def personal(self, request):
"""Personal ical route."""
calendar_type = constants.TYPE_PERSONAL
feed = utils.generate_ical_feed(request, calendar_type)
permission_handler = get_permission_handler(Event)
following_events = permission_handler.filter_queryset(
request.user,
Event.objects.filter(
followers__follower_id=request.user.id,
end_time__gt=timezone.now() -
timedelta(days=constants.HISTORY_BACKWARDS_IN_DAYS),
).all(),
)
permission_handler = get_permission_handler(Meeting)
meetings = permission_handler.filter_queryset(
request.user,
Meeting.objects.filter(
end_time__gt=timezone.now() -
timedelta(days=constants.HISTORY_BACKWARDS_IN_DAYS)),
)
utils.add_events_to_ical_feed(feed, following_events)
utils.add_meetings_to_ical_feed(feed, meetings)
return utils.render_ical_response(feed, calendar_type)
def list(self, request):
articles_handler = get_permission_handler(Article)
articles_queryset_base = Article.objects.all()\
.order_by('-pinned', '-created_at').prefetch_related('tags')
if articles_handler.has_perm(request.user,
LIST,
queryset=articles_queryset_base):
queryset_articles = articles_queryset_base
else:
queryset_articles = articles_handler.filter_queryset(
request.user, articles_queryset_base)
events_handler = get_permission_handler(Event)
queryset_events_base = Event.objects.all()\
.filter(end_time__gt=timezone.now()).order_by('-pinned', 'start_time', 'id')\
.prefetch_related('pools', 'pools__registrations', 'company', 'tags')
if events_handler.has_perm(request.user,
LIST,
queryset=queryset_events_base):
queryset_events = queryset_events_base
else:
queryset_events = events_handler.filter_queryset(
request.user, queryset_events_base)
articles = PublicArticleSerializer(queryset_articles[:10],
many=True).data
events = EventSearchSerializer(queryset_events, many=True).data
ret = {
'articles': articles,
'events': events,
}
return Response(ret)
def create(self, request, *args, **kwargs):
serializer = self.get_serializer(data=request.data)
serializer.is_valid(raise_exception=True)
username = serializer.data["username"]
try:
user = User.objects.get(username=username)
except User.DoesNotExist:
raise ValidationError(
{
"error": f"There is no user with username {username}",
"error_code": "no_user",
}
)
try:
reg = self.get_queryset().get(user=user)
except Registration.DoesNotExist:
raise ValidationError(
{
"error": "The registration does not exist",
"error_code": "not_registered",
}
)
if not get_permission_handler(Event).has_perm(
request.user, "EDIT", obj=reg.event
):
raise PermissionDenied()
if reg.status != constants.SUCCESS_REGISTER:
raise ValidationError(
{
"error": f"User {reg.user.username} is _not_ properly registerd. "
f"The registration status for the user is: {reg.status}",
"error_code": "already_present",
}
)
if reg.pool is None:
raise ValidationError(
{
"error": f"User {reg.user.username} is on the waiting list... "
"You can set the presence manualy on the 'Påmeldinger' tab",
"error_code": "already_present",
}
)
if reg.presence != constants.UNKNOWN:
raise ValidationError(
{
"error": f"User {reg.user.username} is already present.",
"error_code": "already_present",
}
)
reg.presence = constants.PRESENT
reg.save()
data = RegistrationSearchReadSerializer(reg).data
return Response(data=data, status=status.HTTP_200_OK)
def create(self, request, *args, **kwargs):
serializer = self.get_serializer(data=request.data)
serializer.is_valid(raise_exception=True)
username = serializer.data["username"]
photo_consent = serializer.data["photo_consent"]
try:
user = User.objects.get(username=username)
except User.DoesNotExist:
raise ValidationError({
"error": f"There is no user with username {username}",
"error_code": "no_user",
})
try:
reg = self.get_queryset().get(user=user)
except Registration.DoesNotExist:
raise ValidationError({
"error": "The registration does not exist",
"error_code": "not_registered",
})
if not get_permission_handler(Event).has_perm(
request.user, "EDIT", obj=reg.event):
raise PermissionDenied()
reg.photo_consent = photo_consent
reg.save()
data = RegistrationSearchReadSerializer(reg).data
return Response(data=data, status=status.HTTP_200_OK)
def has_perm(self,
user,
perm,
obj=None,
queryset=None,
check_keyword_permissions=True,
**kwargs):
if not user.is_authenticated:
return False
from lego.apps.meetings.models import Meeting
if obj is not None:
meeting = obj.meeting
else:
view = kwargs.get('view', None)
if view is None:
return False
# This is a nested view and it is possible to retrieve the meeting.
meeting_pk = view.kwargs['meeting_pk']
meeting = Meeting.objects.get(id=meeting_pk)
meeting_permission_handler = get_permission_handler(Meeting)
has_perm = meeting_permission_handler.has_perm(
user, perm, obj=meeting, queryset=Meeting.objects.none())
if has_perm:
if perm in self.safe_methods:
return True
elif obj is not None:
return obj.user == user
return False
def registrations(self, request):
"""Registration ical route."""
calendar_type = constants.TYPE_REGISTRATIONS
feed = utils.generate_ical_feed(request, calendar_type)
permission_handler = get_permission_handler(Event)
events = permission_handler.filter_queryset(
request.user,
Event.objects.all().filter(end_time__gt=timezone.now()))
for event in events:
reg_time = event.get_earliest_registration_time(request.user)
if not reg_time: # User cannot register
continue
ical_starttime = reg_time
ical_endtime = ical_starttime + timedelta(
minutes=constants.REGISTRATION_EVENT_LENGTH_IN_MINUTES)
price = event.get_price(request.user) if event.is_priced else None
title = f"Reg: {event.title}"
utils.add_event_to_ical_feed(
feed,
event,
price=price,
title=title,
ical_starttime=ical_starttime,
ical_endtime=ical_endtime,
)
return utils.render_ical_response(feed, calendar_type)
def personal(self, request):
"""Personal ical route."""
calendar_type = constants.TYPE_PERSONAL
feed = utils.generate_ical_feed(request, calendar_type)
permission_handler = get_permission_handler(Event)
following_events = permission_handler.filter_queryset(
request.user,
Event.objects.filter(followers__follower_id=request.user.id))
permission_handler = get_permission_handler(Meeting)
meetings = permission_handler.filter_queryset(request.user,
Meeting.objects)
utils.add_events_to_ical_feed(feed, following_events)
utils.add_meetings_to_ical_feed(feed, meetings)
return utils.render_ical_response(feed, calendar_type)
def has_perm(self, user_obj, perm, obj=None):
if not user_obj.is_anonymous and not user_obj.is_active:
return False
if obj is None:
# Take a shortcut and check KeywordPermissions only if no object are defined.
return KeywordPermissions.has_perm(user_obj, perm)
if isinstance(obj, models.Model):
permission_handler = get_permission_handler(obj)
return permission_handler.has_perm(user_obj, perm, obj=obj)
elif isinstance(obj, models.QuerySet):
permission_handler = get_permission_handler(obj.model)
return permission_handler.has_perm(user_obj, perm, queryset=obj)
elif issubclass(obj, models.Model):
permission_handler = get_permission_handler(obj)
return permission_handler.has_perm(user_obj, perm, queryset=obj.objects.none())
return False
def list(self, request):
articles_handler = get_permission_handler(Article)
articles_queryset_base = (Article.objects.all().order_by(
"-pinned", "-created_at").prefetch_related("tags"))
if articles_handler.has_perm(request.user,
LIST,
queryset=articles_queryset_base):
queryset_articles = articles_queryset_base
else:
queryset_articles = articles_handler.filter_queryset(
request.user, articles_queryset_base)
events_handler = get_permission_handler(Event)
queryset_events_base = (Event.objects.all().filter(
end_time__gt=timezone.now()).order_by("-pinned", "start_time",
"id").prefetch_related(
"pools",
"pools__registrations",
"company", "tags"))
if events_handler.has_perm(request.user,
LIST,
queryset=queryset_events_base):
queryset_events = queryset_events_base
else:
queryset_events = events_handler.filter_queryset(
request.user, queryset_events_base)
articles = PublicArticleSerializer(
queryset_articles[:10],
context=self.get_serializer_context(),
many=True).data
events = EventSearchSerializer(queryset_events,
context=self.get_serializer_context(),
many=True).data
ret = {"articles": articles, "events": events}
return Response(ret)
def events(self, request):
"""Event ical route."""
calendar_type = constants.TYPE_EVENTS
feed = utils.generate_ical_feed(request, calendar_type)
permission_handler = get_permission_handler(Event)
events = permission_handler.filter_queryset(
request.user,
Event.objects.all().filter(
end_time__gt=timezone.now() -
timedelta(days=constants.HISTORY_BACKWARDS_IN_DAYS)))
utils.add_events_to_ical_feed(feed, events)
return utils.render_ical_response(feed, calendar_type)
def find_event_groups(user):
"""
Find all channels groups the user belongs to as a result
of being signed up to future events.
"""
queryset = Event.objects.filter(start_time__gt=datetime.now())
if not user.has_perm(LIST, queryset):
permission_handler = get_permission_handler(queryset.model)
queryset = permission_handler.filter_queryset(user, queryset)
groups = []
for event in queryset:
groups.append(group_for_event(event))
return groups
def has_perm(self,
user,
perm,
obj=None,
queryset=None,
check_keyword_permissions=True,
**kwargs):
from lego.apps.companies.models import Company
if obj is not None:
obj = obj.company
company_permission_handler = get_permission_handler(Company)
has_perm = company_permission_handler.has_perm(
user, perm, obj=obj, queryset=Company.objects.none())
return has_perm
def find_event_groups(user):
"""
Find all channels groups the user belongs to as a result
of being signed up to future events.
Since we use websockets for registrations and event description updates, include events
that has not started and that started less than two days ago.
"""
queryset = Event.objects.filter(start_time__gt=datetime.now() - timedelta(days=2))
if not user.has_perm(LIST, queryset):
permission_handler = get_permission_handler(queryset.model)
queryset = permission_handler.filter_queryset(user, queryset)
groups = []
for event in queryset:
groups.append(group_for_event(event, event.user_should_see_regs(user)))
return groups
def has_permission(self, request, view):
from lego.apps.events.models import Event
handler = get_permission_handler(Event)
perm = action_to_permission(view.action)
# Only check keyword permissions for CREATE
if perm is CREATE:
return handler.has_event_type_level_permission(
request.user, request, perm)
# The user needs to have permission to edit the event_type AND needs to pass the
# main permission check
if perm is EDIT:
if not handler.has_event_type_level_permission(
request.user, request, perm):
return False
return super().has_permission(request, view)
def create(self, request, *args, **kwargs):
serializer = self.get_serializer(data=request.data)
serializer.is_valid(raise_exception=True)
username = serializer.data['username']
try:
user = User.objects.get(username=username)
except User.DoesNotExist:
raise ValidationError(
{
'error': f'There is no user with username {username}',
'error_code': 'no_user'
}
)
try:
reg = self.get_queryset().get(user=user)
except Registration.DoesNotExist:
raise ValidationError(
{
'error': 'The registration does not exist',
'error_code': 'not_registered'
}
)
if not get_permission_handler(Event).has_perm(request.user, 'EDIT', obj=reg.event):
raise PermissionDenied()
if reg.presence != constants.UNKNOWN:
raise ValidationError(
{
'error': f'User {reg.user.username} is already present.',
'error_code': 'already_present'
}
)
reg.presence = constants.PRESENT
reg.save()
data = RegistrationSearchReadSerializer(reg).data
return Response(data=data, status=status.HTTP_200_OK)
def permission_handler(view, model):
handler = getattr(view, 'permission_handler', None)
if not handler:
handler = get_permission_handler(model)
return handler
def get_queryset(self):
permission_handler = get_permission_handler(Meeting)
return permission_handler.filter_queryset(
self.request.user, Meeting.objects.prefetch_related('invitations', 'invitations__user')
)
def permission_handler(self, view, queryset):
handler = getattr(view, "permission_handler", None)
if not handler:
handler = get_permission_handler(queryset.model)
return handler
def get_queryset(self):
queryset = super().get_queryset()
permission_handler = get_permission_handler(queryset.model)
return permission_handler.filter_queryset(self.request.user, queryset)
def list(self, request):
cached_penalties = (
self.request.user.number_of_penalties()
if self.request.user.is_authenticated
else None
)
def get_serializer_context():
"""
Extra context provided to the serializer class.
"""
return {
"request": request,
"format": self.format_kwarg,
"view": self,
"cached_penalties": cached_penalties,
}
articles_handler = get_permission_handler(Article)
articles_queryset_base = (
Article.objects.all()
.order_by("-pinned", "-created_at")
.prefetch_related("tags")
)
if articles_handler.has_perm(
request.user, LIST, queryset=articles_queryset_base
):
queryset_articles = articles_queryset_base
else:
queryset_articles = articles_handler.filter_queryset(
request.user, articles_queryset_base
)
events_handler = get_permission_handler(Event)
queryset_events_base = (
Event.objects.all()
.filter(end_time__gt=timezone.now())
.order_by("-pinned", "start_time", "id")
.prefetch_related("pools", "pools__registrations", "company", "tags")
)
if request.user.is_authenticated:
queryset_events_base = queryset_events_base.prefetch_related(
"pools__registrations__user",
Prefetch(
"registrations",
queryset=Registration.objects.filter(user=request.user)
.exclude(status=SUCCESS_UNREGISTER)
.select_related("pool"),
to_attr="user_reg",
),
Prefetch(
"pools",
queryset=Pool.objects.filter(
permission_groups__in=self.request.user.all_groups
),
to_attr="possible_pools",
),
)
if events_handler.has_perm(request.user, LIST, queryset=queryset_events_base):
queryset_events = queryset_events_base
else:
queryset_events = events_handler.filter_queryset(
request.user, queryset_events_base
)
queryset_poll = Poll.objects.filter(pinned=True).order_by("created_at").last()
articles = PublicArticleSerializer(
queryset_articles[:10], context=get_serializer_context(), many=True
).data
events = FrontpageEventSerializer(
queryset_events, context=get_serializer_context(), many=True
).data
poll = None
if queryset_poll:
if queryset_poll.results_hidden:
poll = HiddenResultsDetailedPollSerializer(
queryset_poll, context=get_serializer_context()
).data
else:
poll = DetailedPollSerializer(
queryset_poll, context=get_serializer_context()
).data
ret = {"articles": articles, "events": events, "poll": poll}
return Response(ret)
def permission_handler(self, view):
handler = getattr(view, 'permission_handler', None)
if not handler:
handler = get_permission_handler(view.get_queryset().model)
return handler
