def get_user_role(user, class_item):
if 'change_class' in get_user_perms(user, class_item):
return 'Teacher'
elif 'view_class' in get_user_perms(user, class_item):
return 'Student'
else:
return 'Pending'
def test_direct_perms_only(self):
admin = User.objects.create(username='******', is_superuser=True)
self.user1.groups.add(self.group1)
self.user2.groups.add(self.group1)
assign_perm("change_contenttype", self.user1, self.obj1)
assign_perm("delete_contenttype", admin, self.obj1)
assign_perm("delete_contenttype", self.group1, self.obj1)
expected = set([self.user1, self.user2, admin])
result = get_users_with_perms(self.obj1, with_superusers=False, with_group_users=True)
self.assertEqual(set(result), expected)
self.assertEqual(set(get_user_perms(self.user1, self.obj1)), set(['change_contenttype']))
self.assertEqual(set(get_user_perms(self.user2, self.obj1)), set([]))
self.assertEqual(set(get_user_perms(admin, self.obj1)), set(['delete_contenttype']))
result = get_users_with_perms(self.obj1, with_superusers=False, with_group_users=False)
expected = set([self.user1, admin])
self.assertEqual(set(result), expected)
self.assertEqual(set(get_group_perms(self.user1, self.obj1)), set(['delete_contenttype']))
self.assertEqual(set(get_group_perms(self.user2, self.obj1)), set(['delete_contenttype']))
self.assertEqual(set(get_group_perms(self.group1, self.obj1)), set(['delete_contenttype']))
self.assertEqual(set(get_group_perms(self.group2, self.obj1)), set([]))
self.assertEqual(set(get_group_perms(admin, self.obj1)), set([]))
self.assertEqual(set(get_perms(admin, self.obj1)), set(['add_contenttype', 'change_contenttype', 'delete_contenttype']))
self.assertEqual(set(get_perms(self.user1, self.obj1)), set(['change_contenttype', 'delete_contenttype']))
self.assertEqual(set(get_perms(self.user2, self.obj1)), set(['delete_contenttype']))
self.assertEqual(set(get_perms(self.group1, self.obj1)), set(['delete_contenttype']))
self.assertEqual(set(get_perms(self.group2, self.obj1)), set([]))
def test_direct_perms_only(self):
admin = User.objects.create(username='******', is_superuser=True)
self.user1.groups.add(self.group1)
self.user2.groups.add(self.group1)
assign_perm("change_contenttype", self.user1, self.obj1)
assign_perm("delete_contenttype", admin, self.obj1)
assign_perm("delete_contenttype", self.group1, self.obj1)
expected = set([self.user1, self.user2, admin])
result = get_users_with_perms(self.obj1, with_superusers=False, with_group_users=True)
self.assertEqual(set(result), expected)
self.assertEqual(set(get_user_perms(self.user1, self.obj1)), set(['change_contenttype']))
self.assertEqual(set(get_user_perms(self.user2, self.obj1)), set([]))
self.assertEqual(set(get_user_perms(admin, self.obj1)), set(['delete_contenttype']))
result = get_users_with_perms(self.obj1, with_superusers=False, with_group_users=False)
expected = set([self.user1, admin])
self.assertEqual(set(result), expected)
self.assertEqual(set(get_group_perms(self.user1, self.obj1)), set(['delete_contenttype']))
self.assertEqual(set(get_group_perms(self.user2, self.obj1)), set(['delete_contenttype']))
self.assertEqual(set(get_group_perms(self.group1, self.obj1)), set(['delete_contenttype']))
self.assertEqual(set(get_group_perms(self.group2, self.obj1)), set([]))
self.assertEqual(set(get_group_perms(admin, self.obj1)), set([]))
self.assertEqual(set(get_perms(admin, self.obj1)), set(['add_contenttype', 'change_contenttype', 'delete_contenttype']))
self.assertEqual(set(get_perms(self.user1, self.obj1)), set(['change_contenttype', 'delete_contenttype']))
self.assertEqual(set(get_perms(self.user2, self.obj1)), set(['delete_contenttype']))
self.assertEqual(set(get_perms(self.group1, self.obj1)), set(['delete_contenttype']))
self.assertEqual(set(get_perms(self.group2, self.obj1)), set([]))
def dispatch(self, request, *args, **kwargs):
allPCAs = pcaModel.objects.all()
for pcaObject in allPCAs:
perm = get_user_perms(request.user, pcaObject)
if 'has_pca_control' in perm:
pcaObject.permissionTimestamp = timezone.now()
pcaObject.save()
ecsObject = ecsModel.objects.filter(id="ecs").get()
perm = get_user_perms(request.user, ecsObject)
if 'has_ecs_control' in perm:
ecsObject.permissionTimestamp = timezone.now()
ecsObject.save()
return super().dispatch(request, *args, **kwargs)
def change_permission_owner(self):
owner_permissions = ['view_expressionstudy', 'change_expressionstudy', 'delete_expressionstudy']
if self.initial_owner:
# If update, remove permission, else do nothing
if self.initial_owner != self.created_by:
initial_owner_permission = get_user_perms(self.initial_owner, self)
for permission in owner_permissions:
if permission in initial_owner_permission:
remove_perm(permission, self.initial_owner, self)
user_permissions = get_user_perms(self.created_by, self)
for permission in owner_permissions:
if permission not in user_permissions:
assign_perm(permission, self.created_by, self)
def empty_user_auth(user, projects, add_perm_list):
for perm in add_perm_list:
remove_perm(perm, user)
for project in projects:
perms = get_user_perms(user, project)
for perm in perms:
remove_perm(perm, user, project)
def create_class_view(request, username):
if request.method == 'POST':
form = forms.CreateClassForm(request.POST)
if form.is_valid():
class_item = form.save(commit=False)
class_item.save()
request.user.myclass.add(class_item)
#user permissions for class creator
teacher_perms = ['delete_class', 'change_class', 'view_class']
update_class_perm(class_item,
request.user,
teacher_perms,
action="assign")
#permissions are:
print(get_user_perms(request.user, class_item))
return redirect('dashboard', username)
else:
form = forms.CreateClassForm()
context = {"form": form}
return render(request, 'class_form.html', context)
def obj_perms_manage_user_view(self, request, **kwargs):
"""
Manages selected users' permissions for current object.
"""
current_app = self.admin_site.name
if not self.has_change_permission():
post_url = reverse('xadmin:index', current_app=current_app)
return redirect(post_url)
user = get_object_or_404(User, pk=self.user_id)
obj = get_object_or_404(self.get_queryset(), pk=self.object_pk)
form_class = self.get_obj_perms_manage_user_form(request)
form = form_class(user, obj, request.POST or None)
if request.method == 'POST' and form.is_valid():
form.save_obj_perms()
msg = ugettext("Permissions saved.")
messages.success(request, msg)
url = reverse(
'{0.admin_site.name}:guardian_permissions_user'.format(self),
args=[self.app_label, self.model_name, obj.pk, self.user_id]
)
return redirect(url)
context = self.get_obj_perms_base_context(request, obj)
context['user_perms'] = get_user_perms(user, obj)
context['user_obj'] = user
context['form'] = form
request.current_app = current_app
return render(request, self.get_obj_perms_manage_user_template(), context)
def get_context_data(self, **kwargs):
context = super(GgvUserView, self).get_context_data(**kwargs)
context['ggvuser'] = GGVUser.objects.get(user=self.get_object())
context['ggvroles'] = get_user_perms(self.get_object(),
context['course'])
return context
def obj_perms_manage_user_view(self, request, object_pk, user_id):
"""
Manages selected users' permissions for current object.
"""
if not self.has_change_permission(request, None):
post_url = reverse('admin:index', current_app=self.admin_site.name)
return redirect(post_url)
user = get_object_or_404(get_user_model(), pk=user_id)
obj = get_object_or_404(self.get_queryset(request), pk=object_pk)
form_class = self.get_obj_perms_manage_user_form(request)
form = form_class(user, obj, request.POST or None)
if request.method == 'POST' and form.is_valid():
form.save_obj_perms()
msg = gettext("Permissions saved.")
messages.success(request, msg)
info = (
self.admin_site.name,
self.model._meta.app_label,
self.model._meta.model_name,
)
url = reverse('%s:%s_%s_permissions_manage_user' % info,
args=[obj.pk, user.pk])
return redirect(url)
context = self.get_obj_perms_base_context(request, obj)
context['user_obj'] = user
context['user_perms'] = get_user_perms(user, obj)
context['form'] = form
request.current_app = self.admin_site.name
return render(request, self.get_obj_perms_manage_user_template(),
context)
def get(self, request):
nodegroup_ids = JSONDeserializer().deserialize(
request.GET.get('nodegroupIds'))
identityId = request.GET.get('identityId')
identityType = request.GET.get('identityType')
ret = []
if identityType == 'group':
identity = Group.objects.get(pk=identityId)
for nodegroup_id in nodegroup_ids:
nodegroup = models.NodeGroup.objects.get(pk=nodegroup_id)
perms = [{
'codename': codename,
'name': self.get_perm_name(codename).name
} for codename in get_group_perms(identity, nodegroup)]
ret.append({'perms': perms, 'nodegroup_id': nodegroup_id})
else:
identity = User.objects.get(pk=identityId)
for nodegroup_id in nodegroup_ids:
nodegroup = models.NodeGroup.objects.get(pk=nodegroup_id)
perms = [{
'codename': codename,
'name': self.get_perm_name(codename).name
} for codename in get_user_perms(identity, nodegroup)]
# only get the group perms ("defaults") if no user defined object settings have been saved
if len(perms) == 0:
perms = [{
'codename': codename,
'name': self.get_perm_name(codename).name
} for codename in set(get_group_perms(identity, nodegroup))
]
ret.append({'perms': perms, 'nodegroup_id': nodegroup_id})
return JSONResponse(ret)
def get_list_of_users(self, element):
users_dict = {} # user_id: permissions
# Transform get_users_with_perms(element, attach_perms=True) queryset to a dict user id and perms
userPermsQS = get_users_with_perms(element, attach_perms=True)
for user in userPermsQS:
listOfPerms = list(get_user_perms(user, element))
users_dict[user.id] = listOfPerms
return users_dict
def get_perms(self, identity, type, obj, perms):
if type == "user":
identity_perms = get_user_perms(identity, obj)
else:
identity_perms = get_group_perms(identity, obj)
res = []
for perm in identity_perms:
res += list(filter(lambda x: (x["codename"] == perm), perms))
return res
def wrap(request, *args, **kwargs):
class_item = models.Class.objects.get(id=kwargs['pk'])
print(class_item.user.all())
if class_item.user.all().filter(
username=request.user.username).exists():
if 'view_class' in get_user_perms(request.user, class_item):
return function(request, *args, **kwargs)
return HttpResponse('Unauthorized', status=401)
def getHtmlDetails(self):
user = manager.helpers.functions.get_user()
ret = ''.join([
'<li>Object ID: %d</li>' % self.id,
'<li>Owner: %s</li>' % self.owner,
'<li>Permissions: %s</li>' %
', '.join([x for x in get_user_perms(user, self)]),
'<li>Date: %s</li>' % self.date.strftime("%Y-%m-%d"),
])
return ret
def assign_object_permissions(cls, user_id: UUID, object_id: UUID,
object_type_id, permission_ids: List[int]):
user = get_user_model().objects.get(pk=user_id)
content_type = ContentType.objects.get_for_id(object_type_id)
content_type_model = content_type.model_class()
model_instance = content_type_model.objects.get(pk=object_id)
for permission_id in permission_ids:
permission = Permission.objects.get(pk=permission_id)
assign_perm(permission.codename, user, model_instance)
return get_user_perms(user, model_instance)
def getHtmlDetails(self):
user = manager.helpers.functions.get_user()
ret = ''.join([
'<li>Object ID: %d</li>' % self.id,
'<li>Permissions: %s</li>' %
', '.join([x for x in get_user_perms(user, self)]),
'<li>Owner: %s</li>' % self.owner,
'<li>Date: %s</li>' % self.date.strftime("%Y-%m-%d %H:%M"),
'<li>Method: %s</li>' % self.method_display_name,
'<li>Dataset: <a href="%s">%s</a></li>' %
(self.dataset.getUrl(), self.dataset),
])
return ret
def get(self, request):
if self.action == 'get_permission_manager_data':
identities = []
for group in Group.objects.all():
identities.append({
'name': group.name,
'type': 'group',
'id': group.pk,
'default_permissions': group.permissions.all()
})
for user in User.objects.filter(is_superuser=False):
groups = []
default_perms = []
for group in user.groups.all():
groups.append(group.name)
default_perms = default_perms + list(group.permissions.all())
identities.append({'name': user.email or user.username, 'groups': ', '.join(groups),
'type': 'user', 'id': user.pk, 'default_permissions': set(default_perms)})
content_type = ContentType.objects.get_for_model(models.NodeGroup)
nodegroup_permissions = Permission.objects.filter(content_type=content_type)
ret = {'identities': identities, 'permissions': nodegroup_permissions}
return JSONResponse(ret)
nodegroup_ids = JSONDeserializer().deserialize(request.GET.get('nodegroupIds'))
identityId = request.GET.get('identityId')
identityType = request.GET.get('identityType')
ret = []
if identityType == 'group':
identity = Group.objects.get(pk=identityId)
for nodegroup_id in nodegroup_ids:
nodegroup = models.NodeGroup.objects.get(pk=nodegroup_id)
perms = [{'codename': codename, 'name': self.get_perm_name(
codename).name} for codename in get_group_perms(identity, nodegroup)]
ret.append({'perms': perms, 'nodegroup_id': nodegroup_id})
else:
identity = User.objects.get(pk=identityId)
for nodegroup_id in nodegroup_ids:
nodegroup = models.NodeGroup.objects.get(pk=nodegroup_id)
perms = [{'codename': codename, 'name': self.get_perm_name(
codename).name} for codename in get_user_perms(identity, nodegroup)]
# only get the group perms ("defaults") if no user defined object settings have been saved
if len(perms) == 0:
perms = [{'codename': codename, 'name': self.get_perm_name(
codename).name} for codename in set(get_group_perms(identity, nodegroup))]
ret.append({'perms': perms, 'nodegroup_id': nodegroup_id})
return JSONResponse(ret)
def getHtmlDetails(self):
user = manager.helpers.functions.get_user()
fs = self.fileset_set.all()[0]
ret = ''.join([
'<li>Object ID: %d</li>' % self.id,
'<li>Permissions: %s</li>' %
', '.join([x for x in get_user_perms(user, self)]),
'<li>Owner: %s</li>' % self.owner,
'<li>Date: %s</li>' % self.date.strftime("%Y-%m-%d"),
'<li>File date: %s</li>' % self.file_date,
'<li>Filename: %s</li>' % self.filename,
'<li>Fileset: <a href="%s">%s</a></li>' % (fs.getUrl(), fs.name)
])
return ret
def dispatch(self, request, *args, **kwargs):
try:
self.course = Course.objects.get(slug=kwargs['crs_slug'])
self.ggvuser = GGVUser.objects.get(user=self.get_object())
self.permissions = get_perms(self.get_object(), self.course)
if not self.permissions:
# Needed to handle state when user has never logged in. (correct registration information)
self.permissions = get_user_perms(self.get_object(), self.course)
self.permissions = self.permissions[0]
except:
raise Http404(self.get_object().username + ' is not part of ' + self.course.title)
return super(UpdateGgvUserAccountView, self).dispatch(request, *args, **kwargs)
def join_class_view(request, username, pk=None):
class_item = models.Class.objects.get(id=pk)
if request.method == "GET": #this should be a post
qs = class_item.user.all().filter(username__iexact=username)
if not qs.exists():
user = User.objects.get(username=username)
class_item.user.add(user)
#permissions are:
print(get_user_perms(request.user, class_item))
return redirect('dashboard', username)
def assign_tmpl_perms_user(request, perms, users, tmpl_inst):
user = request.user
biz = tmpl_inst.business
if user.has_perm('manage_business', biz):
# 删除有当前要授权权限的所有拥有用户的授权信息
perm_users = get_users_with_perms(tmpl_inst)
for name in perm_users:
perm_list = get_user_perms(name, tmpl_inst)
for perm in perm_list:
if perm in perms:
remove_perm(perm, name, tmpl_inst)
# then assign perms
for perm, name in itertools.product(perms, users):
assign_perm(perm, name, tmpl_inst)
else:
return HttpResponseForbidden()
def dispatch(self, request, *args, **kwargs):
try:
self.course = Course.objects.get(slug=kwargs['crs_slug'])
self.ggvuser = GGVUser.objects.get(user=self.get_object())
self.permissions = get_perms(self.get_object(), self.course)
if not self.permissions:
# Needed to handle state when user has never logged in. (correct registration information)
self.permissions = get_user_perms(self.get_object(),
self.course)
self.permissions = self.permissions[0]
except:
raise Http404(self.get_object().username + ' is not part of ' +
self.course.title)
return super(UpdateGgvUserAccountView,
self).dispatch(request, *args, **kwargs)
def get_user_permissions(self, nodegroup=None):
"""
get's a list of object level permissions allowed for a all users
returns an object of the form:
.. code-block:: python
{
'local': {'codename': permssion codename, 'name': permission name} # A list of object level permissions
'default': {'codename': permssion codename, 'name': permission name} # A list of group based object level permissions or model level permissions
}
Keyword Arguments:
nodegroup -- the NodeGroup object instance to use to check for permissions on that particular object
"""
ret = []
for user in User.objects.all():
perms = {
'local': [{
'codename': codename,
'name': self.get_perm_name(codename).name
} for codename in get_user_perms(user, nodegroup)],
'default':
set()
}
for group in user.groups.all():
codenames = set(get_group_perms(group, nodegroup))
if len(codenames) == 0:
codenames = set(
[item.codename for item in group.permissions.all()])
perms['default'].update(codenames)
perms['default'] = [{
'codename': codename,
'name': self.get_perm_name(codename).name
} for codename in perms['default']]
if len(perms['default']) > 0:
ret.append({
'username': user.email or user.username,
'email': user.email,
'perms': perms,
'type': 'user',
'id': user.pk
})
return ret
def set_member_perms(sender, instance=None, created=False, **kwargs):
perms = get_perms_for_model(apps.get_model('app_mgr', 'Organization'))
was_admin = len(get_user_perms(instance.user, instance.org)) > 1
if instance.is_admin and not was_admin:
instance.org.admin_group.user_set.add(instance.user)
for perm in perms:
assign_perm(perm.codename, instance.user, instance.org)
if not instance.is_admin and was_admin:
instance.org.admin_group.user_set.remove(instance.user)
for perm in perms:
remove_perm(perm.codename, instance.user, instance.org)
instance.org.member_group.user_set.add(instance.user)
assign_perm('view_organization', instance.user, instance.org)
def set_member_perms(sender, instance=None, created=False, **kwargs):
perms = get_perms_for_model(apps.get_model('app_mgr', 'Organization'))
was_admin = len(get_user_perms(instance.user, instance.org)) > 1
if instance.is_admin and not was_admin:
instance.org.admin_group.user_set.add(instance.user)
for perm in perms:
assign_perm(perm.codename, instance.user, instance.org)
if not instance.is_admin and was_admin:
instance.org.admin_group.user_set.remove(instance.user)
for perm in perms:
remove_perm(perm.codename, instance.user, instance.org)
instance.org.member_group.user_set.add(instance.user)
assign_perm('view_organization', instance.user, instance.org)
def delete(self, request, pk, format=None):
"""
Delete subscription if user is owner or have permissions
"""
try:
sub = Subscription.objects.get(pk=pk)
serializer = SubscriptionSerializer(sub)
user_id = serializer.data['user']
# If is staff and don't have delete permission, can't delete the subscription.
if self.request.user.id == user_id or "can_delete_alarm" in get_user_perms(
self.request.user, sub):
sub.delete()
return Response(status=status.HTTP_204_NO_CONTENT)
else:
return Response(data={"detail": "Not Authorizated User"},
status=status.HTTP_403_FORBIDDEN)
except Subscription.DoesNotExist:
return Response(status=status.HTTP_404_NOT_FOUND)
def check_resource_instance_permissions(user, resourceid, permission):
"""
Checks if a user has permission to access a resource instance
Arguments:
user -- the user to check
resourceid -- the id of the resource
permission -- the permission codename (e.g. 'view_resourceinstance') for which to check
"""
result = {}
try:
resource = ResourceInstance.objects.get(resourceinstanceid=resourceid)
result["resource"] = resource
all_perms = get_perms(user, resource)
if len(all_perms) == 0: # no permissions assigned. permission implied
result["permitted"] = "unknown"
return result
else:
user_permissions = get_user_perms(user, resource)
if "no_access_to_resourceinstance" in user_permissions: # user is restricted
result["permitted"] = False
return result
elif permission in user_permissions: # user is permitted
result["permitted"] = True
return result
group_permissions = get_group_perms(user, resource)
if "no_access_to_resourceinstance" in group_permissions: # group is restricted - no user override
result["permitted"] = False
return result
elif permission in group_permissions: # group is permitted - no user override
result["permitted"] = True
return result
if permission not in all_perms: # neither user nor group explicitly permits or restricts.
result["permitted"] = False # restriction implied
return result
except ObjectDoesNotExist:
return None
return result
def no_save_subscription_if_dont_have_permissions(sender, instance, **kwargs):
"""
Stop saving individual or group subscription if user or group don't have
permissions to subscribe to the alarm
:param sender: Subscription
"""
user = instance.user if instance.user else None
group = instance.group if instance.group else None
if user:
if 'can_subscribe' not in get_user_perms(user, instance.alarm):
raise ValidationError(
"User don't have permissions to subscribe to this alarm")
elif group:
if 'can_subscribe' not in get_group_perms(group, instance.alarm):
raise ValidationError(
"Group don't have permissions to subscribe to this alarm")
else:
raise ValidationError("BAD REQUEST. Check your selections.")
def obj_perms_manage_user_view(self, request, object_pk, user_id):
"""
Manages selected users' permissions for current object.
"""
if not self.has_change_permission(request, None):
post_url = reverse('admin:index', current_app=self.admin_site.name)
return redirect(post_url)
user = get_object_or_404(get_user_model(), pk=user_id)
obj = get_object_or_404(self.get_queryset(request), pk=object_pk)
form_class = self.get_obj_perms_manage_user_form(request)
form = form_class(user, obj, request.POST or None)
if request.method == 'POST' and form.is_valid():
form.save_obj_perms()
msg = ugettext("Permissions saved.")
messages.success(request, msg)
info = (
self.admin_site.name,
self.model._meta.app_label,
get_model_name(self.model)
)
url = reverse(
'%s:%s_%s_permissions_manage_user' % info,
args=[obj.pk, user.pk]
)
return redirect(url)
context = self.get_obj_perms_base_context(request, obj)
context['user_obj'] = user
context['user_perms'] = get_user_perms(user, obj)
context['form'] = form
request.current_app = self.admin_site.name
if django.VERSION >= (1, 10):
return render(request, self.get_obj_perms_manage_user_template(), context)
return render_to_response(self.get_obj_perms_manage_user_template(), context, RequestContext(request))
def inner_decorator(request, roles=roles, *args, **kwargs):
p = Project.objects.get(pk=kwargs['project_id'])
u = request.user
has_role = check_user_role(u, p, roles)
is_token_authenticated = getattr(request, '_is_token_authenticated', False)
# If a request is authenticated through an API token permissions are
# required, endpoints that require write/annotate permissions also
# need to have the TokenAnnotate permission. This is enforced also
# for admin accounts.
if is_token_authenticated and not contains_read_roles(roles) and \
settings.REQUIRE_EXTRA_TOKEN_PERMISSIONS:
has_role = 'can_annotate_with_token' in get_user_perms(u, p) or \
'can_annotate_with_token' in get_group_perms(u, p)
if has_role:
# The user can execute the function.
return f(request, *args, **kwargs)
else:
msg = "User '{}' with ID {} does not have the required permissions in " \
"project {}".format(u.username, u.id, int(kwargs['project_id']))
raise PermissionError(msg)
def get_perms(request, biz_cc_id):
template_id = request.GET.get('template_id')
try:
template = TaskTemplate.objects.get(pk=template_id,
business__cc_id=biz_cc_id)
except TaskTemplate.DoesNotExist:
return HttpResponseForbidden()
fill_params_groups = []
execute_task_groups = []
groups = get_groups_with_perms(template)
# 获取有权限的分组列表
for group in groups:
perm_list = get_group_perms(group, template)
for perm in perm_list:
if perm == FILL_PARAMS_PERM_NAME:
fill_params_groups.append(
{"show_name": group.name.split("\x00")[-1]})
elif perm == EXECUTE_TASK_PERM_NAME:
execute_task_groups.append(
{"show_name": group.name.split("\x00")[-1]})
# 获取有权限的人员列表
users = get_users_with_perms(template)
for user in users:
perm_list = get_user_perms(user, template)
for perm in perm_list:
if perm == FILL_PARAMS_PERM_NAME:
fill_params_groups.append({"show_name": user.username})
elif perm == EXECUTE_TASK_PERM_NAME:
execute_task_groups.append({"show_name": user.username})
ctx = {
'result': True,
'data': {
'fill_params_groups': fill_params_groups,
'execute_task_groups': execute_task_groups,
}
}
return JsonResponse(ctx)
def manage_user_permissions(request, id_chalkboard, id_user):
chlk = get_object_or_404(Chalkboard, id=id_chalkboard)
if check_permissions(request.user, chlk,
['chalkboard_manage_permission_user']):
user_join = get_object_or_404(JoinChalkboard,
chalkboard=chlk,
user_id=id_user)
user = get_user_model().objects.get(id=id_user)
permissions_rows = dict()
permissions_user = dict()
# get all permissions chalkboard
for perm in get_perms_for_model(Chalkboard):
permissions_rows[perm.codename] = perm.name
permissions_user[perm.codename] = False # default false permission
for perm in get_user_perms(user, chlk):
permissions_user[perm] = True
form = PermissionForm(request.POST or None, checkboxs=permissions_user)
if form.is_valid():
permissions_datas = form.save()
for codename, value in permissions_datas.items():
has_perm = check_permissions(user, chlk, [codename])
if value:
if not has_perm:
assign_permission(codename, user, chlk)
else:
if has_perm:
remove_perm(codename, user, chlk)
messages.success(request, 'Permissions saved.')
return render(
request, 'permissions/permissions_user_chalkboard.html', {
'user_id': id_user,
'chalkboard': chlk,
'permissions_rows': permissions_rows,
'form': form
})
return redirect('permission_chalkboard', id_chalkboard)
def test_set_permissions(self):
normal_user = UserFactory(username="******")
assign_perm("monitorings.manage_perm", self.user, self.monitoring)
self.client.login(username="******", password="******")
# First step - selecting user to set permissions to
data = {
"0-user": normal_user.pk,
"permission_wizard-current_step": "0"
}
response = self.client.post(self.get_url(), data=data)
self.assertEqual(response.status_code, 200)
# Second step - updating user's permissions
granted_permission = ["add_case", "add_draft", "add_letter"]
data = {
"1-permissions": granted_permission,
"permission_wizard-current_step": "1",
}
response = self.client.post(self.get_url(), data=data)
self.assertEqual(response.status_code, 302)
self.assertCountEqual(get_user_perms(normal_user, self.monitoring),
granted_permission)
def get_context_data(self, **kwargs):
context = super(GgvUserView, self).get_context_data(**kwargs)
context['ggvuser'] = GGVUser.objects.get(user=self.get_object())
context['ggvroles'] = get_user_perms(self.get_object(), context['course'])
return context
def form_valid(self, form):
self.object = form.save()
# Need to force lower case emails.
self.object.username = self.object.username.lower()
self.object.save()
username = form.cleaned_data['username']
language = form.cleaned_data['language']
course = form.cleaned_data['course']
perms = form.cleaned_data['perms']
prog_id = form.cleaned_data['program_id']
is_active = form.cleaned_data['is_active']
self.ggvuser.program_id = prog_id
self.ggvuser.language_pref = language
self.ggvuser.save()
#get_user_perms
curr_permissions = get_perms(self.object, self.course)
if not curr_permissions:
curr_permissions = get_user_perms(self.object, self.course)
# Username changed?
if not self.object.email == username:
self.object.email = username
self.object.save()
try:
social_auth_obj = self.object.social_auth.all()[0]
social_auth_obj.uid = self.object.email
social_auth_obj.save()
except:
pass
if not self.object.is_active == is_active:
self.object.is_active = is_active
self.object.save()
# Change the user's course?.
if not self.course.id == course.id:
for i in curr_permissions:
assign_perm(i, self.object, course)
remove_perm(i, self.object, self.course)
# Change course_context for user's bookmarks
bks = self.object.bookmarker.all().filter(course_context=self.course)
for i in bks:
try:
i.course_context = course
i.save()
except IntegrityError as e:
i.delete()
self.course = course
# Change the user's permissions?
if perms not in curr_permissions:
for i in curr_permissions:
remove_perm(i, self.object, self.course)
assign_perm(perms, self.object, self.course)
return super(UpdateGgvUserAccountView, self).form_valid(form)
def get_obj_perms_field_initial(self):
perms = get_user_perms(self.user, self.obj)
return perms
def get_user_permissions(self, nodegroup=None):
"""
get's a list of object level permissions allowed for a all users
returns an object of the form:
.. code-block:: python
{
'local': {'codename': permssion codename, 'name': permission name} # A list of object level permissions
'default': {'codename': permssion codename, 'name': permission name} # A list of group based object level permissions or model level permissions
}
Keyword Arguments:
nodegroup -- the NodeGroup object instance to use to check for permissions on that particular object
"""
ret = []
for user in User.objects.all():
perms = {
'local': [{'codename': codename, 'name': self.get_perm_name(codename).name} for codename in get_user_perms(user, nodegroup)],
'default': set()
}
for group in user.groups.all():
codenames = set(get_group_perms(group, nodegroup))
if len(codenames) == 0:
codenames = set([item.codename for item in group.permissions.all()])
perms['default'].update(codenames)
perms['default'] = [{'codename': codename, 'name': self.get_perm_name(codename).name} for codename in perms['default']]
if len(perms['default']) > 0:
ret.append({'username': user.email or user.username, 'email': user.email, 'perms': perms, 'type': 'user', 'id': user.pk})
return ret
def get(self, request):
nodegroup_ids = JSONDeserializer().deserialize(request.GET.get('nodegroupIds'))
identityId = request.GET.get('identityId')
identityType = request.GET.get('identityType')
ret = []
if identityType == 'group':
identity = Group.objects.get(pk=identityId)
for nodegroup_id in nodegroup_ids:
nodegroup = models.NodeGroup.objects.get(pk=nodegroup_id)
perms = [{'codename': codename, 'name': self.get_perm_name(codename).name} for codename in get_group_perms(identity, nodegroup)]
ret.append({'perms': perms, 'nodegroup_id': nodegroup_id})
else:
identity = User.objects.get(pk=identityId)
for nodegroup_id in nodegroup_ids:
nodegroup = models.NodeGroup.objects.get(pk=nodegroup_id)
perms = [{'codename': codename, 'name': self.get_perm_name(codename).name} for codename in get_user_perms(identity, nodegroup)]
# only get the group perms ("defaults") if no user defined object settings have been saved
if len(perms) == 0:
perms = [{'codename': codename, 'name': self.get_perm_name(codename).name} for codename in set(get_group_perms(identity, nodegroup))]
ret.append({'perms': perms, 'nodegroup_id': nodegroup_id})
return JSONResponse(ret)
