def add_forening_permission(request):
user = User.objects.get(id=request.POST['user'])
forening = Forening.objects.get(id=request.POST['forening'])
role = request.POST['role']
if role not in ['admin', 'user']:
raise PermissionDenied
# Verify that the user performing this action has the required permissions
all_foreninger = request.user.all_foreninger()
if role == 'admin':
# Setting admin requires admin
if forening not in [a for a in all_foreninger if a.role == 'admin']:
raise PermissionDenied
elif role == 'user':
# Any role can set user
if forening not in all_foreninger:
raise PermissionDenied
if not user.has_perm('sherpa/association/user',
association_id=forening.id):
user.add_perm(
'sherpa/association/user',
association_id=forening.id,
created_by=request.user
)
if role == 'admin' and not user.has_perm('sherpa/association/admin',
association_id=forening.id):
user.add_perm(
'sherpa/association/admin',
association_id=forening.id,
created_by=request.user
)
if request.POST.get('send_email', '') != '':
if user.get_sherpa_email() == '':
messages.warning(request, 'no_email_for_user')
else:
if send_access_granted_email(user, forening, request.user):
messages.info(request, 'access_email_success')
else:
messages.warning(request, 'access_email_failure')
cache.delete('user.%s.all_foreninger' % user.id)
cache.delete('user.%s.children_foreninger' % user.id)
return redirect(
'%s#tilganger' % reverse('admin:users.show', args=[user.id])
)
def add_forening_permission(request):
user = User.objects.get(id=request.POST['user'])
forening = Forening.objects.get(id=request.POST['forening'])
role = request.POST['role']
if role not in [r[0] for r in ForeningRole.ROLE_CHOICES]:
raise PermissionDenied
# Verify that the user performing this action has the required permissions
all_foreninger = request.user.all_foreninger()
if role == 'admin':
# Setting admin requires admin
if forening not in [a for a in all_foreninger if a.role == 'admin']:
raise PermissionDenied
elif role == 'user':
# Any role can set user
if forening not in all_foreninger:
raise PermissionDenied
try:
role = ForeningRole.objects.get(user=user, forening=forening)
role.role = request.POST['role']
role.save()
except ForeningRole.DoesNotExist:
role = ForeningRole(user=user, forening=forening, role=request.POST['role'])
role.save()
if request.POST.get('send_email', '') != '':
if user.get_sherpa_email() == '':
messages.warning(request, 'no_email_for_user')
else:
if send_access_granted_email(user, forening, request.user):
messages.info(request, 'access_email_success')
else:
messages.warning(request, 'access_email_failure')
cache.delete('user.%s.all_foreninger' % user.id)
cache.delete('user.%s.children_foreninger' % user.id)
return redirect('%s#tilganger' % reverse('admin:users.show', args=[user.id]))
def users_give_access(request, forening_id):
current_forening = Forening.objects.get(id=forening_id)
if current_forening not in request.user.all_foreninger():
raise PermissionDenied
wanted_role = request.POST['wanted_role']
if wanted_role not in ['user', 'admin']:
raise PermissionDenied
perm_name = (
'sherpa/association/admin'
if wanted_role == 'admin'
else 'sherpa/association/user'
)
# Verify that the user has the same access that they're giving
cur_user_is_valid = request.user.has_perm(
perm_name,
association_id=current_forening.id
)
if not cur_user_is_valid and not request.user.has_perm('sherpa/admin'):
raise PermissionDenied
other_user = User.get_users(
include_pending=True).get(id=request.POST['user'])
if other_user.has_perm('sherpa/admin'):
messages.info(request, 'user_is_sherpa_admin')
return redirect('admin:foreninger.users', current_forening.id)
# Adding the sherpa permission, if missing, is implicit - and informed
# about client-side
other_user.add_perm(
'sherpa/user',
created_by=request.user
)
for forening in other_user.all_foreninger():
if forening == current_forening:
# The user already has access to this forening
if forening.role == 'user' and wanted_role == 'admin':
# But it's a user role and we want admin! Update it.
other_user.add_perm(
'sherpa/association/admin',
association_id=forening.id,
created_by=request.user
)
messages.info(request, 'permission_created')
elif forening.role == 'admin' and wanted_role == 'user':
# We want user access, but they have admin. Chcek if it's an
# explicit relationship:
is_admin_in_specified_association = other_user.has_perm(
'sherpa/association/admin',
association_id=forening.id
)
if is_admin_in_specified_association:
other_user.remove_perm(
'sherpa/association/admin',
association_id=forening.id
)
else:
# No explicit relationship, so the user must have admin
# access to a parent
messages.info(request, 'user_has_admin_in_parent')
else:
# In this case, forening.role should equal wanted_role, so just
# inform the user that all is in order
messages.info(request, 'equal_permission_already_exists')
cache.delete('user.%s.all_foreninger' % other_user.id)
return redirect('admin:foreninger.users', current_forening.id)
# If we reach this code path, this is a new relationship - create it
other_user.add_perm(
'sherpa/association/user',
association_id=current_forening.id,
created_by=request.user
)
if wanted_role == 'admin':
other_user.add_perm(
'sherpa/association/admin',
association_id=current_forening.id,
created_by=request.user
)
if request.POST.get('send_email', '') != '':
if send_access_granted_email(other_user, current_forening,
request.user):
messages.info(request, 'access_email_success')
else:
messages.warning(request, 'access_email_failure')
messages.info(request, 'permission_created')
cache.delete('user.%s.all_foreninger' % other_user.id)
return redirect('admin:foreninger.users', current_forening.id)
def users_give_access(request, forening_id):
current_forening = Forening.objects.get(id=forening_id)
if current_forening not in request.user.all_foreninger():
raise PermissionDenied
wanted_role = request.POST['wanted_role']
if wanted_role not in [role[0] for role in ForeningRole.ROLE_CHOICES]:
raise PermissionDenied
# Verify that the user has the same access that they're giving
passed = False
for forening in request.user.all_foreninger():
if forening == request.active_forening:
if wanted_role == 'admin' and forening.role == 'user':
raise PermissionDenied
else:
passed = True
if not passed:
raise PermissionDenied
other_user = User.get_users(include_pending=True).get(id=request.POST['user'])
if other_user.has_perm('sherpa_admin'):
messages.info(request, 'user_is_sherpa_admin')
return redirect('admin:foreninger.users', current_forening.id)
# Adding the sherpa permission, if missing, is implicit - and informed about client-side
if not other_user.has_perm('sherpa'):
p = Permission.objects.get(name='sherpa')
other_user.permissions.add(p)
for forening in other_user.all_foreninger():
if forening == request.active_forening:
# The user already has access to this forening
if forening.role == 'user' and wanted_role == 'admin':
# But it's a user role and we want admin! Update it.
forening_role = ForeningRole.objects.get(user=other_user, forening=forening)
forening_role.role = 'admin'
forening_role.save()
messages.info(request, 'permission_created')
elif forening.role == 'admin' and wanted_role == 'user':
# We want user access, but they have admin. Chcek if it's an explicit relationship:
try:
forening_role = ForeningRole.objects.get(user=other_user, forening=forening)
forening_role.role = 'user'
forening_role.save()
messages.info(request, 'permission_created')
except ForeningRole.DoesNotExist:
# No explicit relationship, so the user must have admin access to a parent
messages.info(request, 'user_has_admin_in_parent')
else:
# In this case, forening.role should equal wanted_role, so just inform the user that all is in order
messages.info(request, 'equal_permission_already_exists')
cache.delete('user.%s.all_foreninger' % other_user.id)
return redirect('admin:foreninger.users', current_forening.id)
# If we reach this code path, this is a new relationship - create it
forening_role = ForeningRole(
user=other_user,
forening=request.active_forening,
role=wanted_role,
)
forening_role.save()
if request.POST.get('send_email', '') != '':
if send_access_granted_email(other_user, request.active_forening, request.user):
messages.info(request, 'access_email_success')
else:
messages.warning(request, 'access_email_failure')
messages.info(request, 'permission_created')
cache.delete('user.%s.all_foreninger' % other_user.id)
return redirect('admin:foreninger.users', current_forening.id)
