def _call(self, key, instance, user):
# check if key is valid
if self._current_state_key not in self._transitions[key].sources:
raise ValidationError(_("This transition is not valid"))
user.djangobmf = Employee(user)
# update object with instance and user (they come in handy in user-defined functions)
self.instance = instance
self.user = user
# normaly the instance attribute should only be unset during the tests
if not self.instance:
self._set_state(self._transitions[key].target)
return getattr(self, key)()
# validate the instance
if self._transitions[key].validate and self._current_state.update:
self.instance.full_clean()
# check the conditions of the transition
if self._transitions[key].conditioned:
self._transitions[key].eval_condition(instance, user)
# everything is valid, we can set the new state
self._set_state(self._transitions[key].target)
# call function
url = getattr(self, key)()
return url
def dispatch(self, *args, **kwargs):
"""
checks permissions, requires a login and
because we are using a generic view approach to the data-models
in django BMF, we can ditch a middleware (less configuration)
and add the functionality we need for the framework to
work properly to this function.
"""
# add the site object to every request
setattr(self.request, 'djangobmf_appconfig', apps.get_app_config(bmfsettings.APP_LABEL))
setattr(self.request, 'djangobmf_site', self.request.djangobmf_appconfig.site)
# add the authenticated user and employee to the request (as a lazy queryset)
self.request.user.djangobmf = Employee(self.request.user)
# TODO ... call check_object_permission instead when objects have a model
try:
if not self.check_permissions(self.request):
return permission_denied(self.request)
except Http404:
return page_not_found(self.request)
# TODO MOVE THIS CHECK TO PERMISSIONS
# check if bmf has a employee model and if so do a validation of the
# employee instance (users, who are not employees are not allowed to access)
if self.request.user.djangobmf.has_employee and not self.request.user.djangobmf.employee:
logger.debug("User %s does not have permission to access djangobmf" % self.request.user)
if self.request.user.is_superuser:
return redirect('djangobmf:wizard', permanent=False)
else:
return permission_denied(self.request)
response = super(BaseMixin, self).dispatch(*args, **kwargs)
# Catch HTTP error codes and redirect to a bmf-specific template
if response.status_code in [400, 403, 404, 500] and not settings.DEBUG:
if response.status_code == 400:
return bad_request(self.request)
if response.status_code == 403:
return permission_denied(self.request)
if response.status_code == 404:
return page_not_found(self.request)
if response.status_code == 500:
return server_error(self.request)
return response
def get_queryset(self):
manager = self.kwargs.get('manager', 'all')
if manager == 'all':
qs = self.model.objects.all()
else:
# TODO
qs = self.model.objects.all()
self.request.user.djangobmf = Employee(self.request.user)
return self.permissions().filter_queryset(
qs,
self.request.user,
)
def get_queryset(self, manager=None):
"""
Return the list of items for this view.
`QuerySet` in which case `QuerySet` specific behavior will be enabled.
"""
module = self.request.djangobmf_site.get_module(self.model)
if self.model and manager:
if module.manager.get(manager, None):
qs = module.manager[manager]
if isinstance(qs, QuerySet):
qs = qs.all()
elif hasattr(self.model._default_manager, manager):
qs = getattr(self.model._default_manager, manager)(self.request)
else:
raise ImproperlyConfigured(
"%(manager)s is not defined in %(cls)s.model" % {
'manager': manager,
'cls': self.__class__.__name__
}
)
elif self.model is not None:
qs = self.model._default_manager.all()
else:
raise ImproperlyConfigured(
"%(cls)s is missing a QuerySet. Define "
"%(cls)s.model " % {
'cls': self.__class__.__name__
}
)
# load employee and team data into user
self.request.user.djangobmf = Employee(self.request.user)
return self.module.permissions().filter_queryset(qs, self.request.user)
def djangobmf_user_watch(pk):
from djangobmf.models import Activity
from djangobmf.models import Notification
from djangobmf.models import ACTION_COMMENT
from djangobmf.models import ACTION_CREATED
from djangobmf.models import ACTION_UPDATED
from djangobmf.models import ACTION_WORKFLOW
from djangobmf.models import ACTION_FILE
object = Activity.objects.get(pk=pk)
if object.action == ACTION_CREATED:
logger.debug("Notifications for new object: %s (pk: %s)" %
(object.parent_ct, object.parent_id))
# Select all Notifications not bound to an object
for notification in Notification.objects \
.filter(watch_ct=object.parent_ct, watch_id__isnull=True) \
.select_related('user'):
# ACL / Permissions lookups
employee = Employee(notification.user)
if employee.has_object_perms(object.parent_object):
notification.pk = None
if notification.user == object.user:
notification.unread = False
else:
notification.unread = True
notification.new_entry = False
notification.watch_id = object.parent_id
notification.last_seen_object = object.pk
notification.triggered = True
notification.save()
logger.debug(
"Created Notification for user %s (%s) and object %s (%s)"
% (
notification.user,
notification.user.pk,
object.parent_ct,
object.parent_id,
))
else:
qs = Notification.objects.filter(watch_ct=object.parent_ct,
watch_id=object.parent_id)
if object.action == ACTION_COMMENT:
logger.debug("Notifications for comment: %s (pk: %s)" %
(object.parent_ct, object.parent_id))
qs = qs.filter(comments=True)
if object.action == ACTION_UPDATED:
logger.debug("Notifications for updated data: %s (pk: %s)" %
(object.parent_ct, object.parent_id))
qs = qs.filter(detectchanges=True)
if object.action == ACTION_WORKFLOW:
logger.debug("Notifications for changed workflow: %s (pk: %s)" %
(object.parent_ct, object.parent_id))
qs = qs.filter(workflow=True)
if object.action == ACTION_FILE:
logger.debug("Notifications for appended file: %s (pk: %s)" %
(object.parent_ct, object.parent_id))
qs = qs.filter(files=True)
# ACL
for notification in qs.select_related('user'):
employee = Employee(notification.user)
if employee.has_object_perms(object.parent_object):
if notification.user != object.user:
notification.triggered = True
notification.unread = True
notification.modified = now()
logger.debug(
"Updated Notification for user %s (%s) and object %s (%s)"
% (
notification.user,
notification.user.pk,
object.parent_ct,
object.parent_id,
))
else:
# User does not have permissions!
# -> delete notification
notification.delete()
logger.info(
"Deleted Notification for user %s (%s) and object %s (%s) - no permissions"
% (
notification.user,
notification.user.pk,
object.parent_ct,
object.parent_id,
))
def djangobmf_user_watch(pk):
from djangobmf.models import Activity
from djangobmf.models import Notification
from djangobmf.models import ACTION_COMMENT
from djangobmf.models import ACTION_CREATED
from djangobmf.models import ACTION_UPDATED
from djangobmf.models import ACTION_WORKFLOW
from djangobmf.models import ACTION_FILE
object = Activity.objects.get(pk=pk)
if object.action == ACTION_CREATED:
logger.debug("Notifications for new object: %s (pk: %s)" % (object.parent_ct, object.parent_id))
# Select all Notifications not bound to an object
for notification in Notification.objects \
.filter(watch_ct=object.parent_ct, watch_id__isnull=True) \
.select_related('user'):
# ACL / Permissions lookups
employee = Employee(notification.user)
if employee.has_object_perms(object.parent_object):
notification.pk = None
if notification.user == object.user:
notification.unread = False
else:
notification.unread = True
notification.new_entry = False
notification.watch_id = object.parent_id
notification.last_seen_object = object.pk
notification.triggered = True
notification.save()
logger.debug("Created Notification for user %s (%s) and object %s (%s)" % (
notification.user,
notification.user.pk,
object.parent_ct,
object.parent_id,
))
else:
qs = Notification.objects.filter(watch_ct=object.parent_ct, watch_id=object.parent_id)
if object.action == ACTION_COMMENT:
logger.debug("Notifications for comment: %s (pk: %s)" % (object.parent_ct, object.parent_id))
qs = qs.filter(comment=True)
if object.action == ACTION_UPDATED:
logger.debug("Notifications for updated data: %s (pk: %s)" % (object.parent_ct, object.parent_id))
qs = qs.filter(changed=True)
if object.action == ACTION_WORKFLOW:
logger.debug("Notifications for changed workflow: %s (pk: %s)" % (object.parent_ct, object.parent_id))
qs = qs.filter(workflow=True)
if object.action == ACTION_FILE:
logger.debug("Notifications for appended file: %s (pk: %s)" % (object.parent_ct, object.parent_id))
qs = qs.filter(file=True)
# ACL
for notification in qs.select_related('user'):
employee = Employee(notification.user)
if employee.has_object_perms(object.parent_object):
if notification.user != object.user:
notification.triggered = True
notification.unread = True
notification.modified = now()
logger.debug("Updated Notification for user %s (%s) and object %s (%s)" % (
notification.user,
notification.user.pk,
object.parent_ct,
object.parent_id,
))
else:
# User does not have permissions!
# -> delete notification
notification.delete()
logger.info("Deleted Notification for user %s (%s) and object %s (%s) - no permissions" % (
notification.user,
notification.user.pk,
object.parent_ct,
object.parent_id,
))