Bh/fddlZddlmZddlmZddlmZmZddlm Z ddl m Z m Z ddl mZddlmZdd lmZmZdd lmZdd lmZmZdd lmZdd lmZddlmZe ZdZ dZ!dZ"edZ#dZ$dZ%dZ&dZ'dZ(dZ)dZ*dZ+dZ,e*dZ-e*dZ.d$dZ/d$dZ0d Z1d!Z2d"Z3d#Z4y)%N) defaultdict)contextmanager) lru_cachewraps)local)get_permission_codenameget_user_model)Group)Q)ROOT_USER_LEVELSCRIPT_USERNAME)NoPermissionsException)GlobalPagePermissionPagePermission)available_attrs)get_cms_setting)get_clean_usernamec|t_y)z` Assigns current user from request to thread_locals, used by CurrentUserMiddleware. N)_thread_localsuserrs E/home/dcms/DCMS/lib/python3.12/site-packages/cms/utils/permissions.pyset_current_userrs Nc$ttddS)z' Returns current user, or None rN)getattrrrrget_current_userrs >64 00rc<t}|stSt|SN)rr r) current_users rget_current_user_namer"%s#%L  l ++rc#TKt}t|dt|yw)z9 Changes the current user just within a context. N)rr)rold_users rr!r!-s#  !HT Xs&(cR|j}|jdzt||zS)N.)_meta app_labelr)modelactionoptss rget_model_permission_codenamer,8s' ;;D >>C "9&$"G GGrc|jsy|jrytt|}|j |syt dsytj j||jj}|S)NFTr* PERMISSION) is_authenticated is_superuserr,rhas_permrobjectsget_with_change_permissionspkexists)rsiter*codenamer2s r_has_global_permissionr9=so   ,-A&QH == " < (   $ $T477 3   Orct||dS)Naddr.r9rr7s ruser_can_add_global_permissionsr>Us !$U ;;rct||dS)Nchanger.r<r=s r"user_can_change_global_permissionsrAY !$X >>rct||dS)Ndeleter.r<r=s r"user_can_delete_global_permissionsrE]rBrc|jst|js tdstSt j j||jj}|rtS tj j||jdjdd}|jjS#t$rtwxYw)a Returns highest user level from the page/permission hierarchy on which user haves can_change_permission. Also takes look into user groups. Higher level equals to lower number. Users on top of hierarchy have level 0. Level is the same like page.depth attribute. Example: A,W level 0 / user B,GroupE level 1 / C,X D,Y,W level 2 Users A, W have user level 0. GroupE and all his users have user level 1 If user D is a member of GroupE, his user level will be 1, otherwise is 2. r/page page__pathr)r0rr1rr rr3r4r5r6rselect_relatedorder_by IndexErrorrGdepth)rr7has_global_perms permissions rget_user_permission_levelrOas&  $$  =   $ $T477 3   %  W ( (t 4 ^F # Xl #   ??   %$$%s 1ACCcRttfd}|_|S)N)assignedcdjz}t||std}t|||t |||g|i|S)N_djangocms_cached_func_%s)maxsize)__name__hasattrrsetattrr)rargskwargsfunc_cache_name cached_funcfuncs rr[z cached_func..cached_funcsV5 Et_-1)D1$7K D/; 7-wt_-dDTDVDDr)rr without_cache)r\r[s` rr[r[s3 4/$/0E1E!%K rcTd|jz}t||r t||yy)NrS)rUrVdelattr)rr\rZs rclear_func_cacher`s)1DMMAOt_%o&&rcDt|tt|ty)zC Clear all python lru caches used by the permission system N)r`get_global_actions_for_userget_page_actions_for_userrs rclear_permission_lru_cachesrdsT67T45rct}tjj||j}|j D]!}|j |j#|Sr )setrr3 get_with_siter5iteratorupdateget_configured_actions)rr7actions global_perms global_perms rrbrbsZeG  tTWW % $,,.= {99;<= Nrc`tt}tjj |j dj |}|jD]M}|j|jjf}|jD]}||j|O|S)NrG) page__site) rlistrr3 with_userrIfilterrhgrant_onrGpathrjappend)rr7rkpage_permissionspermpermission_tupler*s rrcrcs$G   4   4 !))+5==$))..8113 5F FO " "#3 4 55 NrcZ|rt||}||vStj||}||vSr )rbr])rr7r* use_cacherks rhas_global_permissionr{s=-dD9 W .;;D$G W rcddl}ddlm}ddlm}|j d|dddd d d d d }||vr||}|||||j d|S)NrRemovedInDjangoCMS51Warning)has_generic_permissionzahas_page_permission is deprecated. Use cms.utils.page_permissions.has_generic_permission instead. stacklevel change_pageadd_page move_page publish_page delete_page view_page)r@r;movepublishrDviewF)r7 check_globalrz)warningscms.utils.compat.warningsr~cms.utils.page_permissionsrwarnr7)rrGr*rzrr~r action_maps rhas_page_permissionrsnEAHMMS-!=  ! JF# !$f499SXdm nnrcdddlm} t||}|tk(r"t j jSdd l m}t}|||d D]}|||jd z}t j j jtd|t|zzt|tdzz}|j|jj|j }|S#t$rt j j jtdt|ztdz}|j|jj|j }|cYSwxYw)a# Returns users queryset, containing all subordinate users to given user including users created by given user and not assigned to any page. Not assigned users must be returned, because they shouldn't get lost, and user should still have possibility to see them. Only users created_by given user which are on the same, or lover level are returned. If user haves global permissions or is a superuser, then he can see all the users. This function is currently used in PagePermissionInlineAdminForm for limit users in permission combobox. Example: A,W level 0 / user B,GroupE level 1 Z / C,X D,Y,W level 2 Rules: W was created by user, Z was created by user, but is not assigned to any page. Will return [user, C, X, D, Y, Z]. W was created by user, but is also assigned to higher level. r"get_change_permissions_perm_tuplesT)is_staff)pageuser__created_byN)pagepermission__page)r5)groups__user__pkPermissionTupleFrr pagepermission__page__depth__gte)rrrOrr r3distinctrrr excluder5r all cms.modelsr allow_list)rr7r user_levelqsrr perm_tuples rget_subordinate_usersrs~<N .tT: _$''++--*J8tRWXU oj1<<=STT U   ! ! * * , 3 3 4 JG G  4 (1$+G G  B tww  ' ' ' AB I7 "  % % . . 0 7 7 t qd; ;aUY>Z Z ZZ477Z # + +TWW + E s DBF/.F/c<ddlm} t||}|tk(rtj jSddl m }t}|||dD]}|||jd z}tj jj |t| zt|tdzzS#t$rItj j t|tdzj}|cYSwxYw) z` Similar to get_subordinate_users, but returns queryset of Groups instead of Users. rr)pageusergroup__created_byT)pagepermission__page__isnullrFrrr)rrrOrr r3rrr rr rrrr)rr7rrgroupsrrrs rget_subordinate_groupsr0s  N.tT: "_$}}  ""*J8tRWXU oj1<<=STT U == ! ! # * * JG G  -t0T T  1 "  W VD1ASW4XXXZ  s C ADDcddlm}tjd|dt t }t ds|S|s|Si}|D]2}|jr|j||||j<4tjj|d}|D]b}tjjj|||j |j#D]}||j%|d|S) z2 Load all view restrictions for the pages rr}z%get_view_restrictions will be removedrrr/T)page__incan_view)rr~rrrrpris_root_set_hierarchyr5rr3rrrGfieldset_cached_valuepage_id _get_page_idsru)pagesr~restricted_pages pages_by_idrGrvrwrs rget_view_restrictionsrZs F MM9-!=#4( < ( K$ <<>    &# DGG$ &--445 !3!!224T\\9RS))+ 3G W % , ,T 2 3 3 rcddlm} |j|}t|j|}|j |S#t $rYywxYw)z Checks that a user has permissions for the plugin-type given to perform the action defined in permission_type permission_type should be 'add', 'change' or 'delete'. r) plugin_poolr.T)cms.plugin_poolr get_pluginr,r)r2KeyError)r plugin_typepermission_typer plugin_classr8s rhas_plugin_permissionrsW , "--k: 0   " }}X&& s8A A  A )T)5r collectionsr contextlibr functoolsrr threadingrdjango.contrib.authrr django.contrib.auth.modelsr django.db.modelsr cms.constantsr r cms.exceptionsrrrrcms.utils.compat.djrcms.utils.confrcms.utils.pagerrrrr"r!r,r9r>rArErOr[r`rdrbrcr{rrrrrrrrrs#%&G,:1;/*-1,H 0<??.!b ' 6      $o0=@'T$Nr