def _call(self, key, instance, user): # check if key is valid if self._current_state_key not in self._transitions[key].sources: raise ValidationError(_("This transition is not valid")) user.djangobmf = Employee(user) # update object with instance and user (they come in handy in user-defined functions) self.instance = instance self.user = user # normaly the instance attribute should only be unset during the tests if not self.instance: self._set_state(self._transitions[key].target) return getattr(self, key)() # validate the instance if self._transitions[key].validate and self._current_state.update: self.instance.full_clean() # check the conditions of the transition if self._transitions[key].conditioned: self._transitions[key].eval_condition(instance, user) # everything is valid, we can set the new state self._set_state(self._transitions[key].target) # call function url = getattr(self, key)() return url
def dispatch(self, *args, **kwargs): """ checks permissions, requires a login and because we are using a generic view approach to the data-models in django BMF, we can ditch a middleware (less configuration) and add the functionality we need for the framework to work properly to this function. """ # add the site object to every request setattr(self.request, 'djangobmf_appconfig', apps.get_app_config(bmfsettings.APP_LABEL)) setattr(self.request, 'djangobmf_site', self.request.djangobmf_appconfig.site) # add the authenticated user and employee to the request (as a lazy queryset) self.request.user.djangobmf = Employee(self.request.user) # TODO ... call check_object_permission instead when objects have a model try: if not self.check_permissions(self.request): return permission_denied(self.request) except Http404: return page_not_found(self.request) # TODO MOVE THIS CHECK TO PERMISSIONS # check if bmf has a employee model and if so do a validation of the # employee instance (users, who are not employees are not allowed to access) if self.request.user.djangobmf.has_employee and not self.request.user.djangobmf.employee: logger.debug("User %s does not have permission to access djangobmf" % self.request.user) if self.request.user.is_superuser: return redirect('djangobmf:wizard', permanent=False) else: return permission_denied(self.request) response = super(BaseMixin, self).dispatch(*args, **kwargs) # Catch HTTP error codes and redirect to a bmf-specific template if response.status_code in [400, 403, 404, 500] and not settings.DEBUG: if response.status_code == 400: return bad_request(self.request) if response.status_code == 403: return permission_denied(self.request) if response.status_code == 404: return page_not_found(self.request) if response.status_code == 500: return server_error(self.request) return response
def get_queryset(self): manager = self.kwargs.get('manager', 'all') if manager == 'all': qs = self.model.objects.all() else: # TODO qs = self.model.objects.all() self.request.user.djangobmf = Employee(self.request.user) return self.permissions().filter_queryset( qs, self.request.user, )
def get_queryset(self, manager=None): """ Return the list of items for this view. `QuerySet` in which case `QuerySet` specific behavior will be enabled. """ module = self.request.djangobmf_site.get_module(self.model) if self.model and manager: if module.manager.get(manager, None): qs = module.manager[manager] if isinstance(qs, QuerySet): qs = qs.all() elif hasattr(self.model._default_manager, manager): qs = getattr(self.model._default_manager, manager)(self.request) else: raise ImproperlyConfigured( "%(manager)s is not defined in %(cls)s.model" % { 'manager': manager, 'cls': self.__class__.__name__ } ) elif self.model is not None: qs = self.model._default_manager.all() else: raise ImproperlyConfigured( "%(cls)s is missing a QuerySet. Define " "%(cls)s.model " % { 'cls': self.__class__.__name__ } ) # load employee and team data into user self.request.user.djangobmf = Employee(self.request.user) return self.module.permissions().filter_queryset(qs, self.request.user)
def djangobmf_user_watch(pk): from djangobmf.models import Activity from djangobmf.models import Notification from djangobmf.models import ACTION_COMMENT from djangobmf.models import ACTION_CREATED from djangobmf.models import ACTION_UPDATED from djangobmf.models import ACTION_WORKFLOW from djangobmf.models import ACTION_FILE object = Activity.objects.get(pk=pk) if object.action == ACTION_CREATED: logger.debug("Notifications for new object: %s (pk: %s)" % (object.parent_ct, object.parent_id)) # Select all Notifications not bound to an object for notification in Notification.objects \ .filter(watch_ct=object.parent_ct, watch_id__isnull=True) \ .select_related('user'): # ACL / Permissions lookups employee = Employee(notification.user) if employee.has_object_perms(object.parent_object): notification.pk = None if notification.user == object.user: notification.unread = False else: notification.unread = True notification.new_entry = False notification.watch_id = object.parent_id notification.last_seen_object = object.pk notification.triggered = True notification.save() logger.debug( "Created Notification for user %s (%s) and object %s (%s)" % ( notification.user, notification.user.pk, object.parent_ct, object.parent_id, )) else: qs = Notification.objects.filter(watch_ct=object.parent_ct, watch_id=object.parent_id) if object.action == ACTION_COMMENT: logger.debug("Notifications for comment: %s (pk: %s)" % (object.parent_ct, object.parent_id)) qs = qs.filter(comments=True) if object.action == ACTION_UPDATED: logger.debug("Notifications for updated data: %s (pk: %s)" % (object.parent_ct, object.parent_id)) qs = qs.filter(detectchanges=True) if object.action == ACTION_WORKFLOW: logger.debug("Notifications for changed workflow: %s (pk: %s)" % (object.parent_ct, object.parent_id)) qs = qs.filter(workflow=True) if object.action == ACTION_FILE: logger.debug("Notifications for appended file: %s (pk: %s)" % (object.parent_ct, object.parent_id)) qs = qs.filter(files=True) # ACL for notification in qs.select_related('user'): employee = Employee(notification.user) if employee.has_object_perms(object.parent_object): if notification.user != object.user: notification.triggered = True notification.unread = True notification.modified = now() logger.debug( "Updated Notification for user %s (%s) and object %s (%s)" % ( notification.user, notification.user.pk, object.parent_ct, object.parent_id, )) else: # User does not have permissions! # -> delete notification notification.delete() logger.info( "Deleted Notification for user %s (%s) and object %s (%s) - no permissions" % ( notification.user, notification.user.pk, object.parent_ct, object.parent_id, ))
def djangobmf_user_watch(pk): from djangobmf.models import Activity from djangobmf.models import Notification from djangobmf.models import ACTION_COMMENT from djangobmf.models import ACTION_CREATED from djangobmf.models import ACTION_UPDATED from djangobmf.models import ACTION_WORKFLOW from djangobmf.models import ACTION_FILE object = Activity.objects.get(pk=pk) if object.action == ACTION_CREATED: logger.debug("Notifications for new object: %s (pk: %s)" % (object.parent_ct, object.parent_id)) # Select all Notifications not bound to an object for notification in Notification.objects \ .filter(watch_ct=object.parent_ct, watch_id__isnull=True) \ .select_related('user'): # ACL / Permissions lookups employee = Employee(notification.user) if employee.has_object_perms(object.parent_object): notification.pk = None if notification.user == object.user: notification.unread = False else: notification.unread = True notification.new_entry = False notification.watch_id = object.parent_id notification.last_seen_object = object.pk notification.triggered = True notification.save() logger.debug("Created Notification for user %s (%s) and object %s (%s)" % ( notification.user, notification.user.pk, object.parent_ct, object.parent_id, )) else: qs = Notification.objects.filter(watch_ct=object.parent_ct, watch_id=object.parent_id) if object.action == ACTION_COMMENT: logger.debug("Notifications for comment: %s (pk: %s)" % (object.parent_ct, object.parent_id)) qs = qs.filter(comment=True) if object.action == ACTION_UPDATED: logger.debug("Notifications for updated data: %s (pk: %s)" % (object.parent_ct, object.parent_id)) qs = qs.filter(changed=True) if object.action == ACTION_WORKFLOW: logger.debug("Notifications for changed workflow: %s (pk: %s)" % (object.parent_ct, object.parent_id)) qs = qs.filter(workflow=True) if object.action == ACTION_FILE: logger.debug("Notifications for appended file: %s (pk: %s)" % (object.parent_ct, object.parent_id)) qs = qs.filter(file=True) # ACL for notification in qs.select_related('user'): employee = Employee(notification.user) if employee.has_object_perms(object.parent_object): if notification.user != object.user: notification.triggered = True notification.unread = True notification.modified = now() logger.debug("Updated Notification for user %s (%s) and object %s (%s)" % ( notification.user, notification.user.pk, object.parent_ct, object.parent_id, )) else: # User does not have permissions! # -> delete notification notification.delete() logger.info("Deleted Notification for user %s (%s) and object %s (%s) - no permissions" % ( notification.user, notification.user.pk, object.parent_ct, object.parent_id, ))