def can_view_deid(self):
try:
ensure_request_has_privilege(self.request,
privileges.DEIDENTIFIED_DATA)
except PermissionDenied:
return False
return True
def can_bulk_edit_users(self):
try:
ensure_request_has_privilege(self.request,
privileges.BULK_USER_MANAGEMENT)
except PermissionDenied:
return False
return True
def permissions_check(self, report, request, domain=None, is_navigation_check=False):
if is_navigation_check:
try:
ensure_request_has_privilege(request, privileges.CUSTOM_REPORTS)
except PermissionDenied:
return False
return super(CustomProjectReportDispatcher, self).permissions_check(report, request, domain)
def _can_access_reminders(request):
try:
ensure_request_has_privilege(request,
privileges.REMINDERS_FRAMEWORK)
return True
except PermissionDenied:
return False
def can_edit_roles(self):
try:
ensure_request_has_privilege(self.request,
privileges.ROLE_BASED_ACCESS)
except PermissionDenied:
return False
return self.couch_user.is_domain_admin
def can_bulk_edit_users(self):
if not user_can_edit_any_location(self.request.couch_user, self.request.project):
return False
try:
ensure_request_has_privilege(self.request, privileges.BULK_USER_MANAGEMENT)
except PermissionDenied:
return False
return True
def is_viewable(self):
try:
ensure_request_has_privilege(self._request, privileges.CLOUDCARE)
except PermissionDenied:
return False
return (self.domain
and (self.couch_user.can_edit_data() or self.couch_user.is_commcare_user())
and not self.project.commconnect_enabled)
def is_viewable(self):
try:
ensure_request_has_privilege(self._request, privileges.CLOUDCARE)
except PermissionDenied:
return False
return (self.domain
and (self.couch_user.can_edit_data() or self.couch_user.is_commcare_user())
and not self.project.commconnect_enabled)
def permissions_check(self, report, request, domain=None, is_navigation_check=False):
if is_navigation_check:
from corehq.apps.importer.base import ImportCases
if report.split('.')[-1] in [ImportCases.__name__]:
try:
ensure_request_has_privilege(request, privileges.BULK_CASE_MANAGEMENT)
except PermissionDenied:
return False
return request.couch_user.can_edit_data(domain)
def has_privilege(self, request):
if not self.privilege:
return True
try:
ensure_request_has_privilege(request, self.privilege)
return True
except PermissionDenied:
return False
def has_privilege(self, request):
if not self.privilege:
return True
try:
ensure_request_has_privilege(request, self.privilege)
return True
except PermissionDenied:
return False
def permissions_check(self, report, request, domain=None, is_navigation_check=False):
if is_navigation_check:
from corehq.apps.reports.standard.export import DeidExportReport
if report.split('.')[-1] in [DeidExportReport.__name__]:
try:
ensure_request_has_privilege(request, privileges.DEIDENTIFIED_DATA)
except PermissionDenied:
return False
return super(DataInterfaceDispatcher, self).permissions_check(report, request, domain)
def load_domain(req, domain):
domain_name = normalize_domain_name(domain)
domain = Domain.get_by_name(domain_name)
req.project = domain
req.can_see_organization = True
try:
ensure_request_has_privilege(req, privileges.CROSS_PROJECT_REPORTS)
except PermissionDenied:
req.can_see_organization = False
return domain_name, domain
def load_domain(req, domain):
domain_name = normalize_domain_name(domain)
domain = Domain.get_by_name(domain_name)
req.project = domain
req.can_see_organization = True
try:
ensure_request_has_privilege(req, privileges.CROSS_PROJECT_REPORTS)
except PermissionDenied:
req.can_see_organization = False
return domain_name, domain
def permissions_check(self,
report,
request,
domain=None,
is_navigation_check=False):
if is_navigation_check:
try:
ensure_request_has_privilege(request,
privileges.CUSTOM_REPORTS)
except PermissionDenied:
return False
return super(CustomProjectReportDispatcher,
self).permissions_check(report, request, domain)
def permissions_check(self,
report,
request,
domain=None,
is_navigation_check=False):
if is_navigation_check:
from corehq.apps.importer.base import ImportCases
if report.split('.')[-1] in [ImportCases.__name__]:
try:
ensure_request_has_privilege(
request, privileges.BULK_CASE_MANAGEMENT)
except PermissionDenied:
return False
return request.couch_user.can_edit_data(domain)
def can_add_extra_mobile_workers(request):
from corehq.apps.users.models import CommCareUser
from corehq.apps.accounting.models import BillingAccount
num_web_users = CommCareUser.total_by_domain(request.domain)
user_limit = request.plan.user_limit
if user_limit == -1 or num_web_users < user_limit:
return True
try:
ensure_request_has_privilege(request, privileges.ALLOW_EXCESS_USERS)
except PermissionDenied:
account = BillingAccount.get_account_by_domain(request.domain)
if account is None or account.date_confirmed_extra_charges is None:
return False
return True
def can_add_extra_mobile_workers(request):
from corehq.apps.users.models import CommCareUser
from corehq.apps.accounting.models import BillingAccount
num_web_users = CommCareUser.total_by_domain(request.domain)
user_limit = request.plan.user_limit
if user_limit == -1 or num_web_users < user_limit:
return True
try:
ensure_request_has_privilege(request, privileges.ALLOW_EXCESS_USERS)
except PermissionDenied:
account = BillingAccount.get_account_by_domain(request.domain)
if account is None or account.date_confirmed_extra_charges is None:
return False
return True
def permissions_check(self,
report,
request,
domain=None,
is_navigation_check=False):
if is_navigation_check:
from corehq.apps.reports.standard.export import DeidExportReport
if report.split('.')[-1] in [DeidExportReport.__name__]:
try:
ensure_request_has_privilege(request,
privileges.DEIDENTIFIED_DATA)
except PermissionDenied:
return False
return super(DataInterfaceDispatcher,
self).permissions_check(report, request, domain)
def get_per_domain_context(project, request=None):
if project and project.commtrack_enabled:
domain_type = 'commtrack'
logo_url = static('hqstyle/img/commtrack-logo.png')
site_name = "CommTrack"
public_site = "http://www.commtrack.org"
can_be_your = "mobile logistics solution"
elif project and project.commconnect_enabled:
domain_type = 'commconnect'
logo_url = static('hqstyle/img/commconnect-logo.png')
site_name = "CommConnect"
public_site = "http://www.commcarehq.org"
can_be_your = "mobile health solution"
else:
domain_type = 'commcare'
logo_url = static('hqstyle/img/commcare-logo.png')
site_name = "CommCare HQ"
public_site = "http://www.commcarehq.org"
can_be_your = "mobile health solution"
try:
if 'commtrack.org' in request.get_host():
logo_url = static('hqstyle/img/commtrack-logo.png')
except Exception:
# get_host might fail for bad requests, e.g. scheduled reports
pass
if project and project.has_custom_logo:
try:
ensure_request_has_privilege(request, privileges.CUSTOM_BRANDING)
logo_url = reverse('logo', args=[project.name])
except PermissionDenied:
pass
return {
'DOMAIN_TYPE': domain_type,
'LOGO_URL': logo_url,
'SITE_NAME': site_name,
'CAN_BE_YOUR': can_be_your,
'PUBLIC_SITE': public_site,
}
def sidebar_items(self):
items = []
user_is_admin = self.couch_user.is_domain_admin(self.domain)
project_info = []
if user_is_admin:
from corehq.apps.domain.views import EditBasicProjectInfoView, EditDeploymentProjectInfoView
project_info.extend([
{
'title': _(EditBasicProjectInfoView.page_title),
'url': reverse(EditBasicProjectInfoView.urlname, args=[self.domain])
},
{
'title': _(EditDeploymentProjectInfoView.page_title),
'url': reverse(EditDeploymentProjectInfoView.urlname, args=[self.domain])
}
])
from corehq.apps.domain.views import EditMyProjectSettingsView
project_info.append({
'title': _(EditMyProjectSettingsView.page_title),
'url': reverse(EditMyProjectSettingsView.urlname, args=[self.domain])
})
can_view_orgs = (user_is_admin
and self.project and self.project.organization)
if can_view_orgs:
try:
ensure_request_has_privilege(self._request, privileges.CROSS_PROJECT_REPORTS)
except PermissionDenied:
can_view_orgs = False
if can_view_orgs:
from corehq.apps.domain.views import OrgSettingsView
project_info.append({
'title': _(OrgSettingsView.page_title),
'url': reverse(OrgSettingsView.urlname, args=[self.domain])
})
items.append((_('Project Information'), project_info))
if user_is_admin:
from corehq.apps.domain.views import CommTrackSettingsView
if self.project.commtrack_enabled:
commtrack_settings = [
{
'title': _(CommTrackSettingsView.page_title),
'url': reverse(CommTrackSettingsView.urlname, args=[self.domain])
},
]
items.append((_('CommTrack'), commtrack_settings))
administration = [
{
'title': _('CommCare Exchange'),
'url': reverse('domain_snapshot_settings', args=[self.domain])
},
{
'title': _('Multimedia Sharing'),
'url': reverse('domain_manage_multimedia', args=[self.domain])
}
]
def forward_name(repeater_type=None, **context):
if repeater_type == 'FormRepeater':
return _("Forward Forms")
elif repeater_type == 'ShortFormRepeater':
return _("Forward Form Stubs")
elif repeater_type == 'CaseRepeater':
return _("Forward Cases")
administration.extend([
{'title': _('Data Forwarding'),
'url': reverse('domain_forwarding', args=[self.domain]),
'subpages': [
{'title': forward_name,
'urlname': 'add_repeater'}
]}
])
administration.append({
'title': _('Feature Previews'),
'url': reverse('feature_previews', args=[self.domain])
})
items.append((_('Project Administration'), administration))
from corehq.apps.users.models import WebUser
if isinstance(self.couch_user, WebUser):
user_is_billing_admin, billing_account = BillingAccountAdmin.get_admin_status_and_account(
self.couch_user, self.domain)
if user_is_billing_admin or self.couch_user.is_superuser:
from corehq.apps.domain.views import (
DomainSubscriptionView, EditExistingBillingAccountView,
DomainBillingStatementsView, ConfirmSubscriptionRenewalView,
)
subscription = [
{
'title': DomainSubscriptionView.page_title,
'url': reverse(DomainSubscriptionView.urlname, args=[self.domain]),
'subpages': [
{
'title': ConfirmSubscriptionRenewalView.page_title,
'urlname': ConfirmSubscriptionRenewalView.urlname,
'url': reverse(ConfirmSubscriptionRenewalView.urlname, args=[self.domain]),
}
]
},
]
if billing_account is not None:
subscription.append(
{
'title': EditExistingBillingAccountView.page_title,
'url': reverse(EditExistingBillingAccountView.urlname, args=[self.domain]),
},
)
if (billing_account is not None
and Invoice.exists_for_domain(self.domain)
):
subscription.append(
{
'title': DomainBillingStatementsView.page_title,
'url': reverse(DomainBillingStatementsView.urlname, args=[self.domain]),
}
)
items.append((_('Subscription'), subscription))
if self.couch_user.is_superuser:
from corehq.apps.domain.views import EditInternalDomainInfoView, EditInternalCalculationsView
internal_admin = [{
'title': _(EditInternalDomainInfoView.page_title),
'url': reverse(EditInternalDomainInfoView.urlname, args=[self.domain])
},
{
'title': _(EditInternalCalculationsView.page_title),
'url': reverse(EditInternalCalculationsView.urlname, args=[self.domain])
}]
items.append((_('Internal Data (Dimagi Only)'), internal_admin))
return items
def can_view_cloudcare(self):
try:
ensure_request_has_privilege(self._request, privileges.CLOUDCARE)
except PermissionDenied:
return False
return self.couch_user.is_domain_admin()
def can_access_reminders(self):
try:
ensure_request_has_privilege(self._request, privileges.REMINDERS_FRAMEWORK)
return True
except PermissionDenied:
return False
def can_access_sms(self):
try:
ensure_request_has_privilege(self._request, privileges.OUTBOUND_SMS)
except PermissionDenied:
return False
return True
def can_view_cloudcare(self):
try:
ensure_request_has_privilege(self._request, privileges.CLOUDCARE)
except PermissionDenied:
return False
return self.couch_user.is_domain_admin()
def can_edit_roles(self):
try:
ensure_request_has_privilege(self.request, privileges.ROLE_BASED_ACCESS)
except PermissionDenied:
return False
return self.couch_user.is_domain_admin
def allow_deid(self):
try:
ensure_request_has_privilege(self.request, privileges.DEIDENTIFIED_DATA)
return True
except PermissionDenied:
return False
def sidebar_items(self):
items = []
user_is_admin = self.couch_user.is_domain_admin(self.domain)
project_info = []
if user_is_admin:
from corehq.apps.domain.views import EditBasicProjectInfoView, EditDeploymentProjectInfoView
project_info.extend([
{
'title': _(EditBasicProjectInfoView.page_title),
'url': reverse(EditBasicProjectInfoView.urlname, args=[self.domain])
},
{
'title': _(EditDeploymentProjectInfoView.page_title),
'url': reverse(EditDeploymentProjectInfoView.urlname, args=[self.domain])
}
])
from corehq.apps.domain.views import EditMyProjectSettingsView
project_info.append({
'title': _(EditMyProjectSettingsView.page_title),
'url': reverse(EditMyProjectSettingsView.urlname, args=[self.domain])
})
can_view_orgs = (user_is_admin
and self.project and self.project.organization)
if can_view_orgs:
try:
ensure_request_has_privilege(self._request, privileges.CROSS_PROJECT_REPORTS)
except PermissionDenied:
can_view_orgs = False
if can_view_orgs:
from corehq.apps.domain.views import OrgSettingsView
project_info.append({
'title': _(OrgSettingsView.page_title),
'url': reverse(OrgSettingsView.urlname, args=[self.domain])
})
items.append((_('Project Information'), project_info))
if user_is_admin:
from corehq.apps.domain.views import CommTrackSettingsView
if self.project.commtrack_enabled:
commtrack_settings = [
{
'title': _(CommTrackSettingsView.page_title),
'url': reverse(CommTrackSettingsView.urlname, args=[self.domain])
},
]
items.append((_('CommTrack'), commtrack_settings))
administration = [
{
'title': _('CommCare Exchange'),
'url': reverse('domain_snapshot_settings', args=[self.domain])
},
{
'title': _('Multimedia Sharing'),
'url': reverse('domain_manage_multimedia', args=[self.domain])
}
]
def forward_name(repeater_type=None, **context):
if repeater_type == 'FormRepeater':
return _("Forward Forms")
elif repeater_type == 'ShortFormRepeater':
return _("Forward Form Stubs")
elif repeater_type == 'CaseRepeater':
return _("Forward Cases")
administration.extend([
{'title': _('Data Forwarding'),
'url': reverse('domain_forwarding', args=[self.domain]),
'subpages': [
{'title': forward_name,
'urlname': 'add_repeater'}
]}
])
administration.append({
'title': _('Feature Previews'),
'url': reverse('feature_previews', args=[self.domain])
})
items.append((_('Project Administration'), administration))
from corehq.apps.users.models import WebUser
if isinstance(self.couch_user, WebUser):
user_is_billing_admin, billing_account = BillingAccountAdmin.get_admin_status_and_account(
self.couch_user, self.domain)
if user_is_billing_admin or self.couch_user.is_superuser:
from corehq.apps.domain.views import (
DomainSubscriptionView, EditExistingBillingAccountView,
DomainBillingStatementsView, ConfirmSubscriptionRenewalView,
)
subscription = [
{
'title': DomainSubscriptionView.page_title,
'url': reverse(DomainSubscriptionView.urlname, args=[self.domain]),
'subpages': [
{
'title': ConfirmSubscriptionRenewalView.page_title,
'urlname': ConfirmSubscriptionRenewalView.urlname,
'url': reverse(ConfirmSubscriptionRenewalView.urlname, args=[self.domain]),
}
]
},
]
if billing_account is not None:
subscription.append(
{
'title': EditExistingBillingAccountView.page_title,
'url': reverse(EditExistingBillingAccountView.urlname, args=[self.domain]),
},
)
if (billing_account is not None
and Invoice.exists_for_domain(self.domain)
):
subscription.append(
{
'title': DomainBillingStatementsView.page_title,
'url': reverse(DomainBillingStatementsView.urlname, args=[self.domain]),
}
)
items.append((_('Subscription'), subscription))
if self.couch_user.is_superuser:
from corehq.apps.domain.views import EditInternalDomainInfoView, EditInternalCalculationsView
internal_admin = [{
'title': _(EditInternalDomainInfoView.page_title),
'url': reverse(EditInternalDomainInfoView.urlname, args=[self.domain])
},
{
'title': _(EditInternalCalculationsView.page_title),
'url': reverse(EditInternalCalculationsView.urlname, args=[self.domain])
}]
items.append((_('Internal Data (Dimagi Only)'), internal_admin))
return items
def _can_access_sms(request):
try:
ensure_request_has_privilege(request, privileges.OUTBOUND_SMS)
except PermissionDenied:
return False
return True
def wrapped(request, *args, **kwargs):
ensure_request_has_privilege(request, slug, **assignment)
return fn(request, *args, **kwargs)
def can_bulk_edit_users(self):
try:
ensure_request_has_privilege(self.request, privileges.BULK_USER_MANAGEMENT)
except PermissionDenied:
return False
return True
def can_use_survey_reminders(request):
try:
ensure_request_has_privilege(request, privileges.INBOUND_SMS)
except PermissionDenied:
return False
return True
