def modify_researcher_permissions(self):
"""
Modifies researcher permissions by adding the user to the respective admin,
read, or researcher group. They inherit the permissions of that org group.
"""
new_perm = self.request.POST["value"]
org_name = self.request.user.organization.name
admin_group = Group.objects.get(name=build_org_group_name(org_name, "admin"))
read_group = Group.objects.get(name=build_org_group_name(org_name, "read"))
researcher_group = Group.objects.get(
name=build_org_group_name(org_name, "researcher")
)
researcher = self.object
if new_perm == "org_admin":
admin_group.user_set.add(researcher)
read_group.user_set.remove(researcher)
researcher_group.user_set.remove(researcher)
elif new_perm == "org_read":
read_group.user_set.add(researcher)
admin_group.user_set.remove(researcher)
researcher_group.user_set.remove(researcher)
else:
researcher_group.user_set.add(researcher)
admin_group.user_set.remove(researcher)
read_group.user_set.remove(researcher)
return
def get_org_groups(self):
"""
Fetches the org admin, org read, and org researcher groups for the organization that
the current user belongs to
"""
user_org = self.request.user.organization
if user_org:
user_org_name = user_org.name
admin_group = Group.objects.get(name=build_org_group_name(user_org_name, 'admin'))
read_group = Group.objects.get(name=build_org_group_name(user_org_name, 'read'))
researcher_group = Group.objects.get(name=build_org_group_name(user_org_name, 'researcher'))
return admin_group, read_group, researcher_group
else:
raise PermissionDenied
def organization_post_save(sender, **kwargs):
"""
Create groups for all newly created Organization instances.
We only run on Organization creation to avoid having to check
existence on each call to Organization.save.
"""
organization, created = kwargs["instance"], kwargs["created"]
if created:
from django.contrib.auth.models import Group
for group in ["researcher", "read", "admin"]:
group_instance, created = Group.objects.get_or_create(
name=build_org_group_name(organization.name, group)
)
create_study = Permission.objects.get(codename="can_create_study")
view_experimenter = Permission.objects.get(codename="can_view_experimenter")
view_organization = Permission.objects.get(codename="can_view_organization")
edit_organization = Permission.objects.get(codename="can_edit_organization")
group_instance.permissions.add(create_study)
group_instance.permissions.add(view_experimenter)
if group == "admin":
group_instance.permissions.add(view_organization)
group_instance.permissions.add(edit_organization)
if group == "read":
group_instance.permissions.add(view_organization)
def organization_post_save(sender, **kwargs):
'''
Create groups for all newly created Organization instances.
We only run on Organization creation to avoid having to check
existence on each call to Organization.save.
'''
organization, created = kwargs['instance'], kwargs['created']
if created:
from django.contrib.auth.models import Group
for group in ['researcher', 'read', 'admin']:
group_instance, created = Group.objects.get_or_create(
name=build_org_group_name(organization.name, group)
)
create_study = Permission.objects.get(codename='can_create_study')
view_experimenter = Permission.objects.get(codename='can_view_experimenter')
view_organization = Permission.objects.get(codename='can_view_organization')
edit_organization = Permission.objects.get(codename='can_edit_organization')
group_instance.permissions.add(create_study)
group_instance.permissions.add(view_experimenter)
if group == 'admin':
group_instance.permissions.add(view_organization)
group_instance.permissions.add(edit_organization)
if group == 'read':
group_instance.permissions.add(view_organization)
def is_org_read(self):
if not self.organization_id:
return False
if self.is_org_admin:
return True
return self.groups.filter(
name=build_org_group_name(self.organization.name, "read")
).exists()
def is_org_researcher(self):
if not self.organization_id:
return False
return self.groups.filter(
name=build_org_group_name(self.organization.name, "researcher")
).exists()
def is_org_admin(self):
if not self.organization_id:
return False
return self.groups.filter(
name=build_org_group_name(self.organization.name, "admin")
).exists()
