def handle(self, *args, **options): username_or_email = options["user"] dump_format = options["format"] project_slugs = options["project_slugs"] try: user = User.objects.get(Q(username=username_or_email) | Q(email=username_or_email)) except Exception: raise CommandError("Error loading user".format(username_or_email)) for project_slug in project_slugs: try: project = Project.objects.get(slug=project_slug) except Project.DoesNotExist: raise CommandError("Project '{}' does not exist".format(project_slug)) if not is_project_admin(user, project): self.stderr.write(self.style.ERROR( "ERROR: Not sending task because user '{}' doesn't have permissions to export '{}' project".format( username_or_email, project_slug ) )) continue task = tasks.dump_project.delay(user, project, dump_format) tasks.delete_project_dump.apply_async( (project.pk, project.slug, task.id, dump_format), countdown=settings.EXPORTS_TTL ) print("-> Sent task for dump of project '{}' as user {}".format(project.name, username_or_email))
def get_serializer_class(self): use_admin_serializer = False if self.action == "create": use_admin_serializer = True if self.action == "retrieve": use_admin_serializer = permissions_services.is_project_admin( self.request.user, self.object.project) project_id = self.request.QUERY_PARAMS.get("project", None) if self.action == "list" and project_id is not None: project = get_object_or_404(models.Project, pk=project_id) use_admin_serializer = permissions_services.is_project_admin( self.request.user, project) if use_admin_serializer: return self.admin_serializer_class else: return self.serializer_class
def to_value(self, instance): # Name attributes must be translated for attr in [ "epic_statuses_attr", "userstory_statuses_attr", "userstory_duedates_attr", "points_attr", "task_statuses_attr", "task_duedates_attr", "issue_statuses_attr", "issue_types_attr", "issue_duedates_attr", "priorities_attr", "severities_attr", "epic_custom_attributes_attr", "userstory_custom_attributes_attr", "task_custom_attributes_attr", "issue_custom_attributes_attr", "roles_attr" ]: assert hasattr( instance, attr), "instance must have a {} attribute".format(attr) val = getattr(instance, attr) if val is None: continue for elem in val: elem["name"] = _(elem["name"]) ret = super().to_value(instance) admin_fields = [ "epics_csv_uuid", "userstories_csv_uuid", "tasks_csv_uuid", "issues_csv_uuid", "is_private_extra_info", "max_memberships", "transfer_token", ] is_admin_user = False if "request" in self.context: user = self.context["request"].user is_admin_user = permissions_services.is_project_admin( user, instance) if not is_admin_user: for admin_field in admin_fields: del (ret[admin_field]) return ret
def check_permissions(self, request, view, obj=None): return is_project_admin(request.user, obj.webhook.project)
def check_permissions(self, request, view, obj=None): model = get_model_from_key(obj.key) pk = get_pk_from_key(obj.key) project = model.objects.get(pk=pk) return is_project_admin(request.user, project)
def get_i_am_admin(self, obj): if "request" in self.context: return is_project_admin(self.context["request"].user, obj) return False