def test_permission_checking(self): """ Проверка установки разрешений для датасета """ dataset = Dataset.objects.create(creator=self.test_admin, name=u"Название отчета", description=u"Описание отчета") grant_permission(dataset, Role.objects.get(name=settings.ROLE_EDITOR_NAME), settings.PERMISSION_EDIT_NAME) grant_permission(dataset, Role.objects.get(name=settings.ROLE_EDITOR_NAME), settings.PERMISSION_VIEW_NAME) grant_permission(dataset, Role.objects.get(name=settings.ROLE_VIEWER_NAME), settings.PERMISSION_VIEW_NAME) self.assertEqual( has_permission(dataset, self.test_viewer, settings.PERMISSION_VIEW_NAME), True) self.assertEqual( has_permission(dataset, self.test_viewer, settings.PERMISSION_EDIT_NAME), False) self.assertEqual( has_permission(dataset, self.test_editor, settings.PERMISSION_VIEW_NAME), True) self.assertEqual( has_permission(dataset, self.test_editor, settings.PERMISSION_EDIT_NAME), True)
def get_data(dataset, actor, date_range, boilers): """ Получить данные по отчету на указанный диапазон дат, для котельных. Если в наборе данных присутствует поле из расхода топлива, нужно добавить поля с информацией о топливе (FID, Вид топлива). Если в наборе данных присутствует поле из расхода топлива, нужно добавить поле с информацией о воде (WID, Категория расхода воды). Параметры: @param actor: тот кто получает доступ к отчету, просматривает его и пр. @param date_range: диапазон дат начала и окончания @param boilers: котельные по которым заполняется отчет(объекты BoilerHouse) @return: массив данных для набора данных """ if has_permission(dataset, actor, settings.PERMISSION_VIEW_NAME)== False and \ has_permission(dataset, actor, settings.PERMISSION_EDIT_NAME)== False: return [] date_begin = date_range[0] date_end = date_range[1] dataset_data = [] # разница в днях delta = date_end - date_begin if delta.days < 0 or delta.days > 31: #raise ArgumentError(u"Неверный диапазон дат: дата окончания меньше даты начала или диапазон больше 31 дня.") return [] if len(boilers) < 1: #raise ArgumentError(u"Нет ни одной котельной, для которой нужно сформировать данные.") return [] delta = delta.days day_shift = 0 has_fuel_inf = has_fuel_info(dataset, actor) has_water_cat = has_water_category(dataset, actor) # по всем датам while day_shift <= delta: on_date = date_begin + datetime.timedelta(days=day_shift) # для всех котельных for boiler_obj in boilers: # данные для одной котельной - 2х мерный массив row_data = get_row_data(dataset, actor, on_date, boiler_obj, has_fuel_inf, has_water_cat) dataset_data.extend(row_data) day_shift = day_shift + 1 return dataset_data
def get_dataset_fields(dataset, actor): """ Получить список полей набора данных """ fields = [] for field in dataset.fields.all().order_by('index'): if has_permission(field, actor, settings.PERMISSION_EDIT_NAME) or has_permission(field, actor, settings.PERMISSION_VIEW_NAME): fields.append(field) return fields
def get_dataset_rows_number(dataset, actor, date_range, boilers=[], fuel_infos=[], water_categories=[]): """ Получить количество рядов в запросе. Количество рядов строится исходя из того: сколько котельных, какую информацию по ним показывать. @param boilers: котельные (тип BoilerHouse) @param actor: пользователь (User) """ if has_permission(dataset, actor, settings.PERMISSION_VIEW_NAME)== False and \ has_permission(dataset, actor, settings.PERMISSION_EDIT_NAME)== False: return 0 rows_number = 0 date_begin = date_range[0] date_end = date_range[1] # разница в днях delta = date_end - date_begin if delta.days < 0 or delta.days > 31: #raise ArgumentError(u"Неверный диапазон дат: дата окончания меньше даты начала или диапазон больше 31 дня.") return 0 if len(boilers) < 1: #raise ArgumentError(u"Нет ни одной котельной, для которой нужно сформировать данные.") return 0 has_fuel = has_fuel_info(dataset, actor) has_water = has_water_category(dataset, actor) delta = delta.days while delta >= 0: for boiler in boilers: if has_fuel == False and has_water == False: rows_number = rows_number + 1 else: if has_fuel: c = FuelInfo.objects.filter(boiler = boiler, active = True).count() rows_number = rows_number + c if has_water: c = WaterConsumptionCategory.objects.filter(boiler = boiler, active = True).count() rows_number = rows_number + c delta = delta - 1 return rows_number
def perm(request): workflow = Workflow.objects.get(name="Standard") private = State.objects.get(name="Private", workflow= workflow) public = State.objects.get(name="Public", workflow= workflow) # Add a role from permissions.utils import register_role owner = Role.objects.get(name='Owner') # Create a user from django.contrib.auth.models import User user = User.objects.get(username="******") # Assign user to role owner.add_principal(user) # Create example content type page_1 = Project.objects.get(name="abc") # Register permissions from permissions.utils import register_permission view = register_permission("View", "view") edit = register_permission("Edit", "edit") # Add all permissions which are managed by the workflow from workflows.models import WorkflowPermissionRelation WorkflowPermissionRelation.objects.create(workflow=workflow, permission=view) WorkflowPermissionRelation.objects.create(workflow=workflow, permission=edit) # Add permissions for the single states from workflows.models import StatePermissionRelation StatePermissionRelation.objects.create(state=public, permission=view, role=owner) StatePermissionRelation.objects.create(state=private, permission=view, role=owner) StatePermissionRelation.objects.create(state=private, permission=edit, role=owner) # Assign the workflow to the content object from workflows.utils import set_workflow set_workflow(page_1, workflow) # Now self.page_1 has the intial workflow state. from permissions.utils import has_permission print has_permission(page_1, user, "edit") # Now we change the workflow state set_state(page_1, public) print has_permission(page_1, user, "edit")
def edit(request, token): ''' View a token. You must have view permission for this object to be able to do this otherwise you will get a nasty 403 Fobidden error! ''' #get or 404 the token token_object = get_object_or_404(Token,pk=token) if has_permission(token_object, request.user, 'view'): if request.method == "POST": form = TokenForm(request.POST, instance=token_object) if form.is_valid(): token = form.save() # redirect to home return HttpResponseRedirect(reverse('home_view')) else: form = TokenForm(instance=token_object) return render_to_response("create_token.html", {"form": form,'edit_mode':True, 'token':token_object}, context_instance=RequestContext(request) ) else: raise PermissionDenied()
def expense_delete(request, expense_id): """Delete given expense if authorized to""" expense = None if not request.user.groups.filter(name="expense_requester").exists(): return HttpResponseRedirect(urlresolvers.reverse("forbiden")) try: consultant = Consultant.objects.get(trigramme__iexact=request.user.username) user_team = consultant.userTeam(excludeSelf=False) except Consultant.DoesNotExist: user_team = [] #TODO: factorize this code with expense views above try: if expense_id: expense = Expense.objects.get(id=expense_id) if not (perm.has_permission(expense, request.user, "expense_edit") and (expense.user == request.user or expense.user in user_team)): messages.add_message(request, messages.WARNING, _("You are not allowed to edit that expense")) expense_id = None expense = None except Expense.DoesNotExist: messages.add_message(request, messages.ERROR, _("Expense %s does not exist" % expense_id)) expense_id = None if expense: expense.delete() messages.add_message(request, messages.INFO, _("Expense %s has been deleted" % expense_id)) # Redirect user to expense main page return redirect(expenses)
def view_application(request, application_id): ethics_application = get_object_or_404(EthicsApplication,pk=application_id) if has_permission(ethics_application, request.user, 'view'): return render_to_response('ethicsapplication/view_ethics_application.html', {'application':ethics_application, }, context_instance=RequestContext(request)) else: raise PermissionDenied()
def test_expense_wf(self): # Setup default workflow install_expense_workflow() ABR = Consultant.objects.get(trigramme="ABR") TCO = Consultant.objects.get(trigramme="TCO") tco = TCO.getUser() abr = ABR.getUser() fla = User.objects.get(username="******") category = ExpenseCategory.objects.create(name="repas") e = Expense.objects.create(user=tco, description="une grande bouffe", category=category, amount=123, creation_date=date.today(), expense_date=date.today()) self.assertEqual(wf.get_state(e), None) wf.set_initial_state(e) self.assertNotEqual(wf.get_state(e), None) # Now wf is setup # state = requested self.assertEqual(len(wf.get_allowed_transitions(e, tco)), 0) # No transition allowed for user self.assertEqual(len(wf.get_allowed_transitions(e, fla)), 0) # No transition allowed for paymaster self.assertEqual(len(wf.get_allowed_transitions(e, abr)), 2) # But for his manager accept/reject # Reject it reject = Transition.objects.get(name="reject") self.assertTrue(wf.do_transition(e, reject, abr)) for user in (tco, abr, fla): self.assertEqual(len(wf.get_allowed_transitions(e, user)), 0) # No transition allowed # Validate it wf.set_initial_state(e) # Returns to requested state validate = Transition.objects.get(name="validate") self.assertTrue(wf.do_transition(e, validate, abr)) for user in (tco, abr): self.assertEqual(len(wf.get_allowed_transitions(e, user)), 0) # No transition allowed self.assertEqual(len(wf.get_allowed_transitions(e, fla)), 2) # Except paymaster accept/ask info # Ask information ask = Transition.objects.get(name="ask information") self.assertTrue(wf.do_transition(e, ask, fla)) self.assertTrue(perm.has_permission(e, tco, "expense_edit")) wf.set_initial_state(e) # Returns to requested state self.assertEqual(len(wf.get_allowed_transitions(e, tco)), 0) # No transition allowed for user self.assertTrue(wf.do_transition(e, validate, abr)) # Validate it again # Check it control = Transition.objects.get(name="control") self.assertTrue(wf.do_transition(e, control, fla)) for user in (tco, abr, fla): self.assertEqual(len(wf.get_allowed_transitions(e, user)), 0) # No transition allowed # Create a payment for that expense expensePayment = ExpensePayment(payment_date=date.today()) expensePayment.save() e.expensePayment = expensePayment e.save() self.assertEqual(expensePayment.user(), tco) self.assertEqual(expensePayment.amount(), 123)
def test_expense_wf(self): # Setup default workflow install_expense_workflow() ABR = Consultant.objects.get(trigramme="ABR") TCO = Consultant.objects.get(trigramme="TCO") tco = TCO.getUser() abr = ABR.getUser() fla = User.objects.get(username="******") category = ExpenseCategory.objects.create(name="repas") e = Expense.objects.create(user=tco, description="une grande bouffe", category=category, amount=123, creation_date=date.today(), expense_date=date.today()) self.assertEqual(wf.get_state(e), None) wf.set_initial_state(e) self.assertNotEqual(wf.get_state(e), None) # Now wf is setup # state = requested self.assertEqual(len(wf.get_allowed_transitions(e, tco)), 0) # No transition allowed for user self.assertEqual(len(wf.get_allowed_transitions(e, fla)), 0) # No transition allowed for paymaster self.assertEqual(len(wf.get_allowed_transitions(e, abr)), 2) # But for his manager accept/reject # Reject it reject = Transition.objects.get(name="reject") self.assertTrue(wf.do_transition(e, reject, abr)) for user in (tco, abr, fla): self.assertEqual(len(wf.get_allowed_transitions(e, user)), 0) # No transition allowed # Validate it wf.set_initial_state(e) # Returns to requested state validate = Transition.objects.get(name="validate") self.assertTrue(wf.do_transition(e, validate, abr)) for user in (tco, abr): self.assertEqual(len(wf.get_allowed_transitions(e, user)), 0) # No transition allowed self.assertEqual(len(wf.get_allowed_transitions(e, fla)), 2) # Except paymaster accept/ask info # Ask information ask = Transition.objects.get(name="ask information") self.assertTrue(wf.do_transition(e, ask, fla)) self.assertTrue(perm.has_permission(e, tco, "expense_edit")) wf.set_initial_state(e) # Returns to requested state self.assertEqual(len(wf.get_allowed_transitions(e, tco)), 0) # No transition allowed for user self.assertTrue(wf.do_transition(e, validate, abr)) # Validate it again # Check it control = Transition.objects.get(name="control") self.assertTrue(wf.do_transition(e, control, fla)) for user in (tco, abr, fla): self.assertEqual(len(wf.get_allowed_transitions(e, user)), 0) # No transition allowed # Create a payment for that expense expensePayment = ExpensePayment(payment_date=date.today()) expensePayment.save() e.expensePayment = expensePayment e.save() self.assertEqual(expensePayment.user(), tco) self.assertEqual(expensePayment.amount(), 123)
def is_editable_by(self, user, permission='edit'): """ Is this managed instance editable by user in fact of state and his role permission :param user: a user object :type user: `django.contrib.auth.User <https://docs.djangoproject.com/en/1.4/topics/auth/#users>`_ :param permission: the permisson to match :type permission: a string """ return self.is_editable and has_permission(self, user, permission)
def is_editable_by(self, user, permission='edit'): """ Is this managed instance editable by user in fact of state and his role permission :param user: a user object :type user: `django.contrib.auth.User <https://docs.djangoproject.com/en/1.4/topics/auth/#users>`_ :param permission: the permisson to match :type permission: a string """ return self.is_editable and has_permission(self, user, permission)
def workflow_states_list(request, workflow_id, object_id): workflow_object = get_object_or_404(Workflow_object, id=int(object_id)) workflow = get_workflow(workflow_object) user = request.user #do_transition(),the transition_id from POST if has_permission(workflow_object, user, "edit"): if request.method == 'POST': if request.POST['transition_id']: transition = get_object_or_404( Transition, id=int(request.POST['transition_id'])) do_transition(workflow_object, transition, user) #state = get_object_or_404(State, id=1) #set_state(workflow_object,state) #return current_state and workflow_states to show in page current_state = None workflow_states = [] transitions = [] states = State.objects.filter(workflow_id=workflow.id).order_by('id') if has_permission(workflow_object, user, "view"): current_state = get_state(workflow_object) for state in states: #if state.status and 'hiden' in state.status: # continue #if "Reject" not in state.name and "Failed" not in state.name and "Success" not in state.name: workflow_states.append(state) if has_permission(workflow_object, user, "edit"): transitions = get_allowed_transitions(workflow_object, user) content = open('mysite/media/' + workflow.name + '.png').read() file_data = "data:image/jpeg;base64," + base64.b64encode(content) return render_to_response('workflow/states_list.html', { 'workflow': workflow, 'workflow_states': workflow_states, 'transitions': transitions, 'current_state': current_state, 'object': workflow_object, 'file_data': file_data, }, context_instance=RequestContext(request))
def get_template_names(self, **kwargs): if not self.template_name == "user": # print has_permission(self.object.get_base_object, self.request.user, 'edit') temp = self.object while temp: if has_permission(temp, self.request.user, 'edit'): return self.object.get_template('admin') if not hasattr(temp, 'parent'): break if not temp.parent: break temp = temp.parent.get_type_object() return self.object.get_template(None)
def view_application(request, application_id): ethics_application = get_object_or_404(EthicsApplication, pk=application_id) if has_permission(ethics_application, request.user, 'view'): return render_to_response( 'ethicsapplication/view_ethics_application.html', { 'application': ethics_application, }, context_instance=RequestContext(request)) else: raise PermissionDenied()
def view(request, token): ''' Edit the details of a token. You must have edit permission for this object to be able to do this otherwise you will get a nasty 403 Fobidden error! ''' token_object = get_object_or_404(Token,pk=token) if has_permission(token_object, request.user, 'edit'): return render_to_response("token_view.html", {"token": token_object,}, context_instance=RequestContext(request) ) else: raise PermissionDenied() return HttpResponse('edit')
def test_permission_checking(self): # тип данных source_ct = ContentType.objects.get(model='fuelconsumption', app_label='fuel') # поле доступное для отчета из типа данных source_field = source_ct.model_class().DescriptorMeta.fields[0] field = DatasetField.objects.create(creator=self.test_admin, model_field_name=source_field, model_content_type=source_ct) grant_permission(field, Role.objects.get(name=settings.ROLE_EDITOR_NAME), settings.PERMISSION_EDIT_NAME) grant_permission(field, Role.objects.get(name=settings.ROLE_EDITOR_NAME), settings.PERMISSION_VIEW_NAME) grant_permission(field, Role.objects.get(name=settings.ROLE_VIEWER_NAME), settings.PERMISSION_VIEW_NAME) self.assertEqual( has_permission(field, self.test_viewer, settings.PERMISSION_VIEW_NAME), True) self.assertEqual( has_permission(field, self.test_viewer, settings.PERMISSION_EDIT_NAME), False) self.assertEqual( has_permission(field, self.test_editor, settings.PERMISSION_VIEW_NAME), True) self.assertEqual( has_permission(field, self.test_editor, settings.PERMISSION_EDIT_NAME), True)
def render(self, context): try: object_under_Test = self.object_under_Test.resolve( context) #resolve the actual object from the context user = context.get("user") if has_permission(object_under_Test, user, self.permission_string): return self.nodelist_true.render(context) else: if isinstance(self.nodelist_false, str): return self.nodelist_false else: return self.nodelist_false.render(context) except template.VariableDoesNotExist: return ''
def render(self, context): try: object_under_Test = self.object_under_Test.resolve(context) #resolve the actual object from the context user = context.get("user") if has_permission(object_under_Test, user, self.permission_string): return self.nodelist_true.render(context) else: if isinstance(self.nodelist_false, str): return self.nodelist_false else: return self.nodelist_false.render(context) except template.VariableDoesNotExist: return ''
def get_datasets(actor, permission_name=settings.PERMISSION_VIEW_NAME): """ Получить список наборов данных, которые пользователь может хотя бы просматривать. Используется для получения информации об отчете и полях содержащихся в нем. @param actor: объекта типа User, тот кто пытается получить доступ к объекту @return: объекты Dataset """ datasets = [] if actor==None: return datasets for dataset in Dataset.objects.all(): if has_permission(dataset, actor, settings.PERMISSION_VIEW_NAME): datasets.append(dataset) return datasets
def submit_for_review(request, ethics_application_id): ''' This view will ascertain if the submit_for_review transition can be carried out on the specified ethicsApplication, by the logged in user. If any of the following goes wrong then a forbidden exception will be raised: 1.User is not logged in 2.User does not have the submit permission for this application 3.The transition is not allowed ''' ethics_application = get_object_or_404(EthicsApplication, pk=ethics_application_id) if not request.user.is_authenticated() or not has_permission(ethics_application, request.user, 'submit') or not do_transition(ethics_application, 'submit_for_review', request.user): raise PermissionDenied() reviewer = Committee.objects.get_next_free_reviewer() ethics_application.assign_reviewer(reviewer) application_submitted_for_review.send(None, application=ethics_application, reviewer=reviewer) return HttpResponseRedirect(reverse('index_view'))
def read_application_section(request, ethics_application_id, questionnaire_id, order_index, return_url): ''' This function should first check that the user has view permission for the application in question Then it should get the AnswerSet for the questiongroup as answered by the principle investigator of the application (the question group is referenced by the questionnaire_id and the order_index) ''' if request.GET.get('return_url', None) != None: return_url = request.GET.get('return_url') ethics_application = get_object_or_404(EthicsApplication, pk=ethics_application_id) questionnaire = get_object_or_404(Questionnaire, pk=questionnaire_id) try: ordered_groups = questionnaire.get_ordered_groups() question_group = ordered_groups[int(order_index)] except IndexError: raise Http404("Invalid order index") if not has_permission(ethics_application, request.user, 'view'): raise PermissionDenied() try: answer_set = AnswerSet.objects.get( user=ethics_application.principle_investigator, questionnaire=questionnaire, questiongroup=question_group) question_answers = answer_set.get_latest_question_answer_in_order() except ObjectDoesNotExist: #not to worry just return an empty list question_answers = [] return render_to_response('ethicsapplication/read_application_form.html', { 'return_url': return_url, 'question_answers': question_answers }, context_instance=RequestContext(request))
def set_value(self, actor, date, value, boiler_obj, water_category_obj, fuel_info_obj): """ Редактирование значение поля. @param actor: тот, кто выполняет редактирование @param boiler_obj: объект котельной (BoilerHouse) @param date: дата отчета (в строковом формате) @param value: Значение """ if not has_permission(self, actor, settings.PERMISSION_EDIT_NAME): raise PermissionDenied(u"Пользователь " + unicode(actor) + u" - не имеет права на запись поля " + self.name) if value != None: try: # создаем или получаем объект данных model = self.model_content_type.model_class() entity = get_entity(actor, date, model, boiler_obj, water_category_obj, fuel_info_obj) if entity == None: return # устанавливаем значение setattr(entity, self.model_field_name, value) entity.save(save_revision=True) if hasattr(entity, 'update_period'): logging.getLogger(__name__).debug( u"Начинаем обновление периода для " + unicode(entity)) entity.update_period() logging.getLogger(__name__).debug( u"Закончено обновление периода для " + unicode(entity)) except Exception as ex: traceback.print_exc(file=sys.stdout) else: raise ValueError("Недопустимое значение (None).")
def read_application_section(request, ethics_application_id, questionnaire_id, order_index, return_url): ''' This function should first check that the user has view permission for the application in question Then it should get the AnswerSet for the questiongroup as answered by the principle investigator of the application (the question group is referenced by the questionnaire_id and the order_index) ''' if request.GET.get('return_url', None) != None: return_url = request.GET.get('return_url') ethics_application = get_object_or_404(EthicsApplication, pk=ethics_application_id) questionnaire = get_object_or_404(Questionnaire, pk=questionnaire_id) try: ordered_groups = questionnaire.get_ordered_groups() question_group = ordered_groups[int(order_index)] except IndexError: raise Http404("Invalid order index") if not has_permission(ethics_application, request.user, 'view'): raise PermissionDenied() try: answer_set = AnswerSet.objects.get(user=ethics_application.principle_investigator, questionnaire=questionnaire, questiongroup=question_group) question_answers = answer_set.get_latest_question_answer_in_order() except ObjectDoesNotExist: #not to worry just return an empty list question_answers=[] return render_to_response('ethicsapplication/read_application_form.html', { 'return_url':return_url, 'question_answers':question_answers}, context_instance=RequestContext(request))
def test_creation(self): """ Проверка создания объекта поля. Создавать объекты могут только пользователи роль которых РАЗРАБОТЧИК, АДМИН, МЕНЕДЖЕР При создании у пользователя есть все права: редактировать, просматривать. """ sources = get_models_content_types() field = get_model_fields(sources[0])[0] obj = DatasetField(creator=self.test_admin, model_field_name=field.name, model_content_type=sources[0]) obj.save(save_revision=True) self.assertEquals(obj.name, "") self.assertEquals(obj.description, "") self.assertEquals(obj.internal_name, "") # Администратор, разработчик и менеджер имеют все права (Правка, просмотр, удаление) self.assertEqual( has_permission(obj, self.test_admin, settings.PERMISSION_VIEW_NAME), True) self.assertEqual( has_permission(obj, self.test_developer, settings.PERMISSION_VIEW_NAME), True) self.assertEqual( has_permission(obj, self.test_manager, settings.PERMISSION_VIEW_NAME), True) self.assertEqual( has_permission(obj, self.test_viewer, settings.PERMISSION_VIEW_NAME), False) self.assertEqual( has_permission(obj, self.test_editor, settings.PERMISSION_VIEW_NAME), False) self.assertEqual( has_permission(obj, self.test_admin, settings.PERMISSION_DELETE_NAME), True) self.assertEqual( has_permission(obj, self.test_developer, settings.PERMISSION_DELETE_NAME), True) self.assertEqual( has_permission(obj, self.test_manager, settings.PERMISSION_DELETE_NAME), True) self.assertEqual( has_permission(obj, self.test_viewer, settings.PERMISSION_DELETE_NAME), False) self.assertEqual( has_permission(obj, self.test_editor, settings.PERMISSION_DELETE_NAME), False) self.assertEqual( has_permission(obj, self.test_admin, settings.PERMISSION_EDIT_NAME), True) self.assertEqual( has_permission(obj, self.test_developer, settings.PERMISSION_EDIT_NAME), True) self.assertEqual( has_permission(obj, self.test_manager, settings.PERMISSION_EDIT_NAME), True) self.assertEqual( has_permission(obj, self.test_viewer, settings.PERMISSION_EDIT_NAME), False) self.assertEqual( has_permission(obj, self.test_editor, settings.PERMISSION_EDIT_NAME), False)
def get_children(self, **kwargs): if has_permission(self.object, self.request.user, 'edit'): if self.template_name != "user": return self.object.get_object_children(True) return self.object.get_object_children(False)
def get_fields(dataset, actor): """ Получить заголовок отчета для указанного пользователя. Метаданные содержат структуру для каждого поля показанного в отчёте пользователю. [{'name' : ' <Наименование заголовка столбца>', 'id' : <Идентификатор модели DatasetField>, 'renderer' : '<Вид обработчика для представления содержимого>', 'editor' : '<Редактор содержимого, который также выполняет валидацию данных>', 'editable' : <Редактируем элемент или нет>, 'visible' : <Видимый или не видимый элемент>},...] @param dataset: набор данных (Dataset) @param actor: тот кто запрашивает заголовок (User) @return: словарь с ключами 'names' и 'meta' """ if has_permission(dataset, actor, settings.PERMISSION_VIEW_NAME)== False and \ has_permission(dataset, actor, settings.PERMISSION_EDIT_NAME)== False: return [] meta = [] # field - object of DatasetField fields = get_dataset_fields(dataset, actor) if len(fields) < 1: return [] meta.extend( # Идентификатор котельной [ {'name' : 'ID', 'id' : 'ID', 'renderer' : 'string', 'editor' : 'textbox', 'editable' : False, 'visible' : False, 'validate' : False, 'resource' : ""}, # Дата {'name' : u'Дата', 'id' : 'Date', 'renderer' : 'string', 'editor' : 'textbox', 'editable' : False, 'visible' : True, 'validate' : False, 'resource' : ""}, # Наименование котельной {'name' : u'Котельная', 'id' : 'Boiler', 'renderer' : 'string', 'editor' : 'textbox', 'editable' : False, 'visible' : True, 'validate' : False, 'resource' : ""}]) # Присутствует поле определяющее расход по воде if has_water_category(dataset, actor): meta.extend([ # Идентификатор расхода воды {'name' : u'WID', 'id' : 'WID', 'renderer' : 'string', 'editor' : 'textbox', 'editable' : False, 'visible' : False, 'validate' : False, 'resource' : ""}, # Наименовение {'name' : u'Категория расхода воды', 'id' : 'WCID', 'renderer' : 'string', 'editor' : 'textbox', 'editable' : False, 'visible' : True, 'validate' : False, 'resource' : ""}]) # Присутствует поле определяющее расход по топливу if has_fuel_info(dataset, actor): meta.extend([ # Идентификатор расхода воды {'name' : u'FID', 'id' : 'FID', 'renderer' : 'string', 'editor' : 'textbox', 'editable' : False, 'visible' : False, 'validate' : False, 'resource' : ""}, # Вид топлива {'name' : u'Вид топлива', 'id' : 'FTID', 'renderer' : 'string', 'editor' : 'textbox', 'editable' : False, 'visible' : True, 'validate' : False, 'resource' : ""} ]) for field in fields: # проверяем разрешение пользователя can_edit = has_permission(field, actor, settings.PERMISSION_EDIT_NAME) can_view = has_permission(field, actor, settings.PERMISSION_VIEW_NAME) if can_view or can_edit: from django.db.models import BooleanField, CharField, FloatField, ForeignKey #объект поля модели, потомок класса Field field_field = field.get_field() resource_name = "" if field.get_model_class().__name__ in ['FuelIncome','FuelRemains','FuelConsumption']: resource_name = settings.RESOURCE_TYPE_FUEL elif field.get_model_class().__name__ == 'WaterConsumption': resource_name = settings.RESOURCE_TYPE_WATER elif field.get_model_class().__name__ == 'ElectricityConsumption': resource_name = settings.RESOURCE_TYPE_ELECTRICITY field_name = "" if field.name == "": field_name = field_field.verbose_name else: field_name = field.name field_id = field.id need_validation = field.validate if isinstance(field_field, BooleanField): meta.append({'name' : field_name, 'id' : field_id, 'renderer' : 'boolean', 'editor' : 'checkbox', 'editable' : can_edit, 'visible' : can_view, 'validate' : need_validation, 'resource' : resource_name}) elif isinstance(field_field, CharField): # renderer - string # editor - textbox meta.append({'name' : field_name, 'id' : field_id, 'renderer' : 'string', 'editor' : 'textbox', 'editable' : can_edit, 'visible' : can_view, 'validate' : need_validation, 'resource' : resource_name}) elif isinstance(field_field, FloatField): # renderer - number # editor - textbox meta.append({'name' : field_name, 'id' : field_id, 'renderer' : 'number', 'editor' : 'textbox', 'editable' : can_edit, 'visible' : can_view, 'validate' : need_validation, 'resource' : resource_name}) elif isinstance(field_field, ForeignKey): # renderer - string # editor - textbox meta.append({'name' : field_name, 'id' : field_id, 'renderer' : 'string', 'editor' : 'textbox', 'editable' : can_edit, 'visible' : can_view, 'validate' : need_validation, 'resource' : resource_name}) else: # renderer - string # editor - textbox meta.append({'name' : field_name, 'id' : field_id, 'renderer' : 'string', 'editor' : 'textbox', 'editable' : can_edit, 'visible' : can_view, 'validate' : need_validation, 'resource' : resource_name}) return meta
def expenses(request, expense_id=None): """Display user expenses and expenses that he can validate""" if not request.user.groups.filter(name="expense_requester").exists(): return HttpResponseRedirect(urlresolvers.reverse("forbiden")) try: consultant = Consultant.objects.get(trigramme__iexact=request.user.username) user_team = consultant.userTeam(excludeSelf=False) except Consultant.DoesNotExist: user_team = [] try: if expense_id: expense = Expense.objects.get(id=expense_id) if not (perm.has_permission(expense, request.user, "expense_edit") and (expense.user == request.user or expense.user in user_team)): messages.add_message(request, messages.WARNING, _("You are not allowed to edit that expense")) expense_id = None expense = None except Expense.DoesNotExist: messages.add_message(request, messages.ERROR, _("Expense %s does not exist" % expense_id)) expense_id = None if request.method == "POST": if expense_id: form = ExpenseForm(request.POST, request.FILES, instance=expense) else: form = ExpenseForm(request.POST, request.FILES) if form.is_valid(): expense = form.save(commit=False) if not hasattr(expense, "user"): # Don't update user if defined (case of expense updated by manager or adminstrator) expense.user = request.user expense.creation_date = date.today() expense.save() wf.set_initial_state(expense) return HttpResponseRedirect(urlresolvers.reverse("expense.views.expenses")) else: if expense_id: form = ExpenseForm(instance=expense) # A form that edit current expense else: form = ExpenseForm(initial={"expense_date": date.today()}) # An unbound form # Get user expenses user_expenses = Expense.objects.filter(user=request.user, workflow_in_progress=True).select_related() if user_team: team_expenses = Expense.objects.filter(user__in=user_team, workflow_in_progress=True).select_related() else: team_expenses = [] # Paymaster manage all expenses if utils.has_role(request.user, "expense paymaster"): managed_expenses = Expense.objects.filter(workflow_in_progress=True).exclude(user=request.user).select_related() else: managed_expenses = team_expenses userExpenseTable = UserExpenseWorkflowTable(user_expenses) userExpenseTable.transitionsData = dict([(e.id, []) for e in user_expenses]) # Inject expense allowed transitions. Always empty for own expense userExpenseTable.expenseEditPerm = dict([(e.id, perm.has_permission(e, request.user, "expense_edit")) for e in user_expenses]) # Inject expense edit permissions RequestConfig(request, paginate={"per_page": 50}).configure(userExpenseTable) managedExpenseTable = ManagedExpenseWorkflowTable(managed_expenses) managedExpenseTable.transitionsData = dict([(e.id, e.transitions(request.user)) for e in managed_expenses]) # Inject expense allowed transitions managedExpenseTable.expenseEditPerm = dict([(e.id, perm.has_permission(e, request.user, "expense_edit")) for e in managed_expenses]) # Inject expense edit permissions RequestConfig(request, paginate={"per_page": 100}).configure(managedExpenseTable) # Prune every expense not updated since 60 days. For instance, rejected expense. for expense in Expense.objects.filter(workflow_in_progress=True, update_date__lt=(date.today() - timedelta(60))): if wf.get_state(expense).transitions.count() == 0: expense.workflow_in_progress = False expense.save() return render(request, "expense/expenses.html", {"user_expense_table": userExpenseTable, "managed_expense_table": managedExpenseTable, "modify_expense": bool(expense_id), "form": form, "user": request.user})
def has_perm(self, user_obj, perm, obj=None): return has_permission(obj, user_obj, perm)
def test_creation(self): """ Проверка создания объекта """ obj = Dataset.objects.create(creator=self.test_admin, name=u"Название отчета", description=u"Описание отчета") # Администратор, разработчик и менеджер имеют все права (Правка, просмотр, удаление) self.assertEqual( has_permission(obj, self.test_admin, settings.PERMISSION_VIEW_NAME), True) self.assertEqual( has_permission(obj, self.test_developer, settings.PERMISSION_VIEW_NAME), True) self.assertEqual( has_permission(obj, self.test_manager, settings.PERMISSION_VIEW_NAME), True) self.assertEqual( has_permission(obj, self.test_viewer, settings.PERMISSION_VIEW_NAME), False) self.assertEqual( has_permission(obj, self.test_editor, settings.PERMISSION_VIEW_NAME), False) self.assertEqual( has_permission(obj, self.test_admin, settings.PERMISSION_DELETE_NAME), True) self.assertEqual( has_permission(obj, self.test_developer, settings.PERMISSION_DELETE_NAME), True) self.assertEqual( has_permission(obj, self.test_manager, settings.PERMISSION_DELETE_NAME), True) self.assertEqual( has_permission(obj, self.test_viewer, settings.PERMISSION_DELETE_NAME), False) self.assertEqual( has_permission(obj, self.test_editor, settings.PERMISSION_DELETE_NAME), False) self.assertEqual( has_permission(obj, self.test_admin, settings.PERMISSION_EDIT_NAME), True) self.assertEqual( has_permission(obj, self.test_developer, settings.PERMISSION_EDIT_NAME), True) self.assertEqual( has_permission(obj, self.test_manager, settings.PERMISSION_EDIT_NAME), True) self.assertEqual( has_permission(obj, self.test_viewer, settings.PERMISSION_EDIT_NAME), False) self.assertEqual( has_permission(obj, self.test_editor, settings.PERMISSION_EDIT_NAME), False)
def expenses(request, expense_id=None): """Display user expenses and expenses that he can validate""" if not request.user.groups.filter(name="expense_requester").exists(): return HttpResponseRedirect(urlresolvers.reverse("forbiden")) try: consultant = Consultant.objects.get(trigramme__iexact=request.user.username) user_team = consultant.userTeam(excludeSelf=False) except Consultant.DoesNotExist: user_team = [] try: if expense_id: expense = Expense.objects.get(id=expense_id) if not (perm.has_permission(expense, request.user, "expense_edit") and (expense.user == request.user or expense.user in user_team)): messages.add_message(request, messages.WARNING, _("You are not allowed to edit that expense")) expense_id = None expense = None except Expense.DoesNotExist: messages.add_message(request, messages.ERROR, _("Expense %s does not exist" % expense_id)) expense_id = None if request.method == "POST": if expense_id: form = ExpenseForm(request.POST, request.FILES, instance=expense) else: form = ExpenseForm(request.POST, request.FILES) if form.is_valid(): expense = form.save(commit=False) if not hasattr(expense, "user"): # Don't update user if defined (case of expense updated by manager or adminstrator) expense.user = request.user expense.creation_date = date.today() expense.save() wf.set_initial_state(expense) return HttpResponseRedirect(urlresolvers.reverse("expense.views.expenses")) else: if expense_id: form = ExpenseForm(instance=expense) # A form that edit current expense else: form = ExpenseForm(initial={"expense_date": date.today()}) # An unbound form # Get user expenses user_expenses = Expense.objects.filter(user=request.user, workflow_in_progress=True).select_related() if user_team: team_expenses = Expense.objects.filter(user__in=user_team, workflow_in_progress=True).select_related() else: team_expenses = [] # Paymaster manage all expenses if perm.has_role(request.user, "expense paymaster"): managed_expenses = Expense.objects.filter(workflow_in_progress=True).exclude(user=request.user).select_related() else: managed_expenses = team_expenses userExpenseTable = UserExpenseWorkflowTable(user_expenses) userExpenseTable.transitionsData = dict([(e.id, []) for e in user_expenses]) # Inject expense allowed transitions. Always empty for own expense userExpenseTable.expenseEditPerm = dict([(e.id, perm.has_permission(e, request.user, "expense_edit")) for e in user_expenses]) # Inject expense edit permissions RequestConfig(request, paginate={"per_page": 50}).configure(userExpenseTable) managedExpenseTable = ManagedExpenseWorkflowTable(managed_expenses) managedExpenseTable.transitionsData = dict([(e.id, e.transitions(request.user)) for e in managed_expenses]) # Inject expense allowed transitions managedExpenseTable.expenseEditPerm = dict([(e.id, perm.has_permission(e, request.user, "expense_edit")) for e in managed_expenses]) # Inject expense edit permissions RequestConfig(request, paginate={"per_page": 50}).configure(managedExpenseTable) return render(request, "expense/expenses.html", {"user_expense_table": userExpenseTable, "managed_expense_table": managedExpenseTable, "modify_expense": bool(expense_id), "form": form, "user": request.user})
def set_dataset_data(request, field_id, on_date, company_object_id, water_category_id, fuel_info_id, value): """ Установить новое значениче для указанной колонки. @param on_date: Дата @param field_id: идентификатор колонки @param company_object_id: Идентификатор объекта @param water_category_id: Идентификатор категории расхода воды @param fuel_info_id: Идентификатор информации о топливе @param value: новое значение @return: Возвращает объект """ try: field = DatasetField.objects.get(id=field_id) # Дата на которую нужно заполнить значение my_date = datetime.strptime(on_date, settings.DATE_FORMAT).date() today = get_today() # Проверка разрешения установления значения if not has_permission(field, request.user, settings.PERMISSION_EDIT_NAME): return { 'success': False, 'message': u"У вас недостаточно прав для редактирования." } set_value = False user_roles = get_roles(request.user) admin = Role.objects.get(name=settings.ROLE_ADMIN_NAME) manager = Role.objects.get(name=settings.ROLE_MANAGER_NAME) developer = Role.objects.get(name=settings.ROLE_DEVELOPER_NAME) editor = Role.objects.get(name=settings.ROLE_EDITOR_NAME) # Если пользователь выполняет одну из ролей он может выполнять # редактирование в любое время if admin in user_roles or manager in user_roles or developer in user_roles: set_value = True # Если пользователь редактор - может в трехдневный срок редактировать данные elif editor in user_roles and (today - my_date).days < 4 and ( today - my_date).days >= 0: set_value = True if set_value: # Дополнительная проверка разрешения выполнять корректировку. if field.model_field_name == 'correct': # Даты в которые поле доступно для редактирования editable_on_date = (get_month_day(today, 10), get_month_day(today, 20), get_month_day(today, get_month_last_day(today))) if my_date not in editable_on_date: return { 'success': False, 'message': u"Корректировку можно делать только 10-го, 20-го и в последний день месяца" } # Информация о топливе fuel_info_obj = None if fuel_info_id > 0: fuel_info_obj = FuelInfo.objects.get(id=fuel_info_id) # Информация о воде water_category_obj = None if water_category_id > 0: water_category_obj = WaterConsumptionCategory.objects.get( id=water_category_id) # Котельная boiler = BoilerHouse.objects.get(id=company_object_id) # Установить значение field.set_value(request.user, my_date, value, boiler, water_category_obj, fuel_info_obj) else: return { 'success': False, 'message': u"Редактирование доступно только в трехдневный срок." } except Exception as ex: traceback.print_exc(file=sys.stdout) _logger.error(u"[dataset.setData] - Не удалось сохранить значение: " + unicode(ex)) return { 'success': False, 'message': u"Не удалось сохранить значение " + unicode(ex) } return {'success': True, 'message': u'Значение сохранено.'}