Example #1
0
    def has_permission(self, request, view):
        owner = view.kwargs.get('owner')
        is_authenticated = request and request.user.is_authenticated()

        if 'pk' in view.kwargs:

            # Always allow listing xform (again, this is to match unit tests)
            # since we are filtering them down the road.
            if view.action == 'list':
                return True

            # Allow getting a shared xform is you are anonymous.
            pk = view.kwargs.get('pk')
            if view.action == 'retrieve':
                xform = XForm.objects.get(pk=pk)
                if xform.shared_data or xform.shared:
                    return True

            check_inherit_permission_from_project(view.kwargs.get('pk'),
                                                  request.user)

        if is_authenticated and view.action == 'create':
            owner = owner or request.user.username

            return request.user.has_perm(CAN_ADD_XFORM_TO_PROFILE,
                                         get_user_profile_or_none(owner))

        return super(XFormPermissions, self).has_permission(request, view)
Example #2
0
    def has_permission(self, request, view):
        owner = view.kwargs.get('owner')
        is_authenticated = request and request.user.is_authenticated()

        if 'pk' in view.kwargs:

            # Always allow listing xform (again, this is to match unit tests)
            # since we are filtering them down the road.
            if view.action == 'list':
                return True

            # Allow getting a shared xform is you are anonymous.
            pk = view.kwargs.get('pk')
            if view.action == 'retrieve':
                xform = XForm.objects.get(pk=pk)
                if xform.shared_data or xform.shared:
                    return True

            check_inherit_permission_from_project(view.kwargs.get('pk'),
                                                  request.user)

        if is_authenticated and view.action == 'create':
            owner = owner or request.user.username

            return request.user.has_perm(CAN_ADD_XFORM_TO_PROFILE,
                                         get_user_profile_or_none(owner))

        return super(XFormPermissions, self).has_permission(request, view)
Example #3
0
    def has_permission(self, request, view):
        owner = view.kwargs.get('owner')
        is_authenticated = request and request.user.is_authenticated

        if 'pk' in view.kwargs:
            check_inherit_permission_from_project(view.kwargs['pk'],
                                                  request.user)

        if is_authenticated and view.action == 'create':
            owner = owner or request.user.username

            return request.user.has_perm(CAN_ADD_XFORM_TO_PROFILE,
                                         get_user_profile_or_none(owner))

        return super(XFormPermissions, self).has_permission(request, view)
Example #4
0
    def has_permission(self, request, view):
        owner = view.kwargs.get('owner')
        is_authenticated = request and request.user.is_authenticated

        if 'pk' in view.kwargs:
            check_inherit_permission_from_project(view.kwargs['pk'],
                                                  request.user)

        if is_authenticated and view.action == 'create':
            owner = owner or request.user.username

            return request.user.has_perm(CAN_ADD_XFORM_TO_PROFILE,
                                         get_user_profile_or_none(owner))

        return super(XFormPermissions, self).has_permission(request, view)
Example #5
0
    def has_permission(self, request, view):
        owner = view.kwargs.get('owner')
        is_authenticated = request and request.user.is_authenticated()

        if 'pk' in view.kwargs:

            # Allow anonymous users to access shared data
            if request.method == 'GET' and view.action in ('list', 'retrieve'):
                pk = view.kwargs.get('pk')
                xform = get_object_or_404(XForm, pk=pk)
                if xform.shared_data:
                    return True

            check_inherit_permission_from_project(view.kwargs.get('pk'),
                                                  request.user)

        if is_authenticated and view.action == 'create':
            owner = owner or request.user.username

            return request.user.has_perm(CAN_ADD_XFORM_TO_PROFILE,
                                         get_user_profile_or_none(owner))

        return super(XFormPermissions, self).has_permission(request, view)
Example #6
0
    def has_permission(self, request, view):
        owner = view.kwargs.get('owner')
        is_authenticated = request and request.user.is_authenticated()

        if 'pk' in view.kwargs:

            # Allow anonymous users to access shared data
            if request.method == 'GET' and view.action in ('list', 'retrieve'):
                pk = view.kwargs.get('pk')
                xform = get_object_or_404(XForm, pk=pk)
                if xform.shared_data:
                    return True

            check_inherit_permission_from_project(view.kwargs.get('pk'),
                                                  request.user)

        if is_authenticated and view.action == 'create':
            owner = owner or request.user.username

            return request.user.has_perm(CAN_ADD_XFORM_TO_PROFILE,
                                         get_user_profile_or_none(owner))

        return super(XFormPermissions, self).has_permission(request, view)