def modify_researcher_permissions(self): """ Modifies researcher permissions by adding the user to the respective admin, read, or researcher group. They inherit the permissions of that org group. """ new_perm = self.request.POST["value"] org_name = self.request.user.organization.name admin_group = Group.objects.get(name=build_org_group_name(org_name, "admin")) read_group = Group.objects.get(name=build_org_group_name(org_name, "read")) researcher_group = Group.objects.get( name=build_org_group_name(org_name, "researcher") ) researcher = self.object if new_perm == "org_admin": admin_group.user_set.add(researcher) read_group.user_set.remove(researcher) researcher_group.user_set.remove(researcher) elif new_perm == "org_read": read_group.user_set.add(researcher) admin_group.user_set.remove(researcher) researcher_group.user_set.remove(researcher) else: researcher_group.user_set.add(researcher) admin_group.user_set.remove(researcher) read_group.user_set.remove(researcher) return
def get_org_groups(self): """ Fetches the org admin, org read, and org researcher groups for the organization that the current user belongs to """ user_org = self.request.user.organization if user_org: user_org_name = user_org.name admin_group = Group.objects.get(name=build_org_group_name(user_org_name, 'admin')) read_group = Group.objects.get(name=build_org_group_name(user_org_name, 'read')) researcher_group = Group.objects.get(name=build_org_group_name(user_org_name, 'researcher')) return admin_group, read_group, researcher_group else: raise PermissionDenied
def organization_post_save(sender, **kwargs): """ Create groups for all newly created Organization instances. We only run on Organization creation to avoid having to check existence on each call to Organization.save. """ organization, created = kwargs["instance"], kwargs["created"] if created: from django.contrib.auth.models import Group for group in ["researcher", "read", "admin"]: group_instance, created = Group.objects.get_or_create( name=build_org_group_name(organization.name, group) ) create_study = Permission.objects.get(codename="can_create_study") view_experimenter = Permission.objects.get(codename="can_view_experimenter") view_organization = Permission.objects.get(codename="can_view_organization") edit_organization = Permission.objects.get(codename="can_edit_organization") group_instance.permissions.add(create_study) group_instance.permissions.add(view_experimenter) if group == "admin": group_instance.permissions.add(view_organization) group_instance.permissions.add(edit_organization) if group == "read": group_instance.permissions.add(view_organization)
def organization_post_save(sender, **kwargs): ''' Create groups for all newly created Organization instances. We only run on Organization creation to avoid having to check existence on each call to Organization.save. ''' organization, created = kwargs['instance'], kwargs['created'] if created: from django.contrib.auth.models import Group for group in ['researcher', 'read', 'admin']: group_instance, created = Group.objects.get_or_create( name=build_org_group_name(organization.name, group) ) create_study = Permission.objects.get(codename='can_create_study') view_experimenter = Permission.objects.get(codename='can_view_experimenter') view_organization = Permission.objects.get(codename='can_view_organization') edit_organization = Permission.objects.get(codename='can_edit_organization') group_instance.permissions.add(create_study) group_instance.permissions.add(view_experimenter) if group == 'admin': group_instance.permissions.add(view_organization) group_instance.permissions.add(edit_organization) if group == 'read': group_instance.permissions.add(view_organization)
def is_org_read(self): if not self.organization_id: return False if self.is_org_admin: return True return self.groups.filter( name=build_org_group_name(self.organization.name, "read") ).exists()
def is_org_researcher(self): if not self.organization_id: return False return self.groups.filter( name=build_org_group_name(self.organization.name, "researcher") ).exists()
def is_org_admin(self): if not self.organization_id: return False return self.groups.filter( name=build_org_group_name(self.organization.name, "admin") ).exists()