def get_users(obj, context, all_perms=True):
if all_perms:
users = cache.get('{}{}'.format(PROJ_PERM_CACHE, obj.pk))
if users:
return users
data = {}
for perm in obj.projectuserobjectpermission_set.all():
if perm.user_id not in data:
user = perm.user
if all_perms or user in [context['request'].user,
obj.organization]:
data[perm.user_id] = {
'permissions': [],
'is_org': is_organization(user.profile),
'metadata': user.profile.metadata,
'first_name': user.first_name,
'last_name': user.last_name,
'user': user.username
}
if perm.user_id in data:
data[perm.user_id]['permissions'].append(perm.permission.codename)
for k in data.keys():
data[k]['permissions'].sort()
data[k]['role'] = get_role(data[k]['permissions'], obj)
del(data[k]['permissions'])
results = data.values()
if all_perms:
cache.set('{}{}'.format(PROJ_PERM_CACHE, obj.pk), results)
return results
def get_xform_users(xform):
"""
Utility function that returns users and their roles in a form.
:param xform:
:return:
"""
data = {}
for perm in xform.xformuserobjectpermission_set.all():
if perm.user not in data:
user = perm.user
data[user] = {
'permissions': [],
'is_org': is_organization(user.profile),
'metadata': user.profile.metadata,
'first_name': user.first_name,
'last_name': user.last_name,
'user': user.username
}
if perm.user in data:
data[perm.user]['permissions'].append(perm.permission.codename)
for k in data:
data[k]['permissions'].sort()
data[k]['role'] = get_role(data[k]['permissions'], xform)
del data[k]['permissions']
return data
def update(self, instance, validated_data):
metadata = JsonField.to_json(validated_data.get('metadata'))
if metadata is None:
metadata = dict()
owner = validated_data.get('organization')
if self.partial and metadata:
if not isinstance(instance.metadata, dict):
instance.metadata = {}
instance.metadata.update(metadata)
validated_data['metadata'] = instance.metadata
if self.partial and owner:
# give the new owner permissions
set_owners_permission(owner, instance)
if is_organization(owner.profile):
owners_team = get_organization_owners_team(owner.profile)
members_team = get_organization_members_team(owner.profile)
OwnerRole.add(owners_team, instance)
ReadOnlyRole.add(members_team, instance)
# clear cache
safe_delete('{}{}'.format(PROJ_PERM_CACHE, instance.pk))
project = super(ProjectSerializer, self)\
.update(instance, validated_data)
project.xform_set.exclude(shared=project.shared)\
.update(shared=project.shared, shared_data=project.shared)
return instance
def update(self, instance, validated_data):
metadata = JsonField.to_json(validated_data.get('metadata'))
if metadata is None:
metadata = dict()
owner = validated_data.get('organization')
if self.partial and metadata:
if not isinstance(instance.metadata, dict):
instance.metadata = {}
instance.metadata.update(metadata)
validated_data['metadata'] = instance.metadata
if self.partial and owner:
# give the new owner permissions
set_owners_permission(owner, instance)
if is_organization(owner.profile):
owners_team = get_or_create_organization_owners_team(
owner.profile)
members_team = get_organization_members_team(owner.profile)
OwnerRole.add(owners_team, instance)
ReadOnlyRole.add(members_team, instance)
# clear cache
safe_delete('{}{}'.format(PROJ_PERM_CACHE, instance.pk))
project = super(ProjectSerializer, self)\
.update(instance, validated_data)
project.xform_set.exclude(shared=project.shared)\
.update(shared=project.shared, shared_data=project.shared)
return instance
def is_organization(self, obj):
if obj:
is_org = cache.get('{}{}'.format(IS_ORG, obj.pk))
if is_org:
return is_org
is_org = is_organization(obj)
cache.set('{}{}'.format(IS_ORG, obj.pk), is_org)
return is_org
def get_is_org(self, obj):
if obj:
is_org = cache.get('{}{}'.format(IS_ORG, obj.pk))
if is_org:
return is_org
is_org = is_organization(obj)
cache.set('{}{}'.format(IS_ORG, obj.pk), is_org)
return is_org
def get_xform_users(xform):
"""
Utility function that returns users and their roles in a form.
:param xform:
:return:
"""
data = {}
org_members = []
for perm in xform.xformuserobjectpermission_set.all():
if perm.user not in data:
user = perm.user
if is_organization(user.profile):
org_members = get_team_members(user.username)
data[user] = {
'permissions': [],
'is_org': is_organization(user.profile),
'metadata': user.profile.metadata,
'first_name': user.first_name,
'last_name': user.last_name,
'user': user.username
}
if perm.user in data:
data[perm.user]['permissions'].append(perm.permission.codename)
for user in org_members:
if user not in data:
data[user] = {
'permissions': get_perms(user, xform),
'is_org': is_organization(user.profile),
'metadata': user.profile.metadata,
'first_name': user.first_name,
'last_name': user.last_name,
'user': user.username
}
for k in data:
data[k]['permissions'].sort()
data[k]['role'] = get_role(data[k]['permissions'], xform)
del data[k]['permissions']
return data
def get_is_org(self, obj): # pylint: disable=no-self-use
"""
Returns True if it is an organization profile.
"""
if obj:
is_org = cache.get('{}{}'.format(IS_ORG, obj.pk))
if is_org:
return is_org
is_org = is_organization(obj)
cache.set('{}{}'.format(IS_ORG, obj.pk), is_org)
return is_org
def get_is_org(self, obj): # pylint: disable=no-self-use
"""
Returns True if it is an organization profile.
"""
if obj:
is_org = cache.get('{}{}'.format(IS_ORG, obj.pk))
if is_org:
return is_org
is_org = is_organization(obj)
cache.set('{}{}'.format(IS_ORG, obj.pk), is_org)
return is_org
def validate_content_object(self, value):
request = self.context.get('request')
users = get_users_with_perms(
value.project, attach_perms=False, with_group_users=False
)
profile = value.project.organization.profile
# Shared or an admin in the organization
if request.user not in users and not\
is_organization(profile) and not\
OwnerRole.user_has_role(request.user,
profile):
raise serializers.ValidationError(_(
u"You don't have permission to the Project."
))
return value
def validate_content_object(self, value):
request = self.context.get('request')
users = get_users_with_perms(
value.project, attach_perms=False, with_group_users=False
)
profile = value.project.organization.profile
# Shared or an admin in the organization
if request.user not in users and not\
is_organization(profile) and not\
OwnerRole.user_has_role(request.user,
profile):
raise serializers.ValidationError(_(
u"You don't have permission to the Project."
))
return value
def validate_username(self, value):
"""Check that the username exists"""
user = None
try:
user = User.objects.get(username=value)
except User.DoesNotExist:
raise serializers.ValidationError(
_(u"User '%(value)s' does not exist." % {"value": value}))
else:
if not user.is_active:
raise serializers.ValidationError(_(u"User is not active"))
if is_organization(user.profile):
raise serializers.ValidationError(
_(u"Cannot add org account `{}` as member.".format(
user.username)))
return value
def validate_username(self, value):
"""Check that the username exists"""
user = None
try:
user = User.objects.get(username=value)
except User.DoesNotExist:
raise serializers.ValidationError(_(
u"User '%(value)s' does not exist." % {"value": value}
))
else:
if not user.is_active:
raise serializers.ValidationError(_(u"User is not active"))
if is_organization(user.profile):
raise serializers.ValidationError(
_(u"Cannot add org account `{}` as member."
.format(user.username)))
return value
def get_users(project, context, all_perms=True):
"""
Return a list of users and organizations that have access to the project.
"""
if all_perms:
users = cache.get('{}{}'.format(PROJ_PERM_CACHE, project.pk))
if users:
return users
data = {}
for perm in project.projectuserobjectpermission_set.all():
if perm.user_id not in data:
user = perm.user
if all_perms or user in [
context['request'].user, project.organization
]:
data[perm.user_id] = {
'permissions': [],
'is_org': is_organization(user.profile),
'metadata': user.profile.metadata,
'first_name': user.first_name,
'last_name': user.last_name,
'user': user.username
}
if perm.user_id in data:
data[perm.user_id]['permissions'].append(perm.permission.codename)
for k in list(data):
data[k]['permissions'].sort()
data[k]['role'] = get_role(data[k]['permissions'], project)
del data[k]['permissions']
results = listvalues(data)
if all_perms:
cache.set('{}{}'.format(PROJ_PERM_CACHE, project.pk), results)
return results
def get_users(project, context, all_perms=True):
"""
Return a list of users and organizations that have access to the project.
"""
if all_perms:
users = cache.get('{}{}'.format(PROJ_PERM_CACHE, project.pk))
if users:
return users
data = {}
for perm in project.projectuserobjectpermission_set.all():
if perm.user_id not in data:
user = perm.user
if all_perms or user in [
context['request'].user, project.organization
]:
data[perm.user_id] = {
'permissions': [],
'is_org': is_organization(user.profile),
'metadata': user.profile.metadata,
'first_name': user.first_name,
'last_name': user.last_name,
'user': user.username
}
if perm.user_id in data:
data[perm.user_id]['permissions'].append(perm.permission.codename)
for k in list(data):
data[k]['permissions'].sort()
data[k]['role'] = get_role(data[k]['permissions'], project)
del data[k]['permissions']
results = listvalues(data)
if all_perms:
cache.set('{}{}'.format(PROJ_PERM_CACHE, project.pk), results)
return results
def get_users(self, obj):
xform_perms = []
if obj:
xform_perms = cache.get(
'{}{}'.format(XFORM_PERMISSIONS_CACHE, obj.pk))
if xform_perms:
return xform_perms
cache.set('{}{}'.format(XFORM_PERMISSIONS_CACHE, obj.pk),
xform_perms)
data = {}
for perm in obj.xformuserobjectpermission_set.all():
if perm.user_id not in data:
user = perm.user
data[perm.user_id] = {
'permissions': [],
'is_org': is_organization(user.profile),
'metadata': user.profile.metadata,
'first_name': user.first_name,
'last_name': user.last_name,
'user': user.username
}
if perm.user_id in data:
data[perm.user_id]['permissions'].append(
perm.permission.codename)
for k in list(data):
data[k]['permissions'].sort()
data[k]['role'] = get_role(data[k]['permissions'], XForm)
del (data[k]['permissions'])
xform_perms = listvalues(data)
cache.set('{}{}'.format(XFORM_PERMISSIONS_CACHE, obj.pk), xform_perms)
return xform_perms
def get_users(self, obj):
xform_perms = []
if obj:
xform_perms = cache.get(
'{}{}'.format(XFORM_PERMISSIONS_CACHE, obj.pk))
if xform_perms:
return xform_perms
cache.set('{}{}'.format(XFORM_PERMISSIONS_CACHE, obj.pk),
xform_perms)
data = {}
for perm in obj.xformuserobjectpermission_set.all():
if perm.user_id not in data:
user = perm.user
data[perm.user_id] = {
'permissions': [],
'is_org': is_organization(user.profile),
'metadata': user.profile.metadata,
'first_name': user.first_name,
'last_name': user.last_name,
'user': user.username
}
if perm.user_id in data:
data[perm.user_id]['permissions'].append(
perm.permission.codename)
for k in data.keys():
data[k]['permissions'].sort()
data[k]['role'] = get_role(data[k]['permissions'], obj)
del (data[k]['permissions'])
xform_perms = data.values()
cache.set('{}{}'.format(XFORM_PERMISSIONS_CACHE, obj.pk), xform_perms)
return xform_perms
def is_organization(self, obj):
return is_organization(obj)
def is_organization(self, obj):
return is_organization(obj)