def get_queryset(self): user = self.request.user # TODO: This needs to handle multiple UserMetas in the future user_meta = UserMeta.get_by_user(user) if user_meta: return Domain.objects.filter(organization=user_meta.organization) return []
def org_safe_get(self, user, pk): """ Gets the entity for the given primary key while making sure that the user has access to the entity. This first checks if the requested entity has an organization attribute. If it does, it checks against that. If there is no organization, the entity is checked for a domain to find the organization. :param user: MBUser entity :param pk: Primary Key to look up. :return: An entity """ if not pk: raise PermissionDenied() if not user: raise PermissionDenied() # TODO: We need to handle multiple UserMetas in the future. user_meta = UserMeta.get_by_user(user) if not user_meta: raise PermissionDenied() try: entity = self.safe_get_model.get_by_id(pk) except AttributeError: raise PermissionDenied("safe_get_model must have a get_by_id method") if not entity: raise PermissionDenied("No entity found for id: %s") # First check for an organization on the entity itself if hasattr(entity, 'organization'): if entity.organization == user_meta.organization: return entity raise PermissionDenied() # Second, check for the organization based on the domain if hasattr(entity, 'domain'): if entity.domain.organization == user_meta.organization: return entity raise PermissionDenied() # Third, check if the object is an organization if isinstance(entity, Organization): if entity == user_meta.organization: return entity raise PermissionDenied()
def org_safe_get(self, user, pk): """ Gets the entity for the given primary key while making sure that the user has access to the entity. This first checks if the requested entity has an organization attribute. If it does, it checks against that. If there is no organization, the entity is checked for a domain to find the organization. :param user: MBUser entity :param pk: Primary Key to look up. :return: An entity """ if not pk: raise PermissionDenied() if not user: raise PermissionDenied() # TODO: We need to handle multiple UserMetas in the future. user_meta = UserMeta.get_by_user(user) if not user_meta: raise PermissionDenied() try: entity = self.safe_get_model.get_by_id(pk) except AttributeError: raise PermissionDenied("safe_get_model must have a get_by_id method") if not entity: raise PermissionDenied("No entity found for id: %s") # First check for an organization on the entity itself if hasattr(entity, "organization"): if entity.organization == user_meta.organization: return entity raise PermissionDenied() # Second, check for the organization based on the domain if hasattr(entity, "domain"): if entity.domain.organization == user_meta.organization: return entity raise PermissionDenied() # Third, check if the object is an organization if isinstance(entity, Organization): if entity == user_meta.organization: return entity raise PermissionDenied()
def get(self, request): user = self.request.user user_meta = UserMeta.get_by_user(user) organization = user_meta.organization if user_meta else None data = { 'current_user': reverse('client-user-detail', kwargs={'pk': user.id}, request=request), 'domains': reverse('client-domain-list', request=request), 'emails': reverse('client-email-list', request=request), } if organization: data['organization'] = reverse('client-organization-detail', kwargs={'pk': organization.id}, request=request) return Response(data)
def get_queryset(self): user = self.request.user user_meta = UserMeta.get_by_user(user) domains = [] if user_meta: domains = Domain.objects.filter(organization=user_meta.organization) if not domains: return [] rules = set() for domain in domains: domain_rules = Rule.objects.filter(domain=domain) for domain_rule in domain_rules: rules.add(domain_rule) return list(rules)
def get_queryset(self): user = self.request.user user_meta = UserMeta.get_by_user(user) domains = [] if user_meta: domains = Domain.objects.filter(organization=user_meta.organization) if not domains: return [] emails = set() for domain in domains: domain_emails = EmailMeta.objects.filter(domain=domain) for domain_email in domain_emails: emails.add(domain_email) return list(emails)
def get_queryset(self): user = self.request.user user_meta = UserMeta.get_by_user(user) domains = [] if user_meta: domains = Domain.objects.filter( organization=user_meta.organization) if not domains: return [] rules = set() for domain in domains: domain_rules = Rule.objects.filter(domain=domain) for domain_rule in domain_rules: rules.add(domain_rule) return list(rules)
def get_queryset(self): user = self.request.user user_meta = UserMeta.get_by_user(user) domains = [] if user_meta: domains = Domain.objects.filter( organization=user_meta.organization) if not domains: return [] emails = set() for domain in domains: domain_emails = EmailMeta.objects.filter(domain=domain) for domain_email in domain_emails: emails.add(domain_email) return list(emails)
def meta(self, request, pk=None): user = MBUser.objects.get(id=pk) user_meta = UserMeta.get_by_user(user) meta = UserMetaSerializer(user_meta, context={'request': request}).data return Response(meta)
def post_save(self, obj, created=False): user_meta = UserMeta.get_by_user(obj) if not user_meta: UserMeta.create_user_meta(obj)
def get_queryset(self): user = self.request.user user_meta = UserMeta.get_by_user(user) return Organization.objects.filter(id=user_meta.organization.id)