def dispatch(self, request, pk, *args, **kwargs): self.project = get_object_or_404(Project.objects.active(), pk=pk) if not Permissions.has_perms([ 'change_project', 'add_project', 'delete_project' ], request.user, self.project.uuid) and not Permissions.has_perms( ['change_organization', 'add_organization', 'delete_organization'], request.user, self.project.organization.uuid ) and not self.project.document_set.filter( uuid__in=Permissions.objects.filter(permission__codename__in=[ 'change_document', 'add_document', 'delete_document' ], user=request.user). values_list('object_uuid', flat=True)).exists(): raise PermissionDenied( _('You do not have permission to view this project.')) # Do we have permission to add people? admin_permission = True if Permissions.has_perms( ['change_project'], request.user, self.project.uuid) or Permissions.has_perms( ['change_organization'], request.user, self.project.organization.uuid) else False self.form = InviteUserForm(request.POST or None, admin_permission=admin_permission) self.email_form = EmailForm(request.POST or None) return super(InviteUserView, self).dispatch(request, *args, **kwargs)
def dispatch(self, request, pk, *args, **kwargs): self.project = get_object_or_404(Project.objects.active(), pk=pk) if not Permissions.has_perms([ 'change_project', 'add_project', 'delete_project' ], request.user, self.project.uuid) and not Permissions.has_perms( ['change_organization', 'add_organization', 'delete_organization'], request.user, self.project.organization.uuid ) and not self.project.document_set.filter( uuid__in=Permissions.objects.filter(permission__codename__in=[ 'change_document', 'add_document', 'delete_document' ], user=request.user). values_list('object_uuid', flat=True)).exists(): raise PermissionDenied( _('You do not have permission to view this project.')) self.categories_form = CategoryForm(request.GET or None, project=self.project) self.sort_form = SortForm(request.GET or None) documents = self.project.get_documents(request.user) if 'search' in request.GET and request.GET['search'] != '': self.documents = documents.filter( id__in=DocumentVersion.objects.annotate(search=SearchVector( 'name', 'description', 'user__first_name', 'user__last_name', 'user__username')).filter( search=request.GET.get('search', '')).values_list( 'document_id', flat=True)).filter( project=self.project).prefetch_related( 'documentversion_set', 'documentversion_set__user') self.sort_order = request.GET.get('search') else: self.documents = documents return super(ProjectView, self).dispatch(request, *args, **kwargs)
def has_create(self, user): perm = Permission.objects.get(codename='add_document') org_perm = Permission.objects.get(codename='add_organization') project_perm = Permission.objects.get(codename='add_project') return Permissions.has_perm( perm=perm, user=user, uuid=self.uuid) or Permissions.has_perm( perm=org_perm, user=user, uuid=self.project.organization.uuid) or Permissions.has_perm( perm=project_perm, user=user, uuid=self.project.uuid)
def has_change(self, user): perm = Permission.objects.get(codename='change_project') org_perm = Permission.objects.get(codename='change_organization') return Permissions.has_perm( perm=perm, user=user, uuid=self.uuid ) or Permissions.has_perm( perm=org_perm, user=user, uuid=self.organization.uuid )
def get_users(self, user): if user.is_superuser: return User.objects.all() # If you have permissions for the org, or permissions for the # project, then you can see everyone in the org. if Permissions.has_perms([ 'change_organization', 'add_organization', 'delete_organization' ], user, self.organization.uuid) or Permissions.has_perms([ 'change_project', 'delete_project' ], user, self.uuid): return self.organization.user_set.all() return None
def get_projects(self, user): if user.is_superuser: return Project.objects.active().filter(organization=self) if Permissions.has_perms( ['change_organization', 'add_organization', 'delete_organization'], user, self.uuid): return self.project_set.all() else: document_project_uuids = Permissions.objects.filter( permission__codename__in=[ 'change_document', 'add_document', 'delete_document' ], user=user).values_list('object_uuid', flat=True) document_projects = documents.models.Document.objects.filter( project__organization=self, uuid__in=document_project_uuids).values_list('project__uuid', flat=True) project__uuids = self.project_set.all().values_list('uuid', flat=True) perm_uuids = Permissions.objects.filter( user=user, object_uuid__in=project__uuids).values_list('object_uuid', flat=True) return Project.objects.filter(uuid__in=list(perm_uuids) + list(document_projects))
def dispatch(self, request, pk, *args, **kwargs): self.project = get_object_or_404(Project.objects.active(), pk=pk) if not Permissions.has_perms([ 'change_project', 'add_project', 'delete_project' ], request.user, self.project.uuid) and not Permissions.has_perms( ['change_organization', 'add_organization', 'delete_organization'], request.user, self.project.organization.uuid ) and not self.project.document_set.filter( uuid__in=Permissions.objects.filter(permission__codename__in=[ 'change_document', 'add_document', 'delete_document' ], user=request.user). values_list('object_uuid', flat=True)).exists(): raise PermissionDenied( _('You do not have permission to view this project.')) return super(ExportProjectView, self).dispatch(request, *args, **kwargs)
def get_people(self, user): # If you are a super user or you have permissions on # an organization, then you can see everyone. if user.is_superuser or Permissions.has_perms( ['change_organization', 'add_organization', 'delete_organization'], user, self.uuid): return User.objects.all() else: return None
def get_people(self, user): # If you are a super user or you have permissions on # an organization, then you can see everyone. if user.is_superuser or Permissions.has_perms( ['change_organization', 'add_organization', 'delete_organization'], user, self.uuid): return User.objects.all() # TODO: This is a little to restrictive, but I think it needs some thinking about what should happen. else: return None
def get_users(self, user): if user.is_superuser: return User.objects.all() # If you have permissions for the org, or permissions for the # project, then you can see everyone in the org. if Permissions.has_perms( ['change_organization', 'add_organization', 'delete_organization'], user, self.project.organization.uuid) or Permissions.has_perms( ['add_project', 'change_project', 'delete_project'], user, self.project.uuid): return self.project.organization.user_set.all() if Permissions.has_perms( ['add_document', 'change_document', 'delete_document'], user, self.uuid): project_users = DocumentVersion.objects.filter( document__project=self.project).prefetch_related( 'document_set').select_related('user_id').values_list( 'user_id', flat=True) return User.objects.filter(id__in=project_users) return None
def get_documents(self, user): if user.is_superuser: return self.document_set.filter(project=self) if Permissions.has_perms([ 'change_organization', 'add_organization', 'delete_organization' ], user, self.organization.uuid) or Permissions.has_perms([ 'change_project', 'add_project', 'delete_project' ], user, self.uuid): return self.document_set.all().prefetch_related('documentversion_set', 'documentversion_set__user') else: document__uuids = self.document_set.all().values_list('uuid', flat=True) perm_uuids = Permissions.objects.filter( user=user, object_uuid__in=document__uuids ).values_list('object_uuid', flat=True) return self.document_set.filter(uuid__in=perm_uuids).prefetch_related('documentversion_set', 'documentversion_set__user')
def add_create(self, user): perm = Permission.objects.get(codename='add_document') Permissions.add_perm(perm=perm, user=user, uuid=self.uuid)
def has_create(self, user): perm = Permission.objects.get(codename='add_organization') return Permissions.has_perm(perm=perm, user=user, uuid=self.uuid)
def add_delete(self, user): perm = Permission.objects.get(codename='delete_organization') Permissions.add_perm(perm=perm, user=user, uuid=self.uuid)
def add_change(self, user): perm = Permission.objects.get(codename='change_project') Permissions.add_perm(perm=perm, user=user, uuid=self.uuid)