Beispiel #1
0
 def test_register_valid_rules(self):
     rules_list = [
         # Dummy model
         {'codename':'can_ship', 'model':Dummy, 'field_name':'canShip', 'view_param_pk':'idView', 'description':"Only supplier has the authorization to ship"},
     ]
     for params in rules_list:
         registry.register(**params)
Beispiel #2
0
 def test_user_is_tested_for_simple_rule_by_field_name(self):
     self.create_fixtures()
     registry.register(
         'mock_permission', MockModel, field_name='mock_simple_permission')
     back = ObjectPermissionBackend()
     res = back.has_perm(self.user, 'mock_permission', self.model)
     self.assertEqual(res, True)
Beispiel #3
0
 def test_non_boolean_permissions_raises(self):
     self.create_fixtures()
     registry.register('mock_non_boolean_permission', MockModel)
     back = ObjectPermissionBackend()
     self.assertRaises(
         NotBooleanPermission, back.has_perm, self.user,
         'mock_non_boolean_permission', self.model)
Beispiel #4
0
 def test_non_callable_permission_raises(self):
     self.create_fixtures()
     registry.register('not_callable', MockModel)
     back = ObjectPermissionBackend()
     self.assertRaises(
         NotBooleanPermission, back.has_perm, self.user,
         'not_callable', self.model)
Beispiel #5
0
 def test_register_valid_rules_compact_style(self):
     rules_list = [
         # Dummy model
         {'codename':'canShip', 'model':Dummy},
     ]
     for params in rules_list:
         registry.register(**params)
def register(perm, func, model=GlobalPermission):
    """
    Function to register global permissions or permissions
    against a particular model.
    """
    model.add_to_class(perm, func)
    rulez_registry.register(perm, model)
Beispiel #7
0
 def test_user_is_tested_for_simple_rule_by_field_name(self):
     self.create_fixtures()
     registry.register(
         'mock_permission', MockModel, field_name='mock_simple_permission')
     back = ObjectPermissionBackend()
     res = back.has_perm(self.user, 'mock_permission', self.model)
     self.assertEqual(res, True)
Beispiel #8
0
    def __call__(self, func):
        from . import registry

        # Add function to the model
        self.model.add_to_class(self.codename, func)

        # Register the function
        registry.register(self.codename, self.model)

        # Pass it along
        return func
Beispiel #9
0
    def test_tag_syntax(self):
        registry.register("mock_positive_permission", MockModel)

        # TODO: error messages from template tag a bit are confusing.
        self.assertRaisesRegexp(TemplateSyntaxError, "tag requires exactly three arguments", self.render_template,
            "{% load rulez_perms %}{% rulez_perms mock_positive_permission object %}", {})

        self.assertRaisesRegexp(TemplateSyntaxError, "tag requires exactly three arguments", self.render_template,
            "{% load rulez_perms %}{% rulez_perms mock_positive_permission object can %}", {})

        self.assertRaisesRegexp(TemplateSyntaxError, "third argument to tag must be 'as'", self.render_template,
            "{% load rulez_perms %}{% rulez_perms mock_positive_permission object can can %}", {})
Beispiel #10
0
 def assertNoHeCant(self, permission, user):
     registry.register(permission, MockModel)
     rendered = self.render_template(
         "{% load rulez_perms %}"
         "{% rulez_perms " + permission + " object as can %}"
         "{% if can %}yes he can{% else %}no he can't{% endif %}",
         {
             "user": user,
             "object": MockModel()
         }
     )
     self.assertEqual(rendered, "no he can't")
    def test_tag_syntax(self):
        registry.register("mock_positive_permission", MockModel)

        # TODO: error messages from template tag a bit are confusing.
        self.assertRaisesRegexp(TemplateSyntaxError, "tag requires exactly three arguments", self.render_template,
            "{% load rulez_perms %}{% rulez_perms mock_positive_permission object %}", {})

        self.assertRaisesRegexp(TemplateSyntaxError, "tag requires exactly three arguments", self.render_template,
            "{% load rulez_perms %}{% rulez_perms mock_positive_permission object can %}", {})

        self.assertRaisesRegexp(TemplateSyntaxError, "third argument to tag must be 'as'", self.render_template,
            "{% load rulez_perms %}{% rulez_perms mock_positive_permission object can can %}", {})
 def assertNoHeCant(self, permission, user):
     registry.register(permission, MockModel)
     rendered = self.render_template(
         "{% load rulez_perms %}"
         "{% rulez_perms " + permission + " object as can %}"
         "{% if can %}yes he can{% else %}no he can't{% endif %}",
         {
             "user": user,
             "object": MockModel()
         }
     )
     self.assertEqual(rendered, "no he can't")
Beispiel #13
0
    def setUp(self):
        try:
            self.anonymous = User.objects.get_or_create(id=settings.ANONYMOUS_USER_ID, username='******', is_active=True)[0]
        except Exception:
            self.fail("You need to define an ANONYMOUS_USER_ID in your settings file")
        
        self.user = User.objects.get_or_create(username='******', is_active=True)[0]
        self.otherUser = User.objects.get_or_create(username='******', is_active=True)[0]
        self.superuser = User.objects.get_or_create(username='******', is_active=True, is_superuser=True)[0]
        self.not_active_superuser = User.objects.get_or_create(username='******', is_active=False, is_superuser=True)[0]
        self.obj = Dummy.objects.get_or_create(supplier=self.user)[0]
#        self.ctype = ContentType.objects.get_for_model(self.obj)
        
        registry.register(codename='can_ship', field_name='canShip', model=self.obj.__class__, view_param_pk='idDummy',
                                            description="Only supplier have the authorization to ship")
Beispiel #14
0
    def __call__(self, cls):
        import inspect
        from . import registry

        if not self.codenames:
            # No codenames were passed; register all can_FOO functions
            for codename, unused in inspect.getmembers(cls):
                if codename.startswith('can_'):
                    registry.register(codename, cls)
        else:
            # Register all provided names
            for codename in self.codenames:
                registry.register(codename, cls)

        # Pass it along
        return cls
Beispiel #15
0
 def test_register_invalid_rules_NonexistentFieldName(self):
     rules_list = [
         # Dummy model
         {'codename':'can_ship', 'model':Dummy, 'field_name':'canSship', 'view_param_pk':'idView', 'description':"Only supplier has the authorization to ship"},
     ]
     for params in rules_list:
         self.assertRaises(NonexistentFieldName, lambda: registry.register(**params))
Beispiel #16
0
            qs = cls.objects

        if not cls.can_save(user):
            qs = qs.filter(
                Q(released_at__isnull=True)
                | Q(released_at__lte=timezone.now()))

        # Show "all cohorts" and "current cohort" exhibitions to non-superusers
        if not user or not user.is_authenticated() or not user.is_superuser:
            cohort = Cohort.objects.get_current(user)
            qs = qs.filter(Q(cohort__isnull=True) | Q(cohort=cohort))

        return qs


registry.register('can_see', Exhibition)
registry.register('can_save', Exhibition)


@receiver(post_init, sender=Exhibition)
def post_init(sender, instance=None, **kwargs):
    '''Store initial image, to detect changes in post_save, post_delete'''
    if instance:
        instance.__init_image = instance.image


@receiver(post_delete, sender=Exhibition)
def post_delete(sender, instance=None, **kwargs):
    '''Delete orphan image, if any'''
    if instance:
        if instance.__init_image:
Beispiel #17
0
 def test_rule_is_registered(self):
     registry.register('mock_permission', MockModel)
     # if it's been registered properly we should be able to get() something
     res = registry.get('mock_permission', MockModel)
     self.assertNotEqual(res, None)
     self.assertNotEqual(res, {})
Beispiel #18
0
                # send email
                #
                logger.info('Sending ReviewDocument invite email to: %s' % u)

                m = ReviewerReminderEmail(recipients=((u.get_full_name(), u.email,),), from_tuple=(from_user.get_full_name(), from_user.email,))
                m.process(subject=m.subject,
                          item=self.document.item,
                          document=self.document,
                          from_name=from_user.get_full_name(),
                          action_url=ABSOLUTE_BASE_URL(path=self.get_absolute_url(user=u)))

    def can_read(self, user):
        return user in self.participants

    def can_edit(self, user):
        return user in self.participants

    def can_delete(self, user):
        return user in self.participants

rulez_registry.register("can_read", ReviewDocument)
rulez_registry.register("can_edit", ReviewDocument)
rulez_registry.register("can_delete", ReviewDocument)

from .signals import (#set_item_review_percentage_complete,
                      #reset_item_review_percentage_complete_on_complete,
                      #reset_item_review_percentage_complete_on_delete,
                      ensure_matter_participants_are_in_reviewdocument_participants,
                      on_reviewer_add,
                      on_reviewer_remove,)
Beispiel #19
0
                "tool": self.workspace.tools.filter(slug=self.tool_slug).first().slug,
                "slug": self.slug,
            },
        )

    def can_read(self, user):
        return user in self.workspace.participants.all()

    def can_edit(self, user):
        return user in self.workspace.participants.all()

    def can_delete(self, user):
        return user.profile.is_lawyer and user in self.workspace.participants.all()


rulez_registry.register("can_read", EightyThreeB)
rulez_registry.register("can_edit", EightyThreeB)
rulez_registry.register("can_delete", EightyThreeB)


class Attachment(IsDeletedMixin, models.Model):
    eightythreeb = models.ForeignKey("eightythreeb.EightyThreeB")
    attachment = models.FileField(upload_to=_upload_file, blank=True, storage=_managed_S3BotoStorage())

    def can_delete(self, user):
        return user == self.eightythreeb.user


rulez_registry.register("can_delete", Attachment)

from .signals import *  # noqa
Beispiel #20
0
        return super(ItemRequestRevisionView, self).pre_save(obj=obj, **kwargs)

    def post_save(self, obj, **kwargs):
        """
        Send the email to the items responsible_party
        """
        self.object.send_document_requested_emails(from_user=self.request.user)

        # if is_requested is True the activity has to be created (similar to send_document_requested_emails())
        if self.object.is_requested is True:
            user = self.object.responsible_party
            if user:
                self.matter.actions.request_user_upload_revision(item=self.object,
                                                                 adding_user=self.request.user,
                                                                 added_user=user)

        super(ItemRequestRevisionView, self).post_save(obj=obj, **kwargs)

    def can_read(self, user):
        return user in self.matter.participants.all()

    def can_edit(self, user):
        return user.matter_permissions(matter=self.matter).has_permission(manage_document_reviews=True) is True

    def can_delete(self, user):
        return user.matter_permissions(matter=self.matter).has_permission(manage_document_reviews=True) is True


rulez_registry.register("can_read", ItemRequestRevisionView)
rulez_registry.register("can_edit", ItemRequestRevisionView)
rulez_registry.register("can_delete", ItemRequestRevisionView)
Beispiel #21
0
    lookup_field = 'pk'

    def can_read(self, user):
        obj = self.get_object()
        return user in obj.document.item.matter.participants.all()

    def can_edit(self, user):
        obj = self.get_object()
        return user.matter_permissions(matter=obj.document.item.matter).has_permission(manage_document_reviews=True) is True

    def can_delete(self, user):
        obj = self.get_object()
        return user.matter_permissions(matter=obj.document.item.matter).has_permission(manage_document_reviews=True) is True


rulez_registry.register("can_read", ReviewEndpoint)
rulez_registry.register("can_edit", ReviewEndpoint)
rulez_registry.register("can_delete", ReviewEndpoint)


class BaseReviewerOrSignerMixin(generics.GenericAPIView):
    """
    Provides the object to access .signers or .reviewers
    and their required functionality
    """
    model = Revision  # to allow us to use get_object generically
    serializer_class = ReviewSerializer  # as we are returning the revision and not the item
    lookup_field = 'slug'
    lookup_url_kwarg = 'item_slug'

    def get_objects(self, **kwargs):
Beispiel #22
0
            invite.inviting_user = from_user
            invite.save(update_fields=['inviting_user'])

            # send the invite url
            action_url = ABSOLUTE_BASE_URL(invite.get_absolute_url())

            m = SignerReminderEmail(recipients=((signer.get_full_name(), signer.email,),))
            m.process(subject=subject,
                      message=message,
                      item=self.document.item,
                      document=self.document,
                      from_name=from_user.get_full_name(),
                      action_url=action_url)

    def can_read(self, user):
        return user in set(self.signers.all() | self.document.item.matter.participants.all())

    def can_edit(self, user):
        return user in self.document.item.matter.participants.all()

    def can_delete(self, user):
        return user in self.document.item.matter.participants.all()

rulez_registry.register("can_read", SignDocument)
rulez_registry.register("can_edit", SignDocument)
rulez_registry.register("can_delete", SignDocument)


from .signals import (ensure_matter_participants_are_in_signdocument_participants,
                      on_signer_add,
                      on_signer_remove,)
Beispiel #23
0
        return u'%s' % self.name

    def get_absolute_url(self):
        return self.item.get_absolute_url()

    def can_read(self, user):
        return self.pk is None  \
               or user in self.item.matter.participants.all()  \
               or user == self.created_by  \
               or user in self.assigned_to.all()  \
               or user.matter_permissions(matter=self.item.matter).has_permission(manage_items=True)

    def can_edit(self, user):
        return self.pk is None  \
               or user == self.created_by  \
               or user in self.assigned_to.all()  \
               or user.matter_permissions(matter=self.item.matter).has_permission(manage_items=True)

    def can_delete(self, user):
        return user == self.created_by  \
               or user.matter_permissions(matter=self.item.matter).has_permission(manage_items=True)


rulez_registry.register("can_read", Task)
rulez_registry.register("can_edit", Task)
rulez_registry.register("can_delete", Task)

# Signals
post_save.connect(post_save_update_task_complete_count_in_item, sender=Task, dispatch_uid='task.post_save.post_save_update_task_complete_count_in_item')
post_delete.connect(post_delete_update_task_complete_count_in_item, sender=Task, dispatch_uid='task.post_delete.post_delete_update_task_complete_count_in_item')
Beispiel #24
0
 def test_inactive_user_can_never_have_any_permissions(self):
     self.create_fixtures()
     registry.register('mock_permission', MockModel)
     back = ObjectPermissionBackend()
     res = back.has_perm(self.inactive_user, 'mock_permission', self.model)
     self.assertEqual(res, False)
        # Authenticated users can see shared or own artwork
        if (user and user.is_authenticated()):
            return qs.filter(Q(author__exact=user.id) | Q(shared__gt=0))

        # Public can only see shared artwork
        else:
            return qs.filter(Q(shared__gt=0))

    # Return queryset filtered to own artwork
    @classmethod
    def can_save_queryset(cls, qs=None, user=None):
        if not qs:
            qs = cls.objects
        if (user and user.is_authenticated()):
            # Authors can submit any unshared artwork
            return qs.filter(author__exact=user.id, shared__exact=0)
        else:
            return qs.none()


registry.register('can_see', Artwork)
registry.register('can_save', Artwork)


class ArtworkForm(forms.ModelForm):
    class Meta:
        model = Artwork
        fields = ['title', 'code']
        widgets = {'code': HiddenInput}
Beispiel #26
0
 def test_rules_returns_False_for_None_obj(self):
     self.create_fixtures()
     registry.register('mock_permission', MockModel)
     back = ObjectPermissionBackend()
     res = back.has_perm(self.user, 'mock_permission', None)
     self.assertEqual(res, False)
Beispiel #27
0
            if self.request.user.profile.is_lawyer:
                obj.lawyer = self.request.user

        return super(MatterEndpoint, self).pre_save(obj=obj)

    def can_read(self, user):
        return user.profile.user_class in ['lawyer', 'customer']

    def can_edit(self, user):
        return user.profile.is_lawyer

    def can_delete(self, user):
        return user.profile.is_lawyer


rulez_registry.register("can_read", MatterEndpoint)
rulez_registry.register("can_edit", MatterEndpoint)
rulez_registry.register("can_delete", MatterEndpoint)


"""
Custom Api Endpoints
"""


class MatterExportView(generics.CreateAPIView, MatterMixin):
    @property
    def provider_name(self):
        if self.provider == 'box':
            return 'box.com'
Beispiel #28
0
        return self.TODO_STATUS_CHOICES.get_desc_by_value(self.status)

    @property
    def original_name(self):
        return self.data.get('name', 'No original name was found, was created by user')

    @property
    def item_hash_num(self):
        return '#{primary}-{secondary}'.format(primary=int(self.data.get('sort_position', 0)), secondary=int(self.data.get('sort_position_by_cat', 0)))

    def get_absolute_url(self):
        # need to import this HERE for some reason?
        from django.core.urlresolvers import reverse
        return reverse('todo:item', kwargs={'project_uuid': self.project.uuid, 'slug': self.slug})

registry.register("can_read", ToDo)
registry.register("can_edit", ToDo)
registry.register("can_delete", ToDo)


class Attachment(models.Model):
    """
    Files that can be attached to our todo items
    """
    uuid = models.CharField(max_length=255, blank=True, null=True, db_index=True)
    uploaded_by = models.ForeignKey('auth.User', related_name='atatchments_uploaded')
    deleted_by = models.ForeignKey('auth.User', blank=True, null=True, related_name='atatchments_deleted')
    attachment = FPFileField(upload_to=_attachment_upload_file, additional_params=None)
    project = models.ForeignKey('project.Project', related_name='attachments')
    todo = models.ForeignKey('todo.ToDo', blank=True, null=True, related_name='attachments')
    data = JSONField(default={})
Beispiel #29
0
        return super(SignatureEndpoint, self).pre_delete(obj=obj, **kwargs)

    def can_read(self, user):
        return user.profile.user_class in ['lawyer', 'customer']

    def can_edit(self, user):
        obj = self.get_object()
        return user.matter_permissions(matter=obj.matter).has_permission(manage_signature_requests=True) is True

    def can_delete(self, user):
        obj = self.get_object()
        return user.matter_permissions(matter=obj.matter).has_permission(manage_signature_requests=True) is True


rulez_registry.register("can_read", SignatureEndpoint)
rulez_registry.register("can_edit", SignatureEndpoint)
rulez_registry.register("can_delete", SignatureEndpoint)


class ItemRevisionSignersView(generics.ListAPIView,
                              generics.CreateAPIView,
                              BaseReviewerOrSignerMixin):
    """
    /matters/:matter_slug/items/:item_slug/revision/signers/ (GET,POST)
        [lawyer,customer] to list, create signers
    """
    serializer_class = SignatureSerializer  # as we are returning the revision and not the item

    def get_queryset_provider(self):
        return self.revision.signers
Beispiel #30
0
        return Response(status=status)

    def can_read(self, user):
        return user in self.get_object().participants.all() or user == self.get_object().lawyer

    def can_edit(self, user):
        role = self.request.DATA.get('role')
        if not role:
            return False

        # manage_participants overrides manage_clients
        if user.matter_permissions(matter=self.matter).has_permission(manage_participants=True) is True:
            return True
        elif ROLES.get_value_by_name(role.lower()) == ROLES.client:
            return user.matter_permissions(matter=self.matter).has_permission(manage_clients=True) is True

    def can_delete(self, user):
        user_to_work_on = User.objects.get(username=self.kwargs.get('username'))

        # manage_participants overrides manage_clients
        if user.matter_permissions(matter=self.matter).has_permission(manage_participants=True) is True \
                or user_to_work_on == self.request.user:
            return True
        elif user_to_work_on.matter_permissions(matter=self.matter).role == ROLES.client:
            return user.matter_permissions(matter=self.matter).has_permission(manage_clients=True) is True


rulez_registry.register("can_read", MatterParticipant)
rulez_registry.register("can_edit", MatterParticipant)
rulez_registry.register("can_delete", MatterParticipant)
Beispiel #31
0
        return super(BoxViewSet, self).create(request)

    def can_read(self, user):
        return user.is_authenticated()

    def can_edit(self, user):
        if self.request.method == 'POST':
            return True
        return user in self.get_object().users.all() or user.is_staff

    def can_delete(self, user):
        return user == self.get_object().owner or user.is_staff


rulez_registry.register("can_read", BoxViewSet)
rulez_registry.register("can_edit", BoxViewSet)
rulez_registry.register("can_delete", BoxViewSet)


class BoxRegistrationEndpoint(generics.CreateAPIView):
    model = Box
    serializer_class = BoxSerializer

    def create(self, request, **kwargs):
        status_code = status.HTTP_200_OK

        request_data = request.data.copy()
        request_data['remote_ip'] = request.META.get('HTTP_X_FORWARDED_FOR',
                                                     request.META.get('REMOTE_ADDR'))
    def can_see_queryset(cls, qs=None, user=None):
        if not qs:
            qs = cls.objects

        if not cls.can_save(user):
            qs = qs.filter(Q(released_at__isnull=True) | Q(released_at__lte=timezone.now()))

        # Show "all cohorts" and "current cohort" exhibitions to non-superusers
        if not user or not user.is_authenticated() or not user.is_superuser:
            cohort = Cohort.objects.get_current(user)
            qs = qs.filter(Q(cohort__isnull=True) | Q(cohort=cohort))

        return qs


registry.register('can_see', Exhibition)
registry.register('can_save', Exhibition)


@receiver(post_init, sender=Exhibition)
def post_init(sender, instance=None, **kwargs):
    '''Store initial image, to detect changes in post_save, post_delete'''
    if instance:
        instance.__init_image = instance.image

@receiver(post_delete, sender=Exhibition)
def post_delete(sender, instance=None, **kwargs):
    '''Delete orphan image, if any'''
    if instance:
        if instance.__init_image:
            instance.__init_image.storage.delete(instance.__init_image.name)
Beispiel #33
0
from geoposition.fields import GeopositionField


class Hive(models.Model):
    uuid = UUIDField(auto=True, db_index=True)
    users = models.ManyToManyField('auth.User')
    name = models.CharField(max_length=128, db_index=True, null=True, blank=True)
    description = models.CharField(max_length=255)
    project = models.ForeignKey('project.Project', null=True, blank=True)
    position = GeopositionField(default='51.1935462,6.4479122999999845')
    sensors = models.ManyToManyField('sensor.Sensor')
    is_public = models.BooleanField(default=False, db_index=True)
    data = JSONField(default={})

    def __unicode__(self):
        return '%s - %s' % (self.name, self.description)

    def can_read(self, user):
        return user.is_authenticated()

    def can_edit(self, user):
        return user in self.users.all() or user.is_staff

    def can_delete(self, user):
        return user in self.users.all() or user.is_staff


rulez_registry.register("can_read", Hive)
rulez_registry.register("can_edit", Hive)
rulez_registry.register("can_delete", Hive)
Beispiel #34
0
 def test_rules_returns_False_for_None_obj(self):
     self.create_fixtures()
     registry.register('mock_permission', MockModel)
     back = ObjectPermissionBackend()
     res = back.has_perm(self.user, 'mock_permission', None)
     self.assertEqual(res, False)
            qs = cls.objects
        if user and user.is_authenticated():
            qs = qs.filter(voted_by=user)

            if submission:
                if isinstance(submission, (list, tuple)):
                    qs = qs.filter(submission__id__in=submission)
                else:
                    qs = qs.filter(submission=submission)
            elif exhibition:
                qs = qs.filter(submission__exhibition=exhibition)
        else:
            qs = qs.none()
        return qs

registry.register('can_delete', Vote)

@receiver(post_save, sender=Vote)
def post_save(sender, instance=None, created=False, **kwargs):
    if created and (instance.status == Vote.THUMBS_UP):
        instance.submission.score = F('score') + 1
        instance.submission.save()

@receiver(post_delete, sender=Vote)
def post_delete(sender, instance=None, **kwargs):
    if instance.status == Vote.THUMBS_UP:
        instance.submission.score = F('score') - 1
        instance.submission.save()


class VoteForm(forms.ModelForm):
Beispiel #36
0
 def test_inactive_user_can_never_have_any_permissions(self):
     self.create_fixtures()
     registry.register('mock_permission', MockModel)
     back = ObjectPermissionBackend()
     res = back.has_perm(self.inactive_user, 'mock_permission', self.model)
     self.assertEqual(res, False)
Beispiel #37
0
 def test_rules_returns_False_for_inexistant_rule(self):
     self.create_fixtures()
     registry.register('mock_permission', MockModel)
     back = ObjectPermissionBackend()
     res = back.has_perm(self.user, 'whatever_permission', self.model)
     self.assertEqual(res, False)
    @classmethod
    def can_see_queryset(cls, qs=None, user=None, exhibition=None):
        if not qs:
            qs = cls.objects

        if exhibition:
            if isinstance(exhibition, Exhibition):
                exhibition = exhibition.id
            qs = qs.filter(exhibition_id=exhibition)
        else:
           cohort = Cohort.objects.get_current(user=user)
           qs = qs.filter(Q(exhibition__cohort__isnull=True) | Q(exhibition__cohort=cohort))

        return qs

registry.register('can_see', Submission)
registry.register('can_save', Submission)
registry.register('can_vote', Submission)


@receiver(post_save, sender=Submission)
def post_save(sender, instance=None, **kwargs):
    '''Update artwork.shared to submission id'''
    if instance:
        from artwork.models import Artwork
        Artwork.objects.filter(id__exact=instance.artwork_id).update(shared=instance.id)


@receiver(post_delete, sender=Submission)
def post_delete(sender, instance=None, **kwargs):
    '''Decrement artwork.shared, and delete existing votes.'''
Beispiel #39
0
 def test_rules_returns_False_for_inexistant_rule(self):
     self.create_fixtures()
     registry.register('mock_permission', MockModel)
     back = ObjectPermissionBackend()
     res = back.has_perm(self.user, 'whatever_permission', self.model)
     self.assertEqual(res, False)
Beispiel #40
0
            if comment_object.actor == request.user and comment_object.timestamp > \
                            timezone.now() - datetime.timedelta(minutes=settings.EDIT_COMMENTS_DURATION):
                comment_object.data['comment'] = comment
                comment_object.save(update_fields=['data'])
                return Response(status=http_status.HTTP_200_OK)
            return Response(status=http_status.HTTP_403_FORBIDDEN,
                            data={'reason': u'Your comment is too old to be edited.'})
        else:
            return Response(status=http_status.HTTP_400_BAD_REQUEST, data={'reason': 'You should send a comment.'})

    def get_object(self):
        return get_object_or_404(self.model, pk=self.kwargs.get('id'))

    def delete(self, request, *args, **kwargs):
        # lawyer can delete at any time
        # customer can ONLY delete if it not older than DELETE_COMMENTS_DURATION

        self.object = self.get_object()

        if request.user.profile.is_lawyer or self.object.timestamp > \
                        timezone.now() - datetime.timedelta(minutes=settings.DELETE_COMMENTS_DURATION):
            # TODO: check if lawyer from different matter needs to be blocked
            self.object.delete()
            return Response(status=http_status.HTTP_204_NO_CONTENT)
        return Response(status=http_status.HTTP_403_FORBIDDEN)

    def can_edit(self, user):
        return user.profile.user_class in ['lawyer', 'customer']

rulez_registry.register("can_edit", ItemCommentEndpoint)
Beispiel #41
0
        middle = [pending, done][self.approval == 'A']
        representation = self.admin_type.name + self.by_admin.username \
            + middle + self.for_user.username
        return representation

    def can_be_approved_by(self, user_obj):
        '''
        Returns a bool, depending on whether
        the acting admin/user CAN approve the
        user, given the requirements of business logic.
        '''

        # ADMIN TYPE 2 can approve ALL
        if user_obj.groups.filter(name=ADMIN_TYPE_TWO).exists():
            return True

        # ADMIN TYPE 1 users from his city only
        if user_obj.groups.filter(name=ADMIN_TYPE_ONE).exists():
            if user_obj.location == self.for_user.location:
                return True

        # Not an admin
        # OR, admin is type 1, and user is not in his location
        return False

    def mark_approved(self):
        self.approval = 'A'
        self.save()

registry.register('can_be_approved_by', Approval)
            qs = cls.objects

        if exhibition:
            if isinstance(exhibition, Exhibition):
                exhibition = exhibition.id
            qs = qs.filter(exhibition_id=exhibition)
        else:
            cohort = Cohort.objects.get_current(user=user)
            qs = qs.filter(
                Q(exhibition__cohort__isnull=True)
                | Q(exhibition__cohort=cohort))

        return qs


registry.register('can_see', Submission)
registry.register('can_save', Submission)
registry.register('can_vote', Submission)


@receiver(post_save, sender=Submission)
def post_save(sender, instance=None, **kwargs):
    '''Update artwork.shared to submission id'''
    if instance:
        from artwork.models import Artwork
        Artwork.objects.filter(id__exact=instance.artwork_id).update(
            shared=instance.id)


@receiver(post_delete, sender=Submission)
def post_delete(sender, instance=None, **kwargs):