def personal(self, request): """Personal ical route.""" calendar_type = constants.TYPE_PERSONAL feed = utils.generate_ical_feed(request, calendar_type) permission_handler = get_permission_handler(Event) following_events = permission_handler.filter_queryset( request.user, Event.objects.filter( followers__follower_id=request.user.id, end_time__gt=timezone.now() - timedelta(days=constants.HISTORY_BACKWARDS_IN_DAYS), ).all(), ) permission_handler = get_permission_handler(Meeting) meetings = permission_handler.filter_queryset( request.user, Meeting.objects.filter( end_time__gt=timezone.now() - timedelta(days=constants.HISTORY_BACKWARDS_IN_DAYS)), ) utils.add_events_to_ical_feed(feed, following_events) utils.add_meetings_to_ical_feed(feed, meetings) return utils.render_ical_response(feed, calendar_type)
def list(self, request): articles_handler = get_permission_handler(Article) articles_queryset_base = Article.objects.all()\ .order_by('-pinned', '-created_at').prefetch_related('tags') if articles_handler.has_perm(request.user, LIST, queryset=articles_queryset_base): queryset_articles = articles_queryset_base else: queryset_articles = articles_handler.filter_queryset( request.user, articles_queryset_base) events_handler = get_permission_handler(Event) queryset_events_base = Event.objects.all()\ .filter(end_time__gt=timezone.now()).order_by('-pinned', 'start_time', 'id')\ .prefetch_related('pools', 'pools__registrations', 'company', 'tags') if events_handler.has_perm(request.user, LIST, queryset=queryset_events_base): queryset_events = queryset_events_base else: queryset_events = events_handler.filter_queryset( request.user, queryset_events_base) articles = PublicArticleSerializer(queryset_articles[:10], many=True).data events = EventSearchSerializer(queryset_events, many=True).data ret = { 'articles': articles, 'events': events, } return Response(ret)
def create(self, request, *args, **kwargs): serializer = self.get_serializer(data=request.data) serializer.is_valid(raise_exception=True) username = serializer.data["username"] try: user = User.objects.get(username=username) except User.DoesNotExist: raise ValidationError( { "error": f"There is no user with username {username}", "error_code": "no_user", } ) try: reg = self.get_queryset().get(user=user) except Registration.DoesNotExist: raise ValidationError( { "error": "The registration does not exist", "error_code": "not_registered", } ) if not get_permission_handler(Event).has_perm( request.user, "EDIT", obj=reg.event ): raise PermissionDenied() if reg.status != constants.SUCCESS_REGISTER: raise ValidationError( { "error": f"User {reg.user.username} is _not_ properly registerd. " f"The registration status for the user is: {reg.status}", "error_code": "already_present", } ) if reg.pool is None: raise ValidationError( { "error": f"User {reg.user.username} is on the waiting list... " "You can set the presence manualy on the 'Påmeldinger' tab", "error_code": "already_present", } ) if reg.presence != constants.UNKNOWN: raise ValidationError( { "error": f"User {reg.user.username} is already present.", "error_code": "already_present", } ) reg.presence = constants.PRESENT reg.save() data = RegistrationSearchReadSerializer(reg).data return Response(data=data, status=status.HTTP_200_OK)
def create(self, request, *args, **kwargs): serializer = self.get_serializer(data=request.data) serializer.is_valid(raise_exception=True) username = serializer.data["username"] photo_consent = serializer.data["photo_consent"] try: user = User.objects.get(username=username) except User.DoesNotExist: raise ValidationError({ "error": f"There is no user with username {username}", "error_code": "no_user", }) try: reg = self.get_queryset().get(user=user) except Registration.DoesNotExist: raise ValidationError({ "error": "The registration does not exist", "error_code": "not_registered", }) if not get_permission_handler(Event).has_perm( request.user, "EDIT", obj=reg.event): raise PermissionDenied() reg.photo_consent = photo_consent reg.save() data = RegistrationSearchReadSerializer(reg).data return Response(data=data, status=status.HTTP_200_OK)
def has_perm(self, user, perm, obj=None, queryset=None, check_keyword_permissions=True, **kwargs): if not user.is_authenticated: return False from lego.apps.meetings.models import Meeting if obj is not None: meeting = obj.meeting else: view = kwargs.get('view', None) if view is None: return False # This is a nested view and it is possible to retrieve the meeting. meeting_pk = view.kwargs['meeting_pk'] meeting = Meeting.objects.get(id=meeting_pk) meeting_permission_handler = get_permission_handler(Meeting) has_perm = meeting_permission_handler.has_perm( user, perm, obj=meeting, queryset=Meeting.objects.none()) if has_perm: if perm in self.safe_methods: return True elif obj is not None: return obj.user == user return False
def registrations(self, request): """Registration ical route.""" calendar_type = constants.TYPE_REGISTRATIONS feed = utils.generate_ical_feed(request, calendar_type) permission_handler = get_permission_handler(Event) events = permission_handler.filter_queryset( request.user, Event.objects.all().filter(end_time__gt=timezone.now())) for event in events: reg_time = event.get_earliest_registration_time(request.user) if not reg_time: # User cannot register continue ical_starttime = reg_time ical_endtime = ical_starttime + timedelta( minutes=constants.REGISTRATION_EVENT_LENGTH_IN_MINUTES) price = event.get_price(request.user) if event.is_priced else None title = f"Reg: {event.title}" utils.add_event_to_ical_feed( feed, event, price=price, title=title, ical_starttime=ical_starttime, ical_endtime=ical_endtime, ) return utils.render_ical_response(feed, calendar_type)
def personal(self, request): """Personal ical route.""" calendar_type = constants.TYPE_PERSONAL feed = utils.generate_ical_feed(request, calendar_type) permission_handler = get_permission_handler(Event) following_events = permission_handler.filter_queryset( request.user, Event.objects.filter(followers__follower_id=request.user.id)) permission_handler = get_permission_handler(Meeting) meetings = permission_handler.filter_queryset(request.user, Meeting.objects) utils.add_events_to_ical_feed(feed, following_events) utils.add_meetings_to_ical_feed(feed, meetings) return utils.render_ical_response(feed, calendar_type)
def has_perm(self, user_obj, perm, obj=None): if not user_obj.is_anonymous and not user_obj.is_active: return False if obj is None: # Take a shortcut and check KeywordPermissions only if no object are defined. return KeywordPermissions.has_perm(user_obj, perm) if isinstance(obj, models.Model): permission_handler = get_permission_handler(obj) return permission_handler.has_perm(user_obj, perm, obj=obj) elif isinstance(obj, models.QuerySet): permission_handler = get_permission_handler(obj.model) return permission_handler.has_perm(user_obj, perm, queryset=obj) elif issubclass(obj, models.Model): permission_handler = get_permission_handler(obj) return permission_handler.has_perm(user_obj, perm, queryset=obj.objects.none()) return False
def list(self, request): articles_handler = get_permission_handler(Article) articles_queryset_base = (Article.objects.all().order_by( "-pinned", "-created_at").prefetch_related("tags")) if articles_handler.has_perm(request.user, LIST, queryset=articles_queryset_base): queryset_articles = articles_queryset_base else: queryset_articles = articles_handler.filter_queryset( request.user, articles_queryset_base) events_handler = get_permission_handler(Event) queryset_events_base = (Event.objects.all().filter( end_time__gt=timezone.now()).order_by("-pinned", "start_time", "id").prefetch_related( "pools", "pools__registrations", "company", "tags")) if events_handler.has_perm(request.user, LIST, queryset=queryset_events_base): queryset_events = queryset_events_base else: queryset_events = events_handler.filter_queryset( request.user, queryset_events_base) articles = PublicArticleSerializer( queryset_articles[:10], context=self.get_serializer_context(), many=True).data events = EventSearchSerializer(queryset_events, context=self.get_serializer_context(), many=True).data ret = {"articles": articles, "events": events} return Response(ret)
def events(self, request): """Event ical route.""" calendar_type = constants.TYPE_EVENTS feed = utils.generate_ical_feed(request, calendar_type) permission_handler = get_permission_handler(Event) events = permission_handler.filter_queryset( request.user, Event.objects.all().filter( end_time__gt=timezone.now() - timedelta(days=constants.HISTORY_BACKWARDS_IN_DAYS))) utils.add_events_to_ical_feed(feed, events) return utils.render_ical_response(feed, calendar_type)
def find_event_groups(user): """ Find all channels groups the user belongs to as a result of being signed up to future events. """ queryset = Event.objects.filter(start_time__gt=datetime.now()) if not user.has_perm(LIST, queryset): permission_handler = get_permission_handler(queryset.model) queryset = permission_handler.filter_queryset(user, queryset) groups = [] for event in queryset: groups.append(group_for_event(event)) return groups
def has_perm(self, user, perm, obj=None, queryset=None, check_keyword_permissions=True, **kwargs): from lego.apps.companies.models import Company if obj is not None: obj = obj.company company_permission_handler = get_permission_handler(Company) has_perm = company_permission_handler.has_perm( user, perm, obj=obj, queryset=Company.objects.none()) return has_perm
def find_event_groups(user): """ Find all channels groups the user belongs to as a result of being signed up to future events. Since we use websockets for registrations and event description updates, include events that has not started and that started less than two days ago. """ queryset = Event.objects.filter(start_time__gt=datetime.now() - timedelta(days=2)) if not user.has_perm(LIST, queryset): permission_handler = get_permission_handler(queryset.model) queryset = permission_handler.filter_queryset(user, queryset) groups = [] for event in queryset: groups.append(group_for_event(event, event.user_should_see_regs(user))) return groups
def has_permission(self, request, view): from lego.apps.events.models import Event handler = get_permission_handler(Event) perm = action_to_permission(view.action) # Only check keyword permissions for CREATE if perm is CREATE: return handler.has_event_type_level_permission( request.user, request, perm) # The user needs to have permission to edit the event_type AND needs to pass the # main permission check if perm is EDIT: if not handler.has_event_type_level_permission( request.user, request, perm): return False return super().has_permission(request, view)
def create(self, request, *args, **kwargs): serializer = self.get_serializer(data=request.data) serializer.is_valid(raise_exception=True) username = serializer.data['username'] try: user = User.objects.get(username=username) except User.DoesNotExist: raise ValidationError( { 'error': f'There is no user with username {username}', 'error_code': 'no_user' } ) try: reg = self.get_queryset().get(user=user) except Registration.DoesNotExist: raise ValidationError( { 'error': 'The registration does not exist', 'error_code': 'not_registered' } ) if not get_permission_handler(Event).has_perm(request.user, 'EDIT', obj=reg.event): raise PermissionDenied() if reg.presence != constants.UNKNOWN: raise ValidationError( { 'error': f'User {reg.user.username} is already present.', 'error_code': 'already_present' } ) reg.presence = constants.PRESENT reg.save() data = RegistrationSearchReadSerializer(reg).data return Response(data=data, status=status.HTTP_200_OK)
def permission_handler(view, model): handler = getattr(view, 'permission_handler', None) if not handler: handler = get_permission_handler(model) return handler
def get_queryset(self): permission_handler = get_permission_handler(Meeting) return permission_handler.filter_queryset( self.request.user, Meeting.objects.prefetch_related('invitations', 'invitations__user') )
def permission_handler(self, view, queryset): handler = getattr(view, "permission_handler", None) if not handler: handler = get_permission_handler(queryset.model) return handler
def get_queryset(self): queryset = super().get_queryset() permission_handler = get_permission_handler(queryset.model) return permission_handler.filter_queryset(self.request.user, queryset)
def list(self, request): cached_penalties = ( self.request.user.number_of_penalties() if self.request.user.is_authenticated else None ) def get_serializer_context(): """ Extra context provided to the serializer class. """ return { "request": request, "format": self.format_kwarg, "view": self, "cached_penalties": cached_penalties, } articles_handler = get_permission_handler(Article) articles_queryset_base = ( Article.objects.all() .order_by("-pinned", "-created_at") .prefetch_related("tags") ) if articles_handler.has_perm( request.user, LIST, queryset=articles_queryset_base ): queryset_articles = articles_queryset_base else: queryset_articles = articles_handler.filter_queryset( request.user, articles_queryset_base ) events_handler = get_permission_handler(Event) queryset_events_base = ( Event.objects.all() .filter(end_time__gt=timezone.now()) .order_by("-pinned", "start_time", "id") .prefetch_related("pools", "pools__registrations", "company", "tags") ) if request.user.is_authenticated: queryset_events_base = queryset_events_base.prefetch_related( "pools__registrations__user", Prefetch( "registrations", queryset=Registration.objects.filter(user=request.user) .exclude(status=SUCCESS_UNREGISTER) .select_related("pool"), to_attr="user_reg", ), Prefetch( "pools", queryset=Pool.objects.filter( permission_groups__in=self.request.user.all_groups ), to_attr="possible_pools", ), ) if events_handler.has_perm(request.user, LIST, queryset=queryset_events_base): queryset_events = queryset_events_base else: queryset_events = events_handler.filter_queryset( request.user, queryset_events_base ) queryset_poll = Poll.objects.filter(pinned=True).order_by("created_at").last() articles = PublicArticleSerializer( queryset_articles[:10], context=get_serializer_context(), many=True ).data events = FrontpageEventSerializer( queryset_events, context=get_serializer_context(), many=True ).data poll = None if queryset_poll: if queryset_poll.results_hidden: poll = HiddenResultsDetailedPollSerializer( queryset_poll, context=get_serializer_context() ).data else: poll = DetailedPollSerializer( queryset_poll, context=get_serializer_context() ).data ret = {"articles": articles, "events": events, "poll": poll} return Response(ret)
def permission_handler(self, view): handler = getattr(view, 'permission_handler', None) if not handler: handler = get_permission_handler(view.get_queryset().model) return handler