def queryset(self, request): qs = super(OrganisationAdmin, self).queryset(request) opts = self.opts if request.user.has_perm(opts.app_label + "." + opts.get_change_permission()): return qs elif request.user.has_perm(opts.app_label + "." + get_rsr_limited_change_permission(opts)): organisation = request.user.get_profile().organisation return qs.filter(pk=organisation.id) else: raise PermissionDenied
def queryset(self, request): """ Return a queryset possibly filtered depending on current user's group(s) """ qs = super(UserProfileAdmin, self).queryset(request) opts = self.opts if request.user.has_perm(opts.app_label + "." + opts.get_change_permission()): return qs elif request.user.has_perm(opts.app_label + "." + get_rsr_limited_change_permission(opts)): organisation = request.user.get_profile().organisation return qs.filter(organisation=organisation) else: raise PermissionDenied
def queryset(self, request): """ Return a queryset possibly filtered depending on current user's group(s) """ qs = super(ProjectAdmin, self).queryset(request) opts = self.opts if request.user.has_perm(opts.app_label + "." + opts.get_change_permission()): return qs elif request.user.has_perm(opts.app_label + "." + get_rsr_limited_change_permission(opts)): projects = request.user.get_profile().organisation.all_projects() # projects = get_model('rsr', 'organisation').projects.filter(pk__in=[request.user.get_profile().organisation.pk]) return qs.filter(pk__in=projects) else: raise PermissionDenied
def has_change_permission(self, request, obj=None): """ Returns True if the given request has permission to change the given Django model instance. If `obj` is None, this should return True if the given request has permission to change *any* object of the given type. get_rsr_limited_change_permission is used for partner orgs to limit their listing and editing to "own" projects, organisation and user profiles """ opts = self.opts if request.user.has_perm(opts.app_label + "." + opts.get_change_permission()): return True if request.user.has_perm(opts.app_label + "." + get_rsr_limited_change_permission(opts)): if obj: return obj == request.user.get_profile().organisation else: return True return False
def formfield_for_dbfield(self, db_field, **kwargs): """ Hook for specifying the form Field instance for a given database Field instance. If kwargs are given, they're passed to the form Field's constructor. Added by GvH: Use hook to implement limits to project list select for org users. """ request = kwargs.get("request", None) # Limit the choices of the project db_field to projects linked to user's org # if we have an org user if db_field.attname == "project_id": opts = self.opts user = request.user if user.has_perm(opts.app_label + "." + get_rsr_limited_change_permission(opts)): db_field.rel.limit_choices_to = {"pk__in": user.get_profile().organisation.all_projects()} return super(SmsReporterInline, self).formfield_for_dbfield(db_field, **kwargs)