def make_perm(name, pred, overwrite=False):
if rules.perm_exists(name):
if overwrite:
rules.remove_perm(name)
else:
return
rules.add_perm(name, pred)
def test_rules(self):
import rules
rules.remove_perm('accounts.add_user')
rules.add_perm('accounts.add_user', rules.always_allow)
user = User.objects.create_user(
username='******', nickname='user1', password='******',
user_type=UserType.government)
self.assertTrue(user.has_perm('accounts.add_user'))
def override_perm(name, pred):
"""If a permission exists in the current default permission set, delete it
and replace it with the new one
This operates on the global default permissions
Args:
name (str): permission name (eg, zconnect.change_device)
pred (function): function to call to check permission on object
"""
try:
rules.add_perm(name, pred)
except KeyError:
rules.remove_perm(name)
rules.add_perm(name, pred)
def orify_perm(name, pred, first=False):
"""If a permission exists, orify it with the new one
By default the existing one will be run first, to override this pass
first=True
Args:
name (str): permission name (eg, zconnect.change_device)
pred (function): function to call to check permission on object
first (bool, optional): Whether to run the given predicate before any
existing ones
"""
try:
rules.add_perm(name, pred)
except KeyError:
existing = permissions[name]
rules.remove_perm(name)
if first:
new_pred = pred | existing
else:
new_pred = existing | pred
rules.add_perm(name, new_pred)
other_profile=other_user.speedy_match_profile
) > SpeedyMatchSiteProfile.RANK_0
has_message = Chat.objects.filter(
(Q(ent1_id=user) & Q(ent2_id=other_user))
| (Q(ent1_id=other_user) & Q(ent2_id=user))).exists()
has_likes = UserLike.objects.filter(
(Q(from_user=user) & Q(to_user=other_user))
| (Q(from_user=other_user) & Q(to_user=user))).exists()
has_blocked = Block.objects.has_blocked(blocker=user,
blocked=other_user)
return (is_self(
user=user, other_user=other_user)) or (match_profile or has_message
or has_likes or has_blocked)
return False
if (django_settings.SITE_ID == django_settings.SPEEDY_MATCH_SITE_ID):
remove_perm('accounts.view_profile')
add_perm('accounts.view_profile',
has_access_perm & ~there_is_block & is_match_profile)
remove_perm('accounts.view_profile_header')
add_perm('accounts.view_profile_header',
has_access_perm & ~is_blocked & is_match_profile)
remove_perm('accounts.view_profile_info')
add_perm('accounts.view_profile_info',
has_access_perm & ~is_blocked & is_match_profile)
remove_perm('accounts.view_profile_age')
add_perm('accounts.view_profile_age', always_allow)
add_perm('accounts.view_profile_rank',
has_access_perm & ~is_blocked & is_match_profile & ~is_self)
def make_perm(name, pred):
if rules.perm_exists(name):
rules.remove_perm(name)
rules.add_perm(name, pred)
has_message = Chat.objects.filter(
(Q(ent1_id=user) & Q(ent2_id=other_user))
| (Q(ent1_id=other_user) & Q(ent2_id=user))).exists()
has_likes = UserLike.objects.filter(
(Q(from_user=user) & Q(to_user=other_user))
| (Q(from_user=other_user) & Q(to_user=user))).exists()
has_blocked = Block.objects.has_blocked(blocker=user,
blocked=other_user)
return (is_self(user=user, other_user=other_user)) or (
(is_active(user=user, other_user=other_user)) and
(match_profile or has_message or has_likes or has_blocked))
return False
if (django_settings.SITE_ID == django_settings.SPEEDY_MATCH_SITE_ID):
remove_perm('accounts.view_profile')
add_perm('accounts.view_profile',
has_access_perm & ~there_is_block & is_match_profile)
remove_perm('accounts.view_profile_header')
add_perm('accounts.view_profile_header',
has_access_perm & ~is_blocked & is_match_profile)
remove_perm('accounts.view_profile_info')
add_perm('accounts.view_profile_info',
has_access_perm & ~is_blocked & is_match_profile)
remove_perm('accounts.view_profile_age')
add_perm('accounts.view_profile_age', always_allow)
add_perm('accounts.view_profile_rank',
has_access_perm & ~there_is_block & is_match_profile & ~is_self)
remove_perm('accounts.view_user_on_speedy_net_widget')
add_perm('accounts.view_user_on_speedy_net_widget',
has_access_perm & ~there_is_block & is_match_profile)
import rules
from rules.predicates import is_superuser
from adhocracy4.organisations.predicates import is_initiator
from adhocracy4.projects.predicates import (is_live, is_member, is_moderator,
is_public)
rules.remove_perm('a4projects.view_project')
rules.add_perm(
'a4projects.view_project', is_superuser | is_initiator | is_moderator
| ((is_public | is_member) & is_live))
from speedy.core.blocks.rules import is_blocked, there_is_block
from speedy.match.accounts.models import SiteProfile as SpeedyMatchSiteProfile
from speedy.core.im.models import Chat
from speedy.core.blocks.models import Block
from speedy.match.likes.models import UserLike
@predicate
def is_match_profile(user, other_user):
if (user.is_authenticated):
match_profile = user.speedy_match_profile.get_matching_rank(other_profile=other_user.speedy_match_profile) > SpeedyMatchSiteProfile.RANK_0
has_message = Chat.objects.filter((Q(ent1_id=user) & Q(ent2_id=other_user)) | (Q(ent1_id=other_user) & Q(ent2_id=user))).exists()
has_likes = UserLike.objects.filter((Q(from_user=user) & Q(to_user=other_user)) | (Q(from_user=other_user) & Q(to_user=user))).exists()
has_blocked = Block.objects.has_blocked(blocker=user, blocked=other_user)
return (is_self(user=user, other_user=other_user)) or (match_profile or has_message or has_likes or has_blocked)
return False
if (django_settings.SITE_ID == django_settings.SPEEDY_MATCH_SITE_ID):
remove_perm('accounts.view_profile')
add_perm('accounts.view_profile', has_access_perm & ~there_is_block & is_match_profile)
remove_perm('accounts.view_profile_header')
add_perm('accounts.view_profile_header', has_access_perm & ~is_blocked & is_match_profile)
remove_perm('accounts.view_profile_info')
add_perm('accounts.view_profile_info', has_access_perm & ~is_blocked & is_match_profile)
remove_perm('accounts.view_profile_age')
add_perm('accounts.view_profile_age', always_allow)
add_perm('accounts.view_profile_rank', has_access_perm & ~is_blocked & is_match_profile & ~is_self)
import rules
from contact_feedback.rules import was_first_feedback_for_contactpoint
from user.rules import is_active_and_validated_user, is_not_stuff
from security.rules import rate_limit_by_cookie, rate_limit_by_ip, rate_limit_by_user
rules.remove_perm('contact.feedback_publish')
rules.add_perm(
'contact.feedback_publish',
(is_active_and_validated_user & was_first_feedback_for_contactpoint) | rules.is_staff
)
rules.add_perm(
'contact.visit',
is_not_stuff
# USER: 1 every 15 minutes if user is logged in
& rate_limit_by_user("contact.visit", limit=1, seconds=60*15)
# COOKIE: 1 every hour if user is not logged in
& rate_limit_by_cookie("contact.visit", limit=1, seconds=60*60)
# IP: 1 every 3 minutes if user is not logged in (broader than cookie as we are not aware how many people share 1 ip)
& rate_limit_by_ip("contact.visit", limit=1, seconds=60*3)
)
