def assert_can_vote(self, poll, request):
"""
Raises a permission denied, if the user is not allowed to vote (or has already voted).
Adds the user to the voted array, so this needs to be reverted on error!
Analog: has to have manage permissions
Named & Pseudoanonymous: has to be in a poll group and present
"""
if poll.type == BasePoll.TYPE_ANALOG:
if not self.has_manage_permissions():
self.permission_denied(request)
else:
if poll.state != BasePoll.STATE_STARTED:
raise ValidationError("You can only vote on a started poll.")
if not request.user.is_present or not in_some_groups(
request.user.id,
list(poll.groups.values_list("pk", flat=True)),
exact=True,
):
self.permission_denied(request)
try:
self.add_user_to_voted_array(request.user, poll)
inform_changed_data(poll)
except IntegrityError:
raise ValidationError({"detail": "You have already voted"})
def get_mediafile(request, path):
"""
returnes the mediafile for the requested path and checks, if the user is
valid to retrieve the mediafile. If not, None will be returned.
A user must have all access permissions for all folders the the file itself,
or the file is a special file (logo or font), then it is always returned.
If the mediafile cannot be found, a Mediafile.DoesNotExist will be raised.
"""
if not path:
raise Mediafile.DoesNotExist()
parts = path.split("/")
parent = None
can_see = has_perm(request.user, "mediafiles.can_see")
for i, part in enumerate(parts):
is_directory = i < len(parts) - 1
# A .get would be sufficient, but sometimes someone has uploaded a file twice due to complicated
# transaction management of two databases during create. So instead of returning a 500er (since
# .get returned multiple objects) we deliver the first file.
if is_directory:
mediafile = Mediafile.objects.filter(parent=parent,
is_directory=is_directory,
title=part).first()
else:
mediafile = Mediafile.objects.filter(
parent=parent,
is_directory=is_directory,
original_filename=part).first()
if mediafile is None:
raise Mediafile.DoesNotExist()
if mediafile.access_groups.exists() and not in_some_groups(
request.user.id,
[group.id for group in mediafile.access_groups.all()]):
can_see = False
parent = mediafile
# Check, if this file is projected
is_projected = False
for projector in Projector.objects.all():
for element in projector.elements:
name = element.get("name")
id = element.get("id")
if name == "mediafiles/mediafile" and id == mediafile.id:
is_projected = True
break
if not can_see and not mediafile.is_special_file and not is_projected:
mediafile = None
return mediafile
def get_mediafile(request, path):
"""
returnes the mediafile for the requested path and checks, if the user is
valid to retrieve the mediafile. If not, None will be returned.
A user must have all access permissions for all folders the the file itself,
or the file is a special file (logo or font), then it is always returned.
If the mediafile cannot be found, a Mediafile.DoesNotExist will be raised.
"""
if not path:
raise Mediafile.DoesNotExist()
parts = path.split("/")
parent = None
can_see = has_perm(request.user, "mediafiles.can_see")
for i, part in enumerate(parts):
is_directory = i < len(parts) - 1
if is_directory:
mediafile = Mediafile.objects.get(parent=parent,
is_directory=is_directory,
title=part)
else:
mediafile = Mediafile.objects.get(parent=parent,
is_directory=is_directory,
original_filename=part)
if mediafile.access_groups.exists() and not in_some_groups(
request.user.id,
[group.id for group in mediafile.access_groups.all()]):
can_see = False
parent = mediafile
# Check, if this file is projected
is_projected = False
for projector in Projector.objects.all():
for element in projector.elements:
name = element.get("name")
id = element.get("id")
if name == "mediafiles/mediafile" and id == mediafile.id:
is_projected = True
break
if not can_see and not mediafile.is_special_file and not is_projected:
mediafile = None
return mediafile
def assert_can_vote(self, poll, request, vote_user):
"""
Raises a permission denied, if the user is not allowed to vote (or has already voted).
Adds the user to the voted array, so this needs to be reverted if a later error happens!
Analog: has to have manage permissions
Named & Pseudoanonymous: has to be in a poll group and present
"""
# if the request user is not the vote user, the delegation must be right
if request.user != vote_user and request.user != vote_user.vote_delegated_to:
raise ValidationError(
{
"detail": f"You cannot vote for {vote_user.id} since the vote right was not delegated to you."
}
)
# If the request user is the vote user, this user must not have any delegation.
# It is not allowed to vote for oneself, if the vote is delegated
if request.user == vote_user and request.user.vote_delegated_to is not None:
raise ValidationError(
{"detail": "You cannot vote since your vote right is delegated."}
)
if poll.type == BasePoll.TYPE_ANALOG:
if not self.has_manage_permissions():
self.permission_denied(request)
else:
if poll.state != BasePoll.STATE_STARTED:
raise ValidationError(
{"detail": "You can only vote on a started poll."}
)
if not request.user.is_present or not in_some_groups(
vote_user.id,
list(poll.groups.values_list("pk", flat=True)),
exact=True,
):
self.permission_denied(request)
try:
self.add_user_to_voted_array(vote_user, poll)
inform_changed_data(poll)
except IntegrityError:
raise ValidationError({"detail": "You have already voted."})
