def has_permission(self, request, view): project_id = view.kwargs.get('project_id') lead_id = view.kwargs.get('lead_id') entry_id = view.kwargs.get('entry_id') analysis_pillar_id = view.kwargs.get('analysis_pillar_id') if project_id: return Project.get_for_member( request.user).filter(id=project_id).exists() elif lead_id: return Lead.get_for(request.user).filter(id=lead_id).exists() elif entry_id: return Entry.get_for(request.user).filter(id=entry_id).exists() elif analysis_pillar_id: return AnalysisPillar.objects.filter( analysis__project__projectmembership__member=request.user, id=analysis_pillar_id).exists() return True
def get(self, request, uuid=None, filename=None): queryset = File.objects.prefetch_related('lead_set') file = get_object_or_404(queryset, uuid=uuid) user = request.user leads_pk = file.lead_set.values_list('pk', flat=True) if (file.is_public or Lead.get_for(user).filter(pk__in=leads_pk).exists() or Entry.get_for(user).filter(image=file).exists() or Entry. get_for(user).filter(image_raw=request.build_absolute_uri( reverse('file', kwargs={'file_id': file.pk}), )).exists() # TODO: Add Profile ): if file.file: return redirect(request.build_absolute_uri(file.file.url)) return response.Response({ 'error': 'File doesn\'t exists', }, status=status.HTTP_404_NOT_FOUND) return response.Response({ 'error': 'Access Forbidden, Contact Admin', }, status=status.HTTP_403_FORBIDDEN)
def get_filtered_entries(user, queries): """ Get queryset of entries based on dynamic filters """ entries = Entry.get_for(user) project = queries.get('project') if project: entries = entries.filter(lead__project__id=project) filters = Filter.get_for(user) ONE_DAY = 24 * 60 * 60 created_at__lt = queries.get('created_at__lt') if created_at__lt: created_at__lt = datetime.fromtimestamp(created_at__lt * ONE_DAY) entries = entries.filter(created_at__lte=created_at__lt) created_at__gt = queries.get('created_at__gt') if created_at__gt: created_at__gt = datetime.fromtimestamp(created_at__gt * ONE_DAY) entries = entries.filter(created_at__gte=created_at__gt) modified_at__lt = queries.get('modified_at__lt') if modified_at__lt: modified_at__lt = datetime.fromtimestamp(modified_at__lt * ONE_DAY) entries = entries.filter(modified_at__lte=modified_at__lt) modified_at__gt = queries.get('modified_at__gt') if modified_at__gt: modified_at__gt = datetime.fromtimestamp(modified_at__gt * ONE_DAY) entries = entries.filter(modified_at__gte=modified_at__gt) for filter in filters: # For each filter, see if there is a query for that filter # and then perform filtering based on that query. query = queries.get(filter.key) query_lt = queries.get(filter.key + '__lt') query_gt = queries.get(filter.key + '__gt') if filter.filter_type == Filter.NUMBER: if query: entries = entries.filter( filterdata__filter=filter, filterdata__number=query, ) if query_lt: entries = entries.filter( filterdata__filter=filter, filterdata__number__lte=query_lt, ) if query_gt: entries = entries.filter( filterdata__filter=filter, filterdata__number__gte=query_gt, ) if filter.filter_type == Filter.LIST and query: if not isinstance(query, list): query = query.split(',') if len(query) > 0: entries = entries.filter( filterdata__filter=filter, filterdata__values__overlap=query, ) return entries.order_by('-lead__created_by', 'lead')