def get_user_type_ids(user): type_ids = [] provider = user_is_provider(user) if provider: if user_is_physician(provider): if provider.clinical_clerk: type_ids.append(USER_TYPE_MEDICAL_STUDENT) else: type_ids.append(USER_TYPE_DOCTOR) if user_is_np_pa(provider): type_ids.append(USER_TYPE_NPPA) staff = user_is_office_staff(user) if staff: type_ids.append(USER_TYPE_OFFICE_STAFF) if user_is_office_manager(staff): type_ids.append(USER_TYPE_OFFICE_MANAGER) if user_is_dietician(staff): type_ids.append(USER_TYPE_DIETICIAN) if user_is_nurse(staff): type_ids.append(USER_TYPE_NURSE) if is_techadmin(user): type_ids.append(USER_TYPE_TECH_ADMIN) return type_ids
def clean(self):
""" ValidationError raised here if tech-admin doing something they ain't supposed to.... """
if is_techadmin(self.request.user):
if Group.objects.filter(id=self.instance.id).exists():
raise ValidationError(
_("Tech admin not allowed to modify groups."))
return super(TechAdminGroupForm, self).clean()
def clean_permissions(self):
if is_techadmin(self.request.user):
self.cleaned_data['permissions'] = [
p for p in itertools.chain(self.cleaned_data['permissions'],
self.orig_perms)
]
return self.cleaned_data['permissions']
def queryset(self, request): """ :returns: QuerySet used by changelist_view. """ qs = super(TechAdmin, self).queryset(request) if is_techadmin(request.user): qs = self.techadmin_queryset(request, qs) return qs
def save(self, commit=True): """ For tech-admins assign new group to this tech-admin """ group = super(TechAdminGroupForm, self).save(commit) if is_techadmin(self.request.user): group.save() self.request.user.groups.add(group) return group
def get_form(self, request, obj=None, **kwargs):
form = super(Regional_ManagerAdmin,
self).get_form(request, obj, **kwargs)
from MHLogin.Administration.tech_admin.utils import is_techadmin
if is_techadmin(request.user) and 'office_mgr' in form.base_fields:
self._modify_user_query(request.user,
form.base_fields['office_mgr'])
return form
def queryset(self, request):
"""
:returns: QuerySet used by changelist_view.
"""
qs = super(TechAdmin, self).queryset(request)
if is_techadmin(request.user):
qs = self.techadmin_queryset(request, qs)
return qs
def get_form(self, request, obj=None, **kwargs):
""" Override, set request on form and for tech-admin exclude superuser, staff """
form = super(TechMHLUserAdmin, self).get_form(request, obj, **kwargs)
form.request = request
if is_techadmin(request.user):
form.base_fields.pop('is_superuser', None)
form.base_fields.pop('is_staff', None)
return form
def save(self, commit=True):
""" For tech-admins assign new group to this tech-admin """
group = super(TechAdminGroupForm, self).save(commit)
if is_techadmin(self.request.user):
group.save()
self.request.user.groups.add(group)
return group
def clean_user_permissions(self):
if is_techadmin(self.request.user):
# add back personal permissions if user belongs to ones not part of tech-admin
self.cleaned_data['user_permissions'] = [
p for p in itertools.chain(
self.cleaned_data['user_permissions'], self.personal_perms)
]
return self.cleaned_data['user_permissions']
def get_form(self, request, obj=None, **kwargs):
""" Override, set request on form and for tech-admin exclude superuser, staff """
form = super(TechMHLUserAdmin, self).get_form(request, obj, **kwargs)
form.request = request
if is_techadmin(request.user):
form.base_fields.pop('is_superuser', None)
form.base_fields.pop('is_staff', None)
return form
def save(self, commit=True): """ For tech-admins default new user's groups to non tech-admin's """ user = super(TechAdminUserCreationForm, self).save(commit) if is_techadmin(self.request.user): # before assigning default groups need to save model user.save() user.groups = self.request.user.groups.exclude(name=TECH_ADMIN_GROUP) return user
def has_permission(self, request): """ :returns: True if user is active and has either superuser or techadmin access. If tech-admin then permission model is used to determine what models they can view/delete/modify. """ return request.user.is_active and (request.user.is_superuser or request.user.is_staff or is_techadmin(request.user))
def has_permission(self, request):
"""
:returns: True if user is active and has either superuser or techadmin
access. If tech-admin then permission model is used to determine what
models they can view/delete/modify.
"""
return request.user.is_active and (request.user.is_superuser
or request.user.is_staff
or is_techadmin(request.user))
def clean(self):
""" ValidationError raised here will not be associated with a particular field. """
if is_techadmin(self.request.user):
if not self.request.user.groups.exclude(name=TECH_ADMIN_GROUP):
raise ValidationError(_("You must belong to at least one "
"non tech-admin group to add users."))
# TODO: TEMPORARY
# raise ValidationError("Creation of users is temporarily "
# "disabled for Tech Admins.")
return super(TechAdminUserCreationForm, self).clean()
def save(self, commit=True):
""" For tech-admins default new user's groups to non tech-admin's """
user = super(TechAdminUserCreationForm, self).save(commit)
if is_techadmin(self.request.user):
# before assigning default groups need to save model
user.save()
user.groups = self.request.user.groups.exclude(
name=TECH_ADMIN_GROUP)
return user
def clean_groups(self):
if is_techadmin(self.request.user):
if not self.cleaned_data['groups'] or (self.cleaned_data['groups'] and
not self.cleaned_data['groups'].exclude(name=TECH_ADMIN_GROUP)):
raise ValidationError(_("%s must belong to at least "
"one non tech-admin group." % self.instance.username))
# add back personal groups if user belongs to other groups
# besides the ones this tech-admin is administering
self.cleaned_data['groups'] = [g for g in itertools.chain(
self.cleaned_data['groups'], self.personal_grps)]
return self.cleaned_data['groups']
def clean(self):
""" ValidationError raised here will not be associated with a particular field. """
if is_techadmin(self.request.user):
if not self.request.user.groups.exclude(name=TECH_ADMIN_GROUP):
raise ValidationError(
_("You must belong to at least one "
"non tech-admin group to add users."))
# TODO: TEMPORARY
# raise ValidationError("Creation of users is temporarily "
# "disabled for Tech Admins.")
return super(TechAdminUserCreationForm, self).clean()
def render(self, context):
if (self.ctxvar in context):
raise TemplateSyntaxError("Template variable '%s' already declared "
"in this template context" % self.ctxvar)
context[self.ctxvar] = 'false'
if 'sender_types' in context:
# show tech menu if Administrator or tech-admin or read-only admin
if 'Administrator' in context['sender_types']:
context[self.ctxvar] = 'true'
else:
if 'MHLUser' in context['sender_types']:
user = User.objects.get(id=context['sender_types']['MHLUser'])
if is_techadmin(user) or is_readonly_admin(user):
context[self.ctxvar] = 'true'
return ''
def clean_groups(self):
if is_techadmin(self.request.user):
if not self.cleaned_data['groups'] or (
self.cleaned_data['groups']
and not self.cleaned_data['groups'].exclude(
name=TECH_ADMIN_GROUP)):
raise ValidationError(
_("%s must belong to at least "
"one non tech-admin group." % self.instance.username))
# add back personal groups if user belongs to other groups
# besides the ones this tech-admin is administering
self.cleaned_data['groups'] = [
g for g in itertools.chain(self.cleaned_data['groups'],
self.personal_grps)
]
return self.cleaned_data['groups']
def __init__(self, *args, **kwargs): assert (self.request != None) # set by admin get_form() if is_techadmin(self.request.user): # Set available group/permissions based on tech-admins permissions self.base_fields['groups']._queryset = self.request.user.groups.all() self.base_fields['user_permissions']._queryset = get_user_permissions(self.request.user) super(TechAdminUserForm, self).__init__(*args, **kwargs) # after init save user's personal groups not part of tech-admins if any self.personal_grps = self.instance.groups.exclude( id__in=(g.id for g in self.request.user.groups.all())) self.personal_perms = self.instance.user_permissions.exclude( id__in=(p.id for p in get_user_permissions(self.request.user))) for locfield in ['lat', 'longit', 'office_lat', 'office_longit']: if locfield in self.fields: self.fields[locfield].widget.attrs['disabled'] = 'disabled'
def render(self, context):
if (self.ctxvar in context):
raise TemplateSyntaxError(
"Template variable '%s' already declared "
"in this template context" % self.ctxvar)
context[self.ctxvar] = 'false'
if 'sender_types' in context:
# show tech menu if Administrator or tech-admin or read-only admin
if 'Administrator' in context['sender_types']:
context[self.ctxvar] = 'true'
else:
if 'MHLUser' in context['sender_types']:
user = User.objects.get(
id=context['sender_types']['MHLUser'])
if is_techadmin(user) or is_readonly_admin(user):
context[self.ctxvar] = 'true'
return ''
def clean(self):
""" ValidationError raised here will not be associated with a particular field. """
# Allow tech admin to change practice if all users belong to the same group(s)
# he does minus his tech-admin. And allow edits on empty practices but no deletes.
if is_techadmin(self.request.user):
outcasts = []
grps = self.request.user.groups.exclude(name=TECH_ADMIN_GROUP)
# now check every user belongs to at least one of the groups tech admin does
for _, user in self.fields['members'].choices:
if not user.groups.filter(id__in=(g.id for g in grps)):
outcasts.append(user)
if outcasts:
raise ValidationError(_("Cannot modify practice, one or more practice "
"members do not belong to your group: %s" %
', '.join(str(o) for o in outcasts)))
return super(PracticeLocationForm, self).clean()
def __init__(self, *args, **kwargs): if is_techadmin(self.request.user): # Set available group/permissions based on tech-admins permissions self.base_fields['permissions']._queryset = get_user_permissions(self.request.user) super(TechAdminGroupForm, self).__init__(*args, **kwargs) users = self.orig_perms = [] if 'instance' in kwargs: # helper to show users belonging to this group if any users = kwargs['instance'].user_set.all() # save orig perms not in tech admin's perm list self.orig_perms = kwargs['instance'].permissions.exclude(id__in=(p.id for p in get_user_permissions(self.request.user))) # Set the form fields based on the model object self.fields['members'].choices = [(u.id, ' '.join([u.first_name, u.last_name])) for u in users] self.fields['members'].widget.attrs['disabled'] = 'disabled'
def clean(self):
""" ValidationError raised here will not be associated with a particular field. """
# Allow tech admin to change practice if all users belong to the same group(s)
# he does minus his tech-admin. And allow edits on empty practices but no deletes.
if is_techadmin(self.request.user):
outcasts = []
grps = self.request.user.groups.exclude(name=TECH_ADMIN_GROUP)
# now check every user belongs to at least one of the groups tech admin does
for _, user in self.fields['members'].choices:
if not user.groups.filter(id__in=(g.id for g in grps)):
outcasts.append(user)
if outcasts:
raise ValidationError(
_("Cannot modify practice, one or more practice "
"members do not belong to your group: %s" %
', '.join(str(o) for o in outcasts)))
return super(PracticeLocationForm, self).clean()
def __init__(self, *args, **kwargs):
assert (self.request != None) # set by admin get_form()
if is_techadmin(self.request.user):
# Set available group/permissions based on tech-admins permissions
self.base_fields[
'groups']._queryset = self.request.user.groups.all()
self.base_fields[
'user_permissions']._queryset = get_user_permissions(
self.request.user)
super(TechAdminUserForm, self).__init__(*args, **kwargs)
# after init save user's personal groups not part of tech-admins if any
self.personal_grps = self.instance.groups.exclude(
id__in=(g.id for g in self.request.user.groups.all()))
self.personal_perms = self.instance.user_permissions.exclude(
id__in=(p.id for p in get_user_permissions(self.request.user)))
for locfield in ['lat', 'longit', 'office_lat', 'office_longit']:
if locfield in self.fields:
self.fields[locfield].widget.attrs['disabled'] = 'disabled'
def __init__(self, *args, **kwargs):
if is_techadmin(self.request.user):
# Set available group/permissions based on tech-admins permissions
self.base_fields['permissions']._queryset = get_user_permissions(
self.request.user)
super(TechAdminGroupForm, self).__init__(*args, **kwargs)
users = self.orig_perms = []
if 'instance' in kwargs:
# helper to show users belonging to this group if any
users = kwargs['instance'].user_set.all()
# save orig perms not in tech admin's perm list
self.orig_perms = kwargs['instance'].permissions.exclude(
id__in=(p.id for p in get_user_permissions(self.request.user)))
# Set the form fields based on the model object
self.fields['members'].choices = [
(u.id, ' '.join([u.first_name, u.last_name])) for u in users
]
self.fields['members'].widget.attrs['disabled'] = 'disabled'
def has_delete_permission(self, request, obj=None): """ Temporary, disable delete in view for tech-admin """ # TEMPORARY return False if is_techadmin(request.user) else \ super(TechAdmin, self).has_delete_permission(request, obj)
def can_view_dcadmin(self, user): from MHLogin.Administration.tech_admin.utils import is_techadmin, is_readonly_admin return "ACCEPT" if is_techadmin(user) or is_readonly_admin(user) or \ user.is_superuser else "DENY"
def has_delete_permission(self, request, obj=None):
""" Temporary, disable delete in view for tech-admin """
# TEMPORARY
return False if is_techadmin(request.user) else \
super(TechAdmin, self).has_delete_permission(request, obj)
def can_view_dcadmin(self, user):
from MHLogin.Administration.tech_admin.utils import is_techadmin, is_readonly_admin
return "ACCEPT" if is_techadmin(user) or is_readonly_admin(user) or \
user.is_superuser else "DENY"
def clean(self):
""" ValidationError raised here if tech-admin doing something they ain't supposed to.... """
if is_techadmin(self.request.user):
if Group.objects.filter(id=self.instance.id).exists():
raise ValidationError(_("Tech admin not allowed to modify groups."))
return super(TechAdminGroupForm, self).clean()
def clean_permissions(self): if is_techadmin(self.request.user): self.cleaned_data['permissions'] = [p for p in itertools.chain( self.cleaned_data['permissions'], self.orig_perms)] return self.cleaned_data['permissions']
def get_form(self, request, obj=None, **kwargs): form = super(Regional_ManagerAdmin, self).get_form(request, obj, **kwargs) from MHLogin.Administration.tech_admin.utils import is_techadmin if is_techadmin(request.user) and 'office_mgr' in form.base_fields: self._modify_user_query(request.user, form.base_fields['office_mgr']) return form
def clean_user_permissions(self): if is_techadmin(self.request.user): # add back personal permissions if user belongs to ones not part of tech-admin self.cleaned_data['user_permissions'] = [p for p in itertools.chain( self.cleaned_data['user_permissions'], self.personal_perms)] return self.cleaned_data['user_permissions']
