class Settings(models.Model):
class Meta:
verbose_name = 'Configuração'
verbose_name_plural = 'Configurações'
fieldsets = (
('Configuração Geral', {
'fields': (('initials', 'name'), ('logo', 'logo_pdf'),
('icon', 'background'))
}),
('Social', {
'fields': (('twitter', 'facebook'), ('google', 'pinterest'),
('linkedin', 'rss'))
}),
('Direitos Autorais', {
'fields': ('company', ('phone_1', 'phone_2'), 'address', 'email')
}),
('Aparência', {
'fields': ('default_color', )
}),
('Servidor', {
'fields': (('server_address', 'system_email_address'), )
}),
('Versão', {
'fields': ('version', )
}),
)
# Application
initials = models.CharField('Nome', default='Django+')
name = models.CharField('Descrição', default='Django Plus')
logo = models.ImageField('Logotipo',
upload_to='config',
null=True,
blank=True,
default='')
logo_pdf = models.ImageField('Logotipo para PDF',
upload_to='config',
help_text='Imagem sem fundo transparente',
null=True,
blank=True,
default='')
icon = models.ImageField('Ícone',
upload_to='config',
null=True,
blank=True)
background = models.ImageField('Background',
upload_to='config',
default='',
blank=True)
# Social params
twitter = models.CharField('Twitter', null=True, blank=True)
facebook = models.CharField('Facebook', null=True, blank=True)
google = models.CharField('Google', null=True, blank=True)
pinterest = models.CharField('pinterest', null=True, blank=True)
linkedin = models.CharField('Linkedin', null=True, blank=True)
rss = models.CharField('RSS', null=True, blank=True)
# Company
company = models.CharField('Empresa', null=True, blank=True)
address = models.TextField('Endereço', null=True, blank=True)
phone_1 = models.PhoneField('Telefone Principal', null=True, blank=True)
phone_2 = models.PhoneField('Telefone Secundário', null=True, blank=True)
email = models.CharField('E-mail', null=True, blank=True)
# Server configuration
version = models.CharField('Versão do Sistema', exclude=True)
server_address = models.CharField('Endereço de Acesso',
default='http://*****:*****@djangoplus.net')
@staticmethod
def default():
from djangoplus.cache import loader
if not loader.settings_instance:
loader.settings_instance = Settings.objects.first()
if not loader.settings_instance:
settings = Settings()
settings.initials = 'Sistema'
settings.name = 'Sistema de gerenciamento online, responsivo e multiplataforma'
settings.twitter = 'https://twitter.com/'
settings.facebook = 'https://www.facebook.com/'
settings.google = 'https://plus.google.com/'
settings.pinterest = 'https://www.pinterest.com/'
settings.linkedin = 'https://www.linkedin.com/'
settings.rss = 'https://www.rss.com/'
settings.company = ''
settings.address = ''
settings.phone_1 = ''
settings.phone_2 = ''
settings.email = ''
settings.version = '1.0'
settings.save()
loader.settings_instance = settings
return loader.settings_instance
def save(self, *args, **kwargs):
from djangoplus.cache import loader
super(Settings, self).save(*args, **kwargs)
loader.settings_instance = self
class User(AbstractBaseUser, PermissionsMixin):
USERNAME_FIELD = 'username'
REQUIRED_FIELDS = ['email']
name = models.CharField('Nome', max_length=30, blank=True, search=True)
username = models.CharField('Login',
max_length=30,
unique=True,
search=True)
email = models.CharField('E-mail', max_length=75, blank=True, default='')
active = models.BooleanField(verbose_name='Ativo?',
default=True,
filter=True)
photo = models.ImageField(upload_to='profiles',
null=True,
blank=True,
default='/static/images/user.png',
verbose_name='Foto',
exclude=True)
permission_mapping = models.JsonField(
verbose_name='Mapeamento de Permissão', exclude=True, display=False)
objects = UserManager()
fieldsets = (
('Identificação', {
'fields': (('name', 'email'), ),
'image': 'photo'
}),
('Acesso', {
'fields': (('username', 'is_superuser'), ('active', ))
}),
('Funções', {
'relations': ('role_set', )
}),
('Mapeamento de Permissão', {
'fields': ('permission_mapping', )
}),
)
class Meta():
verbose_name = 'Usuário'
verbose_name_plural = 'Usuários'
list_display = 'photo', 'username', 'name', 'groups'
add_form = 'UserForm'
can_admin = 'Gerenciador de Usuários'
icon = 'fa-users'
# list_template = 'image_cards.html'
def __init__(self, *args, **kwargs):
super(User, self).__init__(*args, **kwargs)
def save(self, *args, **kwargs):
if not self.password:
if settings.DEBUG or 'test' in sys.argv:
password = settings.DEFAULT_PASSWORD
else:
password = uuid.uuid4().get_hex()
self.set_password(password)
super(User, self).save(*args, **kwargs)
def __str__(self):
return self.name or self.username
@action('Alterar Senha', input='ChangePasswordForm', inline=True)
def change_password(self, new_password, confirm_password):
self.set_password(new_password)
self.save()
@action('Enviar Convite de Acesso',
inline=True,
condition='email',
category=None)
def send_access_invitation(self):
project_name = Settings.default().initials
subject = 'Acesso ao Sistema - "{}"'.format(project_name)
message = '''Você está cadastro no sistema <b>{}</b>.
Para (re)definir sua senha de acesso, clique no botão abaixo.
'''.format(project_name)
actions = [('Acessar agora!',
'/admin/password/{}/{}/'.format(self.pk,
encrypt(self.password)))]
send_mail(subject, message, self.email, actions=actions)
def units(self, group_name=None):
qs = self.role_set.all()
if group_name:
qs = qs.filter(group__name=group_name)
return qs.values_list('units', flat=True)
def in_group(self, *group_names):
return self.role_set.filter(group__name__in=group_names).exists()
def in_other_group(self, group_name):
return self.is_superuser or self.role_set.exclude(
group__name=group_name).exists()
def get_permission_mapping(self, model, obj=None):
from djangoplus.cache import loader
permission_mapping_key = obj and '{}:{}'.format(
model.__name__,
type(obj).__name__) or model.__name__
if not settings.DEBUG and permission_mapping_key in self.permission_mapping:
return self.permission_mapping[permission_mapping_key]
organization_lookups = []
unit_lookups = []
role_lookups = dict()
lookups = dict(list_lookups=[], edit_lookups=[], delete_lookups=[])
for lookup in get_metadata(model, 'list_lookups', (), iterable=True):
field = get_field(model, lookup)
if hasattr(
field.remote_field.model, 'organization_ptr') or hasattr(
field.remote_field.model, 'unit_ptr'):
if hasattr(field.remote_field.model, 'organization_ptr'):
organization_lookups.append(lookup)
if hasattr(field.remote_field.model, 'unit_ptr'):
unit_lookups.append(lookup)
else:
role_username = get_metadata(field.remote_field.model,
'role_username')
if role_username:
role_lookups[get_metadata(
field.remote_field.model,
'verbose_name')] = '{}__{}'.format(
lookup, role_username)
for subclass in field.remote_field.model.__subclasses__():
role_username = get_metadata(subclass, 'role_username')
if role_username:
role_lookups[get_metadata(
subclass, 'verbose_name')] = '{}__{}__{}'.format(
lookup, subclass.__name__.lower(),
role_username)
if hasattr(model,
'organization_ptr') and 'id' not in organization_lookups:
organization_lookups.append('id')
if hasattr(model, 'unit_ptr') and 'id' not in unit_lookups:
unit_lookups.append('id')
if get_metadata(model, 'role_username') and 'id' not in role_lookups:
role_lookups[get_metadata(model, 'verbose_name')] = get_metadata(
model, 'role_username')
for field in get_metadata(model, 'fields'):
if field.remote_field and field.remote_field.model:
if field.remote_field.model in loader.role_models:
role_lookups[get_metadata(
field.remote_field.model,
'verbose_name')] = '{}__{}'.format(
field.name, loader.role_models[
field.remote_field.model]['username_field'])
if field.remote_field.model in loader.abstract_role_models:
for to in loader.abstract_role_models[
field.remote_field.model]:
role_lookups[get_metadata(
to, 'verbose_name')] = '{}__{}__{}'.format(
field.name, to.__name__.lower(),
loader.role_models[to])
if hasattr(field.remote_field.model,
'unit_ptr_id') and field.name not in unit_lookups:
unit_lookups.append(field.name)
if hasattr(field.remote_field.model, 'organization_ptr_id'
) and field.name not in organization_lookups:
organization_lookups.append(field.name)
for organization_lookup in organization_lookups:
if loader.unit_model:
for field in get_metadata(loader.organization_model, 'fields'):
if field.remote_field and hasattr(field.remote_field.model,
'unit_ptr'):
if organization_lookup == 'id':
unit_lookup = field.name
else:
unit_lookup = '{}__{}'.format(
organization_lookup, field.name)
if unit_lookup not in unit_lookups and not hasattr(
model, 'unit_ptr'):
unit_lookups.append(unit_lookup)
break
for unit_lookup in unit_lookups:
if loader.organization_model:
for field in get_metadata(loader.unit_model, 'fields'):
if field.remote_field and hasattr(field.remote_field.model,
'organization_ptr'):
if unit_lookup == 'id':
organization_lookup = field.name
else:
organization_lookup = '{}__{}'.format(
unit_lookup, field.name)
if organization_lookup not in organization_lookups and not hasattr(
model, 'organization_ptr'):
organization_lookups.append(organization_lookup)
groups = dict()
unit_organization_lookup = 'scope__organization'
unit_organization_field_name = Unit.get_organization_field_name()
if loader.unit_model and unit_organization_field_name:
unit_organization_lookup = 'scope__unit__{}__{}'.format(
loader.unit_model.__name__.lower(),
unit_organization_field_name)
scope_queryset = self.role_set.filter(active=True).values_list(
'group__name', 'scope__organization', 'scope__unit',
unit_organization_lookup)
for group_name, organization_id, unit_id, unit_organization_id in scope_queryset:
if group_name not in groups:
groups[group_name] = dict(username_lookups=[],
organization_ids=[],
unit_ids=[])
if group_name in role_lookups:
groups[group_name]['username_lookups'].append(
role_lookups[group_name])
if organization_id:
groups[group_name]['organization_ids'].append(organization_id)
if unit_id:
groups[group_name]['unit_ids'].append(unit_id)
if unit_organization_id:
groups[group_name]['organization_ids'].append(
unit_organization_id)
if model in loader.permissions_by_scope:
can_view_globally = can_edit_globally = can_delete_globally = False
for group_name in groups:
username_lookups = groups[group_name]['username_lookups']
unit_ids = list(set(groups[group_name]['unit_ids']))
organization_ids = list(
set(groups[group_name]['organization_ids']))
can_view = can_view_by_role = can_view_by_unit = can_view_by_organization = False
if obj:
if type(obj) in loader.permissions_by_scope:
can_view = group_name in loader.permissions_by_scope[
type(obj)].get('add', [])
can_view_by_unit = group_name in loader.permissions_by_scope[
type(obj)].get('add_by_unit', [])
can_view_by_organization = group_name in loader.permissions_by_scope[
type(obj)].get('add_by_organization', [])
if (can_view or can_view_by_role or can_view_by_unit
or can_view_by_organization) is False:
can_view = group_name in loader.permissions_by_scope[
model].get('view', [])
can_view_by_role = group_name in loader.permissions_by_scope[
model].get('view_by_role', [])
can_view_by_unit = group_name in loader.permissions_by_scope[
model].get('view_by_unit', [])
can_view_by_organization = group_name in loader.permissions_by_scope[
model].get('view_by_organization', [])
if can_view:
can_view_globally = True
else:
if can_view_by_role:
for username_lookup in username_lookups:
lookups['list_lookups'].append(
(username_lookup, (self.username, )))
if can_view_by_unit:
if unit_ids:
for unit_lookup in unit_lookups:
lookups['list_lookups'].append(
('{}'.format(unit_lookup), unit_ids))
if can_view_by_organization:
if organization_ids:
for organization_lookup in organization_lookups:
lookups['list_lookups'].append(
('{}'.format(organization_lookup),
organization_ids))
can_edit = group_name in loader.permissions_by_scope[
model].get('edit', [])
can_edit_by_role = group_name in loader.permissions_by_scope[
model].get('edit_by_role', [])
can_edit_by_unit = group_name in loader.permissions_by_scope[
model].get('edit_by_unit', [])
can_edit_by_organization = group_name in loader.permissions_by_scope[
model].get('edit_by_organization', [])
if can_edit:
can_edit_globally = True
else:
if can_edit_by_role:
for username_lookup in username_lookups:
lookups['edit_lookups'].append(
(username_lookup, (self.username, )))
if can_edit_by_unit and unit_ids:
for unit_lookup in unit_lookups:
lookups['edit_lookups'].append(
(unit_lookup, unit_ids))
if can_edit_by_organization and organization_ids:
for organization_lookup in organization_lookups:
lookups['edit_lookups'].append(
(organization_lookup, organization_ids))
can_delete = group_name in loader.permissions_by_scope[
model].get('delete', [])
can_delete_by_role = group_name in loader.permissions_by_scope[
model].get('delete_by_role', [])
can_delete_by_unit = group_name in loader.permissions_by_scope[
model].get('delete_by_unit', [])
can_delete_by_organization = group_name in loader.permissions_by_scope[
model].get('delete_by_organization', [])
if can_delete:
can_delete_globally = True
else:
if can_delete_by_role:
for username_lookup in username_lookups:
lookups['delete_lookups'].append(
(username_lookup, (self.username, )))
if can_delete_by_unit and unit_ids:
for unit_lookup in unit_lookups:
lookups['delete_lookups'].append(
(unit_lookup, unit_ids))
if can_delete_by_organization and organization_ids:
for organization_lookup in organization_lookups:
lookups['delete_lookups'].append(
(organization_lookup, organization_ids))
for actions_dict in (loader.actions, loader.class_actions):
for category in actions_dict.get(model, ()):
for key in list(actions_dict[model][category].keys()):
execute_lookups = []
view_name = actions_dict[model][category][key][
'view_name']
can_execute = group_name in loader.permissions_by_scope[
model].get('{}'.format(view_name), [])
can_execute_by_role = group_name in loader.permissions_by_scope[
model].get('{}_by_role'.format(view_name), [])
can_execute_by_unit = group_name in loader.permissions_by_scope[
model].get('{}_by_unit'.format(view_name), [])
can_execute_by_organization = group_name in loader.permissions_by_scope[
model].get(
'{}_by_organization'.format(view_name), [])
if can_execute:
execute_lookups = None
else:
if can_execute_by_role:
for username_lookup in username_lookups:
execute_lookups.append(
(username_lookup,
(self.username, )))
if can_execute_by_unit and unit_ids:
for unit_lookup in unit_lookups:
execute_lookups.append(
(unit_lookup, unit_ids))
if can_execute_by_organization and organization_ids:
for organization_lookup in organization_lookups:
execute_lookups.append(
(organization_lookup,
organization_ids))
if execute_lookups:
if view_name not in lookups:
lookups[view_name] = []
lookups[view_name] += execute_lookups
if can_view_globally:
lookups['list_lookups'] = []
if can_edit_globally:
lookups['edit_lookups'] = []
if can_delete_globally:
lookups['delete_lookups'] = []
for codename in ('view', 'list'):
if model in loader.permissions_by_scope:
if loader.permissions_by_scope[model].get(
'{}_by_unit'.format(codename)) and not unit_lookups:
raise Exception(
'A "lookup" meta-attribute must point to a Unit model in {}'
.format(model))
if loader.permissions_by_scope[model].get(
'{}_by_organization'.format(codename)) and (
not organization_lookups and not unit_lookups):
raise Exception(
'A "lookup" meta-attribute must point to a Unit or Organization model in {}'
.format(model))
if loader.permissions_by_scope[model].get(
'{}_by_role'.format(codename)) and not role_lookups:
raise Exception(
'A "lookup" meta-attribute must point to a role model in {}'
.format(model))
self.permission_mapping[permission_mapping_key] = lookups
self.save()
return self.permission_mapping[permission_mapping_key]
# gieve a set of group or permission names, this method returns the groups the user belongs to
def find_groups(self, perm_or_group, exclude=None):
qs = self.groups.all()
if perm_or_group:
permissions = []
groups = []
for item in perm_or_group:
if '.' in item:
permissions.append(item.split('.')[1])
else:
groups.append(item)
if permissions:
qs = qs.filter(permissions__codename__in=permissions)
if groups:
qs = qs.filter(name__in=groups)
if exclude:
qs = qs.exclude(name=exclude)
return qs
def email_user(self, subject, message, from_email=None, **kwargs):
send_mail(subject, message, from_email, [self.email], **kwargs)
def check_role_groups(self):
for group in self.groups.all():
self.groups.remove(group)
for group in self.role_set.filter(active=True).values_list(
'group', flat=True).distinct():
self.groups.add(group)
class Settings(models.Model):
class Meta:
verbose_name = _('Settings')
verbose_name_plural = _('Settings')
fieldsets = (
(_('General Data'), {'fields': (('initials', 'name'), ('logo', 'logo_pdf'), ('icon', 'background'))}),
(_('Social Data'), {'fields': (('twitter', 'facebook'), ('google', 'pinterest'), ('linkedin', 'rss'))}),
(_('Copyright'), {'fields': ('company', ('phone_1', 'phone_2'), 'address', 'email')}),
(_('Look and Feel'), {'fields': ('default_color',)}),
(_('Server'), {'fields': (('server_address', 'system_email_address'),)}),
(_('Version'), {'fields': ('version',)}),
)
# Application
initials = models.CharField(_('Name'), default='Django+')
name = models.CharField(_('Description'), default='Django Plus')
logo = models.ImageField(_('Logo'), upload_to='config', null=True, blank=True, default='')
logo_pdf = models.ImageField(_('PDF Logo'), upload_to='config', help_text=_('No-background image'),
null=True, blank=True, default='')
icon = models.ImageField(_('Icon'), upload_to='config', null=True, blank=True)
background = models.ImageField('Background', upload_to='config', default='', blank=True)
# Social params
twitter = models.CharField('Twitter', null=True, blank=True)
facebook = models.CharField('Facebook', null=True, blank=True)
google = models.CharField('Google', null=True, blank=True)
pinterest = models.CharField('Pinterest', null=True, blank=True)
linkedin = models.CharField('Linkedin', null=True, blank=True)
rss = models.CharField('RSS', null=True, blank=True)
# Company
company = models.CharField(_('Company Name'), null=True, blank=True)
address = models.TextField(_('Address'), null=True, blank=True)
phone_1 = models.PhoneField(_('Primary Phome'), null=True, blank=True)
phone_2 = models.PhoneField(_('Secondary Phone'), null=True, blank=True)
email = models.CharField(_('Email'), null=True, blank=True)
# Server configuration
version = models.CharField(_('System Version'), exclude=True)
server_address = models.CharField(_('Server URL'), default='http://*****:*****@djangoplus.net')
@staticmethod
def default():
from djangoplus.cache import CACHE
if not CACHE['SETTINGS_INSTANCE']:
CACHE['SETTINGS_INSTANCE'] = Settings.objects.first()
if not CACHE['SETTINGS_INSTANCE']:
s = Settings()
s.initials = _('System')
s.name = _('Online, responsive e multiplatform system')
s.twitter = 'https://twitter.com/'
s.facebook = 'https://www.facebook.com/'
s.google = 'https://plus.google.com/'
s.pinterest = 'https://www.pinterest.com/'
s.linkedin = 'https://www.linkedin.com/'
s.rss = 'https://www.rss.com/'
s.company = ''
s.address = ''
s.phone_1 = ''
s.phone_2 = ''
s.email = ''
s.version = '1.0'
s.save()
CACHE['SETTINGS_INSTANCE'] = s
return CACHE['SETTINGS_INSTANCE']
def save(self, *args, **kwargs):
from djangoplus.cache import CACHE
super(Settings, self).save(*args, **kwargs)
CACHE['SETTINGS_INSTANCE'] = self
class User(AbstractBaseUser, PermissionsMixin):
USERNAME_FIELD = 'username'
REQUIRED_FIELDS = ['email']
name = models.CharField(_('Name'), max_length=100, blank=True, search=True)
username = models.CharField(_('Username'), max_length=30, unique=True, search=True)
email = models.CharField(_('E-mail'), max_length=75, blank=True, default='')
active = models.BooleanField(verbose_name=_('Active'), default=True, filter=True)
photo = models.ImageField(upload_to='profiles', null=True, blank=True,
default='/static/images/user.png', verbose_name=_('Photo'), exclude=True)
token = models.CharField(verbose_name='Token', null=True, exclude=True)
permission_mapping = models.JsonField(verbose_name=_('Permissions Mapping'), exclude=True, display=False)
scope = models.ForeignKey(Scope, verbose_name='Scope', null=True, exclude=True, blank=True)
objects = UserManager()
fieldsets = (
(_('Identification'), {'fields': (('name', 'email'),), 'image': 'photo'}),
(_('Access'), {'fields': (('username', 'is_superuser'), ('active',))}),
(_('Roles'), {'relations': ('role_set',)}),
(_('Permissions Mapping'), {'fields': ('permission_mapping',)}),
)
class Meta:
verbose_name = _('User')
verbose_name_plural = _('Users')
list_display = 'photo', 'username', 'name', 'email', 'groups'
add_form = 'UserForm'
can_admin = _('User Manager')
icon = 'fa-users'
expose = True
# list_template = 'image_cards.html'
def __init__(self, *args, **kwargs):
super(User, self).__init__(*args, **kwargs)
def save(self, *args, **kwargs):
if not self.token:
self.token = binascii.hexlify(os.urandom(20)).decode()
if not self.password:
if settings.DEBUG or 'test' in sys.argv or True:
password = settings.DEFAULT_PASSWORD
else:
password = uuid.uuid4().hex
self.set_password(password)
super(User, self).save(*args, **kwargs)
if self.is_superuser:
group = Group.objects.get_or_create(name=_('Superuser'))[0]
self.groups.add(group)
group = Group.objects.get_or_create(name=_('User'))[0]
self.groups.add(group)
def __str__(self):
return self.name or self.username
@action(_('Change Password'), input='ChangePasswordForm', inline=True)
def change_password(self, new_password, confirm_password):
self.set_password(new_password)
self.save()
@action(_('Send Access Invitation'), inline=True, condition='email', category=None)
def send_access_invitation(self):
self.send_access_invitation_for_group(None)
def send_reset_password_notification(self):
project_name = Settings.default().initials
subject = '{} - "{}"'.format(_('Reset Password'), project_name)
message = _('Click on the button bellow to (re)define your password.')
actions = [(_('Reset Password!'), '/admin/password/{}/{}/'.format(self.pk, signing.dumps(self.password)))]
send_mail(subject, message, self.email, actions=actions)
def send_access_invitation_for_group(self, group):
project_name = Settings.default().initials
subject = '{} - "{}"'.format(_('System Access'), project_name)
if group:
extra = _('''If you are already a user, click on the button "Access now!" to authenticate.
Otherwise, click on the button "Define password!" to provide your access password.''')
message = '''{} <b>{}</b> {} <b>{}</b>.
{}
'''.format(_('You were registered in the system.'), project_name, _(' as '), group, extra)
actions = [
(_('Access now!'), '/admin/'),
(_('Define password!'), '/admin/password/{}/{}/'.format(self.pk, signing.dumps(self.password)))
]
else:
extra = _('Click on the button bellow to (re)define your password.')
message = '''{} <b>{}</b>.
{}.
'''.format(_('You were registered in the system'), project_name, extra)
actions = [(_('Access now!'), '/admin/password/{}/{}/'.format(self.pk, signing.dumps(self.password)))]
send_mail(subject, message, self.email, actions=actions)
def units(self, group_name=None):
qs = self.role_set.all()
if group_name:
qs = qs.filter(group__name=group_name)
return qs.values_list('scope', flat=True)
def in_group(self, *group_names):
return self.role_set.filter(group__name__in=group_names).exists()
def in_other_group(self, group_name):
return self.is_superuser or self.role_set.exclude(group__name=group_name).exists()
def get_appliable_scopes(self):
scopes = []
for scope in Scope.objects.filter(pk__in=self.role_set.values_list('scope', flat=True)):
if scope not in scopes:
scopes.append(scope)
if scope.is_organization():
for unit in scope.organization.get_units():
scopes.append(unit)
return scopes
def apply_current_scope(self, queryset):
if self.scope:
filters = []
organization_lookups, unit_lookups, role_lookups = self.get_lookups(queryset.model)
if self.scope.is_organization():
lookups = organization_lookups
else:
lookups = unit_lookups
for lookup in lookups:
filters.append(Q(**{lookup: self.scope.pk}))
if filters:
queryset = queryset.filter(reduce(operator.__and__, filters))
return queryset
def get_lookups(self, model):
from djangoplus.cache import CACHE
organization_lookups = []
unit_lookups = []
role_lookups = dict()
for lookup in get_metadata(model, 'list_lookups', (), iterable=True):
field = get_field(model, lookup)
if hasattr(field.remote_field.model, 'organization_ptr') or hasattr(field.remote_field.model, 'unit_ptr'):
if hasattr(field.remote_field.model, 'organization_ptr'):
organization_lookups.append(lookup)
if hasattr(field.remote_field.model, 'unit_ptr'):
unit_lookups.append(lookup)
else:
role_username = get_metadata(field.remote_field.model, 'role_username')
if role_username:
role_lookups[get_metadata(field.remote_field.model, 'verbose_name')] = '{}__{}'.format(
lookup, role_username)
for subclass in field.remote_field.model.__subclasses__():
role_username = get_metadata(subclass, 'role_username')
if role_username:
role_lookups[get_metadata(subclass, 'verbose_name')] = '{}__{}__{}'.format(
lookup, subclass.__name__.lower(), role_username)
if hasattr(model, 'organization_ptr') and 'id' not in organization_lookups:
organization_lookups.append('id')
if hasattr(model, 'unit_ptr') and 'id' not in unit_lookups:
unit_lookups.append('id')
if get_metadata(model, 'role_username') and 'id' not in role_lookups:
role_lookups[get_metadata(model, 'verbose_name')] = get_metadata(model, 'role_username')
for field in get_metadata(model, 'fields') + get_metadata(model, 'many_to_many'):
if field.remote_field and field.remote_field.model:
if field.remote_field.model in CACHE['ROLE_MODELS']:
role_lookups[get_metadata(field.remote_field.model, 'verbose_name')] = '{}__{}'.format(field.name, CACHE['ROLE_MODELS'][field.remote_field.model]['username_field'])
if field.remote_field.model in CACHE['ABSTRACT_ROLE_MODELS']:
for to in CACHE['ABSTRACT_ROLE_MODELS'][field.remote_field.model]:
role_lookups[get_metadata(to, 'verbose_name')] = '{}__{}__{}'.format(
field.name, to.__name__.lower(), CACHE['ROLE_MODELS'][to])
if hasattr(field.remote_field.model, 'unit_ptr_id') and field.name not in unit_lookups:
unit_lookups.append(field.name)
if hasattr(field.remote_field.model, 'organization_ptr_id') and field.name not in organization_lookups:
organization_lookups.append(field.name)
for organization_lookup in organization_lookups:
if CACHE['UNIT_MODEL']:
for field in get_metadata(CACHE['ORGANIZATION_MODEL'], 'fields'):
if field.remote_field and hasattr(field.remote_field.model, 'unit_ptr'):
if organization_lookup == 'id':
unit_lookup = field.name
else:
unit_lookup = '{}__{}'.format(organization_lookup, field.name)
if unit_lookup not in unit_lookups and not hasattr(model, 'unit_ptr'):
unit_lookups.append(unit_lookup)
break
for unit_lookup in unit_lookups:
if CACHE['ORGANIZATION_MODEL']:
for field in get_metadata(CACHE['UNIT_MODEL'], 'fields'):
if field.remote_field and hasattr(field.remote_field.model, 'organization_ptr'):
if unit_lookup == 'id':
organization_lookup = field.name
else:
organization_lookup = '{}__{}'.format(unit_lookup, field.name)
if organization_lookup not in organization_lookups and not hasattr(model, 'organization_ptr'):
organization_lookups.append(organization_lookup)
return organization_lookups, unit_lookups, role_lookups
def get_permission_mapping(self, model, obj=None):
from djangoplus.cache import CACHE
permission_mapping_key = obj and '{}:{}'.format(model.__name__, type(obj).__name__) or model.__name__
if permission_mapping_key in self.permission_mapping:
return self.permission_mapping[permission_mapping_key]
organization_lookups, unit_lookups, role_lookups = self.get_lookups(model)
lookups = dict(list_lookups=[], edit_lookups=[], delete_lookups=[])
groups = dict()
unit_organization_lookup = 'scope__organization'
unit_organization_field_name = Unit.get_organization_field_name()
if CACHE['UNIT_MODEL'] and unit_organization_field_name:
unit_organization_lookup = 'scope__unit__{}__{}'.format(
CACHE['UNIT_MODEL'].__name__.lower(), unit_organization_field_name
)
scope_queryset = self.role_set.filter(
active=True).values_list('group__name', 'scope__organization', 'scope__unit', unit_organization_lookup)
for group_name, organization_id, unit_id, unit_organization_id in scope_queryset:
if group_name not in groups:
groups[group_name] = dict(username_lookups=[], organization_ids=[], unit_ids=[])
if group_name in role_lookups:
groups[group_name]['username_lookups'].append(role_lookups[group_name])
if organization_id:
groups[group_name]['organization_ids'].append(organization_id)
if unit_id:
groups[group_name]['unit_ids'].append(unit_id)
if unit_organization_id:
groups[group_name]['organization_ids'].append(unit_organization_id)
if model in CACHE['PERMISSIONS_BY_SCOPE']:
can_view_globally = can_edit_globally = can_delete_globally = False
for group_name in groups:
username_lookups = groups[group_name]['username_lookups']
unit_ids = list(set(groups[group_name]['unit_ids']))
organization_ids = list(set(groups[group_name]['organization_ids']))
can_view = can_view_by_role = can_view_by_unit = can_view_by_organization = False
if obj:
if type(obj) in CACHE['PERMISSIONS_BY_SCOPE']:
can_view = group_name in CACHE['PERMISSIONS_BY_SCOPE'][type(obj)].get('add', [])
can_view_by_unit = group_name in CACHE['PERMISSIONS_BY_SCOPE'][type(obj)].get('add_by_unit', [])
can_view_by_organization = group_name in CACHE['PERMISSIONS_BY_SCOPE'][type(obj)].get(
'add_by_organization', [])
if (can_view or can_view_by_role or can_view_by_unit or can_view_by_organization) is False:
can_view = group_name in CACHE['PERMISSIONS_BY_SCOPE'][model].get('view', [])
can_view_by_role = group_name in CACHE['PERMISSIONS_BY_SCOPE'][model].get('view_by_role', [])
can_view_by_unit = group_name in CACHE['PERMISSIONS_BY_SCOPE'][model].get('view_by_unit', [])
can_view_by_organization = group_name in CACHE['PERMISSIONS_BY_SCOPE'][model].get(
'view_by_organization', [])
if can_view:
can_view_globally = True
else:
if can_view_by_role:
for username_lookup in username_lookups:
lookups['list_lookups'].append((username_lookup, (self.username,)))
if can_view_by_unit:
if unit_ids:
for unit_lookup in unit_lookups:
lookups['list_lookups'].append(('{}'.format(unit_lookup), unit_ids))
if can_view_by_organization:
if organization_ids:
for organization_lookup in organization_lookups:
lookups['list_lookups'].append(('{}'.format(organization_lookup), organization_ids))
can_edit = group_name in CACHE['PERMISSIONS_BY_SCOPE'][model].get('edit', [])
can_edit_by_role = group_name in CACHE['PERMISSIONS_BY_SCOPE'][model].get('edit_by_role', [])
can_edit_by_unit = group_name in CACHE['PERMISSIONS_BY_SCOPE'][model].get('edit_by_unit', [])
can_edit_by_organization = group_name in CACHE['PERMISSIONS_BY_SCOPE'][model].get(
'edit_by_organization', [])
if can_edit:
can_edit_globally = True
else:
if can_edit_by_role:
for username_lookup in username_lookups:
lookups['edit_lookups'].append((username_lookup, (self.username,)))
if can_edit_by_unit and unit_ids:
for unit_lookup in unit_lookups:
lookups['edit_lookups'].append((unit_lookup, unit_ids))
if can_edit_by_organization and organization_ids:
for organization_lookup in organization_lookups:
lookups['edit_lookups'].append((organization_lookup, organization_ids))
can_delete = group_name in CACHE['PERMISSIONS_BY_SCOPE'][model].get('delete', [])
can_delete_by_role = group_name in CACHE['PERMISSIONS_BY_SCOPE'][model].get('delete_by_role', [])
can_delete_by_unit = group_name in CACHE['PERMISSIONS_BY_SCOPE'][model].get('delete_by_unit', [])
can_delete_by_organization = group_name in CACHE['PERMISSIONS_BY_SCOPE'][model].get(
'delete_by_organization', [])
if can_delete:
can_delete_globally = True
else:
if can_delete_by_role:
for username_lookup in username_lookups:
lookups['delete_lookups'].append((username_lookup, (self.username,)))
if can_delete_by_unit and unit_ids:
for unit_lookup in unit_lookups:
lookups['delete_lookups'].append((unit_lookup, unit_ids))
if can_delete_by_organization and organization_ids:
for organization_lookup in organization_lookups:
lookups['delete_lookups'].append((organization_lookup, organization_ids))
for actions_dict in (CACHE['INSTANCE_ACTIONS'], CACHE['QUERYSET_ACTIONS']):
for category in actions_dict.get(model, ()):
for key in list(actions_dict[model][category].keys()):
execute_lookups = []
view_name = actions_dict[model][category][key]['view_name']
can_execute = group_name in CACHE['PERMISSIONS_BY_SCOPE'][model].get('{}'.format(
view_name), [])
can_execute_by_role = group_name in CACHE['PERMISSIONS_BY_SCOPE'][model].get(
'{}_by_role'.format(view_name), [])
can_execute_by_unit = group_name in CACHE['PERMISSIONS_BY_SCOPE'][model].get(
'{}_by_unit'.format(view_name), [])
can_execute_by_organization = group_name in CACHE['PERMISSIONS_BY_SCOPE'][model].get(
'{}_by_organization'.format(view_name), [])
if can_execute:
execute_lookups = None
else:
if can_execute_by_role:
for username_lookup in username_lookups:
execute_lookups.append((username_lookup, (self.username,)))
if can_execute_by_unit and unit_ids:
for unit_lookup in unit_lookups:
execute_lookups.append((unit_lookup, unit_ids))
if can_execute_by_organization and organization_ids:
for organization_lookup in organization_lookups:
execute_lookups.append((organization_lookup, organization_ids))
if execute_lookups:
if view_name not in lookups:
lookups[view_name] = []
lookups[view_name] += execute_lookups
if can_view_globally:
lookups['list_lookups'] = []
if can_edit_globally:
lookups['edit_lookups'] = []
if can_delete_globally:
lookups['delete_lookups'] = []
for codename in ('view', 'list'):
if model in CACHE['PERMISSIONS_BY_SCOPE']:
if CACHE['PERMISSIONS_BY_SCOPE'][model].get('{}_by_unit'.format(codename)) and not unit_lookups:
raise Exception('A "lookup" meta-attribute must point to a Unit model in {}'.format(model))
if CACHE['PERMISSIONS_BY_SCOPE'][model].get('{}_by_organization'.format(codename)) and (
not organization_lookups and not unit_lookups):
raise Exception('A "lookup" meta-attribute must point to a Unit or Organization model in {}'.format(
model))
if CACHE['PERMISSIONS_BY_SCOPE'][model].get('{}_by_role'.format(codename)) and not role_lookups:
raise Exception('A "lookup" meta-attribute must point to a role model in {}'.format(model))
self.permission_mapping[permission_mapping_key] = lookups
self.save()
return self.permission_mapping[permission_mapping_key]
# given a set of group or permission names, this method returns the groups the user belongs to
def find_groups(self, perm_or_group, exclude=None):
qs = self.groups.all()
if perm_or_group:
permissions = []
groups = []
for item in perm_or_group:
if '.' in item:
permissions.append(item.split('.')[1])
else:
groups.append(item)
if permissions:
qs = qs.filter(permissions__codename__in=permissions)
if groups:
qs = qs.filter(name__in=groups)
if exclude:
qs = qs.exclude(name=exclude)
return qs
def email_user(self, subject, message, from_email=None, **kwargs):
send_mail(subject, message, from_email, [self.email], **kwargs)
def check_role_groups(self):
for group in self.groups.all():
self.groups.remove(group)
for group in self.role_set.filter(active=True).values_list('group', flat=True).distinct():
self.groups.add(group)
class Settings(models.Model):
class Meta:
verbose_name = u'Configuração'
verbose_name_plural = u'Configurações'
fieldsets = (
(u'Configuração Geral', {'fields': (('initials', 'name'), ('logo', 'logo_pdf'), ('icon', 'background'))}),
(u'Social', {'fields': (('twitter', 'facebook'), ('google', 'pinterest'), ('linkedin', 'rss'))}),
(u'Contato', {'fields': (('phone_1', 'phone_2'), 'address', 'email')}),
(u'Aparência', {'fields': ('default_color',)}),
(u'Servidor', {'fields': (('server_address', 'system_email_address'),)}),
(u'Versão', {'fields': ('version',)}),
)
# Application
initials = models.CharField(u'Nome', default=u'Django+')
name = models.CharField(u'Descrição', default=u'Django Plus')
logo = models.ImageField(u'Logotipo', upload_to='config', null=True, blank=True, default='')
logo_pdf = models.ImageField(u'Logotipo para PDF', upload_to='config', help_text=u'Imagem sem fundo transparente',
null=True, blank=True, default='')
icon = models.ImageField(u'Ícone', upload_to='config', null=True, blank=True)
background = models.ImageField(u'Background', upload_to='config', default='', blank=True)
# Social params
twitter = models.CharField(u'Twitter', null=True, blank=True)
facebook = models.CharField(u'Facebook', null=True, blank=True)
google = models.CharField(u'Google', null=True, blank=True)
pinterest = models.CharField(u'pinterest', null=True, blank=True)
linkedin = models.CharField(u'Linkedin', null=True, blank=True)
rss = models.CharField(u'RSS', null=True, blank=True)
# Contact info
address = models.TextField(u'Endereço', null=True, blank=True)
phone_1 = models.PhoneField(u'Telefone Principal', null=True, blank=True)
phone_2 = models.PhoneField(u'Telefone Secundário', null=True, blank=True)
email = models.CharField(u'E-mail', null=True, blank=True)
# Server configuration
version = models.CharField(u'Versão do Sistema', exclude=True)
server_address = models.CharField(u'Endereço de Acesso', default=u'http://*****:*****@djangoplus.net')
@staticmethod
def default():
qs = Settings.objects.all()
if qs.exists():
return qs[0]
else:
settings = Settings()
settings.initials = u'Sistema'
settings.name = u'Sistema de gerenciamento online, responsivo e multiplataforma'
settings.twitter = u'https://twitter.com/'
settings.facebook = u'https://www.facebook.com/'
settings.google = u'https://plus.google.com/'
settings.pinterest = u'https://www.pinterest.com/'
settings.linkedin = u'https://www.linkedin.com/'
settings.rss = u'https://www.rss.com/'
settings.address = u''
settings.phone_1 = u''
settings.phone_2 = u''
settings.email = u''
settings.version = '1.0'
settings.save()
return settings
class User(AbstractBaseUser, PermissionsMixin):
USERNAME_FIELD = 'username'
REQUIRED_FIELDS = ['email']
name = models.CharField(u'Nome', max_length=30, blank=True, search=True)
username = models.CharField(u'Login', max_length=30, unique=True)
email = models.CharField(u'E-mail', max_length=75, blank=True, default='')
active = models.BooleanField(verbose_name=u'Ativo?', default=True, filter=True)
photo = models.ImageField(upload_to='profiles', null=True, blank=True, default='', verbose_name=u'Foto', exclude=True)
permission_mapping = models.TextField(verbose_name=u'Mapeamento de Permissão', default='{}', exclude=True, display=False)
organization = models.ForeignKey(Organization, verbose_name=u'Organização', null=True, blank=True, display=False)
unit = models.ForeignKey(Unit, verbose_name=u'Unidade', null=True, blank=True, display=False)
objects = UserManager()
fieldsets = (
(u'Identificação', {'fields': (('name', 'email'),)}),
(u'Acesso', {'fields': (('username', 'is_superuser'), ('active',))}),
(u'Funções', {'relations': ('role_set',)}),
(u'Mapeamento de Permissão', {'fields': (('organization', 'unit'), 'permission_mapping')}),
)
class Meta():
verbose_name = u'Usuário'
verbose_name_plural = u'Usuários'
list_display = 'username', 'name', 'groups'
add_form = 'UserForm'
can_admin = u'Gerenciador de Usuários'
icon = 'fa-user'
def save(self, *args, **kwargs):
super(User, self).save(*args, **kwargs)
def __unicode__(self):
return self.name or self.username
@action('Alterar Senha', input='ChangePasswordForm', inline=True)
def change_password(self, new_password, confirm_password):
self.set_password(new_password)
self.save()
def units(self, group_name=None):
qs = self.role_set.all()
if group_name:
qs = qs.filter(group__name=group_name)
return qs.values_list('units', flat=True)
def in_group(self, *group_names):
return self.role_set.filter(group__name__in=group_names).exists()
def in_other_group(self, group_name):
return self.is_superuser or self.role_set.exclude(group__name=group_name).exists()
def get_permission_mapping(self, model, obj=None):
from djangoplus.cache import loader
import json
permission_mapping = json.loads(self.permission_mapping or '{}')
permission_mapping_key = obj and '%s:%s' % (model.__name__, type(obj).__name__) or model.__name__
if 0 and permission_mapping_key in permission_mapping:
return permission_mapping[permission_mapping_key]
organization_lookups = []
unit_lookups = []
role_lookups = dict()
lookups = dict(list_lookups=[], edit_lookups=[], delete_lookups=[])
for lookup in get_metadata(model, 'list_lookups', (), iterable=True):
field = get_field(model, lookup)
if hasattr(field.rel.to, 'organization_ptr') or hasattr(field.rel.to, 'unit_ptr'):
if hasattr(field.rel.to, 'organization_ptr'):
organization_lookups.append(lookup)
if hasattr(field.rel.to, 'unit_ptr'):
unit_lookups.append(lookup)
else:
role_username = get_metadata(field.rel.to, 'role_username')
if role_username:
role_lookups[get_metadata(field.rel.to, 'verbose_name')] = '%s__%s' % (lookup, role_username)
for subclass in field.rel.to.__subclasses__():
role_username = get_metadata(subclass, 'role_username')
if role_username:
role_lookups[get_metadata(subclass, 'verbose_name')] = '%s__%s__%s' % (
lookup, subclass.__name__.lower(), role_username)
if hasattr(model, 'organization_ptr') and 'id' not in organization_lookups:
organization_lookups.append('id')
if hasattr(model, 'unit_ptr') and 'id' not in unit_lookups:
unit_lookups.append('id')
if get_metadata(model, 'role_username') and 'id' not in role_lookups:
role_lookups[get_metadata(model, 'verbose_name')] = get_metadata(model, 'role_username')
for field in get_metadata(model, 'fields'):
if hasattr(field, 'rel') and field.rel and hasattr(field.rel, 'to') and field.rel.to:
if field.rel.to in loader.role_models:
role_lookups[get_metadata(field.rel.to, 'verbose_name')] = '%s__%s' % (field.name, loader.role_models[field.rel.to]['username_field'])
if field.rel.to in loader.abstract_role_models:
for to in loader.abstract_role_models[field.rel.to]:
role_lookups[get_metadata(to, 'verbose_name')] = '%s__%s__%s' % (
field.name, to.__name__.lower(), loader.role_models[to])
if hasattr(field.rel.to, 'unit_ptr_id') and field.name not in unit_lookups:
unit_lookups.append(field.name)
if hasattr(field.rel.to, 'organization_ptr_id') and field.name not in organization_lookups:
organization_lookups.append(field.name)
for organization_lookup in organization_lookups:
if loader.unit_model:
if organization_lookup == 'id':
unit_lookup = loader.unit_model.__name__.lower()
else:
unit_lookup = '%s__%s' % (organization_lookup, loader.unit_model.__name__.lower())
if unit_lookup not in unit_lookups and not hasattr(model, 'unit_ptr'):
unit_lookups.append(unit_lookup)
for unit_lookup in unit_lookups:
if loader.organization_model:
if unit_lookup == 'id':
organization_lookup = loader.organization_model.__name__.lower()
else:
organization_lookup = '%s__%s' % (unit_lookup, loader.organization_model.__name__.lower())
if organization_lookup not in organization_lookups and not hasattr(model, 'organization_ptr'):
organization_lookups.append(organization_lookup)
groups = dict()
for group_name, organization_id, unit_id in self.role_set.values_list('group__name', 'organizations', 'units'):
if group_name not in groups:
groups[group_name] = dict(username_lookups=[], organization_ids=[], unit_ids=[])
if group_name in role_lookups:
groups[group_name]['username_lookups'].append(role_lookups[group_name])
if organization_id and not self.unit_id and (organization_id == self.organization_id or not self.organization_id):
groups[group_name]['organization_ids'].append(organization_id)
if self.unit_id or unit_id:
groups[group_name]['unit_ids'].append(self.unit_id or unit_id)
if model in loader.permissions_by_scope:
for group_name in groups:
username_lookups = groups[group_name]['username_lookups']
unit_ids = list(set(groups[group_name]['unit_ids']))
organization_ids = list(set(groups[group_name]['organization_ids']))
if obj:
can_list = can_list_by_role = can_list_by_unit = can_list_by_organization = False
if type(obj) in loader.permissions_by_scope:
can_list = group_name in loader.permissions_by_scope[type(obj)].get('add', [])
can_list_by_role = group_name in loader.permissions_by_scope[type(obj)].get('add_by_role', [])
can_list_by_unit = group_name in loader.permissions_by_scope[type(obj)].get('add_by_unit', [])
can_list_by_organization = group_name in loader.permissions_by_scope[type(obj)].get('add_by_organization', [])
if (can_list or can_list_by_role or can_list_by_unit or can_list_by_organization) is False:
can_list = group_name in loader.permissions_by_scope[type(obj)].get('list', [])
can_list_by_role = group_name in loader.permissions_by_scope[type(obj)].get('list_by_role', [])
can_list_by_unit = group_name in loader.permissions_by_scope[type(obj)].get('list_by_unit', [])
can_list_by_organization = group_name in loader.permissions_by_scope[type(obj)].get('list_by_organization', [])
if (can_list or can_list_by_role or can_list_by_unit or can_list_by_organization) is False:
can_list = group_name in loader.permissions_by_scope[model].get('list', [])
can_list_by_role = group_name in loader.permissions_by_scope[model].get('list_by_role', [])
can_list_by_unit = group_name in loader.permissions_by_scope[model].get('list_by_unit', [])
can_list_by_organization = group_name in loader.permissions_by_scope[model].get('list_by_organization', [])
else:
can_list = group_name in loader.permissions_by_scope[model].get('list', [])
can_list_by_role = group_name in loader.permissions_by_scope[model].get('list_by_role', [])
can_list_by_unit = group_name in loader.permissions_by_scope[model].get('list_by_unit', [])
can_list_by_organization = group_name in loader.permissions_by_scope[model].get('list_by_organization', [])
if can_list:
lookups['list_lookups'] = []
else:
if can_list_by_role:
for username_lookup in username_lookups:
lookups['list_lookups'].append((username_lookup, (self.username,)))
if can_list_by_unit or self.unit_id:
if unit_ids and 0 not in unit_ids:
for unit_lookup in unit_lookups:
lookups['list_lookups'].append(('%s' % unit_lookup, unit_ids))
if can_list_by_organization:
if organization_ids and 0 not in organization_ids:
for organization_lookup in organization_lookups:
lookups['list_lookups'].append(('%s' % organization_lookup, organization_ids))
can_edit = group_name in loader.permissions_by_scope[model].get('edit', [])
can_edit_by_role = group_name in loader.permissions_by_scope[model].get('edit_by_role', [])
can_edit_by_unit = group_name in loader.permissions_by_scope[model].get('edit_by_unit', [])
can_edit_by_organization = group_name in loader.permissions_by_scope[model].get('edit_by_organization', [])
if can_edit:
lookups['edit_lookups'] = None
else:
if can_edit_by_role:
for username_lookup in username_lookups:
lookups['edit_lookups'].append((username_lookup, (self.username,)))
if can_edit_by_unit and unit_ids:
for unit_lookup in unit_lookups:
lookups['edit_lookups'].append((unit_lookup, unit_ids))
if can_edit_by_organization and organization_ids:
for organization_lookup in organization_lookups:
lookups['edit_lookups'].append((organization_lookup, organization_ids))
can_delete = group_name in loader.permissions_by_scope[model].get('delete', [])
can_delete_by_role = group_name in loader.permissions_by_scope[model].get('delete_by_role', [])
can_delete_by_unit = group_name in loader.permissions_by_scope[model].get('delete_by_unit', [])
can_delete_by_organization = group_name in loader.permissions_by_scope[model].get('delete_by_organization', [])
if can_delete:
lookups['delete_lookups'] = None
else:
if can_delete_by_role:
for username_lookup in username_lookups:
lookups['delete_lookups'].append((username_lookup, (self.username,)))
if can_delete_by_unit and unit_ids:
for unit_lookup in unit_lookups:
lookups['delete_lookups'].append((unit_lookup, unit_ids))
if can_delete_by_organization and organization_ids:
for organization_lookup in organization_lookups:
lookups['delete_lookups'].append((organization_lookup, organization_ids))
for actions_dict in (loader.actions, loader.class_actions):
for category in actions_dict.get(model, ()):
for key in actions_dict[model][category].keys():
execute_lookups = []
view_name = actions_dict[model][category][key]['view_name']
can_execute = group_name in loader.permissions_by_scope[model].get('%s' % view_name, [])
can_execute_by_role = group_name in loader.permissions_by_scope[model].get('%s_by_role' % view_name, [])
can_execute_by_unit = group_name in loader.permissions_by_scope[model].get('%s_by_unit' % view_name, [])
can_execute_by_organization = group_name in loader.permissions_by_scope[model].get('%s_by_organization' % view_name, [])
if can_execute:
execute_lookups = None
else:
if can_execute_by_role:
for username_lookup in username_lookups:
execute_lookups.append((username_lookup, (self.username,)))
if can_execute_by_unit and unit_ids:
for unit_lookup in unit_lookups:
execute_lookups.append((unit_lookup, unit_ids))
if can_execute_by_organization and organization_ids:
for organization_lookup in organization_lookups:
execute_lookups.append((organization_lookup, organization_ids))
if execute_lookups:
if view_name not in lookups:
lookups[view_name] = []
lookups[view_name] += execute_lookups
if loader.permissions_by_scope[model].get('list_by_unit') and not unit_lookups:
raise Exception('A "lookup" meta-attribute must point to a Unit model in %s' % model)
if loader.permissions_by_scope[model].get('list_by_organization') and (not organization_lookups and not unit_lookups):
raise Exception('A "lookup" meta-attribute must point to a Unit or Organization model in %s' % model)
if loader.permissions_by_scope[model].get('list_by_role') and not role_lookups:
raise Exception('A "lookup" meta-attribute must point to a role model in %s' % model)
permission_mapping[permission_mapping_key] = lookups
self.permission_mapping = json.dumps(permission_mapping)
self.save()
return permission_mapping[permission_mapping_key]
# gieve a set of group or permission names, this method returns the groups the user belongs to
def find_groups(self, perm_or_group, exclude=None):
qs = self.groups.all()
if perm_or_group:
permissions = []
groups = []
for item in perm_or_group:
if '.' in item:
permissions.append(item.split('.')[1])
else:
groups.append(item)
if permissions:
qs = qs.filter(permissions__codename__in=permissions)
if groups:
qs = qs.filter(name__in=groups)
if exclude:
qs = qs.exclude(name=exclude)
return qs
def email_user(self, subject, message, from_email=None, **kwargs):
send_mail(subject, message, from_email, [self.email], **kwargs)