def get_queryset(self): if has_permissions_to(self.request, 'view_tasks'): # init param_user_tasks = None # get user_role user_role = self.request.user.groups.first().name # get all users tasks by user_id if self.request.user.is_superuser or user_role == 'ADMIN': param_user_tasks = Tasks.objects.all().filter( annotator=self.kwargs['user_id']) elif user_role == 'PM' or user_role == 'PROJECT_MANAGER': param_user_tasks = Tasks.objects.all().filter( annotator=self.kwargs['user_id'], created_by=self.request.user.id) elif user_role == 'ANNOTATOR' or user_role == 'GUEST': # if the current user wants to see his own tasks if self.kwargs['user_id'] == self.request.user.id: param_user_tasks = Tasks.objects.all().filter( annotator=self.kwargs['user_id'], is_active=True) return param_user_tasks else: raise PermissionDenied
def get_queryset(self): if has_permissions_to(self.request, 'view_projects'): param_user_projects = None my_projects = [] # get user_role user_role = self.request.user.groups.first().name # get all users projects by user_id if user_role == 'ADMIN': param_user_projects = Projects.objects.all().order_by( '-updated_at') elif user_role == 'PM' or user_role == 'PROJECT_MANAGER': param_user_projects = Projects.objects.all().filter( created_by=self.request.user.id).order_by('-updated_at') elif user_role == 'ANNOTATOR' or user_role == 'GUEST': # if the current user can see only his own tasks - projects user_tasks = Tasks.objects.all().filter( annotator=self.request.user.id, is_active=True).order_by('-updated_at') for task in user_tasks: my_projects.append(task.project.id) param_user_projects = Projects.objects.all().filter( is_active=True, id__in=my_projects).order_by('-updated_at') return param_user_projects # return self.queryset else: raise PermissionDenied
def get_queryset(self): if has_permissions_to(self.request, 'view_tasks'): # init param_user_tasks = None # get user_role user_role = self.request.user.groups.first().name # get all users tasks by user_id if user_role == 'ADMIN': param_user_tasks = Tasks.objects.all().order_by('-updated_at') elif user_role == 'PM' or user_role == 'PROJECT_MANAGER': param_user_tasks = Tasks.objects.all().filter( created_by=self.request.user.id).order_by('-updated_at') elif user_role == 'ANNOTATOR' or user_role == 'GUEST': # if the current user wants to see his own tasks # changed by Omri 23.7.17 to include demo tasks param_user_tasks = (Tasks.objects.all().filter( is_demo=True, is_active=True, status=Constants.TASK_STATUS_JSON['SUBMITTED'] ).order_by('-updated_at') | Tasks.objects.all().filter( annotator=self.request.user.id, is_active=True).order_by('-updated_at')).distinct() #param_user_tasks = Tasks.objects.all().filter(annotator=self.request.user.id, is_active=True).order_by('-updated_at') return param_user_tasks else: raise PermissionDenied
def create(self, request, *args, **kwargs): if has_permissions_to(self.request, 'add_projects'): ownerUser = self.request.user request.data['created_by'] = ownerUser return super(self.__class__, self).create(request) else: raise PermissionDenied
def get_queryset(self): if has_permissions_to(self.request, 'view_projects'): # init param_user_tasks = None projects_set = [] # get user_role user_role = self.request.user.groups.first().name # get all users tasks by user_id if self.request.user.is_superuser or user_role == 'ADMIN': param_user_tasks = Tasks.objects.values( 'project_id', 'annotator_id', 'created_by').filter(annotator=self.kwargs['user_id']) elif user_role == 'PM' or user_role == 'PROJECT_MANAGER': param_user_tasks = Tasks.objects.values( 'project_id', 'annotator_id', 'created_by').filter(annotator=self.kwargs['user_id'], created_by=self.request.user.id) if param_user_tasks is not None: # group by project_id user_tasks = param_user_tasks.annotate(Count('project_id')) for ut in user_tasks: projects_set.append( Projects.objects.get(pk=ut['project_id'])) return projects_set else: raise PermissionDenied
def destroy(self, request, *args, **kwargs): if has_permissions_to(self.request, 'delete_sources'): try: return super(self.__class__, self).destroy(request) except ProtectedError: raise DependencyFailedException else: raise PermissionDenied
def create(self, request, *args, **kwargs): if has_permissions_to(self.request, 'add_tasks'): ownerUser = self.request.user request.data['created_by'] = ownerUser request.data['status'] = Constants.TASK_STATUS_JSON['NOT_STARTED'] return super(self.__class__, self).create(request) else: raise PermissionDenied
def destroy(self, request, *args, **kwargs): if has_permissions_to(self.request, 'delete_users'): instance = self.get_object() User.objects.get(pk=instance.id).delete() self.perform_destroy(instance) return Response(status=status.HTTP_204_NO_CONTENT) else: raise PermissionDenied
def update(self, request, *args, **kwargs): if (kwargs['save_type'] not in Constants.SAVE_TYPES): raise SaveTypeDeniedException if has_permissions_to(self.request, 'change_tasks'): self.context = dict(kwargs) #self.context['status'] = 'ONGOING' return super(self.__class__, self).update(request) else: raise PermissionDenied
def create(self, request, *args, **kwargs): if has_permissions_to(self.request, 'add_layers'): ownerUser = self.request.user request.data['created_by'] = ownerUser if 'created_at' in request.data: request.data.pop('created_at') return super(self.__class__, self).create(request) else: raise PermissionDenied
def get_queryset(self): if has_permissions_to(self.request,'view_users'): param_user_details = None # get user_role user_role = self.request.user.groups.first().name if user_role == 'GUEST': param_user_details = Users.objects.all().order_by('-updated_at') # if the current user wants to see his own tasks param_user_details = Users.objects.all().filter(id=self.request.user.id, is_active=True) else: param_user_details = Users.objects.all().order_by('-updated_at') return param_user_details else: raise PermissionDenied
def create(self, request, *args, **kwargs): if has_permissions_to(self.request, 'add_users'): context = { 'request': self.request } ownerUser = request.user djangoUser = User() djangoUser.email = request.data['email'] djangoUser.first_name = request.data['first_name'] djangoUser.last_name = request.data['last_name'] djangoUser.username = request.data['first_name'] + get_random_string(length=8) random_password = User.objects.make_random_password() djangoUser.set_password(random_password) Users.validate_email_unique(djangoUser.email) djangoUser.save() send_invite_email(inviterName=self.request.user.first_name, toEmail=djangoUser.email, password=random_password) newUser = Users() newUser.id = djangoUser.pk newUser.user_auth = djangoUser newUser.first_name = request.data['first_name'] newUser.last_name = request.data['last_name'] newUser.email = request.data['email'] newUser.organization = request.data['organization'] newUser.affiliation = request.data['affiliation'] newUser.role = Roles.objects.get(id=request.data['role']['id']) newUser.set_group(newUser.id, newUser.role.name) newUser.created_by = ownerUser newUser.save() userSerialiser = UsersSerializer(newUser,context=context) res = { "result": userSerialiser.data } return Response(res) else: raise PermissionDenied
def update(self, request, *args, **kwargs): if has_permissions_to(self.request, 'change_users'): partial = kwargs.pop('partial', False) instance = self.get_object() new_role = Roles.objects.get(id=request.data['role']['id']) request.data['role'] = { 'id': new_role.id, 'name': new_role.name } # Roles.objects.get(id=request.data['role']['value']) serializer = self.get_serializer(instance, data=request.data, partial=partial) serializer.is_valid(raise_exception=True) self.perform_update(serializer) if getattr(instance, '_prefetched_objects_cache', None): # If 'prefetch_related' has been applied to a queryset, we need to # refresh the instance from the database. instance = self.get_object() serializer = self.get_serializer(instance) return Response(serializer.data) else: raise PermissionDenied
def update(self, request, *args, **kwargs): if has_permissions_to(self.request, 'change_sources'): return super(self.__class__, self).update(request) else: raise PermissionDenied
def get_queryset(self): if has_permissions_to(self.request, 'view_sources'): return self.queryset else: raise PermissionDenied