def user_is_owner_or_service_manager(request, view, obj=None): if not obj: return if isinstance(obj, models.Offering): offering = obj elif isinstance(obj, models.Resource): customer = structure_permissions._get_customer(obj) if structure_permissions._has_owner_access(request.user, customer): return offering = obj.offering else: return if offering.has_user(request.user): return if structure_permissions._has_owner_access(request.user, offering.customer): return if offering.customer.has_user( request.user, role=structure_models.CustomerRole.SERVICE_MANAGER): return raise exceptions.PermissionDenied()
def user_can_update_thumbnail(request, view, obj=None): if not obj: return offering = obj if request.user.is_staff: return if offering.state not in ( models.Offering.States.ACTIVE, models.Offering.States.DRAFT, models.Offering.States.PAUSED, ): raise exceptions.PermissionDenied( _('You are not allowed to update a logo.')) else: if structure_permissions._has_owner_access(request.user, offering.customer): return if offering.customer.has_user( request.user, role=structure_models.CustomerRole.SERVICE_MANAGER): return raise exceptions.PermissionDenied()
def check_availability_of_auto_approving(items, user, project): if user.is_staff: return True # Skip approval of private offering for project users if all(item.offering.is_private for item in items): return structure_permissions._has_admin_access(user, project) # Skip approval of public offering belonging to the same organization under which the request is done if all( item.offering.shared and item.offering.customer == project.customer and item.offering.plugin_options.get( 'auto_approve_in_service_provider_projects' ) is True for item in items ): return True # Service provider is not required to approve termination order if ( len(items) == 1 and items[0].type == models.OrderItem.Types.TERMINATE and structure_permissions._has_owner_access(user, items[0].offering.customer) ): return True return user_can_approve_order(user, project)
def can_delete_bid(request, view, obj=None): if not obj: return if request.user.is_staff: return if not structure_permissions._has_owner_access(request.user, obj.team.customer): raise exceptions.PermissionDenied()
def create(self, request): serializer = self.get_serializer(data=request.data) serializer.is_valid(raise_exception=True) customer = serializer.validated_data['customer'] if not structure_permissions._has_owner_access(request.user, customer): raise exceptions.PermissionDenied() return super(CreateByStaffOrOwnerMixin, self).create(request)
def is_owner(request, view, obj=None): expert_request = obj if not expert_request: return if not structure_permissions._has_owner_access(request.user, expert_request.project.customer): raise exceptions.PermissionDenied()
def set_usage(self, request, *args, **kwargs): serializer = self.get_serializer(data=request.data) serializer.is_valid(raise_exception=True) resource = serializer.validated_data['plan_period'].resource if not _has_owner_access(request.user, resource.offering.customer): raise PermissionDenied( _('Only staff and service provider owner is allowed ' 'to submit usage data for marketplace resource.')) serializer.save() return Response(status=status.HTTP_201_CREATED)
def validate(self, attrs): attrs = super(AllocationSerializer, self).validate(attrs) # Skip validation on update if self.instance: return attrs spl = attrs['service_project_link'] user = self.context['request'].user if not _has_owner_access(user, spl.project.customer): raise rf_exceptions.PermissionDenied( _('You do not have permissions to create allocation for given project.' )) return attrs
def user_can_terminate_resource(request, view, resource=None): if not resource: return # Project manager/admin and customer owner are allowed to terminate resource. if structure_permissions._has_admin_access(request.user, resource.project): return # Service provider is allowed to terminate resource too. if structure_permissions._has_owner_access(request.user, resource.offering.customer): return raise exceptions.PermissionDenied()
def user_is_service_provider_owner_or_service_provider_manager( request, view, obj=None): if not obj: return if structure_permissions._has_owner_access(request.user, obj.offering.customer): return if obj.offering.customer.has_user( request.user, role=structure_models.CustomerRole.SERVICE_MANAGER): return raise exceptions.PermissionDenied()
def check_availability_of_auto_approving(items, user, project): if user.is_staff: return True # Skip approval of private offering for project users if all(item.offering.is_private for item in items): return structure_permissions._has_admin_access(user, project) # Service provider is not required to approve termination order if (len(items) == 1 and items[0].type == models.OrderItem.Types.TERMINATE and structure_permissions._has_owner_access(user, items[0].offering.customer)): return True return user_can_approve_order(user, project)
def get_payment_profiles(serializer, customer): user = serializer.context['request'].user if user.is_staff or user.is_support: return PaymentProfileSerializer( customer.paymentprofile_set.all(), many=True, context={'request': serializer.context['request']}, ).data if structure_permissions._has_owner_access(user, customer): return PaymentProfileSerializer( customer.paymentprofile_set.filter(is_active=True), many=True, context={'request': serializer.context['request']}, ).data
def user_can_approve_order(user, project): if user.is_staff: return True if django_settings.WALDUR_MARKETPLACE['OWNER_CAN_APPROVE_ORDER'] and \ structure_permissions._has_owner_access(user, project.customer): return True if django_settings.WALDUR_MARKETPLACE['MANAGER_CAN_APPROVE_ORDER'] and \ structure_permissions._has_manager_access(user, project): return True if django_settings.WALDUR_MARKETPLACE['ADMIN_CAN_APPROVE_ORDER'] and \ structure_permissions._has_admin_access(user, project): return True return False
def user_can_terminate_resource(request, view, resource=None): if not resource: return # Allow to terminate resource in soft-deleted project project = structure_models.Project.all_objects.get(id=resource.project_id) # Project manager/admin and customer owner are allowed to terminate resource. if structure_permissions._has_admin_access(request.user, project): return # Service provider is allowed to terminate resource too. if structure_permissions._has_owner_access(request.user, resource.offering.customer): return raise exceptions.PermissionDenied()
def get_payment(self, token): """ Find Paypal payment object in the database by token and check if current user has access to it. :param token: string :return: Payment object """ error_message = "Payment with token %s does not exist" % token try: payment = models.Payment.objects.get(token=token) except models.Payment.DoesNotExist: raise exceptions.NotFound(error_message) if not structure_permissions._has_owner_access(self.request.user, payment.customer): raise exceptions.NotFound(error_message) return payment
def set_usage(self, request, *args, **kwargs): serializer = self.get_serializer(data=request.data) serializer.is_valid(raise_exception=True) resource = serializer.validated_data['plan_period'].resource if not _has_owner_access(request.user, resource.offering.customer): raise PermissionDenied( _('Only staff and service provider owner is allowed ' 'to submit usage data for marketplace resource.')) usage, created = serializer.save() if created: message = 'Usage has been created. ' 'Data: %s.' % serializer.initial_data logger.info(message) log.log_component_usage_creation_succeeded(usage) else: message = 'Usage has been updated. ' 'Data: %s.' % serializer.initial_data logger.info(message) log.log_component_usage_updation_succeeded(usage) return Response(status=status.HTTP_201_CREATED)
def check_permissions_for_state_change(request, view, order=None): if not order: return user = request.user if user.is_staff: return if settings.WALDUR_MARKETPLACE['OWNER_CAN_APPROVE_ORDER'] and \ structure_permissions._has_owner_access(user, order.project.customer): return if settings.WALDUR_MARKETPLACE['MANAGER_CAN_APPROVE_ORDER'] and \ structure_permissions._has_manager_access(user, order.project): return if settings.WALDUR_MARKETPLACE['ADMIN_CAN_APPROVE_ORDER'] and \ structure_permissions._has_admin_access(user, order.project): return raise rf_exceptions.PermissionDenied()
def validate(self, attrs): attrs = super(AllocationSerializer, self).validate(attrs) # Skip validation on update if self.instance: return attrs correct_name_regex = '^([%s]{1,63})$' % models.SLURM_ALLOCATION_REGEX name = attrs.get('name') if not re.match(correct_name_regex, name): raise core_serializers.ValidationError( _( "Name '%s' must be 1-63 characters long, each of " "which can only be alphanumeric or a hyphen" ) % name ) spl = attrs['service_project_link'] user = self.context['request'].user if not _has_owner_access(user, spl.project.customer): raise rf_exceptions.PermissionDenied( _('You do not have permissions to create allocation for given project.') ) return attrs