def test_permission_checking(self):
"""
Проверка установки разрешений для датасета
"""
dataset = Dataset.objects.create(creator=self.test_admin,
name=u"Название отчета",
description=u"Описание отчета")
grant_permission(dataset,
Role.objects.get(name=settings.ROLE_EDITOR_NAME),
settings.PERMISSION_EDIT_NAME)
grant_permission(dataset,
Role.objects.get(name=settings.ROLE_EDITOR_NAME),
settings.PERMISSION_VIEW_NAME)
grant_permission(dataset,
Role.objects.get(name=settings.ROLE_VIEWER_NAME),
settings.PERMISSION_VIEW_NAME)
self.assertEqual(
has_permission(dataset, self.test_viewer,
settings.PERMISSION_VIEW_NAME), True)
self.assertEqual(
has_permission(dataset, self.test_viewer,
settings.PERMISSION_EDIT_NAME), False)
self.assertEqual(
has_permission(dataset, self.test_editor,
settings.PERMISSION_VIEW_NAME), True)
self.assertEqual(
has_permission(dataset, self.test_editor,
settings.PERMISSION_EDIT_NAME), True)
def get_data(dataset, actor, date_range, boilers):
"""
Получить данные по отчету на указанный диапазон дат, для котельных.
Если в наборе данных присутствует поле из расхода топлива, нужно добавить
поля с информацией о топливе (FID, Вид топлива).
Если в наборе данных присутствует поле из расхода топлива, нужно добавить
поле с информацией о воде (WID, Категория расхода воды).
Параметры:
@param actor: тот кто получает доступ к отчету, просматривает его и пр.
@param date_range: диапазон дат начала и окончания
@param boilers: котельные по которым заполняется отчет(объекты BoilerHouse)
@return: массив данных для набора данных
"""
if has_permission(dataset, actor, settings.PERMISSION_VIEW_NAME)== False and \
has_permission(dataset, actor, settings.PERMISSION_EDIT_NAME)== False:
return []
date_begin = date_range[0]
date_end = date_range[1]
dataset_data = []
# разница в днях
delta = date_end - date_begin
if delta.days < 0 or delta.days > 31:
#raise ArgumentError(u"Неверный диапазон дат: дата окончания меньше даты начала или диапазон больше 31 дня.")
return []
if len(boilers) < 1:
#raise ArgumentError(u"Нет ни одной котельной, для которой нужно сформировать данные.")
return []
delta = delta.days
day_shift = 0
has_fuel_inf = has_fuel_info(dataset, actor)
has_water_cat = has_water_category(dataset, actor)
# по всем датам
while day_shift <= delta:
on_date = date_begin + datetime.timedelta(days=day_shift)
# для всех котельных
for boiler_obj in boilers:
# данные для одной котельной - 2х мерный массив
row_data = get_row_data(dataset, actor, on_date, boiler_obj, has_fuel_inf, has_water_cat)
dataset_data.extend(row_data)
day_shift = day_shift + 1
return dataset_data
def get_dataset_fields(dataset, actor):
"""
Получить список полей набора данных
"""
fields = []
for field in dataset.fields.all().order_by('index'):
if has_permission(field, actor, settings.PERMISSION_EDIT_NAME) or has_permission(field, actor, settings.PERMISSION_VIEW_NAME):
fields.append(field)
return fields
def get_dataset_rows_number(dataset, actor, date_range, boilers=[], fuel_infos=[], water_categories=[]):
"""
Получить количество рядов в запросе.
Количество рядов строится исходя из того: сколько котельных, какую информацию по ним показывать.
@param boilers: котельные (тип BoilerHouse)
@param actor: пользователь (User)
"""
if has_permission(dataset, actor, settings.PERMISSION_VIEW_NAME)== False and \
has_permission(dataset, actor, settings.PERMISSION_EDIT_NAME)== False:
return 0
rows_number = 0
date_begin = date_range[0]
date_end = date_range[1]
# разница в днях
delta = date_end - date_begin
if delta.days < 0 or delta.days > 31:
#raise ArgumentError(u"Неверный диапазон дат: дата окончания меньше даты начала или диапазон больше 31 дня.")
return 0
if len(boilers) < 1:
#raise ArgumentError(u"Нет ни одной котельной, для которой нужно сформировать данные.")
return 0
has_fuel = has_fuel_info(dataset, actor)
has_water = has_water_category(dataset, actor)
delta = delta.days
while delta >= 0:
for boiler in boilers:
if has_fuel == False and has_water == False:
rows_number = rows_number + 1
else:
if has_fuel:
c = FuelInfo.objects.filter(boiler = boiler, active = True).count()
rows_number = rows_number + c
if has_water:
c = WaterConsumptionCategory.objects.filter(boiler = boiler, active = True).count()
rows_number = rows_number + c
delta = delta - 1
return rows_number
def perm(request):
workflow = Workflow.objects.get(name="Standard")
private = State.objects.get(name="Private", workflow= workflow)
public = State.objects.get(name="Public", workflow= workflow)
# Add a role
from permissions.utils import register_role
owner = Role.objects.get(name='Owner')
# Create a user
from django.contrib.auth.models import User
user = User.objects.get(username="******")
# Assign user to role
owner.add_principal(user)
# Create example content type
page_1 = Project.objects.get(name="abc")
# Register permissions
from permissions.utils import register_permission
view = register_permission("View", "view")
edit = register_permission("Edit", "edit")
# Add all permissions which are managed by the workflow
from workflows.models import WorkflowPermissionRelation
WorkflowPermissionRelation.objects.create(workflow=workflow, permission=view)
WorkflowPermissionRelation.objects.create(workflow=workflow, permission=edit)
# Add permissions for the single states
from workflows.models import StatePermissionRelation
StatePermissionRelation.objects.create(state=public, permission=view, role=owner)
StatePermissionRelation.objects.create(state=private, permission=view, role=owner)
StatePermissionRelation.objects.create(state=private, permission=edit, role=owner)
# Assign the workflow to the content object
from workflows.utils import set_workflow
set_workflow(page_1, workflow)
# Now self.page_1 has the intial workflow state.
from permissions.utils import has_permission
print has_permission(page_1, user, "edit")
# Now we change the workflow state
set_state(page_1, public)
print has_permission(page_1, user, "edit")
def edit(request, token):
'''
View a token.
You must have view permission for this object to be able to do this
otherwise you will get a nasty 403 Fobidden error!
'''
#get or 404 the token
token_object = get_object_or_404(Token,pk=token)
if has_permission(token_object, request.user, 'view'):
if request.method == "POST":
form = TokenForm(request.POST, instance=token_object)
if form.is_valid():
token = form.save()
# redirect to home
return HttpResponseRedirect(reverse('home_view'))
else:
form = TokenForm(instance=token_object)
return render_to_response("create_token.html", {"form": form,'edit_mode':True, 'token':token_object}, context_instance=RequestContext(request) )
else:
raise PermissionDenied()
def expense_delete(request, expense_id):
"""Delete given expense if authorized to"""
expense = None
if not request.user.groups.filter(name="expense_requester").exists():
return HttpResponseRedirect(urlresolvers.reverse("forbiden"))
try:
consultant = Consultant.objects.get(trigramme__iexact=request.user.username)
user_team = consultant.userTeam(excludeSelf=False)
except Consultant.DoesNotExist:
user_team = []
#TODO: factorize this code with expense views above
try:
if expense_id:
expense = Expense.objects.get(id=expense_id)
if not (perm.has_permission(expense, request.user, "expense_edit")
and (expense.user == request.user or expense.user in user_team)):
messages.add_message(request, messages.WARNING, _("You are not allowed to edit that expense"))
expense_id = None
expense = None
except Expense.DoesNotExist:
messages.add_message(request, messages.ERROR, _("Expense %s does not exist" % expense_id))
expense_id = None
if expense:
expense.delete()
messages.add_message(request, messages.INFO, _("Expense %s has been deleted" % expense_id))
# Redirect user to expense main page
return redirect(expenses)
def view_application(request, application_id):
ethics_application = get_object_or_404(EthicsApplication,pk=application_id)
if has_permission(ethics_application, request.user, 'view'):
return render_to_response('ethicsapplication/view_ethics_application.html', {'application':ethics_application, },
context_instance=RequestContext(request))
else:
raise PermissionDenied()
def test_expense_wf(self):
# Setup default workflow
install_expense_workflow()
ABR = Consultant.objects.get(trigramme="ABR")
TCO = Consultant.objects.get(trigramme="TCO")
tco = TCO.getUser()
abr = ABR.getUser()
fla = User.objects.get(username="******")
category = ExpenseCategory.objects.create(name="repas")
e = Expense.objects.create(user=tco, description="une grande bouffe",
category=category, amount=123,
creation_date=date.today(), expense_date=date.today())
self.assertEqual(wf.get_state(e), None)
wf.set_initial_state(e)
self.assertNotEqual(wf.get_state(e), None) # Now wf is setup
# state = requested
self.assertEqual(len(wf.get_allowed_transitions(e, tco)), 0) # No transition allowed for user
self.assertEqual(len(wf.get_allowed_transitions(e, fla)), 0) # No transition allowed for paymaster
self.assertEqual(len(wf.get_allowed_transitions(e, abr)), 2) # But for his manager accept/reject
# Reject it
reject = Transition.objects.get(name="reject")
self.assertTrue(wf.do_transition(e, reject, abr))
for user in (tco, abr, fla):
self.assertEqual(len(wf.get_allowed_transitions(e, user)), 0) # No transition allowed
# Validate it
wf.set_initial_state(e) # Returns to requested state
validate = Transition.objects.get(name="validate")
self.assertTrue(wf.do_transition(e, validate, abr))
for user in (tco, abr):
self.assertEqual(len(wf.get_allowed_transitions(e, user)), 0) # No transition allowed
self.assertEqual(len(wf.get_allowed_transitions(e, fla)), 2) # Except paymaster accept/ask info
# Ask information
ask = Transition.objects.get(name="ask information")
self.assertTrue(wf.do_transition(e, ask, fla))
self.assertTrue(perm.has_permission(e, tco, "expense_edit"))
wf.set_initial_state(e) # Returns to requested state
self.assertEqual(len(wf.get_allowed_transitions(e, tco)), 0) # No transition allowed for user
self.assertTrue(wf.do_transition(e, validate, abr)) # Validate it again
# Check it
control = Transition.objects.get(name="control")
self.assertTrue(wf.do_transition(e, control, fla))
for user in (tco, abr, fla):
self.assertEqual(len(wf.get_allowed_transitions(e, user)), 0) # No transition allowed
# Create a payment for that expense
expensePayment = ExpensePayment(payment_date=date.today())
expensePayment.save()
e.expensePayment = expensePayment
e.save()
self.assertEqual(expensePayment.user(), tco)
self.assertEqual(expensePayment.amount(), 123)
def test_expense_wf(self):
# Setup default workflow
install_expense_workflow()
ABR = Consultant.objects.get(trigramme="ABR")
TCO = Consultant.objects.get(trigramme="TCO")
tco = TCO.getUser()
abr = ABR.getUser()
fla = User.objects.get(username="******")
category = ExpenseCategory.objects.create(name="repas")
e = Expense.objects.create(user=tco, description="une grande bouffe",
category=category, amount=123,
creation_date=date.today(), expense_date=date.today())
self.assertEqual(wf.get_state(e), None)
wf.set_initial_state(e)
self.assertNotEqual(wf.get_state(e), None) # Now wf is setup
# state = requested
self.assertEqual(len(wf.get_allowed_transitions(e, tco)), 0) # No transition allowed for user
self.assertEqual(len(wf.get_allowed_transitions(e, fla)), 0) # No transition allowed for paymaster
self.assertEqual(len(wf.get_allowed_transitions(e, abr)), 2) # But for his manager accept/reject
# Reject it
reject = Transition.objects.get(name="reject")
self.assertTrue(wf.do_transition(e, reject, abr))
for user in (tco, abr, fla):
self.assertEqual(len(wf.get_allowed_transitions(e, user)), 0) # No transition allowed
# Validate it
wf.set_initial_state(e) # Returns to requested state
validate = Transition.objects.get(name="validate")
self.assertTrue(wf.do_transition(e, validate, abr))
for user in (tco, abr):
self.assertEqual(len(wf.get_allowed_transitions(e, user)), 0) # No transition allowed
self.assertEqual(len(wf.get_allowed_transitions(e, fla)), 2) # Except paymaster accept/ask info
# Ask information
ask = Transition.objects.get(name="ask information")
self.assertTrue(wf.do_transition(e, ask, fla))
self.assertTrue(perm.has_permission(e, tco, "expense_edit"))
wf.set_initial_state(e) # Returns to requested state
self.assertEqual(len(wf.get_allowed_transitions(e, tco)), 0) # No transition allowed for user
self.assertTrue(wf.do_transition(e, validate, abr)) # Validate it again
# Check it
control = Transition.objects.get(name="control")
self.assertTrue(wf.do_transition(e, control, fla))
for user in (tco, abr, fla):
self.assertEqual(len(wf.get_allowed_transitions(e, user)), 0) # No transition allowed
# Create a payment for that expense
expensePayment = ExpensePayment(payment_date=date.today())
expensePayment.save()
e.expensePayment = expensePayment
e.save()
self.assertEqual(expensePayment.user(), tco)
self.assertEqual(expensePayment.amount(), 123)
def is_editable_by(self, user, permission='edit'):
""" Is this managed instance editable by user in fact of state and his
role permission
:param user: a user object
:type user: `django.contrib.auth.User <https://docs.djangoproject.com/en/1.4/topics/auth/#users>`_
:param permission: the permisson to match
:type permission: a string
"""
return self.is_editable and has_permission(self, user, permission)
def is_editable_by(self, user, permission='edit'):
""" Is this managed instance editable by user in fact of state and his
role permission
:param user: a user object
:type user: `django.contrib.auth.User <https://docs.djangoproject.com/en/1.4/topics/auth/#users>`_
:param permission: the permisson to match
:type permission: a string
"""
return self.is_editable and has_permission(self, user, permission)
def workflow_states_list(request, workflow_id, object_id):
workflow_object = get_object_or_404(Workflow_object, id=int(object_id))
workflow = get_workflow(workflow_object)
user = request.user
#do_transition(),the transition_id from POST
if has_permission(workflow_object, user, "edit"):
if request.method == 'POST':
if request.POST['transition_id']:
transition = get_object_or_404(
Transition, id=int(request.POST['transition_id']))
do_transition(workflow_object, transition, user)
#state = get_object_or_404(State, id=1)
#set_state(workflow_object,state)
#return current_state and workflow_states to show in page
current_state = None
workflow_states = []
transitions = []
states = State.objects.filter(workflow_id=workflow.id).order_by('id')
if has_permission(workflow_object, user, "view"):
current_state = get_state(workflow_object)
for state in states:
#if state.status and 'hiden' in state.status:
# continue
#if "Reject" not in state.name and "Failed" not in state.name and "Success" not in state.name:
workflow_states.append(state)
if has_permission(workflow_object, user, "edit"):
transitions = get_allowed_transitions(workflow_object, user)
content = open('mysite/media/' + workflow.name + '.png').read()
file_data = "data:image/jpeg;base64," + base64.b64encode(content)
return render_to_response('workflow/states_list.html', {
'workflow': workflow,
'workflow_states': workflow_states,
'transitions': transitions,
'current_state': current_state,
'object': workflow_object,
'file_data': file_data,
},
context_instance=RequestContext(request))
def get_template_names(self, **kwargs):
if not self.template_name == "user":
# print has_permission(self.object.get_base_object, self.request.user, 'edit')
temp = self.object
while temp:
if has_permission(temp, self.request.user, 'edit'):
return self.object.get_template('admin')
if not hasattr(temp, 'parent'):
break
if not temp.parent:
break
temp = temp.parent.get_type_object()
return self.object.get_template(None)
def view_application(request, application_id):
ethics_application = get_object_or_404(EthicsApplication,
pk=application_id)
if has_permission(ethics_application, request.user, 'view'):
return render_to_response(
'ethicsapplication/view_ethics_application.html', {
'application': ethics_application,
},
context_instance=RequestContext(request))
else:
raise PermissionDenied()
def view(request, token):
'''
Edit the details of a token.
You must have edit permission for this object to be able to do this
otherwise you will get a nasty 403 Fobidden error!
'''
token_object = get_object_or_404(Token,pk=token)
if has_permission(token_object, request.user, 'edit'):
return render_to_response("token_view.html", {"token": token_object,}, context_instance=RequestContext(request) )
else:
raise PermissionDenied()
return HttpResponse('edit')
def test_permission_checking(self):
# тип данных
source_ct = ContentType.objects.get(model='fuelconsumption',
app_label='fuel')
# поле доступное для отчета из типа данных
source_field = source_ct.model_class().DescriptorMeta.fields[0]
field = DatasetField.objects.create(creator=self.test_admin,
model_field_name=source_field,
model_content_type=source_ct)
grant_permission(field,
Role.objects.get(name=settings.ROLE_EDITOR_NAME),
settings.PERMISSION_EDIT_NAME)
grant_permission(field,
Role.objects.get(name=settings.ROLE_EDITOR_NAME),
settings.PERMISSION_VIEW_NAME)
grant_permission(field,
Role.objects.get(name=settings.ROLE_VIEWER_NAME),
settings.PERMISSION_VIEW_NAME)
self.assertEqual(
has_permission(field, self.test_viewer,
settings.PERMISSION_VIEW_NAME), True)
self.assertEqual(
has_permission(field, self.test_viewer,
settings.PERMISSION_EDIT_NAME), False)
self.assertEqual(
has_permission(field, self.test_editor,
settings.PERMISSION_VIEW_NAME), True)
self.assertEqual(
has_permission(field, self.test_editor,
settings.PERMISSION_EDIT_NAME), True)
def render(self, context):
try:
object_under_Test = self.object_under_Test.resolve(
context) #resolve the actual object from the context
user = context.get("user")
if has_permission(object_under_Test, user, self.permission_string):
return self.nodelist_true.render(context)
else:
if isinstance(self.nodelist_false, str):
return self.nodelist_false
else:
return self.nodelist_false.render(context)
except template.VariableDoesNotExist:
return ''
def render(self, context):
try:
object_under_Test = self.object_under_Test.resolve(context) #resolve the actual object from the context
user = context.get("user")
if has_permission(object_under_Test, user, self.permission_string):
return self.nodelist_true.render(context)
else:
if isinstance(self.nodelist_false, str):
return self.nodelist_false
else:
return self.nodelist_false.render(context)
except template.VariableDoesNotExist:
return ''
def get_datasets(actor, permission_name=settings.PERMISSION_VIEW_NAME):
"""
Получить список наборов данных, которые пользователь
может хотя бы просматривать.
Используется для получения информации об отчете и полях содержащихся в нем.
@param actor: объекта типа User, тот кто пытается получить доступ к объекту
@return: объекты Dataset
"""
datasets = []
if actor==None:
return datasets
for dataset in Dataset.objects.all():
if has_permission(dataset, actor, settings.PERMISSION_VIEW_NAME):
datasets.append(dataset)
return datasets
def submit_for_review(request, ethics_application_id):
'''
This view will ascertain if the submit_for_review transition can be
carried out on the specified ethicsApplication, by the logged in user.
If any of the following goes wrong then a forbidden exception will be raised:
1.User is not logged in
2.User does not have the submit permission for this application
3.The transition is not allowed
'''
ethics_application = get_object_or_404(EthicsApplication, pk=ethics_application_id)
if not request.user.is_authenticated() or not has_permission(ethics_application, request.user, 'submit') or not do_transition(ethics_application, 'submit_for_review', request.user):
raise PermissionDenied()
reviewer = Committee.objects.get_next_free_reviewer()
ethics_application.assign_reviewer(reviewer)
application_submitted_for_review.send(None, application=ethics_application, reviewer=reviewer)
return HttpResponseRedirect(reverse('index_view'))
def read_application_section(request, ethics_application_id, questionnaire_id,
order_index, return_url):
'''
This function should first check that the user has view permission for the
application in question
Then it should get the AnswerSet for the questiongroup as answered by the principle investigator
of the application (the question group is referenced by the questionnaire_id and the order_index)
'''
if request.GET.get('return_url', None) != None:
return_url = request.GET.get('return_url')
ethics_application = get_object_or_404(EthicsApplication,
pk=ethics_application_id)
questionnaire = get_object_or_404(Questionnaire, pk=questionnaire_id)
try:
ordered_groups = questionnaire.get_ordered_groups()
question_group = ordered_groups[int(order_index)]
except IndexError:
raise Http404("Invalid order index")
if not has_permission(ethics_application, request.user, 'view'):
raise PermissionDenied()
try:
answer_set = AnswerSet.objects.get(
user=ethics_application.principle_investigator,
questionnaire=questionnaire,
questiongroup=question_group)
question_answers = answer_set.get_latest_question_answer_in_order()
except ObjectDoesNotExist:
#not to worry just return an empty list
question_answers = []
return render_to_response('ethicsapplication/read_application_form.html', {
'return_url': return_url,
'question_answers': question_answers
},
context_instance=RequestContext(request))
def set_value(self, actor, date, value, boiler_obj, water_category_obj,
fuel_info_obj):
"""
Редактирование значение поля.
@param actor: тот, кто выполняет редактирование
@param boiler_obj: объект котельной (BoilerHouse)
@param date: дата отчета (в строковом формате)
@param value: Значение
"""
if not has_permission(self, actor, settings.PERMISSION_EDIT_NAME):
raise PermissionDenied(u"Пользователь " + unicode(actor) +
u" - не имеет права на запись поля " +
self.name)
if value != None:
try:
# создаем или получаем объект данных
model = self.model_content_type.model_class()
entity = get_entity(actor, date, model, boiler_obj,
water_category_obj, fuel_info_obj)
if entity == None:
return
# устанавливаем значение
setattr(entity, self.model_field_name, value)
entity.save(save_revision=True)
if hasattr(entity, 'update_period'):
logging.getLogger(__name__).debug(
u"Начинаем обновление периода для " + unicode(entity))
entity.update_period()
logging.getLogger(__name__).debug(
u"Закончено обновление периода для " + unicode(entity))
except Exception as ex:
traceback.print_exc(file=sys.stdout)
else:
raise ValueError("Недопустимое значение (None).")
def read_application_section(request, ethics_application_id, questionnaire_id, order_index, return_url):
'''
This function should first check that the user has view permission for the
application in question
Then it should get the AnswerSet for the questiongroup as answered by the principle investigator
of the application (the question group is referenced by the questionnaire_id and the order_index)
'''
if request.GET.get('return_url', None) != None:
return_url = request.GET.get('return_url')
ethics_application = get_object_or_404(EthicsApplication, pk=ethics_application_id)
questionnaire = get_object_or_404(Questionnaire, pk=questionnaire_id)
try:
ordered_groups = questionnaire.get_ordered_groups()
question_group = ordered_groups[int(order_index)]
except IndexError:
raise Http404("Invalid order index")
if not has_permission(ethics_application, request.user, 'view'):
raise PermissionDenied()
try:
answer_set = AnswerSet.objects.get(user=ethics_application.principle_investigator,
questionnaire=questionnaire,
questiongroup=question_group)
question_answers = answer_set.get_latest_question_answer_in_order()
except ObjectDoesNotExist:
#not to worry just return an empty list
question_answers=[]
return render_to_response('ethicsapplication/read_application_form.html',
{ 'return_url':return_url,
'question_answers':question_answers},
context_instance=RequestContext(request))
def test_creation(self):
"""
Проверка создания объекта поля.
Создавать объекты могут только пользователи роль которых РАЗРАБОТЧИК, АДМИН, МЕНЕДЖЕР
При создании у пользователя есть все права: редактировать, просматривать.
"""
sources = get_models_content_types()
field = get_model_fields(sources[0])[0]
obj = DatasetField(creator=self.test_admin,
model_field_name=field.name,
model_content_type=sources[0])
obj.save(save_revision=True)
self.assertEquals(obj.name, "")
self.assertEquals(obj.description, "")
self.assertEquals(obj.internal_name, "")
# Администратор, разработчик и менеджер имеют все права (Правка, просмотр, удаление)
self.assertEqual(
has_permission(obj, self.test_admin,
settings.PERMISSION_VIEW_NAME), True)
self.assertEqual(
has_permission(obj, self.test_developer,
settings.PERMISSION_VIEW_NAME), True)
self.assertEqual(
has_permission(obj, self.test_manager,
settings.PERMISSION_VIEW_NAME), True)
self.assertEqual(
has_permission(obj, self.test_viewer,
settings.PERMISSION_VIEW_NAME), False)
self.assertEqual(
has_permission(obj, self.test_editor,
settings.PERMISSION_VIEW_NAME), False)
self.assertEqual(
has_permission(obj, self.test_admin,
settings.PERMISSION_DELETE_NAME), True)
self.assertEqual(
has_permission(obj, self.test_developer,
settings.PERMISSION_DELETE_NAME), True)
self.assertEqual(
has_permission(obj, self.test_manager,
settings.PERMISSION_DELETE_NAME), True)
self.assertEqual(
has_permission(obj, self.test_viewer,
settings.PERMISSION_DELETE_NAME), False)
self.assertEqual(
has_permission(obj, self.test_editor,
settings.PERMISSION_DELETE_NAME), False)
self.assertEqual(
has_permission(obj, self.test_admin,
settings.PERMISSION_EDIT_NAME), True)
self.assertEqual(
has_permission(obj, self.test_developer,
settings.PERMISSION_EDIT_NAME), True)
self.assertEqual(
has_permission(obj, self.test_manager,
settings.PERMISSION_EDIT_NAME), True)
self.assertEqual(
has_permission(obj, self.test_viewer,
settings.PERMISSION_EDIT_NAME), False)
self.assertEqual(
has_permission(obj, self.test_editor,
settings.PERMISSION_EDIT_NAME), False)
def get_children(self, **kwargs):
if has_permission(self.object, self.request.user, 'edit'):
if self.template_name != "user":
return self.object.get_object_children(True)
return self.object.get_object_children(False)
def get_fields(dataset, actor):
"""
Получить заголовок отчета для указанного пользователя.
Метаданные содержат структуру для каждого поля показанного в отчёте пользователю.
[{'name' : ' <Наименование заголовка столбца>',
'id' : <Идентификатор модели DatasetField>,
'renderer' : '<Вид обработчика для представления содержимого>',
'editor' : '<Редактор содержимого, который также выполняет валидацию данных>',
'editable' : <Редактируем элемент или нет>,
'visible' : <Видимый или не видимый элемент>},...]
@param dataset: набор данных (Dataset)
@param actor: тот кто запрашивает заголовок (User)
@return: словарь с ключами 'names' и 'meta'
"""
if has_permission(dataset, actor, settings.PERMISSION_VIEW_NAME)== False and \
has_permission(dataset, actor, settings.PERMISSION_EDIT_NAME)== False:
return []
meta = []
# field - object of DatasetField
fields = get_dataset_fields(dataset, actor)
if len(fields) < 1:
return []
meta.extend(
# Идентификатор котельной
[
{'name' : 'ID',
'id' : 'ID',
'renderer' : 'string',
'editor' : 'textbox',
'editable' : False,
'visible' : False,
'validate' : False,
'resource' : ""},
# Дата
{'name' : u'Дата',
'id' : 'Date',
'renderer' : 'string',
'editor' : 'textbox',
'editable' : False,
'visible' : True,
'validate' : False,
'resource' : ""},
# Наименование котельной
{'name' : u'Котельная',
'id' : 'Boiler',
'renderer' : 'string',
'editor' : 'textbox',
'editable' : False,
'visible' : True,
'validate' : False,
'resource' : ""}])
# Присутствует поле определяющее расход по воде
if has_water_category(dataset, actor):
meta.extend([
# Идентификатор расхода воды
{'name' : u'WID',
'id' : 'WID',
'renderer' : 'string',
'editor' : 'textbox',
'editable' : False,
'visible' : False,
'validate' : False,
'resource' : ""},
# Наименовение
{'name' : u'Категория расхода воды',
'id' : 'WCID',
'renderer' : 'string',
'editor' : 'textbox',
'editable' : False,
'visible' : True,
'validate' : False,
'resource' : ""}])
# Присутствует поле определяющее расход по топливу
if has_fuel_info(dataset, actor):
meta.extend([
# Идентификатор расхода воды
{'name' : u'FID',
'id' : 'FID',
'renderer' : 'string',
'editor' : 'textbox',
'editable' : False,
'visible' : False,
'validate' : False,
'resource' : ""},
# Вид топлива
{'name' : u'Вид топлива',
'id' : 'FTID',
'renderer' : 'string',
'editor' : 'textbox',
'editable' : False,
'visible' : True,
'validate' : False,
'resource' : ""}
])
for field in fields:
# проверяем разрешение пользователя
can_edit = has_permission(field, actor, settings.PERMISSION_EDIT_NAME)
can_view = has_permission(field, actor, settings.PERMISSION_VIEW_NAME)
if can_view or can_edit:
from django.db.models import BooleanField, CharField, FloatField, ForeignKey
#объект поля модели, потомок класса Field
field_field = field.get_field()
resource_name = ""
if field.get_model_class().__name__ in ['FuelIncome','FuelRemains','FuelConsumption']:
resource_name = settings.RESOURCE_TYPE_FUEL
elif field.get_model_class().__name__ == 'WaterConsumption':
resource_name = settings.RESOURCE_TYPE_WATER
elif field.get_model_class().__name__ == 'ElectricityConsumption':
resource_name = settings.RESOURCE_TYPE_ELECTRICITY
field_name = ""
if field.name == "":
field_name = field_field.verbose_name
else:
field_name = field.name
field_id = field.id
need_validation = field.validate
if isinstance(field_field, BooleanField):
meta.append({'name' : field_name,
'id' : field_id,
'renderer' : 'boolean',
'editor' : 'checkbox',
'editable' : can_edit,
'visible' : can_view,
'validate' : need_validation,
'resource' : resource_name})
elif isinstance(field_field, CharField):
# renderer - string
# editor - textbox
meta.append({'name' : field_name,
'id' : field_id,
'renderer' : 'string',
'editor' : 'textbox',
'editable' : can_edit,
'visible' : can_view,
'validate' : need_validation,
'resource' : resource_name})
elif isinstance(field_field, FloatField):
# renderer - number
# editor - textbox
meta.append({'name' : field_name,
'id' : field_id,
'renderer' : 'number',
'editor' : 'textbox',
'editable' : can_edit,
'visible' : can_view,
'validate' : need_validation,
'resource' : resource_name})
elif isinstance(field_field, ForeignKey):
# renderer - string
# editor - textbox
meta.append({'name' : field_name,
'id' : field_id,
'renderer' : 'string',
'editor' : 'textbox',
'editable' : can_edit,
'visible' : can_view,
'validate' : need_validation,
'resource' : resource_name})
else:
# renderer - string
# editor - textbox
meta.append({'name' : field_name,
'id' : field_id,
'renderer' : 'string',
'editor' : 'textbox',
'editable' : can_edit,
'visible' : can_view,
'validate' : need_validation,
'resource' : resource_name})
return meta
def expenses(request, expense_id=None):
"""Display user expenses and expenses that he can validate"""
if not request.user.groups.filter(name="expense_requester").exists():
return HttpResponseRedirect(urlresolvers.reverse("forbiden"))
try:
consultant = Consultant.objects.get(trigramme__iexact=request.user.username)
user_team = consultant.userTeam(excludeSelf=False)
except Consultant.DoesNotExist:
user_team = []
try:
if expense_id:
expense = Expense.objects.get(id=expense_id)
if not (perm.has_permission(expense, request.user, "expense_edit")
and (expense.user == request.user or expense.user in user_team)):
messages.add_message(request, messages.WARNING, _("You are not allowed to edit that expense"))
expense_id = None
expense = None
except Expense.DoesNotExist:
messages.add_message(request, messages.ERROR, _("Expense %s does not exist" % expense_id))
expense_id = None
if request.method == "POST":
if expense_id:
form = ExpenseForm(request.POST, request.FILES, instance=expense)
else:
form = ExpenseForm(request.POST, request.FILES)
if form.is_valid():
expense = form.save(commit=False)
if not hasattr(expense, "user"):
# Don't update user if defined (case of expense updated by manager or adminstrator)
expense.user = request.user
expense.creation_date = date.today()
expense.save()
wf.set_initial_state(expense)
return HttpResponseRedirect(urlresolvers.reverse("expense.views.expenses"))
else:
if expense_id:
form = ExpenseForm(instance=expense) # A form that edit current expense
else:
form = ExpenseForm(initial={"expense_date": date.today()}) # An unbound form
# Get user expenses
user_expenses = Expense.objects.filter(user=request.user, workflow_in_progress=True).select_related()
if user_team:
team_expenses = Expense.objects.filter(user__in=user_team, workflow_in_progress=True).select_related()
else:
team_expenses = []
# Paymaster manage all expenses
if utils.has_role(request.user, "expense paymaster"):
managed_expenses = Expense.objects.filter(workflow_in_progress=True).exclude(user=request.user).select_related()
else:
managed_expenses = team_expenses
userExpenseTable = UserExpenseWorkflowTable(user_expenses)
userExpenseTable.transitionsData = dict([(e.id, []) for e in user_expenses]) # Inject expense allowed transitions. Always empty for own expense
userExpenseTable.expenseEditPerm = dict([(e.id, perm.has_permission(e, request.user, "expense_edit")) for e in user_expenses]) # Inject expense edit permissions
RequestConfig(request, paginate={"per_page": 50}).configure(userExpenseTable)
managedExpenseTable = ManagedExpenseWorkflowTable(managed_expenses)
managedExpenseTable.transitionsData = dict([(e.id, e.transitions(request.user)) for e in managed_expenses]) # Inject expense allowed transitions
managedExpenseTable.expenseEditPerm = dict([(e.id, perm.has_permission(e, request.user, "expense_edit")) for e in managed_expenses]) # Inject expense edit permissions
RequestConfig(request, paginate={"per_page": 100}).configure(managedExpenseTable)
# Prune every expense not updated since 60 days. For instance, rejected expense.
for expense in Expense.objects.filter(workflow_in_progress=True, update_date__lt=(date.today() - timedelta(60))):
if wf.get_state(expense).transitions.count() == 0:
expense.workflow_in_progress = False
expense.save()
return render(request, "expense/expenses.html",
{"user_expense_table": userExpenseTable,
"managed_expense_table": managedExpenseTable,
"modify_expense": bool(expense_id),
"form": form,
"user": request.user})
def has_perm(self, user_obj, perm, obj=None):
return has_permission(obj, user_obj, perm)
def test_creation(self):
"""
Проверка создания объекта
"""
obj = Dataset.objects.create(creator=self.test_admin,
name=u"Название отчета",
description=u"Описание отчета")
# Администратор, разработчик и менеджер имеют все права (Правка, просмотр, удаление)
self.assertEqual(
has_permission(obj, self.test_admin,
settings.PERMISSION_VIEW_NAME), True)
self.assertEqual(
has_permission(obj, self.test_developer,
settings.PERMISSION_VIEW_NAME), True)
self.assertEqual(
has_permission(obj, self.test_manager,
settings.PERMISSION_VIEW_NAME), True)
self.assertEqual(
has_permission(obj, self.test_viewer,
settings.PERMISSION_VIEW_NAME), False)
self.assertEqual(
has_permission(obj, self.test_editor,
settings.PERMISSION_VIEW_NAME), False)
self.assertEqual(
has_permission(obj, self.test_admin,
settings.PERMISSION_DELETE_NAME), True)
self.assertEqual(
has_permission(obj, self.test_developer,
settings.PERMISSION_DELETE_NAME), True)
self.assertEqual(
has_permission(obj, self.test_manager,
settings.PERMISSION_DELETE_NAME), True)
self.assertEqual(
has_permission(obj, self.test_viewer,
settings.PERMISSION_DELETE_NAME), False)
self.assertEqual(
has_permission(obj, self.test_editor,
settings.PERMISSION_DELETE_NAME), False)
self.assertEqual(
has_permission(obj, self.test_admin,
settings.PERMISSION_EDIT_NAME), True)
self.assertEqual(
has_permission(obj, self.test_developer,
settings.PERMISSION_EDIT_NAME), True)
self.assertEqual(
has_permission(obj, self.test_manager,
settings.PERMISSION_EDIT_NAME), True)
self.assertEqual(
has_permission(obj, self.test_viewer,
settings.PERMISSION_EDIT_NAME), False)
self.assertEqual(
has_permission(obj, self.test_editor,
settings.PERMISSION_EDIT_NAME), False)
def expenses(request, expense_id=None):
"""Display user expenses and expenses that he can validate"""
if not request.user.groups.filter(name="expense_requester").exists():
return HttpResponseRedirect(urlresolvers.reverse("forbiden"))
try:
consultant = Consultant.objects.get(trigramme__iexact=request.user.username)
user_team = consultant.userTeam(excludeSelf=False)
except Consultant.DoesNotExist:
user_team = []
try:
if expense_id:
expense = Expense.objects.get(id=expense_id)
if not (perm.has_permission(expense, request.user, "expense_edit")
and (expense.user == request.user or expense.user in user_team)):
messages.add_message(request, messages.WARNING, _("You are not allowed to edit that expense"))
expense_id = None
expense = None
except Expense.DoesNotExist:
messages.add_message(request, messages.ERROR, _("Expense %s does not exist" % expense_id))
expense_id = None
if request.method == "POST":
if expense_id:
form = ExpenseForm(request.POST, request.FILES, instance=expense)
else:
form = ExpenseForm(request.POST, request.FILES)
if form.is_valid():
expense = form.save(commit=False)
if not hasattr(expense, "user"):
# Don't update user if defined (case of expense updated by manager or adminstrator)
expense.user = request.user
expense.creation_date = date.today()
expense.save()
wf.set_initial_state(expense)
return HttpResponseRedirect(urlresolvers.reverse("expense.views.expenses"))
else:
if expense_id:
form = ExpenseForm(instance=expense) # A form that edit current expense
else:
form = ExpenseForm(initial={"expense_date": date.today()}) # An unbound form
# Get user expenses
user_expenses = Expense.objects.filter(user=request.user, workflow_in_progress=True).select_related()
if user_team:
team_expenses = Expense.objects.filter(user__in=user_team, workflow_in_progress=True).select_related()
else:
team_expenses = []
# Paymaster manage all expenses
if perm.has_role(request.user, "expense paymaster"):
managed_expenses = Expense.objects.filter(workflow_in_progress=True).exclude(user=request.user).select_related()
else:
managed_expenses = team_expenses
userExpenseTable = UserExpenseWorkflowTable(user_expenses)
userExpenseTable.transitionsData = dict([(e.id, []) for e in user_expenses]) # Inject expense allowed transitions. Always empty for own expense
userExpenseTable.expenseEditPerm = dict([(e.id, perm.has_permission(e, request.user, "expense_edit")) for e in user_expenses]) # Inject expense edit permissions
RequestConfig(request, paginate={"per_page": 50}).configure(userExpenseTable)
managedExpenseTable = ManagedExpenseWorkflowTable(managed_expenses)
managedExpenseTable.transitionsData = dict([(e.id, e.transitions(request.user)) for e in managed_expenses]) # Inject expense allowed transitions
managedExpenseTable.expenseEditPerm = dict([(e.id, perm.has_permission(e, request.user, "expense_edit")) for e in managed_expenses]) # Inject expense edit permissions
RequestConfig(request, paginate={"per_page": 50}).configure(managedExpenseTable)
return render(request, "expense/expenses.html",
{"user_expense_table": userExpenseTable,
"managed_expense_table": managedExpenseTable,
"modify_expense": bool(expense_id),
"form": form,
"user": request.user})
def set_dataset_data(request, field_id, on_date, company_object_id,
water_category_id, fuel_info_id, value):
"""
Установить новое значениче для указанной колонки.
@param on_date: Дата
@param field_id: идентификатор колонки
@param company_object_id: Идентификатор объекта
@param water_category_id: Идентификатор категории расхода воды
@param fuel_info_id: Идентификатор информации о топливе
@param value: новое значение
@return: Возвращает объект
"""
try:
field = DatasetField.objects.get(id=field_id)
# Дата на которую нужно заполнить значение
my_date = datetime.strptime(on_date, settings.DATE_FORMAT).date()
today = get_today()
# Проверка разрешения установления значения
if not has_permission(field, request.user,
settings.PERMISSION_EDIT_NAME):
return {
'success': False,
'message': u"У вас недостаточно прав для редактирования."
}
set_value = False
user_roles = get_roles(request.user)
admin = Role.objects.get(name=settings.ROLE_ADMIN_NAME)
manager = Role.objects.get(name=settings.ROLE_MANAGER_NAME)
developer = Role.objects.get(name=settings.ROLE_DEVELOPER_NAME)
editor = Role.objects.get(name=settings.ROLE_EDITOR_NAME)
# Если пользователь выполняет одну из ролей он может выполнять
# редактирование в любое время
if admin in user_roles or manager in user_roles or developer in user_roles:
set_value = True
# Если пользователь редактор - может в трехдневный срок редактировать данные
elif editor in user_roles and (today - my_date).days < 4 and (
today - my_date).days >= 0:
set_value = True
if set_value:
# Дополнительная проверка разрешения выполнять корректировку.
if field.model_field_name == 'correct':
# Даты в которые поле доступно для редактирования
editable_on_date = (get_month_day(today, 10),
get_month_day(today, 20),
get_month_day(today,
get_month_last_day(today)))
if my_date not in editable_on_date:
return {
'success':
False,
'message':
u"Корректировку можно делать только 10-го, 20-го и в последний день месяца"
}
# Информация о топливе
fuel_info_obj = None
if fuel_info_id > 0:
fuel_info_obj = FuelInfo.objects.get(id=fuel_info_id)
# Информация о воде
water_category_obj = None
if water_category_id > 0:
water_category_obj = WaterConsumptionCategory.objects.get(
id=water_category_id)
# Котельная
boiler = BoilerHouse.objects.get(id=company_object_id)
# Установить значение
field.set_value(request.user, my_date, value, boiler,
water_category_obj, fuel_info_obj)
else:
return {
'success': False,
'message':
u"Редактирование доступно только в трехдневный срок."
}
except Exception as ex:
traceback.print_exc(file=sys.stdout)
_logger.error(u"[dataset.setData] - Не удалось сохранить значение: " +
unicode(ex))
return {
'success': False,
'message': u"Не удалось сохранить значение " + unicode(ex)
}
return {'success': True, 'message': u'Значение сохранено.'}
