def get_queryset(self): countries = Country.objects.all() include_countries = [] country = self.request.GET.get('country') perm_list = UserLocationPermission.objects.filter( account__id=self.request.user.id, permission__permission_group='AUDIT', permission__action='VIEW') for country_entry in countries: if country is not None and int(country) != country_entry.id: continue if UserLocationPermission.has_permission_in_list( perm_list, 'AUDIT', 'VIEW', country_entry.id, None): include_countries.append(country_entry) queryset = Audit.objects.filter(country__in=include_countries) form_type = self.request.GET.get('form_type') if country is not None: queryset = queryset.filter(country__id=country) if form_type is not None: forms = Form.objects.filter(form_type__id=form_type) form_names = [] for form in forms: form_names.append(form.form_name) queryset = queryset.filter(form_name__in=form_names) return queryset
def has_permission(self, account_id, action, country_id): perm_list = UserLocationPermission.objects.filter( account__id=account_id, permission__permission_group='AUDIT', permission__action=action) return UserLocationPermission.has_permission_in_list( perm_list, 'AUDIT', action, country_id, None)
def get_can_edit(self, obj): perm_list = self.context.get('perm_list') ret = UserLocationPermission.has_permission_in_list( perm_list, self.perm_group_name, 'EDIT', obj.station.operating_country.id, obj.station.id) return ret
def get_can_delete(self, obj): perm_list = self.context.get('perm_list') return UserLocationPermission.has_permission_in_list( perm_list, self.perm_group_name, 'DELETE', obj.station.operating_country.id, obj.station.id)
def get_queryset(self): if self.action != 'list': return None in_country = self.request.GET.get('country_ids') status = self.request.GET.get('status', 'approved') search = self.request.GET.get('search') status_list = [] in_progress=False for stat in status.split(','): # Earlier feature to only allow author to view in-progress forms # has been disabled #if stat == 'in-progress': # in_progress = True #else: # status_list.append(stat) status_list.append(stat) countries = Country.objects.all() all_country_list = [] for country in countries: all_country_list.append(country.id) country_list = [] if in_country is not None and in_country != '': # client provided a list of countries to consider for cntry in in_country.split(','): country_list.append(int(cntry)) else: # client did not provide a list - so consider all countries country_list = all_country_list account_id = self.request.user.id station_list = [] form_storage_list = [] tmp_station_list = BorderStation.objects.filter(operating_country__in=country_list) perm_list = UserLocationPermission.objects.filter(account__id=account_id, permission__permission_group=self.get_perm_group_name()).exclude(permission__action='ADD') self.serializer_context = {'perm_list':perm_list} for station in tmp_station_list: if (UserLocationPermission.has_permission_in_list(perm_list, self.get_perm_group_name(), None, station.operating_country.id, station.id)): station_list.append(station) form = Form.current_form(self.get_form_type_name(), station.id) if form is not None and form.storage not in form_storage_list: form_storage_list.append(form.storage) q_filter = self.build_query_filter(status_list, station_list, in_progress, account_id) queryset = None for form_storage in form_storage_list: mod = __import__(form_storage.module_name, fromlist=[form_storage.form_model_name]) form_model = getattr(mod, form_storage.form_model_name) tmp_queryset = form_model.objects.filter(q_filter).only(*self.get_list_field_names()) if search is not None: tmp_queryset = self.filter_key(tmp_queryset, search) if queryset is None: queryset = tmp_queryset else: queryset = queryset.union(tmp_queryset) if queryset is None: queryset = self.get_empty_queryset() return queryset