a D g@sddlZddlmZddlmZddlmZddlmZddl m Z ddl m Z ddlmZddlm Z dd lmZdd lmZdd lmZd d ZddZddZddZGdddZddZddZddZdS)Nwraps)settings)PermissionDenied)redirect)reverse)override)gettextmessages) LogContext)page_permission_policycCs8|jddkrtddlm}||tdtdS)z.Return a standard 'permission denied' responsex-requested-withXMLHttpRequestrr z6Sorry, you do not have permission to access this area.Zwagtailadmin_home)headersgetr wagtail.adminr error_r)requestr rQ/var/www/lab.imftr.de/x/nb_venv/lib/python3.9/site-packages/wagtail/admin/auth.pypermission_denieds  rcsfdd}|S)z Given a test function that takes a user object and returns a boolean, return a view decorator that denies access to the user if the test returns false. cstfdd}|S)Ncs,|jr |g|Ri|St|SdSN)userr)rargskwargs)test view_funcrrwrapped_view_func&s z>user_passes_test..decorator..wrapped_view_funcr)rrrrr decorator"sz#user_passes_test..decoratorr)rr"rr ruser_passes_tests r#csfdd}t|S)a Replacement for django.contrib.auth.decorators.permission_required which returns a more meaningful 'permission denied' response than just redirecting to the login page. (The latter doesn't work anyway because Wagtail doesn't define LOGIN_URL...) cs |SrZhas_permrpermission_namerrr;sz!permission_required..testr#)r'rrr&rpermission_required4s r)csfdd}t|S)z Decorator that accepts a list of permission names, and allows the user to pass if they have *any* of the permissions in the list csD]}||rdSqdS)NTFr$)rpermpermsrrrHs z%any_permission_required..testr()r,rrr+rany_permission_requiredBs r-c@s(eZdZdZddZddZddZdS) PermissionPolicyCheckerz Provides a view decorator that enforces the given permission policy, returning the wagtailadmin 'permission denied' response if permission not granted cCs ||_dSr)policy)selfr/rrr__init__Xsz PermissionPolicyChecker.__init__csfdd}t|S)Ncsj|Sr)r/Zuser_has_permissionr%actionr0rrr\sz-PermissionPolicyChecker.require..testr()r0r3rrr2rrequire[szPermissionPolicyChecker.requirecsfdd}t|S)Ncsj|Sr)r/user_has_any_permissionr%actionsr0rrrbsz1PermissionPolicyChecker.require_any..testr()r0r7rrr6r require_anyasz#PermissionPolicyChecker.require_anyN)__name__ __module__ __qualname____doc__r1r4r8rrrrr.Rsr.cCst|hdS)z\ Check if a user has any permission to add, edit, or otherwise manage any page. >lockpublishZunlockaddZchangeZ bulk_delete)r r5r%rrruser_has_any_page_permissionhsr@cCs@|jddkrtddlm}ttdtd}|||dS)Nrrr)redirect_to_loginZWAGTAILADMIN_LOGIN_URLZwagtailadmin_login) login_url) rrrZdjango.contrib.auth.viewsrAgetattrrrZ get_full_path)rZauth_redirect_to_loginrBrrrreject_requestrs  rDcsfdd}|S)Nc s|j}|jrt|S|dgrvz dt|drJ|j|jntj t t |drt &|g|Ri|}Wdq1s0Yn|g|Ri|}t|dr|j fdd}t|||_ |WdWdWS1s0YWdn1s80YWn0tyt|jddkrht|YS0|jddkst|td t|S) Nzwagtailadmin.access_adminwagtail_userprofiler%renderc srtVrJt$WdWdS1s@0YWdS1sd0YdSr) override_tzr)responseZpreferred_languagerFZ time_zonerroverridden_renders   2zGrequire_admin_access..decorated_view..overridden_renderrrz.You do not have permission to access the admin)rZ is_anonymousrDZ has_permshasattrrEZget_preferred_languageZget_current_time_zonerZ TIME_ZONErGr rrFtypes MethodTyperrrrr rr)rrrrrHrJr!rIrdecorated_views8   6 Xz,require_admin_access..decorated_viewr)rrNrr!rrequire_admin_accesss 8rO)rL functoolsrZ django.confrZdjango.core.exceptionsrZdjango.shortcutsrZ django.urlsrZdjango.utils.timezonerrGZdjango.utils.translationr rrr Zwagtail.log_actionsr Zwagtail.permissionsr rr#r)r-r.r@rDrOrrrrs&