def has_permission_template_tag(context, permission, obj, user=None):
if not user:
user = context.get('user')
if user:
return has_object_permission(permission, user, obj)
return False
def assert_standard_role_permissions(self, expected_bool, program=None):
"""
Helper function to assert role and permissions assignment
"""
assert isinstance(expected_bool, bool)
assert has_role(self.user, 'staff') is expected_bool
assert has_permission(self.user, 'can_advance_search') is expected_bool
assert has_object_permission('can_advance_search', self.user, program or self.program) is expected_bool
def has_permission_template_tag(context, permission, obj, user=None):
if not user:
user = context.get('user')
if user:
return has_object_permission(permission, user, obj)
return False
def index(request):
modules = get_all_modules()
modules = add_modules_purchase_link(modules)
for module in modules:
module.has_access = True if has_object_permission('access_content', request.user, module) else False
return render(request, 'modules/module_index.html', context={'modules': modules})
def doct(request):
p = USERMODEL.objects.get(name=request.user.username)
Users = User.objects.all()
l = []
for k in Users:
if (has_object_permission('authorised_doctor', request.user, k)):
z = USERMODEL.objects.get(name=k.username)
l.append(z)
return render(request, 'home/docres.html', {'name': p.aname, 'stuff': l})
def check_permission(self, user, view):
"""
Verify if user has permission.
"""
for permission in self.permissions_required:
if not has_object_permission(permission, user, view):
return False
return True
def get(self, request, *args, **kwargs):
user_object = self.get_object()
permission = f'view_{self.model.__name__.lower()}'
if has_object_permission(permission, request.user, user_object):
return super().get(request, *args, **kwargs)
else:
messages.warning(
request, "You don't have permission to perform this action. "
"Please login as another user.")
return redirect('login')
def get(self, request, *args, **kwargs):
grade = self.get_object()
permission = 'view_grade'
if has_object_permission(permission, request.user, grade):
return super().get(request, *args, **kwargs)
else:
messages.warning(
request, "You don't have permission to perform this action. "
"Please login as another user.")
return redirect('login')
def has_object_permission(self, request, view, obj):
"""
Returns True if the user has the can_edit_financial_aid permission for a program.
Args:
request (Request): DRF request object
view (View): DRF view object
obj (FinancialAid): FinancialAid object
Returns:
boolean
"""
return has_object_permission(Permissions.CAN_EDIT_FINANCIAL_AID, request.user, obj.tier_program.program)
def test_func(self):
"""
Validate user permissions (Analogous to permissions_classes for DRF)
"""
self.program = get_object_or_404(
Program,
id=self.kwargs["program_id"], # pylint: disable=unsubscriptable-object
live=True,
financial_aid_availability=True)
return has_object_permission(Permissions.CAN_EDIT_FINANCIAL_AID,
self.request.user, self.program)
def detail(request, module_slug, topic_slug): # noqa
user = request.user
if memberkit_facade.has_memberkit_account(user):
return redirect(facade.get_topic_memberkit_url(topic_slug),
permanent=True)
if memberkit_facade.has_any_subscription(user):
return redirect(reverse('migrate_to_memberkit'), permanent=True)
topic = facade.get_topic_with_contents(slug=topic_slug)
if has_object_permission('access_content', user, topic):
return render(request, 'topics/topic_detail.html', {'topic': topic})
return content_landing_page(topic)
def has_object_permission(self, request, view, obj):
"""
Returns True if the user has the can_edit_financial_aid permission for a program.
Args:
request (Request): DRF request object
view (View): DRF view object
obj (FinancialAid): FinancialAid object
Returns:
boolean
"""
return has_object_permission(Permissions.CAN_EDIT_FINANCIAL_AID,
request.user, obj.tier_program.program)
def home(request):
p = USERMODEL.objects.filter(name = request.user.username)
if not p:
return HttpResponseRedirect("/home")
if(has_role(request.user,'patient')):
documents = Document.objects.filter(user = request.user.username, location = 'Med_HIST')
if(has_role(request.user,'doctor')):
Users = User.objects.all()
documents = Document.objects.none()
for k in Users :
if(has_object_permission('authorised_patient',request.user,k)):
documents = documents|Document.objects.filter(user = k.username, location = 'Med_HIST')
return render(request,'uploads/home.html',{'documents':documents})
def view(request):
memberships = Membership.objects.filter(member=request.user)
if has_role(request.user, 'respo'):
events = Event.objects.all()
else:
events = MyEvents.get_events(request.user)
for member in memberships:
if member.role == MemberRole.PRESIDENT._value_:
events |= Event.objects.filter(orga=member.asso)
if request.method == 'POST':
form = MyEvents.BaseForm(request.POST)
MyEvents.validate_ticket(request.POST['member'],
request.POST['event'])
return redirect(reverse('core:my_events'))
events = events.exclude(status__exact=EventStatus.FINISHED._value_)\
.exclude(status__exact=EventStatus.REJECTED._value_)\
.order_by('start')
for event in events:
set = Participant.objects.filter(event=event, used=False)\
.select_related('user')
set = [p['user'] for p in list(set.values('user').all())]
event.form = MyEvents.BaseForm()
event.form.event = event
event.form.fields['member'].queryset = User.objects.filter(
id__in=set)
event.form.fields['event'].queryset = Event.objects.filter(
id=event.id)
event.form.fields['event'].widget.attrs['readonly'] = True
event.stat = MyEvents.Stat(event)
event.disp = MyEvents.is_allowed(event, request.user)
event.valid = has_object_permission('event_status_change',
request.user, event)
# Template variables
variables = {}
variables['events'] = events
variables['waiting'] = str(EventStatus.WAITING._value_)
variables['validated'] = str(EventStatus.VALIDATED._value_)
variables['pending'] = str(EventStatus.PENDING._value_)
variables['respo'] = has_role(request.user, 'respo')
return render(request, 'my_events.html', variables)
def get_advance_searchable_program_ids(user):
"""
Helper function to retrieve all the programs where the user is allowed to search
Args:
user (User): Django user instance
Returns:
list: list of courses.models.Program ids
"""
user_role_program = Role.objects.filter(user=user)
program_ids = [
role.program_id for role in user_role_program
if has_object_permission('can_advance_search', user, role.program)
]
return program_ids
def get_advance_searchable_program_ids(user):
"""
Helper function to retrieve all the programs where the user is allowed to search
Args:
user (User): Django user instance
Returns:
list: list of courses.models.Program ids
"""
user_role_program = Role.objects.filter(user=user)
program_ids = [
role.program_id for role in user_role_program
if has_object_permission('can_advance_search', user, role.program)
]
return program_ids
def upl(request):
p = USERMODEL.objects.filter(name=request.user.username)
if not p:
return HttpResponseRedirect("/home")
p = USERMODEL.objects.get(name=request.user.username)
if request.method == 'GET':
sq = request.GET.get('uploadtest')
if (has_object_permission('authorised_patient', request.user,
User.objects.get(username=sq))):
if sq == None:
return HttpResponseRedirect('/home')
j = USERMODEL.objects.filter(name=sq)
if not j:
return HttpResponseRedirect('/home')
j = USERMODEL.objects.get(name=sq)
form = PrescriptionForm(request.POST or None)
context = {'form': form, 'names': j.aname, 'set': j.name}
return render(request, 'presc/Doctor3rd.html', context)
else:
return HttpResponseForbidden()
if request.method == 'POST':
sq = request.POST.get('uploadtest')
if (has_object_permission('authorised_patient', request.user,
User.objects.get(username=sq))):
form = PrescriptionForm(request.POST or None)
if form.is_valid():
obj = form.save(commit=False)
obj.doctor = request.user.username
obj.patient = sq
obj.save()
k = '/presc/Patup?Pat_up='
k = k + str(sq)
return HttpResponseRedirect(k)
else:
return HttpResponseForbidden()
def doc(request):
#p = USERMODEL.objects.get(name = request.user.username)
if request.method == 'GET':
sq = request.GET.get('docpr')
if sq == None:
return HttpResponseRedirect('/home')
if not User.objects.get(username=sq):
return HttpResponseRedirect('/home')
doctor = USERMODEL.objects.get(name=sq)
return render(
request, 'home/docprof.html', {
'type':
doctor,
'auth':
has_object_permission('authorised_doctor', request.user,
User.objects.get(username=sq))
})
def my_view(request, *args, **kwargs):
members = Member.objects.all()
# content = {}
# content['userdetail'] = member
from rolepermissions.checkers import has_permission
from django.contrib.auth.models import User
from ecommerce.roles import Doctor
from rolepermissions.permissions import available_perm_status
from rolepermissions.checkers import has_object_permission
user1 = User.objects.get(id=2)
permissions = available_perm_status(user1)
print(permissions)
if has_permission(user1, 'nurse'):
print('access granted')
else:
print('access not granted')
if has_object_permission('access_clinic', user1, user1):
print('access granted')
from guardian.shortcuts import get_perms
from guardian.shortcuts import assign_perm
from guardian.shortcuts import get_perms
from django.shortcuts import render
from django.template import RequestContext
from ecommer.models import Project
from guardian.shortcuts import get_objects_for_user
joe=User.objects.get(username='******')
post=Post.objects.get(id=1)
# print(joe.has_perm('post_add', post))
assign_perm('post_add', joe, post)
projects = get_objects_for_user(request.user, 'ecommer.post_add')
print(joe.has_perm('post_add', post))
# if 'post_add' in get_perms(joe, post):
# projects = get_objects_for_user(request.user, 'ecommer.post_add')
# print(projects)
# print('access granted')
# else:
# print('access denied')
return render(request, 'ecommer/user_dashboard.html', {'projects': projects})
def main(request):
p = USERMODEL.objects.filter(name=request.user.username)
if not p:
return HttpResponseRedirect("/home")
p = USERMODEL.objects.get(name=request.user.username)
Users = User.objects.all()
l = []
if (has_role(request.user, 'doctor')):
for k in Users:
if (has_object_permission('authorised_patient', request.user, k)):
z = USERMODEL.objects.get(name=k.username)
l.append(z)
return render(request, 'testres/doc.html', {
'name': p.aname,
'stuff': l
})
if (has_role(request.user, 'patient')):
k = Testres.objects.filter(patient=p.name)
return render(request, "testres/pat.html", {'documents': k})
def testup(request):
p = USERMODEL.objects.filter(name=request.user.username)
if not p:
return HttpResponseRedirect("/home")
p = USERMODEL.objects.get(name=request.user.username)
if request.method == 'GET':
sq = request.GET.get('Pat_test_up')
if sq == None:
return HttpResponseRedirect('/home')
j = USERMODEL.objects.filter(name=sq)
if not j:
return HttpResponseRedirect('/home')
if (has_object_permission('authorised_patient', request.user,
User.objects.get(username=sq))):
j = USERMODEL.objects.get(name=sq)
k = Testres.objects.filter(user=p.name, patient=j.name)
return render(request, 'testres/DoctorUploadHome.html', {
'name': j.aname,
'user': j.name,
'documents': k
})
else:
return HttpResponseForbidden()
def test_check_none_role_if_user_has_no_role(self):
user = mommy.make(get_user_model())
self.assertTrue(has_object_permission('obj_checker', user, True))
def test_does_not_have_object_permission(self):
user = self.user
self.assertFalse(has_object_permission('obj_checker', user, False))
def test_has_object_permission(self):
user = self.user
self.assertTrue(has_object_permission('obj_checker', user, True))
def test_superuser_without_superpowers(self):
user = self.user
user.is_superuser = True
self.assertTrue(has_object_permission('obj_checker', user, True))
self.assertFalse(has_object_permission('obj_checker', user, False))
def view(request, name):
asso = get_object_or_404(Association, name=name)
flag = not request.user.is_superuser and not has_role(
request.user, 'respo')
if flag:
member = get_object_or_404(Membership,
member=request.user,
asso=asso)
else:
member = None
# Prepare useful queryset
simples = Dashboard.get_members(asso, MemberRole.SIMPLE)
office = Dashboard.get_members(asso, MemberRole.OFFICE)
president = Dashboard.get_members(asso, MemberRole.PRESIDENT)
all = simples | office | president
others = User.objects.all().exclude(pk__in=all.values('member'))
office = office | president
# Nested classes in order to create forms with different behaviours
class AssoForm(forms.Form):
def __init__(self, *args, **kwargs):
super(AssoForm, self).__init__(*args, **kwargs)
for field_name, field in self.fields.items():
field.widget.attrs['class'] = 'form-control'
class OfficeForm(AssoForm):
membre = forms.ModelChoiceField(queryset=simples, required=True)
class AddForm(AssoForm):
membre = forms.ModelChoiceField(queryset=others, required=True)
class RemoveForm(AssoForm):
membre = forms.ModelChoiceField(queryset=all, required=True)
class PresForm(AssoForm):
membre = forms.ModelChoiceField(
queryset=(simples | office).exclude(
role__exact=MemberRole.PRESIDENT._value_),
required=True)
if request.method == 'POST':
if 'officeModal' in request.POST:
form = OfficeForm(request.POST)
Dashboard.add_office_member(asso, form)
elif 'addModal' in request.POST:
form = AddForm(request.POST)
Dashboard.add_member(asso, form)
elif 'presidentModal' in request.POST:
form = PresForm(request.POST)
Dashboard.designate_president(asso, form)
else:
form = RemoveForm(request.POST)
Dashboard.remove_member(asso, form)
if Dashboard.msg:
return redirect(reverse('core:association', args=[asso.name]))
else:
office_form = OfficeForm()
add_form = AddForm()
remove_form = RemoveForm()
president_form = PresForm()
# Creating templates variables
variables = {}
variables['can_add_office'] = has_object_permission(
'add_office', request.user, asso)
variables['can_remove_office'] = variables['can_add_office']
variables['can_manage_members'] = has_object_permission(
'validate_member', request.user, asso)
variables['events'] = Dashboard.related_events(asso)
variables['office'] = office
variables['asso'] = asso
variables['info'] = Dashboard.msg
variables['fail'] = Dashboard.error
variables['respo'] = has_role(request.user, 'respo')
variables[
'pres'] = True if member is None else member.role == MemberRole.PRESIDENT._value_
variables['office_form'] = office_form
variables['add_form'] = add_form
variables['remove_form'] = remove_form
variables['president_form'] = president_form
variables['waiting'] = str(EventStatus.WAITING._value_)
variables['validated'] = str(EventStatus.VALIDATED._value_)
variables['pending'] = str(EventStatus.PENDING._value_)
variables['rejected'] = str(EventStatus.REJECTED._value_)
Dashboard.msg = None
return render(request, 'dashboard.html', variables)
def detail(request, module_slug, topic_slug): # noqa
topic = facade.get_topic_with_contents(slug=topic_slug)
if has_object_permission('access_content', request.user, topic):
return render(request, 'topics/topic_detail.html', {'topic': topic})
return content_landing_page(topic)
