def update_role_by_meta_xform_perms(xform): """ Updates users role in a xform based on meta permissions set on the form. """ # load meta xform perms metadata = MetaData.xform_meta_permission(xform) editor_role_list = [EditorRole, EditorMinorRole] editor_role = {role.name: role for role in editor_role_list} dataentry_role_list = [ DataEntryMinorRole, DataEntryOnlyRole, DataEntryRole ] dataentry_role = {role.name: role for role in dataentry_role_list} if metadata: meta_perms = metadata.data_value.split('|') # update roles users = get_xform_users(xform) for user in users: role = users.get(user).get('role') if role in editor_role: role = ROLES.get(meta_perms[0]) role.add(user, xform) if role in dataentry_role: role = ROLES.get(meta_perms[1]) role.add(user, xform)
def save(self, **kwargs): if self.remove: self.__remove_user() else: role = ROLES.get(self.role) if role and self.user and self.project: role.add(self.user, self.project) # apply same role to forms under the project for xform in self.project.xform_set.all(): # check if there is xform meta perms set meta_perms = xform.metadata_set \ .filter(data_type='xform_meta_perms') if meta_perms: meta_perm = meta_perms[0].data_value.split("|") if len(meta_perm) > 1: if role in [EditorRole, EditorMinorRole]: role = ROLES.get(meta_perm[0]) elif role in [DataEntryRole, DataEntryMinorRole, DataEntryOnlyRole]: role = ROLES.get(meta_perm[1]) role.add(self.user, xform) for dataview in self.project.dataview_set.all(): if dataview.matches_parent: role.add(self.user, dataview.xform) # clear cache safe_delete('{}{}'.format(PROJ_PERM_CACHE, self.project.pk))
def save(self, **kwargs): if self.remove: self.__remove_user() else: role = ROLES.get(self.role) if role and self.user and self.project: role.add(self.user, self.project) # apply same role to forms under the project for xform in self.project.xform_set.all(): # check if there is xform meta perms set meta_perms = xform.metadata_set \ .filter(data_type='xform_meta_perms') if meta_perms: meta_perm = meta_perms[0].data_value.split("|") if len(meta_perm) > 1: if role in [EditorRole, EditorMinorRole]: role = ROLES.get(meta_perm[0]) elif role in [ DataEntryRole, DataEntryMinorRole, DataEntryOnlyRole ]: role = ROLES.get(meta_perm[1]) role.add(self.user, xform) for dataview in self.project.dataview_set.all(): if dataview.matches_parent: role.add(self.user, dataview.xform) # clear cache safe_delete('{}{}'.format(PROJ_PERM_CACHE, self.project.pk))
def __remove_user(self): role = ROLES.get(self.role) if role and self.user and self.project: remove_xform_permissions(self.project, self.user, role) remove_dataview_permissions(self.project, self.user, role) role._remove_obj_permissions(self.user, self.project)
def members(self, request, *args, **kwargs): organization = self.get_object() status_code = status.HTTP_200_OK data = [] username = request.DATA.get('username') or request.QUERY_PARAMS.get( 'username') if request.method in ['DELETE', 'POST', 'PUT'] and not username: status_code = status.HTTP_400_BAD_REQUEST data = {'username': [_(u"This field is required.")]} elif request.method == 'POST': data, status_code = _add_username_to_organization( organization, username) elif request.method == 'PUT': role = request.DATA.get('role') role_cls = ROLES.get(role) if not role or not role_cls: status_code = status.HTTP_400_BAD_REQUEST message = (_(u"'%s' is not a valid role." % role) if role else _(u"This field is required.")) data = {'role': [message]} else: _update_username_role(organization, username, role_cls) elif request.method == 'DELETE': data, status_code = _remove_username_to_organization( organization, username) if status_code in [status.HTTP_200_OK, status.HTTP_201_CREATED]: members = get_organization_members(organization) data = [u.username for u in members] return Response(data, status=status_code)
def set_project_perms_to_xform(xform, project): # allows us to still use xform.shared and xform.shared_data as before # only switch if xform.shared is False xform_is_shared = xform.shared or xform.shared_data if not xform_is_shared and project.shared != xform.shared: xform.shared = project.shared xform.shared_data = project.shared xform.save() owners = project.organization.team_set.filter( name="{}#{}".format(project.organization.username, OWNER_TEAM_NAME), organization=project.organization) if owners: OwnerRole.add(owners[0], xform) for perm in get_object_users_with_permissions(project, with_group_users=True): user = perm['user'] role_name = perm['role'] role = ROLES.get(role_name) if user != xform.created_by: role.add(user, xform) else: OwnerRole.add(user, xform)
def save(self, **kwargs): if self.remove: return self.remove_team() role = ROLES.get(self.role) if role and self.team and self.project: role.add(self.team, self.project)
def remove_team(self): role = ROLES.get(self.role) if role and self.team and self.project: role._remove_obj_permissions(self.team, self.project) for xform in self.project.xform_set.all(): role._remove_obj_permissions(self.team, xform)
def save(self, **kwargs): role = ROLES.get(self.role) if role and self.user and self.project: role.add(self.user, self.project) # add readonly role to forms under the project for px in self.project.projectxform_set.all(): ReadOnlyRole.add(self.user, px.xform)
def remove_user(self): role = ROLES.get(self.role) if role and self.user and self.project: role._remove_obj_permissions(self.user, self.project) # remove role from project forms as well for xform in self.project.xform_set.all(): role._remove_obj_permissions(self.user, xform)
def save(self, **kwargs): role = ROLES.get(self.role) # # check if there is xform meta perms set meta_perms = self.xform.metadata_set\ .filter(data_type='xform_meta_perms') if meta_perms: meta_perm = meta_perms[0].data_value.split("|") if len(meta_perm) > 1: if role in [EditorRole, EditorMinorRole]: role = ROLES.get(meta_perm[0]) elif role in [DataEntryRole, DataEntryMinorRole, DataEntryOnlyRole]: role = ROLES.get(meta_perm[1]) if role and self.user and self.xform: role.add(self.user, self.xform)
def save(self, **kwargs): role = ROLES.get(self.role) # # check if there is xform meta perms set meta_perms = self.xform.metadata_set\ .filter(data_type='xform_meta_perms') if meta_perms: meta_perm = meta_perms[0].data_value.split("|") if len(meta_perm) > 1: if role in [EditorRole, EditorMinorRole]: role = ROLES.get(meta_perm[0]) elif role in [ DataEntryRole, DataEntryMinorRole, DataEntryOnlyRole ]: role = ROLES.get(meta_perm[1]) if role and self.user and self.xform: role.add(self.user, self.xform)
def remove_team(self): role = ROLES.get(self.role) if role and self.team and self.project: role._remove_obj_permissions(self.team, self.project) for xform in self.project.xform_set.all(): role._remove_obj_permissions(self.team, xform) for dataview in self.project.dataview_set.all(): role._remove_obj_permissions(self.team, dataview.xform)
def save(self, **kwargs): if self.remove: return self.remove_team() role = ROLES.get(self.role) if role and self.team and self.project: role.add(self.team, self.project) for xform in self.project.xform_set.all(): role.add(self.team, xform)
def set_project_perms_to_xform(xform, project): """ Apply project permissions to a form, this usually happens when a new form is being published or it is being moved to a new project. """ # allows us to still use xform.shared and xform.shared_data as before # only switch if xform.shared is False xform_is_shared = xform.shared or xform.shared_data if not xform_is_shared and project.shared != xform.shared: xform.shared = project.shared xform.shared_data = project.shared xform.save() # clear existing permissions for perm in get_object_users_with_permissions( xform, with_group_users=True): user = perm['user'] role_name = perm['role'] role = ROLES.get(role_name) if role and (user != xform.user and project.user != user and project.created_by != user): role.remove_obj_permissions(user, xform) owners = project.organization.team_set.filter( name="{}#{}".format(project.organization.username, OWNER_TEAM_NAME), organization=project.organization) if owners: OwnerRole.add(owners[0], xform) for perm in get_object_users_with_permissions( project, with_group_users=True): user = perm['user'] role_name = perm['role'] role = ROLES.get(role_name) if user == xform.created_by: OwnerRole.add(user, xform) else: if role: role.add(user, xform)
def set_project_perms_to_xform(xform, project): """ Apply project permissions to a form, this usually happens when a new form is being published or it is being moved to a new project. """ # allows us to still use xform.shared and xform.shared_data as before # only switch if xform.shared is False xform_is_shared = xform.shared or xform.shared_data if not xform_is_shared and project.shared != xform.shared: xform.shared = project.shared xform.shared_data = project.shared xform.save() # clear existing permissions for perm in get_object_users_with_permissions(xform, with_group_users=True): user = perm['user'] role_name = perm['role'] role = ROLES.get(role_name) if role and (user != xform.user and project.user != user and project.created_by != user): role.remove_obj_permissions(user, xform) owners = project.organization.team_set.filter( name="{}#{}".format(project.organization.username, OWNER_TEAM_NAME), organization=project.organization) if owners: OwnerRole.add(owners[0], xform) for perm in get_object_users_with_permissions(project, with_group_users=True): user = perm['user'] role_name = perm['role'] role = ROLES.get(role_name) if user == xform.created_by: OwnerRole.add(user, xform) else: if role: role.add(user, xform)
def _set_organization_role_to_user(organization, user, role): role_cls = ROLES.get(role) role_cls.add(user, organization) owners_team = get_organization_owners_team(organization) # add the owner to owners team if role == OwnerRole.name: add_user_to_team(owners_team, user) if role != OwnerRole.name: remove_user_from_team(owners_team, user)
def save(self, **kwargs): if self.remove: self.remove_user() else: role = ROLES.get(self.role) if role and self.user and self.project: role.add(self.user, self.project) # add readonly role to forms under the project for xform in self.project.xform_set.all(): ReadOnlyRole.add(self.user, xform)
def save(self, **kwargs): if self.remove: self.remove_user() else: role = ROLES.get(self.role) if role and self.user and self.project: role.add(self.user, self.project) # apply same role to forms under the project for xform in self.project.xform_set.all(): role.add(self.user, xform) # clear cache safe_delete('{}{}'.format(PROJ_PERM_CACHE, self.project.pk))
def _set_organization_role_to_user(organization, user, role): role_cls = ROLES.get(role) role_cls.add(user, organization) owners_team = get_organization_owners_team(organization) # add the owner to owners team if role == OwnerRole.name: add_user_to_team(owners_team, user) # add user to org projects for project in organization.user.project_org.all(): ShareProject(project, user.username, role).save() if role != OwnerRole.name: remove_user_from_team(owners_team, user)
def _check_set_role(request, organization, username, required=False): """ Confirms the role and assigns the role to the organization """ role = request.data.get('role') role_cls = ROLES.get(role) if not role or not role_cls: if required: message = (_(u"'%s' is not a valid role." % role) if role else _(u"This field is required.")) else: message = _(u"'%s' is not a valid role." % role) return status.HTTP_400_BAD_REQUEST, {'role': [message]} else: data, status_code = _update_username_role(organization, username, role_cls) if status_code not in [status.HTTP_200_OK, status.HTTP_201_CREATED]: return (status_code, data) owners_team = get_organization_owners_team(organization) try: user = User.objects.get(username=username) except User.DoesNotExist: data = { 'username': [ _(u"User `%(username)s` does not exist." % {'username': username}) ] } return (status.HTTP_400_BAD_REQUEST, data) # add the owner to owners team if role == OwnerRole.name: add_user_to_team(owners_team, user) if role != OwnerRole.name: remove_user_from_team(owners_team, user) return (status.HTTP_200_OK, []) if request.method == 'PUT' \ else (status.HTTP_201_CREATED, [])
def set_project_perms_to_xform(xform, project): # allows us to still use xform.shared and xform.shared_data as before # only switch if xform.shared is False xform_is_shared = xform.shared or xform.shared_data if not xform_is_shared and project.shared != xform.shared: xform.shared = project.shared xform.shared_data = project.shared xform.save() for perm in get_object_users_with_permissions(project): user = perm['user'] role_name = perm['role'] role = ROLES.get(role_name) if user != xform.created_by: role.add(user, xform) else: OwnerRole.add(user, xform)
def remove_user_from_organization(organization, user): """Remove a user from an organization""" team = get_organization_members_team(organization) remove_user_from_team(team, user) owners_team = get_organization_owners_team(organization) remove_user_from_team(owners_team, user) role = get_role_in_org(user, organization) role_cls = ROLES.get(role) if role_cls: # Remove object permissions role_cls.remove_obj_permissions(user, organization) role_cls.remove_obj_permissions(user, organization.userprofile_ptr) # Remove user from all org projects for project in organization.user.project_org.all(): ShareProject(project, user.username, role, remove=True).save()
def _check_set_role(request, organization, username, required=False): """ Confirms the role and assigns the role to the organization """ role = request.DATA.get('role') role_cls = ROLES.get(role) if not role or not role_cls: if required: message = (_(u"'%s' is not a valid role." % role) if role else _(u"This field is required.")) else: message = _(u"'%s' is not a valid role." % role) return status.HTTP_400_BAD_REQUEST, {'role': [message]} else: _update_username_role(organization, username, role_cls) owners_team = get_organization_owners_team(organization) try: user = User.objects.get(username=username) except User.DoesNotExist: data = {'username': [_(u"User `%(username)s` does not exist." % {'username': username})]} return (status.HTTP_400_BAD_REQUEST, data) # add the owner to owners team if role == OwnerRole.name: add_user_to_team(owners_team, user) if role != OwnerRole.name: remove_user_from_team(owners_team, user) return (status.HTTP_200_OK, []) if request.method == 'PUT' \ else (status.HTTP_201_CREATED, [])
def save(self, **kwargs): role = ROLES.get(self.role) if role and self.user and self.xform: role.add(self.user, self.xform)
def remove_team(self): role = ROLES.get(self.role) if role and self.team and self.project: role._remove_obj_permissions(self.team, self.project)
def _set_xform_permission(role, user, xform): role_class = ROLES.get(role) if role_class: role_class.add(user, xform)
def remove_user(self): role = ROLES.get(self.role) if role and self.user and self.project: role._remove_obj_permissions(self.user, self.project)
def save(self, **kwargs): role = ROLES.get(self.role) if role and self.user and self.project: role.add(self.user, self.project)