def _has_access(request, report):
try:
return (has_role('SYSA', request) or AccessRule.objects.filter(
report=report, person__userid=request.user.username).exists()
or has_role('REPV', request))
except AccessRule.DoesNotExist:
return False
def _has_access(request, report):
try:
return (has_role('SYSA', request) or
AccessRule.objects.filter(report=report, person__userid=request.user.username).exists() or
has_role('REPV', request)
)
except AccessRule.DoesNotExist:
return False
def view_reports(request):
if has_role('SYSA', request):
reports = Report.objects.filter(hidden=False).order_by('name')
readonly = False
elif has_role('REPV', request):
reports = Report.objects.filter(hidden=False).order_by('name')
readonly = True
else:
readonly = True
access_rules = AccessRule.objects.filter(person__userid=request.user.username).order_by('report__name')
reports = [rule.report for rule in access_rules if not rule.report.hidden]
return render(request, 'reports/view_reports.html', {'readonly':readonly, 'reports':reports})
def view_reports(request):
if has_role('SYSA', request):
reports = Report.objects.filter(hidden=False).order_by('name')
readonly = False
elif has_role('REPV', request):
reports = Report.objects.filter(hidden=False).order_by('name')
readonly = True
else:
readonly = True
access_rules = AccessRule.objects.filter(person__userid=request.user.username).order_by('report__name')
reports = [rule.report for rule in access_rules if not rule.report.hidden]
return render(request, 'reports/view_reports.html', {'readonly':readonly, 'reports':reports})
def _can_view_student(request, grad_slug, funding=False):
"""
Return GradStudent object and authorization type if user is either
(1) admin for the student's unit,
(2) the student him-/herself,
(3) a senior supervisor of the student,
(4) is a grad director in the student's unit.
Return None if no condition is met
"""
# grad admins can view within their unit
if has_role('GRAD', request):
grad = get_object_or_404(GradStudent,
slug=grad_slug,
program__unit__in=request.units)
return grad, 'admin', request.units
# funding admins can view some pages within their unit
if funding and has_role('FUND', request):
grad = get_object_or_404(GradStudent,
slug=grad_slug,
program__unit__in=request.units)
return grad, 'admin', request.units
# grad directors can ONLY view within their unit
if request.method == 'GET' and has_role('GRPD', request):
grad = get_object_or_404(GradStudent,
slug=grad_slug,
program__unit__in=request.units)
return grad, 'graddir', request.units
# senior supervisors can see their students
supervisors = Supervisor.objects.filter(
supervisor__userid=request.user.username,
student__slug=grad_slug,
supervisor_type__in=['SEN', 'POT'],
removed=False).select_related('student')
supervisors = [sup for sup in supervisors if sup.can_view_details()]
if request.method == 'GET' and supervisors:
grad = supervisors[0].student
return grad, 'supervisor', [grad.program.unit]
# students can see their own page
students = GradStudent.objects.filter(slug=grad_slug,
person__userid=request.user.username)
if request.method == 'GET' and students:
return students[0], 'student', [students[0].program.unit]
return None, None, None
def config(request):
users = Person.objects.filter(userid=request.user.username)
if users.count() == 1:
user = users[0]
else:
return NotFoundResponse(request, errormsg="Your account is not known to this system. There is nothing to configure.")
# calendar config
config = _get_calendar_config(user)
if 'token' not in config:
caltoken = None
else:
caltoken = config['token']
# feed config
configs = UserConfig.objects.filter(user=user, key="feed-token")
if not configs:
newstoken = None
else:
newstoken = configs[0].value['token']
# news config
configs = UserConfig.objects.filter(user=user, key="newsitems")
# By default, users get emails for news items unless they specifically opted-out. The value here doesn't
# change any data, it just displays the same thing as if someone had a UserConfig where they specifically set
# email to True.
if not configs:
newsconfig = {'email': True}
else:
newsconfig = configs[0].value
# advisor note API config
advisortoken = None
advisor = False
if has_role('ADVS', request):
advisor = True
configs = UserConfig.objects.filter(user=user, key='advisor-token')
if len(configs) > 0:
advisortoken = configs[0].value['token']
# ID photo agreement
instructor = False
photo_agreement = False
if Member.objects.filter(person=user, role__in=['INST', 'TA']).count() > 0:
instructor = True
configs = UserConfig.objects.filter(user=user, key='photo-agreement')
if len(configs) > 0:
photo_agreement = configs[0].value['agree']
# privacy config
roles = Role.all_roles(user.userid)
roles_with_privacy = [r for r in roles if r in PRIVACY_ROLES]
privacy_visible = len(roles_with_privacy) > 0
context={'caltoken': caltoken, 'newstoken': newstoken, 'newsconfig': newsconfig, 'advisor': advisor, 'advisortoken': advisortoken,
'instructor': instructor, 'photo_agreement': photo_agreement, 'userid': user.userid, 'server_url': settings.BASE_ABS_URL,
'privacy_visible': privacy_visible}
return render(request, "dashboard/config.html", context)
def config(request):
users = Person.objects.filter(userid=request.user.username)
if users.count() == 1:
user = users[0]
else:
return NotFoundResponse(request, errormsg="Your account is not known to this system. There is nothing to configure.")
# calendar config
config = _get_calendar_config(user)
if 'token' not in config:
caltoken = None
else:
caltoken = config['token']
# feed config
configs = UserConfig.objects.filter(user=user, key="feed-token")
if not configs:
newstoken = None
else:
newstoken = configs[0].value['token']
# news config
configs = UserConfig.objects.filter(user=user, key="newsitems")
# By default, users get emails for news items unless they specifically opted-out. The value here doesn't
# change any data, it just displays the same thing as if someone had a UserConfig where they specifically set
# email to True.
if not configs:
newsconfig = {'email': True}
else:
newsconfig = configs[0].value
# advisor note API config
advisortoken = None
advisor = False
if has_role('ADVS', request):
advisor = True
configs = UserConfig.objects.filter(user=user, key='advisor-token')
if len(configs) > 0:
advisortoken = configs[0].value['token']
# ID photo agreement
instructor = False
photo_agreement = False
if Member.objects.filter(person=user, role__in=['INST', 'TA']).count() > 0:
instructor = True
configs = UserConfig.objects.filter(user=user, key='photo-agreement')
if len(configs) > 0:
photo_agreement = configs[0].value['agree']
# privacy config
roles = Role.all_roles(user.userid)
roles_with_privacy = [r for r in roles if r in PRIVACY_ROLES]
privacy_visible = len(roles_with_privacy) > 0
context={'caltoken': caltoken, 'newstoken': newstoken, 'newsconfig': newsconfig, 'advisor': advisor, 'advisortoken': advisortoken,
'instructor': instructor, 'photo_agreement': photo_agreement, 'userid': user.userid, 'server_url': settings.BASE_ABS_URL,
'privacy_visible': privacy_visible}
return render(request, "dashboard/config.html", context)
def _can_view_student(request, grad_slug, funding=False):
"""
Return GradStudent object and authorization type if user is either
(1) admin for the student's unit,
(2) the student him-/herself,
(3) a senior supervisor of the student,
(4) is a grad director in the student's unit.
Return None if no condition is met
"""
# grad admins can view within their unit
if has_role('GRAD', request):
grad = get_object_or_404(GradStudent, slug=grad_slug, program__unit__in=request.units)
return grad, 'admin', request.units
# funding admins can view some pages within their unit
if funding and has_role('FUND', request):
grad = get_object_or_404(GradStudent, slug=grad_slug, program__unit__in=request.units)
return grad, 'admin', request.units
# grad directors can ONLY view within their unit
if request.method=='GET' and has_role('GRPD', request):
grad = get_object_or_404(GradStudent, slug=grad_slug, program__unit__in=request.units)
return grad, 'graddir', request.units
# senior supervisors can see their students
supervisors = Supervisor.objects.filter(supervisor__userid=request.user.username, student__slug=grad_slug, supervisor_type__in=['SEN','POT'], removed=False).select_related('student')
supervisors = [sup for sup in supervisors if sup.can_view_details()]
if request.method=='GET' and supervisors:
grad = supervisors[0].student
return grad, 'supervisor', [grad.program.unit]
# students can see their own page
students = GradStudent.objects.filter(slug=grad_slug, person__userid=request.user.username)
if request.method=='GET' and students:
return students[0], 'student', [students[0].program.unit]
return None, None, None
def list_grade_sources(request):
form = GradeSourceListForm(request.GET)
country = request.GET.get('country', None)
grade_sources = GradeSource.objects.filter(status='ACTI')
is_admin = has_role('GPA', request)
if country:
grade_sources = grade_sources.filter(country=country)
return {
'form': form,
'grade_sources': grade_sources,
'is_admin': is_admin,
}
def list_grade_sources(request):
form = GradeSourceListForm(request.GET)
country = request.GET.get('country', None)
grade_sources = GradeSource.objects.filter(status='ACTI')
is_admin = has_role('GPA', request)
if country:
grade_sources = grade_sources.filter(country=country)
return {
'form': form,
'grade_sources': grade_sources,
'is_admin': is_admin,
}
def view_report(request, report):
report = request.report
readonly = True
if has_role('SYSA', request):
readonly = False
access_rules = AccessRule.objects.filter(report=report)
schedule_rules = ScheduleRule.objects.filter(report=report)
components = HardcodedReport.objects.filter(report=report)
queries = Query.objects.filter(report=report)
runs = Run.objects.filter(report=report).order_by("-created_at")
return render(request, 'reports/view_report.html', {'readonly':readonly,
'report':report,
'is_scheduled_to_run':report.is_scheduled_to_run(),
'queries':queries,
'schedule_rules':schedule_rules,
'access_rules':access_rules,
'runs':runs,
'components':components})
def view_report(request, report):
report = request.report
readonly = True
if has_role('SYSA', request):
readonly = False
access_rules = AccessRule.objects.filter(report=report)
schedule_rules = ScheduleRule.objects.filter(report=report)
components = HardcodedReport.objects.filter(report=report)
queries = Query.objects.filter(report=report)
runs = Run.objects.filter(report=report).order_by("-created_at")
return render(request, 'reports/view_report.html', {'readonly':readonly,
'report':report,
'is_scheduled_to_run':report.is_scheduled_to_run(),
'queries':queries,
'schedule_rules':schedule_rules,
'access_rules':access_rules,
'runs':runs,
'components':components})
def auth_test(request, **kwargs):
supervisor = RAAppointment.objects.filter(hiring_faculty__userid=request.user.username).exists()
request.is_supervisor = supervisor
return has_role('FUND', request, **kwargs) or supervisor
def auth_test(request, **kwargs):
supervisor = RAAppointment.objects.filter(hiring_faculty__userid=request.user.username).exists()
request.is_supervisor = supervisor
return has_role('FUND', request, **kwargs) or supervisor
