221V
/
Misago


			
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166
							from django.contrib.auth import get_user_model
from django.core.exceptions import PermissionDenied
from django.utils.translation import ugettext_lazy as _

from misago.acl import algebra
from misago.acl.decorators import return_boolean
from misago.acl.models import Role
from misago.core import forms

from .decorators import authenticated_only


"""
Admin Permissions Form
"""
CAN_BROWSE_USERS_LIST = forms.YesNoSwitch(
    label=_("Can browse users list"),
    initial=1
)
CAN_SEARCH_USERS = forms.YesNoSwitch(
    label=_("Can search user profiles"),
    initial=1
)
CAN_SEE_USER_NAME_HISTORY = forms.YesNoSwitch(
    label=_("Can see other members name history")
)
CAN_SEE_BAN_DETAILS = forms.YesNoSwitch(
    label=_("Can see members bans details"),
    help_text=_("Allows users with this permission to see user and staff ban messages.")
)


class LimitedPermissionsForm(forms.Form):
    legend = _("User profiles")

    can_browse_users_list = CAN_BROWSE_USERS_LIST
    can_search_users = CAN_SEARCH_USERS
    can_see_users_name_history = CAN_SEE_USER_NAME_HISTORY
    can_see_ban_details = CAN_SEE_BAN_DETAILS


class PermissionsForm(LimitedPermissionsForm):
    can_browse_users_list = CAN_BROWSE_USERS_LIST
    can_search_users = CAN_SEARCH_USERS
    can_follow_users = forms.YesNoSwitch(
        label=_("Can follow other users"),
        initial=1
    )
    can_be_blocked = forms.YesNoSwitch(
        label=_("Can be blocked by other users"),
        initial=0
    )
    can_see_users_name_history = CAN_SEE_USER_NAME_HISTORY
    can_see_ban_details = CAN_SEE_BAN_DETAILS
    can_see_users_emails = forms.YesNoSwitch(
        label=_("Can see members e-mails")
    )
    can_see_users_ips = forms.YesNoSwitch(
        label=_("Can see members IPs")
    )
    can_see_hidden_users = forms.YesNoSwitch(
        label=_("Can see members that hide their presence")
    )


def change_permissions_form(role):
    if isinstance(role, Role):
        if role.special_role == 'anonymous':
            return LimitedPermissionsForm
        else:
            return PermissionsForm
    else:
        return None


"""
ACL Builder
"""
def build_acl(acl, roles, key_name):
    new_acl = {
        'can_browse_users_list': 0,
        'can_search_users': 0,
        'can_follow_users': 0,
        'can_be_blocked': 1,
        'can_see_users_name_history': 0,
        'can_see_ban_details': 0,
        'can_see_users_emails': 0,
        'can_see_users_ips': 0,
        'can_see_hidden_users': 0,
    }
    new_acl.update(acl)

    return algebra.sum_acls(new_acl, roles=roles, key=key_name,
        can_browse_users_list=algebra.greater,
        can_search_users=algebra.greater,
        can_follow_users=algebra.greater,
        can_be_blocked=algebra.lower,
        can_see_users_name_history=algebra.greater,
        can_see_ban_details=algebra.greater,
        can_see_users_emails=algebra.greater,
        can_see_users_ips=algebra.greater,
        can_see_hidden_users=algebra.greater
    )


"""
ACL's for targets
"""
def add_acl_to_user(user, target):
    target_acl = target.acl_

    target_acl['can_have_attitude'] = False
    target_acl['can_follow'] = can_follow_user(user, target)
    target_acl['can_block'] = can_block_user(user, target)

    mod_permissions = (
        'can_have_attitude',
        'can_follow',
        'can_block',
    )

    for permission in mod_permissions:
        if target_acl[permission]:
            target_acl['can_have_attitude'] = True
            break


def register_with(registry):
    registry.acl_annotator(get_user_model(), add_acl_to_user)


"""
ACL tests
"""
def allow_browse_users_list(user):
    if not user.acl['can_browse_users_list']:
        raise PermissionDenied(_("You can't browse users list."))
can_browse_users_list = return_boolean(allow_browse_users_list)


@authenticated_only
def allow_follow_user(user, target):
    if not user.acl['can_follow_users']:
        raise PermissionDenied(_("You can't follow other users."))
    if user.pk == target.pk:
        raise PermissionDenied(_("You can't add yourself to followed."))
can_follow_user = return_boolean(allow_follow_user)


@authenticated_only
def allow_block_user(user, target):
    if target.is_staff or target.is_superuser:
        raise PermissionDenied(_("You can't block administrators."))
    if user.pk == target.pk:
        raise PermissionDenied(_("You can't block yourself."))
    if not target.acl['can_be_blocked'] or target.is_superuser:
        message = _("%(user)s can't be blocked.") % {'user': target.username}
        raise PermissionDenied(message)
can_block_user = return_boolean(allow_block_user)


@authenticated_only
def allow_see_ban_details(user, target):
    if not user.acl['can_see_ban_details']:
        raise PermissionDenied(_("You can't see users bans details."))
can_see_ban_details = return_boolean(allow_see_ban_details)