def _can_edit_workers_location(web_user, mobile_worker): if web_user.has_permission(mobile_worker.domain, 'access_all_locations'): return True loc_id = mobile_worker.location_id if not loc_id: return False return user_can_access_location_id(mobile_worker.domain, web_user, loc_id)
def clean_location_id(self): location_id = self.cleaned_data['location_id'] if not user_can_access_location_id(self.project.name, self.user, location_id): raise forms.ValidationError( "You do not have access to that location.") return location_id
def clean_location_id(self): location_id = self.cleaned_data['location_id'] if not user_can_access_location_id(self.domain, self.request_user, location_id): raise forms.ValidationError( "You do not have access to that location.") return location_id
def decorator_dispatcher(self, request, *args, **kwargs): response = super(HistoricalAdherenceReport, self).decorator_dispatcher(request, *args, **kwargs) if not user_can_access_location_id( self.domain, self.request.couch_user, self.person.owner_id): raise location_restricted_exception(request) return response
def _can_edit_workers_location(web_user, mobile_worker): if web_user.has_permission(mobile_worker.domain, 'access_all_locations'): return True loc_id = mobile_worker.location_id if not loc_id: return False return user_can_access_location_id(mobile_worker.domain, web_user, loc_id)
def _inner(request, domain, *args, **kwargs): def call_view(): return view_fn(request, domain, *args, **kwargs) if icds_pre_release_features(request.couch_user): loc_id = request.GET.get('location_id') def return_no_location_access_response(): return HttpResponse('No access to the location {} for the logged in user'.format(loc_id), status=403) if not loc_id and not request.couch_user.has_permission(domain, 'access_all_locations'): return return_no_location_access_response() if loc_id and not user_can_access_location_id(domain, request.couch_user, loc_id): return return_no_location_access_response() return call_view()
def loc_to_json(loc, project): ret = { 'name': loc.name, 'location_type': loc.location_type.name, # todo: remove when types aren't optional 'uuid': loc.location_id, 'is_archived': loc.is_archived, 'can_edit': True } if user: if user.has_permission(domain, 'access_all_locations'): ret['can_edit'] = user_can_edit_location(user, loc, project) else: ret['can_edit'] = user_can_access_location_id(domain, user, loc.location_id) return ret
def download_location_reassignment_template(request, domain): location_id = request.GET.get('location_id') if not location_id or not user_can_access_location_id(domain, request.couch_user, location_id): messages.error(request, _("Please select a location.")) return HttpResponseRedirect(reverse(LocationReassignmentView.urlname, args=[domain])) location = SQLLocation.active_objects.get(location_id=location_id, domain=domain) response_file = DownloadUsers(location).dump() response = HttpResponse(response_file, content_type="text/html; charset=utf-8") timezone = get_timezone_for_user(request.couch_user, domain) creation_time = datetime.now(timezone).strftime(FILENAME_DATETIME_FORMAT) filename = f"[{domain}] {location.name} Location Reassignment Request Template {creation_time}" response['Content-Disposition'] = safe_filename_header(filename, 'xlsx') return response
def clean_location_id(self): location_id = self.cleaned_data['location_id'] if not user_can_access_location_id(self.project.name, self.user, location_id): raise forms.ValidationError("You do not have access to that location.") return location_id
def clean_location_id(self): location_id = self.cleaned_data['location_id'] if not user_can_access_location_id(self.domain, self.request_user, location_id): raise forms.ValidationError("You do not have access to that location.") return location_id