * **greater or zero**: 42 beats 13, zero beats everything
 
 
-.. function:: sum_acls(defaults, *cls, **permissions)
+.. function:: sum_acls(result_acl, acls=None, roles=None, key=None, **permissions)
 
-This function sums ACLs using callables accepting two arguments defined in kwargs used to compare permission values. Example usage is following::
+This function adds ACLs to result_acl using set or rules provided as additional kwargs. Alternatively, it access iterable of roles and extension key.
+
+Example usage is following::
 
     from misago.acl import algebra
 
@@ -148,7 +150,7 @@ This function sums ACLs using callables accepting two arguments defined in kwarg
     }
 
     final_acl = algebra.sum_acls(
-        defaults, user_acls,
+        defaults, acls=user_acls,
         can_see=algebra.greater,
         can_hear=algebra.greater,
         max_speed=algebra.greater,

misago/acl/algebra.py

@@ -1,11 +1,33 @@
-def sum_acls(defaults, acls, **permissions):
-    result_acl = {}
+def _roles_acls(key_name, roles):
+    acls = []
+    for role in roles:
+        role_permissions = role.permissions.get(key_name)
+        if role_permissions:
+            acls.append(role_permissions)
+    return acls
+
+
+def sum_acls(result_acl, acls=None, roles=None, key=None, **permissions):
+    if bool(roles) != bool(key):
+        if key:
+            raise ValueError(
+                'You have provided "key" but omited "roles" argument')
+        else:
+            raise ValueError(
+                'You have provided "roles" but omited "key" argument')
+
+    if acls and roles:
+        raise ValueError(
+            'You can not provide both "acls" and "roles" arguments')
+
+    if roles:
+        acls = _roles_acls(key, roles)
 
     for permission, compare in permissions.items():
         try:
-            permission_value = defaults[permission]
+            permission_value = result_acl[permission]
         except KeyError:
-            message = 'Default value for permission "%s" is not provided.'
+            message = 'Default value for permission "%s" is not provided'
             raise ValueError(message % permission)
 
         for acl in acls:

misago/acl/builder.py

@@ -8,6 +8,6 @@ def build_acl(roles):
     acl = {}
 
     for extension, module in providers.list():
-        module.build_acl(acl, roles, extension)
+        acl = module.build_acl(acl, roles, extension)
 
     return acl

misago/acl/migrations/0003_default_roles.py

@@ -22,21 +22,27 @@ def create_default_roles(apps, schema_editor):
     pickle_permissions(role,
         {
             # account perms
-            'name_changes_allowed': 2,
-            'name_changes_expire': 180,
-            'can_use_signature': False,
-            'allow_signature_links': False,
-            'allow_signature_images': False,
+            'misago.users.permissions.account': {
+                'name_changes_allowed': 2,
+                'name_changes_expire': 180,
+                'can_have_signature': False,
+                'allow_signature_links': False,
+                'allow_signature_images': False,
+            },
 
             # profiles perms
-            'can_search_users': True,
-            'can_see_users_emails': False,
-            'can_see_users_ips': False,
-            'can_see_hidden_users': False,
+            'misago.users.permissions.profiles': {
+                'can_search_users': True,
+                'can_see_users_emails': False,
+                'can_see_users_ips': False,
+                'can_see_hidden_users': False,
+            },
 
             # destroy users perms
-            'can_destroy_user_newer_than': 0,
-            'can_destroy_users_with_less_posts_than': 0,
+            'misago.users.permissions.destroying': {
+                'can_destroy_user_newer_than': 0,
+                'can_destroy_users_with_less_posts_than': 0,
+            },
         })
     role.save()
 
@@ -44,21 +50,27 @@ def create_default_roles(apps, schema_editor):
     pickle_permissions(role,
         {
             # account perms
-            'name_changes_allowed': 0,
-            'name_changes_expire': 0,
-            'can_use_signature': False,
-            'allow_signature_links': False,
-            'allow_signature_images': False,
+            'misago.users.permissions.account': {
+                'name_changes_allowed': 0,
+                'name_changes_expire': 0,
+                'can_have_signature': False,
+                'allow_signature_links': False,
+                'allow_signature_images': False,
+            },
 
             # profiles perms
-            'can_search_users': True,
-            'can_see_users_emails': False,
-            'can_see_users_ips': False,
-            'can_see_hidden_users': False,
+            'misago.users.permissions.profiles': {
+                'can_search_users': True,
+                'can_see_users_emails': False,
+                'can_see_users_ips': False,
+                'can_see_hidden_users': False,
+            },
 
             # destroy users perms
-            'can_destroy_user_newer_than': 0,
-            'can_destroy_users_with_less_posts_than': 0,
+            'misago.users.permissions.destroying': {
+                'can_destroy_user_newer_than': 0,
+                'can_destroy_users_with_less_posts_than': 0,
+            },
         })
     role.save()
 
@@ -66,21 +78,27 @@ def create_default_roles(apps, schema_editor):
     pickle_permissions(role,
         {
             # account perms
-            'name_changes_allowed': 5,
-            'name_changes_expire': 14,
-            'can_use_signature': True,
-            'allow_signature_links': True,
-            'allow_signature_images': False,
+            'misago.users.permissions.account': {
+                'name_changes_allowed': 5,
+                'name_changes_expire': 14,
+                'can_have_signature': True,
+                'allow_signature_links': True,
+                'allow_signature_images': False,
+            },
 
             # profiles perms
-            'can_search_users': True,
-            'can_see_users_emails': True,
-            'can_see_users_ips': True,
-            'can_see_hidden_users': True,
+            'misago.users.permissions.profiles': {
+                'can_search_users': True,
+                'can_see_users_emails': True,
+                'can_see_users_ips': True,
+                'can_see_hidden_users': True,
+            },
 
             # destroy users perms
-            'can_destroy_user_newer_than': 0,
-            'can_destroy_users_with_less_posts_than': 0,
+            'misago.users.permissions.destroying': {
+                'can_destroy_user_newer_than': 0,
+                'can_destroy_users_with_less_posts_than': 0,
+            },
         })
     role.save()
 
@@ -88,8 +106,10 @@ def create_default_roles(apps, schema_editor):
     pickle_permissions(role,
         {
             # destroy users perms
-            'can_destroy_user_newer_than': 2,
-            'can_destroy_users_with_less_posts_than': 20,
+            'misago.users.permissions.destroying': {
+                'can_destroy_user_newer_than': 2,
+                'can_destroy_users_with_less_posts_than': 20,
+            },
         })
     role.save()
 

misago/acl/tests/test_acl_algebra.py

@@ -68,7 +68,7 @@ class SumACLTests(TestCase):
         }
 
         acl = algebra.sum_acls(
-            defaults, test_acls,
+            defaults, acls=test_acls,
             can_see=algebra.greater,
             can_hear=algebra.greater,
             max_speed=algebra.greater,

misago/forums/permissions.py

@@ -23,4 +23,4 @@ def change_permissions_form(role):
 ACL Builder
 """
 def build_acl(acl, roles, key_name):
-    pass
+    return acl

misago/users/permissions/account.py

@@ -1,4 +1,5 @@
 from django.utils.translation import ugettext_lazy as _
+from misago.acl import algebra
 from misago.acl.models import Role
 from misago.core import forms
 
@@ -17,12 +18,12 @@ class PermissionsForm(forms.Form):
         help_text=_("Number of days since name change that makes that change no longer count to limit. Enter zero to make all changes count."),
         min_value=0,
         initial=0)
-    can_use_signature = forms.YesNoSwitch(
+    can_have_signature = forms.YesNoSwitch(
         label=_("Can have signature"),
-        initial=True)
+        initial=False)
     allow_signature_links = forms.YesNoSwitch(
         label=_("Can put links in signature"),
-        initial=True)
+        initial=False)
     allow_signature_images = forms.YesNoSwitch(
         label=_("Can put images in signature"),
         initial=False)
@@ -39,4 +40,20 @@ def change_permissions_form(role):
 ACL Builder
 """
 def build_acl(acl, roles, key_name):
-    pass
+    new_acl = {
+        'name_changes_allowed': 0,
+        'name_changes_expire': 0,
+        'can_have_signature': False,
+        'allow_signature_links': False,
+        'allow_signature_images': False,
+    }
+    new_acl.update(acl)
+
+    return algebra.sum_acls(
+            new_acl, roles=roles, key=key_name,
+            name_changes_allowed=algebra.greater,
+            name_changes_expire=algebra.lower,
+            can_have_signature=algebra.greater,
+            allow_signature_links=algebra.greater,
+            allow_signature_images=algebra.greater
+            )

misago/users/permissions/destroying.py

@@ -1,4 +1,5 @@
 from django.utils.translation import ugettext_lazy as _
+from misago.acl import algebra
 from misago.acl.models import Role
 from misago.core import forms
 
@@ -31,4 +32,14 @@ def change_permissions_form(role):
 ACL Builder
 """
 def build_acl(acl, roles, key_name):
-    pass
+    new_acl = {
+        'can_destroy_user_newer_than': 0,
+        'can_destroy_users_with_less_posts_than': 0,
+    }
+    new_acl.update(acl)
+
+    return algebra.sum_acls(
+            new_acl, roles=roles, key=key_name,
+            can_destroy_user_newer_than=algebra.greater,
+            can_destroy_users_with_less_posts_than=algebra.greater
+            )

misago/users/permissions/profiles.py

@@ -1,4 +1,5 @@
 from django.utils.translation import ugettext_lazy as _
+from misago.acl import algebra
 from misago.acl.models import Role
 from misago.core import forms
 
@@ -30,4 +31,18 @@ def change_permissions_form(role):
 ACL Builder
 """
 def build_acl(acl, roles, key_name):
-    pass
+    new_acl = {
+        'can_search_users': False,
+        'can_see_users_emails': False,
+        'can_see_users_ips': False,
+        'can_see_hidden_users': False,
+    }
+    new_acl.update(acl)
+
+    return algebra.sum_acls(
+            new_acl, roles=roles, key=key_name,
+            can_search_users=algebra.greater,
+            can_see_users_emails=algebra.greater,
+            can_see_users_ips=algebra.greater,
+            can_see_hidden_users=algebra.greater
+            )