def get_users(obj, context, all_perms=True):
if all_perms:
users = cache.get('{}{}'.format(PROJ_PERM_CACHE, obj.pk))
if users:
return users
data = {}
for perm in obj.projectuserobjectpermission_set.all():
if perm.user_id not in data:
user = perm.user
if all_perms or user in [context['request'].user,
obj.organization]:
data[perm.user_id] = {
'permissions': [],
'is_org': is_organization(user.profile),
'metadata': user.profile.metadata,
'first_name': user.first_name,
'last_name': user.last_name,
'user': user.username
}
if perm.user_id in data:
data[perm.user_id]['permissions'].append(perm.permission.codename)
for k in data.keys():
data[k]['permissions'].sort()
data[k]['role'] = get_role(data[k]['permissions'], obj)
del(data[k]['permissions'])
results = data.values()
if all_perms:
cache.set('{}{}'.format(PROJ_PERM_CACHE, obj.pk), results)
return results
def get_xform_users(xform):
"""
Utility function that returns users and their roles in a form.
:param xform:
:return:
"""
data = {}
for perm in xform.xformuserobjectpermission_set.all():
if perm.user not in data:
user = perm.user
data[user] = {
'permissions': [],
'is_org': is_organization(user.profile),
'metadata': user.profile.metadata,
'first_name': user.first_name,
'last_name': user.last_name,
'user': user.username
}
if perm.user in data:
data[perm.user]['permissions'].append(perm.permission.codename)
for k in data:
data[k]['permissions'].sort()
data[k]['role'] = get_role(data[k]['permissions'], xform)
del data[k]['permissions']
return data
def test_team_members_meta_perms_restrictions(self):
self._team_create()
self._publish_xls_form_to_project()
user_alice = self._create_user('alice', 'alice')
members_team = Team.objects.get(
name='%s#%s' % (self.organization.user.username, 'members'))
# add alice to members team
add_user_to_team(members_team, user_alice)
# confirm that the team and members have no permissions on form
self.assertFalse(get_perms(members_team, self.xform))
self.assertFalse(get_perms(user_alice, self.xform))
# share project to team
view = TeamViewSet.as_view({
'get': 'list',
'post': 'share'})
post_data = {
'role': EditorRole.name,
'project': self.project.pk,
'remove': False
}
request = self.factory.post('/', data=post_data, **self.extra)
response = view(request, pk=members_team.pk)
self.assertEqual(response.status_code, 204)
# team members should have editor permissions now
alice_perms = get_perms(user_alice, self.xform)
alice_role = get_role(alice_perms, self.xform)
self.assertEqual(EditorRole.name, alice_role)
self.assertTrue(EditorRole.user_has_role(user_alice, self.xform))
# change meta permissions
meta_view = MetaDataViewSet.as_view({
'post': 'create',
'put': 'update'
})
data = {
'data_type': XFORM_META_PERMS,
'data_value': 'editor-minor|dataentry',
'xform': self.xform.pk
}
request = self.factory.post('/', data, **self.extra)
response = meta_view(request)
self.assertEqual(response.status_code, 201)
# members should now have EditorMinor role
self.assertTrue(EditorMinorRole.user_has_role(user_alice, self.xform))
def test_team_members_meta_perms_restrictions(self):
self._team_create()
self._publish_xls_form_to_project()
user_alice = self._create_user('alice', 'alice')
members_team = Team.objects.get(
name='%s#%s' % (self.organization.user.username, 'members'))
# add alice to members team
add_user_to_team(members_team, user_alice)
# confirm that the team and members have no permissions on form
self.assertFalse(get_perms(members_team, self.xform))
self.assertFalse(get_perms(user_alice, self.xform))
# share project to team
view = TeamViewSet.as_view({
'get': 'list',
'post': 'share'})
post_data = {
'role': EditorRole.name,
'project': self.project.pk,
'remove': False
}
request = self.factory.post('/', data=post_data, **self.extra)
response = view(request, pk=members_team.pk)
self.assertEqual(response.status_code, 204)
# team members should have editor permissions now
alice_perms = get_perms(user_alice, self.xform)
alice_role = get_role(alice_perms, self.xform)
self.assertEqual(EditorRole.name, alice_role)
self.assertTrue(EditorRole.user_has_role(user_alice, self.xform))
# change meta permissions
meta_view = MetaDataViewSet.as_view({
'post': 'create',
'put': 'update'
})
data = {
'data_type': XFORM_META_PERMS,
'data_value': 'editor-minor|dataentry',
'xform': self.xform.pk
}
request = self.factory.post('/', data, **self.extra)
response = meta_view(request)
self.assertEqual(response.status_code, 201)
# members should now have EditorMinor role
self.assertTrue(EditorMinorRole.user_has_role(user_alice, self.xform))
def get_xform_users(xform):
"""
Utility function that returns users and their roles in a form.
:param xform:
:return:
"""
data = {}
org_members = []
for perm in xform.xformuserobjectpermission_set.all():
if perm.user not in data:
user = perm.user
if is_organization(user.profile):
org_members = get_team_members(user.username)
data[user] = {
'permissions': [],
'is_org': is_organization(user.profile),
'metadata': user.profile.metadata,
'first_name': user.first_name,
'last_name': user.last_name,
'user': user.username
}
if perm.user in data:
data[perm.user]['permissions'].append(perm.permission.codename)
for user in org_members:
if user not in data:
data[user] = {
'permissions': get_perms(user, xform),
'is_org': is_organization(user.profile),
'metadata': user.profile.metadata,
'first_name': user.first_name,
'last_name': user.last_name,
'user': user.username
}
for k in data:
data[k]['permissions'].sort()
data[k]['role'] = get_role(data[k]['permissions'], xform)
del data[k]['permissions']
return data
def get_teams(obj):
teams_users = cache.get('{}{}'.format(PROJ_TEAM_USERS_CACHE, obj.pk))
if teams_users:
return teams_users
teams_users = []
teams = obj.organization.team_set.all()
for team in teams:
# to take advantage of prefetch iterate over user set
users = [user.username for user in team.user_set.all()]
perms = get_team_permissions(team, obj)
teams_users.append({
"name": team.name,
"role": get_role(perms, obj),
"users": users
})
cache.set('{}{}'.format(PROJ_TEAM_USERS_CACHE, obj.pk), teams_users)
return teams_users
def get_users(project, context, all_perms=True):
"""
Return a list of users and organizations that have access to the project.
"""
if all_perms:
users = cache.get('{}{}'.format(PROJ_PERM_CACHE, project.pk))
if users:
return users
data = {}
for perm in project.projectuserobjectpermission_set.all():
if perm.user_id not in data:
user = perm.user
if all_perms or user in [
context['request'].user, project.organization
]:
data[perm.user_id] = {
'permissions': [],
'is_org': is_organization(user.profile),
'metadata': user.profile.metadata,
'first_name': user.first_name,
'last_name': user.last_name,
'user': user.username
}
if perm.user_id in data:
data[perm.user_id]['permissions'].append(perm.permission.codename)
for k in list(data):
data[k]['permissions'].sort()
data[k]['role'] = get_role(data[k]['permissions'], project)
del data[k]['permissions']
results = listvalues(data)
if all_perms:
cache.set('{}{}'.format(PROJ_PERM_CACHE, project.pk), results)
return results
def get_users(project, context, all_perms=True):
"""
Return a list of users and organizations that have access to the project.
"""
if all_perms:
users = cache.get('{}{}'.format(PROJ_PERM_CACHE, project.pk))
if users:
return users
data = {}
for perm in project.projectuserobjectpermission_set.all():
if perm.user_id not in data:
user = perm.user
if all_perms or user in [
context['request'].user, project.organization
]:
data[perm.user_id] = {
'permissions': [],
'is_org': is_organization(user.profile),
'metadata': user.profile.metadata,
'first_name': user.first_name,
'last_name': user.last_name,
'user': user.username
}
if perm.user_id in data:
data[perm.user_id]['permissions'].append(perm.permission.codename)
for k in list(data):
data[k]['permissions'].sort()
data[k]['role'] = get_role(data[k]['permissions'], project)
del data[k]['permissions']
results = listvalues(data)
if all_perms:
cache.set('{}{}'.format(PROJ_PERM_CACHE, project.pk), results)
return results
def get_users(self, obj):
xform_perms = []
if obj:
xform_perms = cache.get(
'{}{}'.format(XFORM_PERMISSIONS_CACHE, obj.pk))
if xform_perms:
return xform_perms
cache.set('{}{}'.format(XFORM_PERMISSIONS_CACHE, obj.pk),
xform_perms)
data = {}
for perm in obj.xformuserobjectpermission_set.all():
if perm.user_id not in data:
user = perm.user
data[perm.user_id] = {
'permissions': [],
'is_org': is_organization(user.profile),
'metadata': user.profile.metadata,
'first_name': user.first_name,
'last_name': user.last_name,
'user': user.username
}
if perm.user_id in data:
data[perm.user_id]['permissions'].append(
perm.permission.codename)
for k in data.keys():
data[k]['permissions'].sort()
data[k]['role'] = get_role(data[k]['permissions'], obj)
del (data[k]['permissions'])
xform_perms = data.values()
cache.set('{}{}'.format(XFORM_PERMISSIONS_CACHE, obj.pk), xform_perms)
return xform_perms
def get_users(self, obj):
xform_perms = []
if obj:
xform_perms = cache.get(
'{}{}'.format(XFORM_PERMISSIONS_CACHE, obj.pk))
if xform_perms:
return xform_perms
cache.set('{}{}'.format(XFORM_PERMISSIONS_CACHE, obj.pk),
xform_perms)
data = {}
for perm in obj.xformuserobjectpermission_set.all():
if perm.user_id not in data:
user = perm.user
data[perm.user_id] = {
'permissions': [],
'is_org': is_organization(user.profile),
'metadata': user.profile.metadata,
'first_name': user.first_name,
'last_name': user.last_name,
'user': user.username
}
if perm.user_id in data:
data[perm.user_id]['permissions'].append(
perm.permission.codename)
for k in list(data):
data[k]['permissions'].sort()
data[k]['role'] = get_role(data[k]['permissions'], XForm)
del (data[k]['permissions'])
xform_perms = listvalues(data)
cache.set('{}{}'.format(XFORM_PERMISSIONS_CACHE, obj.pk), xform_perms)
return xform_perms
def get_teams(project):
"""
Return the teams with access to the project.
"""
teams_users = cache.get('{}{}'.format(PROJ_TEAM_USERS_CACHE, project.pk))
if teams_users:
return teams_users
teams_users = []
teams = project.organization.team_set.all()
for team in teams:
# to take advantage of prefetch iterate over user set
users = [user.username for user in team.user_set.all()]
perms = get_team_permissions(team, project)
teams_users.append({
"name": team.name,
"role": get_role(perms, project),
"users": users
})
cache.set('{}{}'.format(PROJ_TEAM_USERS_CACHE, project.pk), teams_users)
return teams_users
def get_teams(project):
"""
Return the teams with access to the project.
"""
teams_users = cache.get('{}{}'.format(PROJ_TEAM_USERS_CACHE, project.pk))
if teams_users:
return teams_users
teams_users = []
teams = project.organization.team_set.all()
for team in teams:
# to take advantage of prefetch iterate over user set
users = [user.username for user in team.user_set.all()]
perms = get_team_permissions(team, project)
teams_users.append({
"name": team.name,
"role": get_role(perms, project),
"users": users
})
cache.set('{}{}'.format(PROJ_TEAM_USERS_CACHE, project.pk), teams_users)
return teams_users
