def has_permission_template_tag(context, permission, obj, user=None): if not user: user = context.get('user') if user: return has_object_permission(permission, user, obj) return False
def assert_standard_role_permissions(self, expected_bool, program=None): """ Helper function to assert role and permissions assignment """ assert isinstance(expected_bool, bool) assert has_role(self.user, 'staff') is expected_bool assert has_permission(self.user, 'can_advance_search') is expected_bool assert has_object_permission('can_advance_search', self.user, program or self.program) is expected_bool
def index(request): modules = get_all_modules() modules = add_modules_purchase_link(modules) for module in modules: module.has_access = True if has_object_permission('access_content', request.user, module) else False return render(request, 'modules/module_index.html', context={'modules': modules})
def doct(request): p = USERMODEL.objects.get(name=request.user.username) Users = User.objects.all() l = [] for k in Users: if (has_object_permission('authorised_doctor', request.user, k)): z = USERMODEL.objects.get(name=k.username) l.append(z) return render(request, 'home/docres.html', {'name': p.aname, 'stuff': l})
def check_permission(self, user, view): """ Verify if user has permission. """ for permission in self.permissions_required: if not has_object_permission(permission, user, view): return False return True
def get(self, request, *args, **kwargs): user_object = self.get_object() permission = f'view_{self.model.__name__.lower()}' if has_object_permission(permission, request.user, user_object): return super().get(request, *args, **kwargs) else: messages.warning( request, "You don't have permission to perform this action. " "Please login as another user.") return redirect('login')
def get(self, request, *args, **kwargs): grade = self.get_object() permission = 'view_grade' if has_object_permission(permission, request.user, grade): return super().get(request, *args, **kwargs) else: messages.warning( request, "You don't have permission to perform this action. " "Please login as another user.") return redirect('login')
def has_object_permission(self, request, view, obj): """ Returns True if the user has the can_edit_financial_aid permission for a program. Args: request (Request): DRF request object view (View): DRF view object obj (FinancialAid): FinancialAid object Returns: boolean """ return has_object_permission(Permissions.CAN_EDIT_FINANCIAL_AID, request.user, obj.tier_program.program)
def test_func(self): """ Validate user permissions (Analogous to permissions_classes for DRF) """ self.program = get_object_or_404( Program, id=self.kwargs["program_id"], # pylint: disable=unsubscriptable-object live=True, financial_aid_availability=True) return has_object_permission(Permissions.CAN_EDIT_FINANCIAL_AID, self.request.user, self.program)
def detail(request, module_slug, topic_slug): # noqa user = request.user if memberkit_facade.has_memberkit_account(user): return redirect(facade.get_topic_memberkit_url(topic_slug), permanent=True) if memberkit_facade.has_any_subscription(user): return redirect(reverse('migrate_to_memberkit'), permanent=True) topic = facade.get_topic_with_contents(slug=topic_slug) if has_object_permission('access_content', user, topic): return render(request, 'topics/topic_detail.html', {'topic': topic}) return content_landing_page(topic)
def home(request): p = USERMODEL.objects.filter(name = request.user.username) if not p: return HttpResponseRedirect("/home") if(has_role(request.user,'patient')): documents = Document.objects.filter(user = request.user.username, location = 'Med_HIST') if(has_role(request.user,'doctor')): Users = User.objects.all() documents = Document.objects.none() for k in Users : if(has_object_permission('authorised_patient',request.user,k)): documents = documents|Document.objects.filter(user = k.username, location = 'Med_HIST') return render(request,'uploads/home.html',{'documents':documents})
def view(request): memberships = Membership.objects.filter(member=request.user) if has_role(request.user, 'respo'): events = Event.objects.all() else: events = MyEvents.get_events(request.user) for member in memberships: if member.role == MemberRole.PRESIDENT._value_: events |= Event.objects.filter(orga=member.asso) if request.method == 'POST': form = MyEvents.BaseForm(request.POST) MyEvents.validate_ticket(request.POST['member'], request.POST['event']) return redirect(reverse('core:my_events')) events = events.exclude(status__exact=EventStatus.FINISHED._value_)\ .exclude(status__exact=EventStatus.REJECTED._value_)\ .order_by('start') for event in events: set = Participant.objects.filter(event=event, used=False)\ .select_related('user') set = [p['user'] for p in list(set.values('user').all())] event.form = MyEvents.BaseForm() event.form.event = event event.form.fields['member'].queryset = User.objects.filter( id__in=set) event.form.fields['event'].queryset = Event.objects.filter( id=event.id) event.form.fields['event'].widget.attrs['readonly'] = True event.stat = MyEvents.Stat(event) event.disp = MyEvents.is_allowed(event, request.user) event.valid = has_object_permission('event_status_change', request.user, event) # Template variables variables = {} variables['events'] = events variables['waiting'] = str(EventStatus.WAITING._value_) variables['validated'] = str(EventStatus.VALIDATED._value_) variables['pending'] = str(EventStatus.PENDING._value_) variables['respo'] = has_role(request.user, 'respo') return render(request, 'my_events.html', variables)
def get_advance_searchable_program_ids(user): """ Helper function to retrieve all the programs where the user is allowed to search Args: user (User): Django user instance Returns: list: list of courses.models.Program ids """ user_role_program = Role.objects.filter(user=user) program_ids = [ role.program_id for role in user_role_program if has_object_permission('can_advance_search', user, role.program) ] return program_ids
def upl(request): p = USERMODEL.objects.filter(name=request.user.username) if not p: return HttpResponseRedirect("/home") p = USERMODEL.objects.get(name=request.user.username) if request.method == 'GET': sq = request.GET.get('uploadtest') if (has_object_permission('authorised_patient', request.user, User.objects.get(username=sq))): if sq == None: return HttpResponseRedirect('/home') j = USERMODEL.objects.filter(name=sq) if not j: return HttpResponseRedirect('/home') j = USERMODEL.objects.get(name=sq) form = PrescriptionForm(request.POST or None) context = {'form': form, 'names': j.aname, 'set': j.name} return render(request, 'presc/Doctor3rd.html', context) else: return HttpResponseForbidden() if request.method == 'POST': sq = request.POST.get('uploadtest') if (has_object_permission('authorised_patient', request.user, User.objects.get(username=sq))): form = PrescriptionForm(request.POST or None) if form.is_valid(): obj = form.save(commit=False) obj.doctor = request.user.username obj.patient = sq obj.save() k = '/presc/Patup?Pat_up=' k = k + str(sq) return HttpResponseRedirect(k) else: return HttpResponseForbidden()
def doc(request): #p = USERMODEL.objects.get(name = request.user.username) if request.method == 'GET': sq = request.GET.get('docpr') if sq == None: return HttpResponseRedirect('/home') if not User.objects.get(username=sq): return HttpResponseRedirect('/home') doctor = USERMODEL.objects.get(name=sq) return render( request, 'home/docprof.html', { 'type': doctor, 'auth': has_object_permission('authorised_doctor', request.user, User.objects.get(username=sq)) })
def my_view(request, *args, **kwargs): members = Member.objects.all() # content = {} # content['userdetail'] = member from rolepermissions.checkers import has_permission from django.contrib.auth.models import User from ecommerce.roles import Doctor from rolepermissions.permissions import available_perm_status from rolepermissions.checkers import has_object_permission user1 = User.objects.get(id=2) permissions = available_perm_status(user1) print(permissions) if has_permission(user1, 'nurse'): print('access granted') else: print('access not granted') if has_object_permission('access_clinic', user1, user1): print('access granted') from guardian.shortcuts import get_perms from guardian.shortcuts import assign_perm from guardian.shortcuts import get_perms from django.shortcuts import render from django.template import RequestContext from ecommer.models import Project from guardian.shortcuts import get_objects_for_user joe=User.objects.get(username='******') post=Post.objects.get(id=1) # print(joe.has_perm('post_add', post)) assign_perm('post_add', joe, post) projects = get_objects_for_user(request.user, 'ecommer.post_add') print(joe.has_perm('post_add', post)) # if 'post_add' in get_perms(joe, post): # projects = get_objects_for_user(request.user, 'ecommer.post_add') # print(projects) # print('access granted') # else: # print('access denied') return render(request, 'ecommer/user_dashboard.html', {'projects': projects})
def main(request): p = USERMODEL.objects.filter(name=request.user.username) if not p: return HttpResponseRedirect("/home") p = USERMODEL.objects.get(name=request.user.username) Users = User.objects.all() l = [] if (has_role(request.user, 'doctor')): for k in Users: if (has_object_permission('authorised_patient', request.user, k)): z = USERMODEL.objects.get(name=k.username) l.append(z) return render(request, 'testres/doc.html', { 'name': p.aname, 'stuff': l }) if (has_role(request.user, 'patient')): k = Testres.objects.filter(patient=p.name) return render(request, "testres/pat.html", {'documents': k})
def testup(request): p = USERMODEL.objects.filter(name=request.user.username) if not p: return HttpResponseRedirect("/home") p = USERMODEL.objects.get(name=request.user.username) if request.method == 'GET': sq = request.GET.get('Pat_test_up') if sq == None: return HttpResponseRedirect('/home') j = USERMODEL.objects.filter(name=sq) if not j: return HttpResponseRedirect('/home') if (has_object_permission('authorised_patient', request.user, User.objects.get(username=sq))): j = USERMODEL.objects.get(name=sq) k = Testres.objects.filter(user=p.name, patient=j.name) return render(request, 'testres/DoctorUploadHome.html', { 'name': j.aname, 'user': j.name, 'documents': k }) else: return HttpResponseForbidden()
def test_check_none_role_if_user_has_no_role(self): user = mommy.make(get_user_model()) self.assertTrue(has_object_permission('obj_checker', user, True))
def test_does_not_have_object_permission(self): user = self.user self.assertFalse(has_object_permission('obj_checker', user, False))
def test_has_object_permission(self): user = self.user self.assertTrue(has_object_permission('obj_checker', user, True))
def test_superuser_without_superpowers(self): user = self.user user.is_superuser = True self.assertTrue(has_object_permission('obj_checker', user, True)) self.assertFalse(has_object_permission('obj_checker', user, False))
def view(request, name): asso = get_object_or_404(Association, name=name) flag = not request.user.is_superuser and not has_role( request.user, 'respo') if flag: member = get_object_or_404(Membership, member=request.user, asso=asso) else: member = None # Prepare useful queryset simples = Dashboard.get_members(asso, MemberRole.SIMPLE) office = Dashboard.get_members(asso, MemberRole.OFFICE) president = Dashboard.get_members(asso, MemberRole.PRESIDENT) all = simples | office | president others = User.objects.all().exclude(pk__in=all.values('member')) office = office | president # Nested classes in order to create forms with different behaviours class AssoForm(forms.Form): def __init__(self, *args, **kwargs): super(AssoForm, self).__init__(*args, **kwargs) for field_name, field in self.fields.items(): field.widget.attrs['class'] = 'form-control' class OfficeForm(AssoForm): membre = forms.ModelChoiceField(queryset=simples, required=True) class AddForm(AssoForm): membre = forms.ModelChoiceField(queryset=others, required=True) class RemoveForm(AssoForm): membre = forms.ModelChoiceField(queryset=all, required=True) class PresForm(AssoForm): membre = forms.ModelChoiceField( queryset=(simples | office).exclude( role__exact=MemberRole.PRESIDENT._value_), required=True) if request.method == 'POST': if 'officeModal' in request.POST: form = OfficeForm(request.POST) Dashboard.add_office_member(asso, form) elif 'addModal' in request.POST: form = AddForm(request.POST) Dashboard.add_member(asso, form) elif 'presidentModal' in request.POST: form = PresForm(request.POST) Dashboard.designate_president(asso, form) else: form = RemoveForm(request.POST) Dashboard.remove_member(asso, form) if Dashboard.msg: return redirect(reverse('core:association', args=[asso.name])) else: office_form = OfficeForm() add_form = AddForm() remove_form = RemoveForm() president_form = PresForm() # Creating templates variables variables = {} variables['can_add_office'] = has_object_permission( 'add_office', request.user, asso) variables['can_remove_office'] = variables['can_add_office'] variables['can_manage_members'] = has_object_permission( 'validate_member', request.user, asso) variables['events'] = Dashboard.related_events(asso) variables['office'] = office variables['asso'] = asso variables['info'] = Dashboard.msg variables['fail'] = Dashboard.error variables['respo'] = has_role(request.user, 'respo') variables[ 'pres'] = True if member is None else member.role == MemberRole.PRESIDENT._value_ variables['office_form'] = office_form variables['add_form'] = add_form variables['remove_form'] = remove_form variables['president_form'] = president_form variables['waiting'] = str(EventStatus.WAITING._value_) variables['validated'] = str(EventStatus.VALIDATED._value_) variables['pending'] = str(EventStatus.PENDING._value_) variables['rejected'] = str(EventStatus.REJECTED._value_) Dashboard.msg = None return render(request, 'dashboard.html', variables)
def detail(request, module_slug, topic_slug): # noqa topic = facade.get_topic_with_contents(slug=topic_slug) if has_object_permission('access_content', request.user, topic): return render(request, 'topics/topic_detail.html', {'topic': topic}) return content_landing_page(topic)