def find_collections(request):
"""
Gets the projects and departments the logged user can create tasks for, depending to their roles
"""
actor=get_actor_or_403(request)
if actor.user_type == "A" or is_executive(actor):
proyectos = Project.objects.filter(company_id=actor.company_id, deleted=False)
departamentos = Department.objects.filter(company_id=actor.company_id, active=True)
else:
# not an executive
roles_dep = ProjectDepartmentEmployeeRole.objects.filter(employee_id=actor, role_id__tier__gte=20)
if roles_dep.count() > 0:
# you're a project manager. Loading your projects
proyectos = Project.objects.filter(
company_id=actor.company_id, deleted=False,
projectdepartment__projectdepartmentemployeerole__employee_id=actor)
departamentos = Department.objects.filter(
company_id=actor.company_id, active=True,
projectdepartment__projectdepartmentemployeerole__employee_id=actor)
else:
# not any of this? get outta here!!
raise PermissionDenied
return {"departments": departamentos.distinct(), "projects": proyectos.distinct()}
def find_departments(request):
"""
Gets the departments the logged user can create tasks for a project, depending to their roles
"""
if "project_id" not in request.GET:
raise SuspiciousOperation
project_id = request.GET.get("project_id")
actor=get_actor_or_403(request)
if actor.user_type == "A" or is_executive(actor):
departamentos = Department.objects.filter(projectdepartment__project_id_id=project_id,company_id=actor.company_id, active=True)
else:
# not an executive
roles_dep = ProjectDepartmentEmployeeRole.objects.filter(employee_id=actor, role_id__tier__gte=20,
projectDepartment_id__project_id__deleted=False,projectDepartment_id__department_id__active=True)
if roles_dep.count() > 0:
# you're a project manager or a coordinator. Loading your departments for the selected project
departamentos = Department.objects.filter(
company_id=actor.company_id, active=True,
projectdepartment__projectdepartmentemployeerole__employee_id=actor,
projectdepartment__project_id_id=project_id)
else:
# not any of this? get outta here!!
raise PermissionDenied
return departamentos.distinct()
def ajax_roles_from_tuple(request):
"""
parameters:
project_id: ID del proyecto seleccionado
department_id: ID del proyecto seleccionado
returns:
lista de objetos {id, nombre} de los roles seleccionables
"""
logged = get_admin_executive_or_403(request)
if "project_id" not in request.GET or "department_id" not in request.GET:
raise SuspiciousOperation
if is_executive(logged):
roles = Role.objects.filter(tier__lt=50)
elif logged.user_type == "E":
try:
myrole = ProjectDepartmentEmployeeRole.objects.get(
employee_id=logged,
projectDepartment_id__project_id__id=request.GET["project_id"],
projectDepartment_id__department_id__id=request.
GET["department_id"])
roles = Role.objects.filter(tier__lt=myrole.role_id.tier)
except:
raise PermissionDenied
else:
roles = Role.objects.all()
data = []
for r in roles:
data.append({'id': r.id, 'name': r.name})
return JsonResponse(data, safe=False)
def ajax_departments_from_projects(request):
"""
parameters:
project_id: ID del proyecto seleccionado
returns:
lista de objetos {id, nombre} de los departamentos seleccionables
"""
logged = get_admin_executive_or_403(request)
if "project_id" not in request.GET:
raise SuspiciousOperation
if logged.user_type == "E" and not is_executive(logged):
ids = ProjectDepartmentEmployeeRole.objects.values_list(
'projectDepartment_id__department_id', flat=True).filter(
employee_id=logged,
role_id__tier__gt=10,
projectDepartment_id__department_id__active=True,
projectDepartment_id__project_id__id=request.GET["project_id"])
dpts = Department.objects.filter(id__in=ids)
else:
dpts = Department.objects.filter(active=True,
company_id=logged.company_id)
data = []
for d in dpts:
data.append({'id': d.id, 'name': d.name})
return JsonResponse(data, safe=False)
def get_list_for_role(request):
"""
Gets the list of departments according to the role tier of the logged user
"""
actor = get_actor_or_403(request)
# Admins and executives can do everything
if actor.user_type == "A" or is_executive(actor):
return Department.objects.filter(
company_id=actor.company_id).distinct().order_by("name")
# If it's for view, coordinators and greater can access too
if ProjectDepartmentEmployeeRole.objects.filter(
employee_id=actor, role_id__tier__gte=20).exists():
return Department.objects.filter(
projectdepartment__projectdepartmentemployeerole__employee_id=actor,
projectdepartment__projectdepartmentemployeerole__role_id__tier__gte
=20,
company_id=actor.company_id,
active=True).distinct().order_by("name")
# Otherwise GTFO
raise PermissionDenied
def get_allowed_projects(logged):
"""Gets the projects the logged user can create roles for"""
if logged.user_type == 'A' or is_executive(logged):
return Project.objects.filter(company_id=logged.company_id,
deleted=False)
else:
# Return the departments in which the user has a role higher than Employee
ids = ProjectDepartmentEmployeeRole.objects.values_list(
'projectDepartment_id__project_id',
flat=True).filter(employee_id=logged,
role_id__tier__gt=10,
projectDepartment_id__project_id__deleted=False)
return Project.objects.filter(id__in=ids)
def process_post_form(logged, form):
"""
checks the form verifies all logic constraints and generate errors if they are violated
"""
res = {'errors': [], 'ok': False}
employee_id = form.cleaned_data["employee_id"]
department_id = form.cleaned_data["department_id"]
project_id = form.cleaned_data["project_id"]
role_id = form.cleaned_data["role_id"]
employee_role_id = form.cleaned_data["employeeRole_id"]
company = logged.company_id
is_exec = is_executive(logged)
# Check that everything exists and is within the logged user's company
try:
employee = Employee.objects.get(id=employee_id,
user__is_active=True,
company_id=company)
except ObjectDoesNotExist:
res["errors"].append('roleCreation_employeeDoesNotExist')
try:
department = Department.objects.get(id=department_id,
active=True,
company_id=company)
except ObjectDoesNotExist:
res["errors"].append('roleCreation_departmentDoesNotExist')
try:
project = Project.objects.get(id=project_id,
deleted=False,
company_id=company)
except ObjectDoesNotExist:
res["errors"].append('roleCreation_projectDoesNotExist')
try:
role = Role.objects.get(id=role_id)
except ObjectDoesNotExist:
res["errors"].append('roleCreation_roleDoesNotExist')
if employee_role_id: # employeeRole_id != 0
try:
employee_role = ProjectDepartmentEmployeeRole.objects.get(
id=employee_role_id, employee_id__company_id=company)
except ObjectDoesNotExist:
res["errors"].append('roleCreation_employeeRoleDoesNotExist')
# Return now if there are errors
if res["errors"]:
return res
if is_exec and role.tier >= 50:
res["errors"].append('roleCreation_notAuthorizedRole')
return res
"""
elif logged.user_type == 'E': # Admins have all privileges
# This elif shouldn't be executed anymore since only admins and execs can edit roles
# Check that the logged user has a ProjDpmtEmplRole for that tuple
try:
logged_role = ProjectDepartmentEmployeeRole.objects.get(employee_id=logged, projectDepartment_id__department_id=department, projectDepartment_id__project_id=project)
except ObjectDoesNotExist:
res["errors"].append('roleCreation_notAuthorizedProjectDepartment')
# Return now if there are errors
if res["errors"]:
return res
# Check that the role that the logged user is trying to assign is below his current role
if logged_role.role_id.tier <= role.tier:
res["errors"].append('roleCreation_notAuthorizedRole')
# Return now if there are errors
if res["errors"]:
return res
"""
if employee_role_id == 0:
# We are creating a new role, check that it doesn't yet exist
if ProjectDepartmentEmployeeRole.objects.filter(
employee_id=employee,
projectDepartment_id__department_id=department,
projectDepartment_id__project_id=project).count() > 0:
res["errors"].append('roleCreation_alreadyExists')
return res
# Everything is okay now, create the role
try:
pd = ProjectDepartment.objects.get(department_id=department,
project_id=project)
except ObjectDoesNotExist:
pd = ProjectDepartment.objects.create(department_id=department,
project_id=project)
ProjectDepartmentEmployeeRole.objects.create(projectDepartment_id=pd,
employee_id=employee,
role_id=role)
else:
# We are editing an existing role
if not is_role_updatable_by_user(logged, employee_role_id):
"""
if employee_role.employee_id == logged:
res["errors"].append('roleCreation_cannotEditHighestRole')
return res
else:
res["errors"].append('roleCreation_editingHigherRole')
return res
"""
raise PermissionDenied
employee_role.role_id = role
employee_role.save()
res["ok"] = True
return res