def has_permission(self, request, view):
"""
Check if the user is authenticated and employee or read-only.
This permission will also provide (full) access to the
administrator.
:param request: The current request instance
:type request: rest_framework.request.Request
:param view: The current view instance
:type view: rest_framework.views.APIView
:return: Whether the permission was granted or not
:rtype: bool
"""
if not IsAuthenticated.has_permission(self, request, view):
return False
if (
is_management(request.user, False) or
is_employer(request.user, False)
):
return request.method.upper() in (
'GET', 'HEAD', 'OPTIONS', 'TRACE'
)
return is_employee(request.user)
def filter_queryset(self, queryset):
"""
Filter out the unrelated logo's.
:return: The image queryset
:rtype: django.db.models.query.QuerySet
"""
if is_management(self.request.user):
return queryset
return queryset.filter(
colourtheme__company__members__account=self.request.user)
def filter_queryset(self, queryset):
"""
Filter out the colour themes that aren't relevant to the user.
:param queryset: The queryset to filter
:type queryset: django.db.models.query.QuerySet
:return: Teh filtered queryset
:rtype: django.db.models.query.QuerySet
"""
if is_management(self.request.user):
return queryset
return queryset.filter(company__members__account=self.request.user.id)
def filter_queryset(self, queryset):
"""
Filter out the companies that aren't related to the user.
:param queryset: The queryset with all the companies
:type queryset: django.db.models.query.QuerySet
:return: The filtered queryset
:rtype: django.db.models.query.QuerySet
"""
if is_management(self.request.user):
return queryset
return queryset.filter(members__account=self.request.user)
def filter_queryset(self, queryset):
"""
Filter out the records related to other companies.
:param queryset: The queryset to filter
:type queryset: django.db.models.query.QuerySet
:return: The filtered queryset
:rtype: django.db.models.query.QuerySet
"""
if is_management(self.request.user):
return queryset
company = self.request.user.member.company_id
return queryset.filter(answerer__member__company=company)
def get_extra_kwargs(self):
"""
Filter out the 'company' field when the user is from management.
:return: A sequence with the extra field kwargs.
:rtype: tuple
"""
kwargs = ModelSerializer.get_extra_kwargs(self)
if not is_management(self.context["request"].user):
return kwargs
return {
**kwargs, "company": {
**kwargs.get("company", {}), "read_only": True
}
}
def filter_queryset(self, queryset):
"""
Filter out the memberships that aren't accessible to the user.
:param queryset: The queryset with all the memberships
:type queryset: django.db.models.query.QuerySet
:return: The filtered queryset
:rtype: django.db.models.query.QuerySet
"""
if is_management(self.request.user):
return queryset
if is_employee(self.request.user, False):
return queryset.filter(account=self.request.user)
return queryset.filter(company__members__account=self.request.user)
def has_permission(self, request, view):
"""
Check if the user is authenticated and from management.
This permission will also provide (full) access to the
administrator.
:param request: The current request instance
:type request: rest_framework.request.Request
:param view: The current view instance
:type view: rest_framework.views.APIView
:return: Whether the permission was granted or not
:rtype: bool
"""
return (
IsAuthenticated.has_permission(self, request, view)
and is_management(request.user)
)
def filter_queryset(self, queryset):
"""
Filter the queryset for the appropriate users.
:param queryset: The queryset to filter
:type queryset: django.db.models.query.QuerySet
:return: The queryset with the appropriate allowed users
:rtype: django.db.models.query.QuerySet
"""
query = Q()
if is_employee(self.request.user, False):
query &= Q(id=self.request.user.id)
if is_employer(self.request.user, False):
query &= Q(group=Groups.employee)
query &= Q(member__company=self.request.user.member.company)
if is_management(self.request.user, False):
query &= ~Q(group=Groups.admin)
return queryset.filter(query)