Ejemplo n.º 1
0
    def create(self, validated_data):
        validated_data['shipment_id'] = self.context['view'].kwargs[
            'shipment_pk']

        if settings.PROFILES_ENABLED:
            validated_data['requester_id'] = get_user(
                self.context['request'])[0]

        return AccessRequest.objects.create(**validated_data)
Ejemplo n.º 2
0
    def create(self, validated_data):
        validated_data['shipment_id'] = self.context['view'].kwargs[
            'shipment_pk']

        if settings.PROFILES_ENABLED:
            validated_data['organization_name'] = get_organization_name(
                self.context['request'])
            validated_data['user_id'] = get_user(self.context['request'])[0]
            validated_data['username'] = get_requester_username(
                self.context['request']).split('@')[0]

        return ShipmentNote.objects.create(**validated_data)
Ejemplo n.º 3
0
    def get_queryset(self):
        queryset = self.queryset.filter(route__id=self.kwargs['route_pk'])

        if settings.PROFILES_ENABLED:
            user_id, organization_id = get_user(self.request)

            queryset_filter = Q(route__owner_id=user_id)
            if organization_id:
                queryset_filter |= Q(route__owner_id=organization_id)

            queryset = queryset.filter(queryset_filter)

        return queryset
Ejemplo n.º 4
0
    def has_permission(self, request, view):
        """
        If the user is not the owner of the Route (or not in the owning org), or if the Route does not exist,
        then views using this permission will return a 404.
        """
        from apps.routes.models import Route  # Avoid circular import

        queryset_filter = Q(pk=view.kwargs['route_pk'])

        if settings.PROFILES_ENABLED:
            user_id, organization_id = get_user(request)
            queryset_filter &= Q(owner_id__in=[organization_id, user_id] if organization_id else [user_id])

        if not Route.objects.filter(queryset_filter).exists():
            raise Route.DoesNotExist("Route matching query does not exist.")

        return True
Ejemplo n.º 5
0
    def __call__(self, value):
        instance = getattr(self.serializer, 'instance', None)
        approved = instance.approved if instance else self.serializer.initial_data.get(
            'approved', None)
        value_changed = getattr(
            instance, self.field_name) != value if instance else False

        if approved:
            raise serializers.ValidationError(
                'Cannot modify the permission level of an approved access request'
            )
        if value_changed:
            (user_id, _) = get_user(self.serializer.context['request'])
            if str(instance.requester_id) != user_id:
                raise serializers.ValidationError(
                    'Only the requester can modify permissions in a pending or denied '
                    'access request')

            if approved is False:
                # Modifying a denied access request changes it back to pending
                instance.approved = None