def validate_mentor(self, mentor):
user = self.context['request'].user
if not is_employee(user):
return user
if not self.is_allowed_mentor(mentor):
raise ValidationError(INVALID_USER)
return mentor
def get_user_privacy_type(user):
if is_employee(user):
return STAFF
if user.programrolegrant_set.filter(
program_role__user_role__name=UserRole.FINALIST
).exists():
return FINALISTS_AND_STAFF
return PUBLIC
def has_permission(self, request, view):
self.get_message(request)
roles = [UserRole.MENTOR, UserRole.AIR]
return super().has_permission(request, view) and (
is_employee(request.user) or
request.user.programrolegrant_set.filter(
program_role__user_role__name__in=roles,
program_role__program__program_status=ACTIVE_PROGRAM_STATUS,
).exists())
def _check_request_user_type(self):
"""
determine whether we are viewing as "staff", "mentor", or "finalist"
if we pursue AC-7778, this will be modified to read from request data
"""
if is_employee(self.target_user):
self.request_user_type = STAFF
elif _is_mentor(self.target_user):
self.request_user_type = MENTOR
elif _is_finalist(self.target_user):
self.request_user_type = FINALIST
else:
self.request_user_type = NOT_ALLOWED
return True
def resolve_program_roles(self, info, **kwargs):
"""
Returns the program roles and startup roles for this user
Note that name is deceptive, since startup roles are included in the
return but not mentioned in the name. This cannot be fixed here
without changing GraphQL queries on the front end.
"""
user_roles_of_interest = [UserRole.FINALIST, UserRole.ALUM]
startup_roles_of_interest = StartupRole.WINNER_STARTUP_ROLES
if is_employee(info.context.user):
startup_roles_of_interest += [StartupRole.ENTRANT]
return get_user_program_and_startup_roles(self.user,
user_roles_of_interest,
startup_roles_of_interest)
def _get_filters(request):
if is_employee(request.user):
return []
if request.GET['index'] == 'startup':
participant_roles = []
alumni = _entrepreneur_specific_alumni_filter(participant_roles,
request)
finalist = _entrepreneur_specific_finalist_filter(
participant_roles, request)
mentor = _expert_specific_filter(participant_roles, request)
if alumni or finalist or mentor:
return IS_FINALIST
if request.GET['index'] == 'people':
if not base_accelerator_check(request.user):
raise PermissionDenied()
return _build_filter(IS_TEAM_MEMBER_FILTER, HAS_FINALIST_ROLE_FILTER,
IS_ACTIVE_FILTER, IS_NOT_MEMBER_FILTER)
if request.GET['index'] == 'mentor':
participant_roles = [UserRole.AIR, UserRole.STAFF, UserRole.MENTOR]
participant_roles = _entrepreneur_specific_alumni_filter(
participant_roles, request)
participant_roles = _entrepreneur_specific_finalist_filter(
participant_roles, request)
user_program_roles_as_participant = ProgramRole.objects.filter(
programrolegrant__person=request.user,
user_role__name__in=participant_roles)
program_groups = Program.objects.filter(
programrole__in=user_program_roles_as_participant).values_list(
'mentor_program_group', flat=True).distinct()
program_families = ProgramFamily.objects.filter(
programs__mentor_program_group__in=program_groups
).prefetch_related('programs').distinct()
facet_filters = _facet_filters(program_families)
if len(facet_filters) > 0:
return " OR ".join(facet_filters)
else:
return IS_CONFIRMED_MENTOR_FILTER
def test_query_is_staff_for_expert_profile_is_correct(self):
expert = expert_user(UserRole.MENTOR)
query = """
query{{
expertProfile(id:{id}) {{
user {{isStaff}}
}}
}}
""".format(id=expert.id)
expected_json = {
'data': {
'expertProfile': {
'user': {
'isStaff': is_employee(expert)
}
}
}
}
self._assert_response_equals_json(query, expected_json)
def _extract_user(self, request):
user_id = request.data.get("user_id", None)
if user_id is not None and user_id != request.user.id:
try:
self.target_user = User.objects.get(pk=user_id)
except User.DoesNotExist:
self.fail(self.NO_SUCH_USER)
return False
if is_employee(request.user):
self.on_behalf_of = True
else:
self.fail(RESERVE_PERMISSION_DENIED_DETAIL)
return False
else:
self.target_user = request.user
self.on_behalf_of = False
if not is_office_hour_reserver(self.target_user):
self.fail(self.USER_CANNOT_RESERVE_OFFICE_HOURS)
return False
return True
def resolve_is_staff(self, info, **kwargs):
return is_employee(self)
def _get_search_key(request):
if is_employee(request.user):
return settings.ALGOLIA_STAFF_SEARCH_ONLY_API_KEY
return settings.ALGOLIA_SEARCH_ONLY_API_KEY
def has_object_permission(self, request, view, office_hour):
is_reserved = office_hour.finalist
return (is_employee(request.user) or
office_hour.mentor == request.user and not is_reserved)
def has_object_permission(self, request, view, office_hour):
return (is_employee(request.user) or
office_hour.finalist == request.user)
def has_permission(self, request, view):
return (is_employee(request.user) or
request.user.groups.filter(
name=settings.V1_API_GROUP).exists())
def _cancelling_party_name(self):
if is_employee(self.user):
return "MassChallenge Staff"
else:
return self.user.full_name()