def add_forening_permission(request):
user = User.objects.get(id=request.POST['user'])
forening = Forening.objects.get(id=request.POST['forening'])
role = request.POST['role']
if role not in [r[0] for r in ForeningRole.ROLE_CHOICES]:
raise PermissionDenied
# Verify that the user performing this action has the required permissions
all_foreninger = request.user.all_foreninger()
if role == 'admin':
# Setting admin requires admin
if forening not in [a for a in all_foreninger if a.role == 'admin']:
raise PermissionDenied
elif role == 'user':
# Any role can set user
if forening not in all_foreninger:
raise PermissionDenied
try:
role = ForeningRole.objects.get(user=user, forening=forening)
role.role = request.POST['role']
role.save()
except ForeningRole.DoesNotExist:
role = ForeningRole(user=user, forening=forening, role=request.POST['role'])
role.save()
if request.POST.get('send_email', '') != '':
if user.get_sherpa_email() == '':
messages.warning(request, 'no_email_for_user')
else:
if send_access_granted_email(user, forening, request.user):
messages.info(request, 'access_email_success')
else:
messages.warning(request, 'access_email_failure')
cache.delete('user.%s.all_foreninger' % user.id)
cache.delete('user.%s.children_foreninger' % user.id)
return redirect('%s#tilganger' % reverse('admin:users.show', args=[user.id]))
def friendlyrole(role):
return ForeningRole.friendly_role(role)
def create(request, forening_id):
current_forening = Forening.objects.get(id=forening_id)
if current_forening not in request.user.all_foreninger():
raise PermissionDenied
# The parent choices are tricky to define in the forms API, so do it here.
# Note that we're intentionally letting users choose parents among only those they have permission to.
all_sorted = request.user.all_foreninger_sorted()
parents_choices = {
'forening': all_sorted['forening'],
'turlag': all_sorted['turlag'],
}
# If the parent of the current forening isn't in the user's permissions, we still need to include that one as an
# available parent so that they're able to make changes.
if current_forening.type != 'sentral':
for current_parent in current_forening.get_main_foreninger():
if current_parent not in parents_choices['forening'] and current_parent not in parents_choices['turlag']:
parents_choices[current_parent.type].append(current_parent)
form = CreateForeningForm(request.user, initial={
'zipcode': '',
})
context = {
'current_forening': current_forening,
'parents_choices': parents_choices,
'admin_user_search_char_length': settings.ADMIN_USER_SEARCH_CHAR_LENGTH,
'form': form,
}
# Give URLPicker the homepage site for the current forening. If they don't have one, just use the central site
relevant_site = current_forening.get_homepage_site() or Site.get_central()
context.update(url_picker_context(relevant_site))
if request.method == 'GET':
return render(request, 'central/admin/foreninger/create.html', context)
elif request.method == 'POST':
form = CreateForeningForm(request.user, request.POST)
if form.is_valid():
forening = Forening()
forening.name = form.cleaned_data['name']
forening.type = form.cleaned_data['type']
if forening.type == 'turgruppe':
forening.group_type = form.cleaned_data['group_type']
else:
forening.group_type = ''
forening.save()
# Set M2M-fields after the initial db-save
forening.parents = form.cleaned_data['parents']
# Ensure the Turbasen object is re-saved with applicable M2M-relations
forening.save_turbasen_object()
# Add the current user as admin on the new forening
role = ForeningRole(
user=request.user,
forening=forening,
role='admin',
)
role.save()
# FIXME: We can't delete the permission cache for all users, so some may find that they can't edit
# the new forening even though they should be able, until the cache (which is currently 24h) expires.
cache.delete('user.%s.all_foreninger' % request.user.id)
messages.info(request, 'forening_create_success')
request.session['active_forening'] = forening.id
cache.delete('foreninger.all.sorted_by_name')
cache.delete('foreninger.all.sorted_by_type')
cache.delete('foreninger.rendered_select')
cache.delete('forening.%s' % forening.id)
cache.delete('forening.main_foreninger.%s' % forening.id)
return redirect('admin:foreninger.edit', forening.id)
else:
context.update({'form': form})
return render(request, 'central/admin/foreninger/create.html', context)
else:
return redirect('admin:foreninger.create', current_forening.id)
def users_give_access(request, forening_id):
current_forening = Forening.objects.get(id=forening_id)
if current_forening not in request.user.all_foreninger():
raise PermissionDenied
wanted_role = request.POST['wanted_role']
if wanted_role not in [role[0] for role in ForeningRole.ROLE_CHOICES]:
raise PermissionDenied
# Verify that the user has the same access that they're giving
passed = False
for forening in request.user.all_foreninger():
if forening == request.active_forening:
if wanted_role == 'admin' and forening.role == 'user':
raise PermissionDenied
else:
passed = True
if not passed:
raise PermissionDenied
other_user = User.get_users(include_pending=True).get(id=request.POST['user'])
if other_user.has_perm('sherpa_admin'):
messages.info(request, 'user_is_sherpa_admin')
return redirect('admin:foreninger.users', current_forening.id)
# Adding the sherpa permission, if missing, is implicit - and informed about client-side
if not other_user.has_perm('sherpa'):
p = Permission.objects.get(name='sherpa')
other_user.permissions.add(p)
for forening in other_user.all_foreninger():
if forening == request.active_forening:
# The user already has access to this forening
if forening.role == 'user' and wanted_role == 'admin':
# But it's a user role and we want admin! Update it.
forening_role = ForeningRole.objects.get(user=other_user, forening=forening)
forening_role.role = 'admin'
forening_role.save()
messages.info(request, 'permission_created')
elif forening.role == 'admin' and wanted_role == 'user':
# We want user access, but they have admin. Chcek if it's an explicit relationship:
try:
forening_role = ForeningRole.objects.get(user=other_user, forening=forening)
forening_role.role = 'user'
forening_role.save()
messages.info(request, 'permission_created')
except ForeningRole.DoesNotExist:
# No explicit relationship, so the user must have admin access to a parent
messages.info(request, 'user_has_admin_in_parent')
else:
# In this case, forening.role should equal wanted_role, so just inform the user that all is in order
messages.info(request, 'equal_permission_already_exists')
cache.delete('user.%s.all_foreninger' % other_user.id)
return redirect('admin:foreninger.users', current_forening.id)
# If we reach this code path, this is a new relationship - create it
forening_role = ForeningRole(
user=other_user,
forening=request.active_forening,
role=wanted_role,
)
forening_role.save()
if request.POST.get('send_email', '') != '':
if send_access_granted_email(other_user, request.active_forening, request.user):
messages.info(request, 'access_email_success')
else:
messages.warning(request, 'access_email_failure')
messages.info(request, 'permission_created')
cache.delete('user.%s.all_foreninger' % other_user.id)
return redirect('admin:foreninger.users', current_forening.id)
def index(request, forening_id):
current_forening = Forening.objects.get(id=forening_id)
if current_forening not in request.user.all_foreninger():
raise PermissionDenied
forening_users = list(User.objects.filter(foreninger=current_forening))
forening_users_by_parent = []
parent_ids = [p.id for p in current_forening.get_parents_deep()]
forening_users_by_parent_all = list(User.objects.filter(foreninger__in=parent_ids))
# Prefetch and cache the actors
memberids = [u.memberid for u in (forening_users + forening_users_by_parent)]
for actor in Actor.get_personal_members().filter(memberid__in=memberids):
cache.set('actor.%s' % actor.memberid, actor, settings.FOCUS_MEMBER_CACHE_PERIOD)
# Safe to iterate without having n+1 issues
# Filter on admins
forening_users_by_parent = []
for user in forening_users_by_parent_all:
for forening in user.all_foreninger():
if forening == current_forening and forening.role == 'admin':
forening_users_by_parent.append(user)
forening_users = sorted(forening_users, key=lambda u: u.get_full_name())
forening_users_by_parent = sorted(forening_users_by_parent, key=lambda u: u.get_full_name())
sherpa_admins = sorted(User.objects.filter(permissions__name='sherpa_admin'), key=lambda u: u.get_full_name())
# The parent choices are tricky to define in the forms API, so do it here.
# Note that we're intentionally letting users choose parents among only those they have permission to.
all_sorted = request.user.all_foreninger_sorted()
parents_choices = {
'forening': all_sorted['forening'],
'turlag': all_sorted['turlag'],
}
# If the parent of the current forening isn't in the user's permissions, we still need to include that one as an
# available parent so that they're able to make changes.
if current_forening.type != 'sentral':
for current_parent in current_forening.get_main_foreninger():
if current_parent not in parents_choices['forening'] and current_parent not in parents_choices['turlag']:
parents_choices[current_parent.type].append(current_parent)
context = {
'current_forening': current_forening,
'forening_users': forening_users,
'forening_users_by_parent': forening_users_by_parent,
'sherpa_admins': sherpa_admins,
'parents_choices': parents_choices,
'admin_user_search_char_length': settings.ADMIN_USER_SEARCH_CHAR_LENGTH
}
zipcode = current_forening.zipcode
edit_form_zipcode_area = zipcode.area if zipcode is not None else ''
if current_forening.contact_person is not None:
choose_contact = 'person'
contact_person = current_forening.contact_person.id
contact_person_name = current_forening.contact_person.get_full_name()
phone = current_forening.contact_person.get_phone_mobile()
email = current_forening.contact_person.get_sherpa_email()
elif current_forening.contact_person_name != '':
choose_contact = 'person'
contact_person = None
contact_person_name = current_forening.contact_person_name
phone = current_forening.phone
email = current_forening.email
else:
choose_contact = 'forening'
contact_person = None
contact_person_name = ''
phone = current_forening.phone
email = current_forening.email
edit_form = ExistingForeningDataForm(request.user, prefix='edit', initial={
'forening': current_forening.id,
'parents': current_forening.parents.all(),
'name': current_forening.name,
'type': current_forening.type,
'group_type': current_forening.group_type,
'post_address': current_forening.post_address,
'visit_address': current_forening.visit_address,
'zipcode': zipcode.zipcode if zipcode is not None else '',
'counties': current_forening.counties.all(),
'choose_contact': choose_contact,
'contact_person': contact_person,
'contact_person_name': contact_person_name,
'phone': phone,
'email': email,
'organization_no': current_forening.organization_no,
'gmap_url': current_forening.gmap_url,
'facebook_url': current_forening.facebook_url,
})
create_form = ForeningDataForm(request.user, prefix='create', initial={
'zipcode': '',
})
context.update({
'edit_form': edit_form,
'create_form': create_form,
'edit_form_zipcode_area': edit_form_zipcode_area,
})
if request.method == 'GET':
return render(request, 'common/admin/forening/index.html', context)
elif request.method == 'POST':
if request.POST.get('form') == 'edit':
edit_form = ExistingForeningDataForm(request.user, request.POST, prefix='edit')
if edit_form.is_valid():
forening = edit_form.cleaned_data['forening']
forening.parents = edit_form.cleaned_data['parents']
forening.name = edit_form.cleaned_data['name']
forening.type = edit_form.cleaned_data['type']
if forening.type == 'turgruppe':
forening.group_type = edit_form.cleaned_data['group_type']
else:
forening.group_type = ''
forening.post_address = edit_form.cleaned_data['post_address']
forening.visit_address = edit_form.cleaned_data['visit_address']
forening.zipcode = edit_form.cleaned_data['zipcode']
forening.counties = edit_form.cleaned_data['counties']
if edit_form.cleaned_data['choose_contact'] == 'person':
if edit_form.cleaned_data['contact_person'] is not None:
forening.contact_person = edit_form.cleaned_data['contact_person']
forening.contact_person_name = ''
else:
forening.contact_person = None
forening.contact_person_name = edit_form.cleaned_data['contact_person_name']
else:
forening.contact_person = None
forening.contact_person_name = ''
forening.phone = edit_form.cleaned_data['phone']
forening.email = edit_form.cleaned_data['email']
forening.organization_no = edit_form.cleaned_data['organization_no']
forening.gmap_url = edit_form.cleaned_data['gmap_url']
forening.facebook_url = edit_form.cleaned_data['facebook_url']
forening.save()
messages.info(request, 'forening_save_success')
cache.delete('foreninger.all.sorted_by_name')
cache.delete('foreninger.all.sorted_by_name.with_active_url')
cache.delete('foreninger.all.sorted_by_type')
cache.delete('forening.%s' % forening.id)
cache.delete('forening.main_foreninger.%s' % forening.id)
return redirect('admin.forening.views.index', current_forening.id)
else:
context.update({'edit_form': edit_form})
return render(request, 'common/admin/forening/index.html', context)
elif request.POST.get('form') == 'create':
create_form = ForeningDataForm(request.user, request.POST, prefix='create')
if create_form.is_valid():
forening = Forening()
forening.name = create_form.cleaned_data['name']
forening.type = create_form.cleaned_data['type']
if forening.type == 'turgruppe':
forening.group_type = create_form.cleaned_data['group_type']
else:
forening.group_type = ''
forening.post_address = create_form.cleaned_data['post_address']
forening.visit_address = create_form.cleaned_data['visit_address']
forening.zipcode = create_form.cleaned_data['zipcode']
if create_form.cleaned_data['choose_contact'] == 'person':
if create_form.cleaned_data['contact_person'] is not None:
forening.contact_person = create_form.cleaned_data['contact_person']
forening.contact_person_name = ''
else:
forening.contact_person = None
forening.contact_person_name = create_form.cleaned_data['contact_person_name']
else:
forening.contact_person = None
forening.contact_person_name = ''
forening.phone = create_form.cleaned_data['phone']
forening.email = create_form.cleaned_data['email']
forening.organization_no = create_form.cleaned_data['organization_no']
forening.gmap_url = create_form.cleaned_data['gmap_url']
forening.facebook_url = create_form.cleaned_data['facebook_url']
forening.save()
# Set M2M-fields after the initial db-save
forening.parents = create_form.cleaned_data['parents']
forening.counties = create_form.cleaned_data['counties']
# Add the current user as admin on the new forening
role = ForeningRole(
user=request.user,
forening=forening,
role='admin',
)
role.save()
# FIXME: We can't delete the permission cache for all users, so some may find that they can't edit
# the new forening even though they should be able, until the cache (which is currently 24h) expires.
cache.delete('user.%s.all_foreninger' % request.user.id)
messages.info(request, 'forening_create_success')
request.session['active_forening'] = forening.id
cache.delete('foreninger.all.sorted_by_name')
cache.delete('foreninger.all.sorted_by_name.with_active_url')
cache.delete('foreninger.all.sorted_by_type')
cache.delete('forening.%s' % forening.id)
cache.delete('forening.main_foreninger.%s' % forening.id)
# Since GET url == POST url, we need to specifically set the tab hashtag we want, or the existing
# one (create) will be kept
return redirect('%s#metadata' % reverse('admin.forening.views.index', args=[current_forening.id]))
else:
context.update({'create_form': create_form})
return render(request, 'common/admin/forening/index.html', context)
else:
return redirect('admin.forening.views.index', current_forening.id)
