def has_permission(self, domain, permission, data=None):
# is_admin is the same as having all the permissions set
from corehq.apps.orgs.models import Team
if self.is_global_admin():
return True
elif self.is_domain_admin(domain):
return True
dm_list = list()
dm = self.get_domain_membership(domain)
if dm:
dm_list.append([dm, ''])
for team_name, team_id in self.teams:
team = Team.get(team_id)
if team.get_domain_membership(domain) and team.get_domain_membership(domain).role:
dm_list.append([team.get_domain_membership(domain), '(' + team_name + ')'])
#now find out which dm has the highest permissions
if dm_list:
role = self.total_domain_membership(dm_list, domain)
dm = CustomDomainMembership(domain=domain, custom_role=role)
return dm.has_permission(permission, data)
else:
return False
def get_role(self, domain=None):
"""
Get the role object for this user
"""
from corehq.apps.orgs.models import Team
if domain is None:
# default to current_domain for django templates
domain = self.current_domain
if self.is_global_admin():
return AdminUserRole(domain=domain)
dm_list = list()
dm = self.get_domain_membership(domain)
if dm:
dm_list.append([dm, ''])
for team_name, team_id in self.teams:
team = Team.get(team_id)
if team.get_domain_membership(domain) and team.get_domain_membership(domain).role:
dm_list.append([team.get_domain_membership(domain), ' (' + team_name + ')'])
#now find out which dm has the highest permissions
if dm_list:
return self.total_domain_membership(dm_list, domain)
else:
raise DomainMembershipError()
def remove_domain_from_team(request, org, team_id, domain):
team = Team.get(team_id)
if team:
team.delete_domain_membership(domain)
team.save()
if 'redirect_url' in request.POST:
return HttpResponseRedirect(reverse(request.POST['redirect_url'], args=(org, team_id)))
def orgs_team_members(request, org, team_id, template="orgs/orgs_team_members.html"):
class TeamMembersNotification(Notification):
doc_type = 'OrgTeamMembersNotification'
def template(self):
return 'orgs/partials/team_members_notification.html'
MainNotification.display_if_needed(messages, request, ctxt={"org": request.organization})
TeamMembersNotification.display_if_needed(messages, request)
ctxt = base_context(request, request.organization)
ctxt["tab"] = "teams"
try:
team = Team.get(team_id)
except ResourceNotFound:
raise Http404("Team %s does not exist" % team_id)
team_members = team.get_members()
team_members.sort(key=lambda user: user.username)
#inspect the domains of the team
domain_names = team.get_domains()
team_domains = list()
for name in domain_names:
team_domains.append([Domain.get_by_name(name), team.role_label(domain=name), UserRole.by_domain(name)])
nonmembers = filter(lambda m: m.username not in [tm.username for tm in team_members], ctxt["members"])
nondomains = filter(lambda d: d.name not in [td[0].name for td in team_domains], ctxt["domains"])
ctxt.update(dict(team=team, team_members=team_members, nonmembers=nonmembers,
team_domains=team_domains, nondomains=nondomains))
return render(request, template, ctxt)
def orgs_team_members(request, org, team_id, template="orgs/orgs_team_members.html"):
organization = Organization.get_by_name(org)
ctxt = base_context(request, organization)
ctxt["tab"] = "teams"
try:
team = Team.get(team_id)
except ResourceNotFound:
raise Http404("Team %s does not exist" % team_id)
team_members = team.get_members()
team_members.sort(key=lambda user: user.username)
# inspect the domains of the team
domain_names = team.get_domains()
team_domains = list()
for name in domain_names:
team_domains.append([Domain.get_by_name(name), team.role_label(domain=name), UserRole.by_domain(name)])
nonmembers = [
m.username for m in filter(lambda m: m.username not in [tm.username for tm in team_members], ctxt["members"])
]
nondomains = [d.name for d in filter(lambda d: d.name not in [td[0].name for td in team_domains], ctxt["domains"])]
ctxt.update(
dict(
team=team,
team_members=team_members,
nonmembers=nonmembers,
team_domains=team_domains,
nondomains=nondomains,
)
)
return render(request, template, ctxt)
def remove_all_from_team(request, org, team_id):
team = Team.get(team_id)
members = team.get_members()
for member in members:
member.remove_from_team(org, team_id)
member.save()
return HttpResponseRedirect(reverse(request.POST.get('redirect_url', 'orgs_team_members'), args=(org, team_id)))
def orgs_team_members(request, org, team_id, template="orgs/orgs_team_members.html"):
class TeamMembersNotification(Notification):
doc_type = 'OrgTeamMembersNotification'
def template(self):
return 'orgs/partials/team_members_notification.html'
MainNotification.display_if_needed(messages, request, ctxt={"org": request.organization})
TeamMembersNotification.display_if_needed(messages, request)
ctxt = base_context(request, request.organization)
ctxt["tab"] = "teams"
try:
team = Team.get(team_id)
except ResourceNotFound:
raise Http404("Team %s does not exist" % team_id)
team_members = team.get_members()
team_members.sort(key=lambda user: user.username)
#inspect the domains of the team
domain_names = team.get_domains()
team_domains = list()
for name in domain_names:
team_domains.append([Domain.get_by_name(name), team.role_label(domain=name), UserRole.by_domain(name)])
nonmembers = filter(lambda m: m.username not in [tm.username for tm in team_members], ctxt["members"])
nondomains = filter(lambda d: d.name not in [td[0].name for td in team_domains], ctxt["domains"])
ctxt.update(dict(team=team, team_members=team_members, nonmembers=nonmembers,
team_domains=team_domains, nondomains=nondomains))
return render(request, template, ctxt)
def orgs_team_members(request, org, team_id, template="orgs/orgs_team_members.html"):
#organization and teams
organization = Organization.get_by_name(org)
teams = Team.get_by_org(org)
current_domains = Domain.get_by_organization(org)
#check that the team exists
team = Team.get(team_id)
if team is None:
raise Http404("Group %s does not exist" % team_id)
#inspect the members of the team
member_ids = team.get_member_ids()
members = WebUser.view("_all_docs", keys=member_ids, include_docs=True).all()
members.sort(key=lambda user: user.username)
#inspect the domains of the team
domain_names = team.get_domains()
domains = list()
for name in domain_names:
domains.append([Domain.get_by_name(name), team.role_label(domain=name)])
all_org_domains = Domain.get_by_organization(org)
non_domains = [domain for domain in all_org_domains if domain.name not in domain_names]
all_org_member_ids = organization.members
all_org_members = WebUser.view("_all_docs", keys=all_org_member_ids, include_docs=True).all()
non_members = [member for member in all_org_members if member.user_id not in member_ids]
vals = dict(org=organization, team=team, teams=teams, members=members, nonmembers=non_members, domains=current_domains, team_domains=domains, team_nondomains=non_domains)
return render_to_response(request, template, vals)
def remove_all_from_team(request, org, team_id):
team = Team.get(team_id)
members = team.get_members()
for member in members:
member.remove_from_team(org, team_id)
member.save()
return HttpResponseRedirect(reverse(request.POST.get('redirect_url', 'orgs_team_members'), args=(org, team_id)))
def remove_all_from_team(request, org, team_id):
team = Team.get(team_id)
if team:
member_ids = team.member_ids
for member in member_ids:
team.remove_member(member)
if 'redirect_url' in request.POST:
return HttpResponseRedirect(reverse(request.POST['redirect_url'], args=(org, team_id)))
def add_all_to_team(request, org, team_id):
team = Team.get(team_id)
if team:
organization = Organization.get_by_name(org)
members = organization.members
for member in members:
team.add_member(member)
if 'redirect_url' in request.POST:
return HttpResponseRedirect(reverse(request.POST['redirect_url'], args=(org, team_id)))
def delete_team(request, org, team_id):
team = Team.get(team_id)
if team.organization == org:
record = team.soft_delete()
messages.success(request, 'You have deleted a team. <a href="{url}" class="post-link">Undo</a>'.format(
url=reverse('undo_delete_team', args=[org, record.get_id])
), extra_tags="html")
return HttpResponseRedirect(reverse("orgs_teams", args=(org, )))
else:
return HttpResponseForbidden()
def remove_domain_from_team(request, org, team_id):
domain = request.POST.get("project_name", None)
if not domain:
messages.error(request, "You must specify a project name")
else:
team = Team.get(team_id)
team.delete_domain_membership(domain)
team.save()
messages.success(request, render_to_string('orgs/partials/undo_remove_domain_from_team.html',
{"team_id": team_id, "org": org, "dom": domain}), extra_tags="html")
return HttpResponseRedirect(reverse(request.POST.get('redirect_url', 'orgs_team_members'), args=(org, team_id)))
def get_domains(self):
from corehq.apps.orgs.models import Team
domains = [dm.domain for dm in self.domain_memberships]
if self.teams:
for team_name, team_id in self.teams:
team = Team.get(team_id)
team_domains = [dm.domain for dm in team.domain_memberships]
for domain in team_domains:
if domain not in domains:
domains.append(domain)
return domains
def add_domain_to_team(request, org, team_id):
domain = request.POST.get("project_name", None)
if not domain:
messages.error(request, "You must specify a project name")
elif domain not in [d.name for d in Domain.get_by_organization(org)]:
messages.error(request, "You cannot add a domain that isn't managed by this organization")
else:
team = Team.get(team_id)
team.add_domain_membership(domain)
team.save()
return HttpResponseRedirect(reverse(request.POST.get("redirect_url", "orgs_team_members"), args=(org, team_id)))
def remove_domain_from_team(request, org, team_id):
domain = request.POST.get("project_name", None)
if not domain:
messages.error(request, "You must specify a project name")
else:
team = Team.get(team_id)
team.delete_domain_membership(domain)
team.save()
messages.success(request, render_to_string('orgs/partials/undo_remove_domain_from_team.html',
{"team_id": team_id, "org": org, "dom": domain}), extra_tags="html")
return HttpResponseRedirect(reverse(request.POST.get('redirect_url', 'orgs_team_members'), args=(org, team_id)))
def set_team_permission_for_domain(request, org, team_id):
domain = request.POST.get('domain', None)
role_label = request.POST.get('role_label', None)
if domain and role_label:
team = Team.get(team_id)
team.set_role(domain, role_label)
team.save()
dm = team.get_domain_membership(domain)
return json_response(UserRole.get(dm.role_id).name if not dm.is_admin else 'Admin')
return HttpResponseRedirect(reverse('orgs_team_members', args=(org, team_id)))
def set_team_permission_for_domain(request, org, team_id):
domain = request.POST.get('domain', None)
role_label = request.POST.get('role_label', None)
if domain and role_label:
team = Team.get(team_id)
team.set_role(domain, role_label)
team.save()
dm = team.get_domain_membership(domain)
return json_response(UserRole.get(dm.role_id).name if not dm.is_admin else 'Admin')
return HttpResponseRedirect(reverse('orgs_team_members', args=(org, team_id)))
def orgs_update_team(request, org):
team_id = request.POST.get('team_id', "")
new_team_name = request.POST.get('team_name', "")
if team_id and new_team_name:
team = Team.get(team_id)
old_team_name = team.name
team.name = new_team_name
team.save()
messages.success(request, "Team %s has been renamed to %s" % (old_team_name, team.name))
else:
messages.error(request, "Could not edit team information -- missing new team name")
return HttpResponseRedirect(reverse('orgs_team_members', args=(org, team_id)))
def add_domain_to_team(request, org, team_id):
domain = request.POST.get("project_name", None)
if not domain:
messages.error(request, "You must specify a project name")
elif domain not in [d.name for d in Domain.get_by_organization(org)]:
messages.error(request, "You cannot add a domain that isn't managed by this organization")
else:
team = Team.get(team_id)
team.add_domain_membership(domain)
read_only_role = UserRole.by_domain_and_name(domain, 'Read Only').one()
team.set_role(domain, 'user-role:%s' % read_only_role.get_id)
team.save()
return HttpResponseRedirect(reverse(request.POST.get('redirect_url', 'orgs_team_members'), args=(org, team_id)))
def orgs_update_team(request, org):
team_id = request.POST.get('team_id', "")
new_team_name = request.POST.get('team_name', "")
if team_id and new_team_name:
team = Team.get(team_id)
old_team_name = team.name
team.name = new_team_name
team.save()
messages.success(request, "Team %s has been renamed to %s" % (old_team_name, team.name))
else:
messages.error(request, "Could not edit team information -- missing new team name")
return HttpResponseRedirect(reverse('orgs_team_members', args=(org, team_id)))
def add_domain_to_team(request, org, team_id):
domain = request.POST.get("project_name", None)
if not domain:
messages.error(request, "You must specify a project name")
elif domain not in [d.name for d in Domain.get_by_organization(org)]:
messages.error(request, "You cannot add a domain that isn't managed by this organization")
else:
team = Team.get(team_id)
team.add_domain_membership(domain)
read_only_role = UserRole.by_domain_and_name(domain, 'Read Only').one()
team.set_role(domain, 'user-role:%s' % read_only_role.get_id)
team.save()
return HttpResponseRedirect(reverse(request.POST.get('redirect_url', 'orgs_team_members'), args=(org, team_id)))
def delete_team(request, org):
team_id = request.POST.get("team_id", None)
if team_id:
team = Team.get(team_id)
# team_name = team.name
if team.organization == org:
record = team.soft_delete()
messages.success(request, 'You have deleted team <strong>{team_name}</strong>. <a href="{url}" class="post-link">Undo</a>'.format(
team_name=team.name, url=reverse('undo_delete_team', args=[org, record.get_id])
), extra_tags="html")
else:
messages.error(request, "This team doesn't exist")
else:
messages.error(request, "You must specify a team to delete")
return HttpResponseRedirect(reverse("orgs_teams", args=(org, )))
def delete_team(request, org):
team_id = request.POST.get("team_id", None)
if team_id:
team = Team.get(team_id)
# team_name = team.name
if team.organization == org:
record = team.soft_delete()
messages.success(request, 'You have deleted team <strong>{team_name}</strong>. <a href="{url}" class="post-link">Undo</a>'.format(
team_name=team.name, url=reverse('undo_delete_team', args=[org, record.get_id])
), extra_tags="html")
else:
messages.error(request, "This team doesn't exist")
else:
messages.error(request, "You must specify a team to delete")
return HttpResponseRedirect(reverse("orgs_teams", args=(org, )))
def orgs_team_members(request,
org,
team_id,
template="orgs/orgs_team_members.html"):
ctxt = base_context(request, request.organization)
ctxt["tab"] = "teams"
try:
team = Team.get(team_id)
except ResourceNotFound:
raise Http404("Team %s does not exist" % team_id)
team_members = team.get_members()
team_members.sort(key=lambda user: user.username)
#inspect the domains of the team
domain_names = team.get_domains()
team_domains = list()
for name in domain_names:
team_domains.append([
Domain.get_by_name(name),
team.role_label(domain=name),
UserRole.by_domain(name)
])
nonmembers = filter(
lambda m: m.username not in [tm.username for tm in team_members],
ctxt["members"])
nondomains = filter(
lambda d: d.name not in [td[0].name for td in team_domains],
ctxt["domains"])
ctxt.update(
dict(team=team,
team_members=team_members,
nonmembers=nonmembers,
team_domains=team_domains,
nondomains=nondomains))
return render(request, template, ctxt)
def set_team_permission_for_domain(request, org, team_id, domain, role_label):
team = Team.get(team_id)
if team:
team.set_role(domain, role_label)
team.save()
return HttpResponseRedirect(reverse('orgs_team_members', args=(org, team_id)))
def remove_user():
team = Team.get(team_id)
if team:
team.remove_member(couch_user_id)
def add_user():
team = Team.get(team_id)
if team:
team.add_member(couch_user_id)
