Esempio n. 1
0
def add_forening_permission(request):
    user = User.objects.get(id=request.POST['user'])
    forening = Forening.objects.get(id=request.POST['forening'])
    role = request.POST['role']

    if role not in ['admin', 'user']:
        raise PermissionDenied

    # Verify that the user performing this action has the required permissions
    all_foreninger = request.user.all_foreninger()
    if role == 'admin':
        # Setting admin requires admin
        if forening not in [a for a in all_foreninger if a.role == 'admin']:
            raise PermissionDenied
    elif role == 'user':
        # Any role can set user
        if forening not in all_foreninger:
            raise PermissionDenied

    if not user.has_perm('sherpa/association/user',
                         association_id=forening.id):
        user.add_perm(
            'sherpa/association/user',
            association_id=forening.id,
            created_by=request.user
        )

    if role == 'admin' and not user.has_perm('sherpa/association/admin',
                                             association_id=forening.id):
        user.add_perm(
            'sherpa/association/admin',
            association_id=forening.id,
            created_by=request.user
        )

    if request.POST.get('send_email', '') != '':
        if user.get_sherpa_email() == '':
            messages.warning(request, 'no_email_for_user')
        else:
            if send_access_granted_email(user, forening, request.user):
                messages.info(request, 'access_email_success')
            else:
                messages.warning(request, 'access_email_failure')

    cache.delete('user.%s.all_foreninger' % user.id)
    cache.delete('user.%s.children_foreninger' % user.id)
    return redirect(
        '%s#tilganger' % reverse('admin:users.show', args=[user.id])
    )
Esempio n. 2
0
def add_forening_permission(request):
    user = User.objects.get(id=request.POST['user'])
    forening = Forening.objects.get(id=request.POST['forening'])
    role = request.POST['role']

    if role not in [r[0] for r in ForeningRole.ROLE_CHOICES]:
        raise PermissionDenied

    # Verify that the user performing this action has the required permissions
    all_foreninger = request.user.all_foreninger()
    if role == 'admin':
        # Setting admin requires admin
        if forening not in [a for a in all_foreninger if a.role == 'admin']:
            raise PermissionDenied
    elif role == 'user':
        # Any role can set user
        if forening not in all_foreninger:
            raise PermissionDenied

    try:
        role = ForeningRole.objects.get(user=user, forening=forening)
        role.role = request.POST['role']
        role.save()
    except ForeningRole.DoesNotExist:
        role = ForeningRole(user=user, forening=forening, role=request.POST['role'])
        role.save()

    if request.POST.get('send_email', '') != '':
        if user.get_sherpa_email() == '':
            messages.warning(request, 'no_email_for_user')
        else:
            if send_access_granted_email(user, forening, request.user):
                messages.info(request, 'access_email_success')
            else:
                messages.warning(request, 'access_email_failure')

    cache.delete('user.%s.all_foreninger' % user.id)
    cache.delete('user.%s.children_foreninger' % user.id)
    return redirect('%s#tilganger' % reverse('admin:users.show', args=[user.id]))
Esempio n. 3
0
def users_give_access(request, forening_id):
    current_forening = Forening.objects.get(id=forening_id)
    if current_forening not in request.user.all_foreninger():
        raise PermissionDenied

    wanted_role = request.POST['wanted_role']
    if wanted_role not in ['user', 'admin']:
        raise PermissionDenied

    perm_name = (
        'sherpa/association/admin'
        if wanted_role == 'admin'
        else 'sherpa/association/user'
    )

    # Verify that the user has the same access that they're giving
    cur_user_is_valid = request.user.has_perm(
        perm_name,
        association_id=current_forening.id
    )
    if not cur_user_is_valid and not request.user.has_perm('sherpa/admin'):
        raise PermissionDenied

    other_user = User.get_users(
        include_pending=True).get(id=request.POST['user'])
    if other_user.has_perm('sherpa/admin'):
        messages.info(request, 'user_is_sherpa_admin')
        return redirect('admin:foreninger.users', current_forening.id)

    # Adding the sherpa permission, if missing, is implicit - and informed
    # about client-side
    other_user.add_perm(
        'sherpa/user',
        created_by=request.user
    )

    for forening in other_user.all_foreninger():
        if forening == current_forening:
            # The user already has access to this forening
            if forening.role == 'user' and wanted_role == 'admin':
                # But it's a user role and we want admin! Update it.
                other_user.add_perm(
                    'sherpa/association/admin',
                    association_id=forening.id,
                    created_by=request.user
                )
                messages.info(request, 'permission_created')
            elif forening.role == 'admin' and wanted_role == 'user':
                # We want user access, but they have admin. Chcek if it's an
                # explicit relationship:
                is_admin_in_specified_association = other_user.has_perm(
                    'sherpa/association/admin',
                    association_id=forening.id
                )
                if is_admin_in_specified_association:
                    other_user.remove_perm(
                        'sherpa/association/admin',
                        association_id=forening.id
                    )
                else:
                    # No explicit relationship, so the user must have admin
                    # access to a parent
                    messages.info(request, 'user_has_admin_in_parent')
            else:
                # In this case, forening.role should equal wanted_role, so just
                # inform the user that all is in order
                messages.info(request, 'equal_permission_already_exists')
            cache.delete('user.%s.all_foreninger' % other_user.id)
            return redirect('admin:foreninger.users', current_forening.id)

    # If we reach this code path, this is a new relationship - create it
    other_user.add_perm(
        'sherpa/association/user',
        association_id=current_forening.id,
        created_by=request.user
    )

    if wanted_role == 'admin':
        other_user.add_perm(
            'sherpa/association/admin',
            association_id=current_forening.id,
            created_by=request.user
        )

    if request.POST.get('send_email', '') != '':
        if send_access_granted_email(other_user, current_forening,
                                     request.user):
            messages.info(request, 'access_email_success')
        else:
            messages.warning(request, 'access_email_failure')
    messages.info(request, 'permission_created')
    cache.delete('user.%s.all_foreninger' % other_user.id)
    return redirect('admin:foreninger.users', current_forening.id)
Esempio n. 4
0
def users_give_access(request, forening_id):
    current_forening = Forening.objects.get(id=forening_id)
    if current_forening not in request.user.all_foreninger():
        raise PermissionDenied

    wanted_role = request.POST['wanted_role']
    if wanted_role not in [role[0] for role in ForeningRole.ROLE_CHOICES]:
        raise PermissionDenied

    # Verify that the user has the same access that they're giving
    passed = False
    for forening in request.user.all_foreninger():
        if forening == request.active_forening:
            if wanted_role == 'admin' and forening.role == 'user':
                raise PermissionDenied
            else:
                passed = True
    if not passed:
        raise PermissionDenied

    other_user = User.get_users(include_pending=True).get(id=request.POST['user'])
    if other_user.has_perm('sherpa_admin'):
        messages.info(request, 'user_is_sherpa_admin')
        return redirect('admin:foreninger.users', current_forening.id)

    # Adding the sherpa permission, if missing, is implicit - and informed about client-side
    if not other_user.has_perm('sherpa'):
        p = Permission.objects.get(name='sherpa')
        other_user.permissions.add(p)

    for forening in other_user.all_foreninger():
        if forening == request.active_forening:
            # The user already has access to this forening
            if forening.role == 'user' and wanted_role == 'admin':
                # But it's a user role and we want admin! Update it.
                forening_role = ForeningRole.objects.get(user=other_user, forening=forening)
                forening_role.role = 'admin'
                forening_role.save()
                messages.info(request, 'permission_created')
            elif forening.role == 'admin' and wanted_role == 'user':
                # We want user access, but they have admin. Chcek if it's an explicit relationship:
                try:
                    forening_role = ForeningRole.objects.get(user=other_user, forening=forening)
                    forening_role.role = 'user'
                    forening_role.save()
                    messages.info(request, 'permission_created')
                except ForeningRole.DoesNotExist:
                    # No explicit relationship, so the user must have admin access to a parent
                    messages.info(request, 'user_has_admin_in_parent')
            else:
                # In this case, forening.role should equal wanted_role, so just inform the user that all is in order
                messages.info(request, 'equal_permission_already_exists')
            cache.delete('user.%s.all_foreninger' % other_user.id)
            return redirect('admin:foreninger.users', current_forening.id)

    # If we reach this code path, this is a new relationship - create it
    forening_role = ForeningRole(
        user=other_user,
        forening=request.active_forening,
        role=wanted_role,
    )
    forening_role.save()
    if request.POST.get('send_email', '') != '':
        if send_access_granted_email(other_user, request.active_forening, request.user):
            messages.info(request, 'access_email_success')
        else:
            messages.warning(request, 'access_email_failure')
    messages.info(request, 'permission_created')
    cache.delete('user.%s.all_foreninger' % other_user.id)
    return redirect('admin:foreninger.users', current_forening.id)