def test_perms_single(self): perm = 'contenttypes.change_contenttype' assign_perm(perm, self.group1, self.obj1) self.assertEqual( set(get_objects_for_group(self.group1, perm)), set(get_objects_for_group(self.group1, [perm])) )
def home(request): if request.user.is_superuser: users = User.objects.all() else: users = [] if not request.user.is_authenticated(): group = ExtendedGroup.objects.public_group() projects = get_objects_for_group( group, "core.read_project" ).filter( is_catch_all=False ) workflow_engines = get_objects_for_group( group, "core.read_workflowengine" ) data_sets = get_objects_for_group( group, "core.read_dataset" ) workflows = get_objects_for_group( group, "core.read_workflow" ).filter( is_active=True ) unassigned_analyses = [] else: projects = get_objects_for_user( request.user, "core.read_project" ).filter( is_catch_all=False ) try: unassigned_analyses = request.user.get_profile().catch_all_project.analyses.all().order_by( "-time_start" ) except: unassigned_analyses = [] logger.warning( "User " + request.user + " does not have a \"catch all\" project." ) workflow_engines = get_objects_for_user( request.user, "core.read_workflowengine" ) workflows = get_objects_for_user( request.user, "core.read_workflow" ).filter( is_active=True ) data_sets = get_objects_for_user( request.user, "core.read_dataset" ) return render_to_response('core/home.html', {'users': users, 'projects': projects, 'unassigned_analyses': unassigned_analyses, 'workflow_engines': workflow_engines, 'workflows': workflows, 'data_sets': data_sets }, context_instance=RequestContext( request ) )
def test_results_for_different_groups_are_correct(self): assign_perm("change_contenttype", self.group1, self.obj1) assign_perm("delete_contenttype", self.group2, self.obj2) self.assertEqual(set(get_objects_for_group(self.group1, "contenttypes.change_contenttype")), set([self.obj1])) self.assertEqual(set(get_objects_for_group(self.group2, "contenttypes.change_contenttype")), set()) self.assertEqual(set(get_objects_for_group(self.group2, "contenttypes.delete_contenttype")), set([self.obj2]))
def for_group(self, user, group, level=None): user_groups = [group.name for group in user.groups.all()] if group in user_groups: group, created = Group.objects.get_or_create(name=group) if level is not None: return get_objects_for_group(group, Request.get_permissions_path(level)).filter(~Q(status='X')) return get_objects_for_group(group, Request.get_permissions_path('view')).filter(~Q(status='X')) return []
def test_has_global_permission_and_object_based_permission_any_perm(self): assign_perm('contenttypes.change_contenttype', self.group1) assign_perm('contenttypes.delete_contenttype', self.group1, self.obj1) objects = get_objects_for_group(self.group1, ['contenttypes.change_contenttype', 'contenttypes.delete_contenttype'], any_perm=True) self.assertEquals(set(objects), set(ContentType.objects.all()))
def test_has_global_permission(self): assign_perm('contenttypes.change_contenttype', self.group1) objects = get_objects_for_group( self.group1, ['contenttypes.change_contenttype']) self.assertEquals(set(objects), set(ContentType.objects.all()))
def apply_filters(self, request, applicable_filters): filters = applicable_filters if 'groups__name' in filters: groups_name = filters.pop('groups__name') else: groups_name = None if 'groups__id' in filters: groups_id = filters.pop('groups__id') else: groups_id = None filtered = super(RequestResource, self).apply_filters(request, applicable_filters) group = None if groups_id: try: group = Group.objects.get(id = groups_id) except: pass if groups_name: try: group = Group.objects.get(name = groups_name) except: pass if group and request.user.has_perm(UserProfile.get_permission_name('view'), group): return get_objects_for_group(group, Request.get_permissions_path('view')).filter(~Q(status='X')) return filtered
def test_simple_after_removal(self): self.test_simple() remove_perm('change_contenttype', self.group1, self.obj1) objects = get_objects_for_group( self.group1, 'contenttypes.change_contenttype') self.assertEqual(len(objects), 1) self.assertEqual(objects[0], self.obj2)
def assign_groups_perms(gid, group_perms): """ 更新权限组的权限方法 :param gid: 权限组id :param group_perms:所有的权限字典信息 :return: """ if gid == 0 or not group_perms: update_status = False else: try: group_obj = Group.objects.get(id=gid) for perms_name, perms_id in group_perms.items(): # 获取当前组在表中的已有权限并全部移除 old_perms = get_objects_for_group(group_obj, perms_name) remove_perm(perms_name, group_obj, old_perms) # 添加新的权限 model_obj = get_group_perms_model(perms_name) # print(perms_name, model_obj) new_perms = model_obj.objects.filter(id__in=perms_id) assign_perm(perms_name, group_obj, new_perms) update_status = True except Exception as e: logger.error(e) update_status = False return update_status
def by_groups(self, groups): hosts = [] for group in groups: hosts.append( obj.pk for obj in get_objects_for_group(group, "hosts.is_owner_host") ) return self.filter(pk__in=hosts)
def get_queryset(self, **kwargs): try: pk = self.kwargs['pk'] user = self.request.user group = user.groups.get(pk=pk) return get_objects_for_group(group, Request.get_permissions_path('view')).filter(~Q(status='X')) except Exception as e: return Request.objects.none()
def test_simple(self): assign_perm("change_contenttype", self.group1, self.obj1) assign_perm("change_contenttype", self.group1, self.obj2) objects = get_objects_for_group(self.group1, "contenttypes.change_contenttype") self.assertEqual(len(objects), 2) self.assertTrue(isinstance(objects, QuerySet)) self.assertEqual(set(objects), set([self.obj1, self.obj2]))
def test_has_global_permission_and_object_based_permission(self): assign_perm("contenttypes.change_contenttype", self.group1) assign_perm("contenttypes.delete_contenttype", self.group1, self.obj1) objects = get_objects_for_group( self.group1, ["contenttypes.change_contenttype", "contenttypes.delete_contenttype"], any_perm=False ) self.assertEquals(set(objects), set([self.obj1]))
def test_simple(self): assign("change_contenttype", self.group1, self.obj1) assign("change_contenttype", self.group1, self.obj2) objects = get_objects_for_group(self.group1, "contenttypes.change_contenttype") self.assertEqual(len(objects), 2) self.assertTrue(isinstance(objects, QuerySet)) self.assertEqual(set(objects.values_list("name", flat=True)), set([self.obj1.name, self.obj2.name]))
def test_get_objects_for_group(self): foo = Project.objects.create(name='foo') bar = Project.objects.create(name='bar') assign('add_project', self.group, foo) assign('add_project', self.group, bar) assign('change_project', self.group, bar) result = get_objects_for_group(self.group, 'testapp.add_project') self.assertEqual(sorted(p.pk for p in result), sorted([foo.pk, bar.pk]))
def test_get_objects_for_group(self): foo = Project.objects.create(name="foo") bar = Project.objects.create(name="bar") assign_perm("add_project", self.group, foo) assign_perm("add_project", self.group, bar) assign_perm("change_project", self.group, bar) result = get_objects_for_group(self.group, "testapp.add_project") self.assertEqual(sorted(p.pk for p in result), sorted([foo.pk, bar.pk]))
def test_has_global_permission_and_object_based_permission_3perms(self): assign_perm('contenttypes.change_contenttype', self.group1) assign_perm('contenttypes.delete_contenttype', self.group1, self.obj1) assign_perm('contenttypes.add_contenttype', self.group1, self.obj2) objects = get_objects_for_group(self.group1, ['contenttypes.change_contenttype', 'contenttypes.delete_contenttype', 'contenttypes.add_contenttype'], any_perm=False) self.assertEqual(set(objects), set())
def test_has_global_permission_and_object_based_permission(self): assign_perm('contenttypes.change_contenttype', self.group1) assign_perm('contenttypes.delete_contenttype', self.group1, self.obj1) objects = get_objects_for_group(self.group1, [ 'contenttypes.change_contenttype', 'contenttypes.delete_contenttype' ], any_perm=False) self.assertEquals(set(objects), set([self.obj1]))
def test_results_for_different_groups_are_correct(self): assign_perm('change_contenttype', self.group1, self.obj1) assign_perm('delete_contenttype', self.group2, self.obj2) self.assertEqual( set( get_objects_for_group(self.group1, 'contenttypes.change_contenttype')), set([self.obj1])) self.assertEqual( set( get_objects_for_group(self.group2, 'contenttypes.change_contenttype')), set()) self.assertEqual( set( get_objects_for_group(self.group2, 'contenttypes.delete_contenttype')), set([self.obj2]))
def test_get_objects_for_group(self): foo = Project.objects.create(name='foo') bar = Project.objects.create(name='bar') assign_perm('add_project', self.group, foo) assign_perm('add_project', self.group, bar) assign_perm('change_project', self.group, bar) result = get_objects_for_group(self.group, 'testapp.add_project') self.assertEqual(sorted(p.pk for p in result), sorted([foo.pk, bar.pk]))
def get_queryset(self, **kwargs): try: pk = self.kwargs['pk'] user = self.request.user group = user.groups.get(pk=pk) return get_objects_for_group( group, Request.get_permissions_path('view')).filter(~Q(status='X')) except: return Request.objects.none()
def test_multiple_perms_to_check(self): assign('change_contenttype', self.group1, self.obj1) assign('delete_contenttype', self.group1, self.obj1) assign('change_contenttype', self.group1, self.obj2) objects = get_objects_for_group(self.group1, ['contenttypes.change_contenttype', 'contenttypes.delete_contenttype']) self.assertEqual(len(objects), 1) self.assertTrue(isinstance(objects, QuerySet)) self.assertEqual(objects[0], self.obj1)
def test_simple(self): assign_perm('change_contenttype', self.group1, self.obj1) assign_perm('change_contenttype', self.group1, self.obj2) objects = get_objects_for_group(self.group1, 'contenttypes.change_contenttype') self.assertEqual(len(objects), 2) self.assertTrue(isinstance(objects, QuerySet)) self.assertEqual( set(objects), set([self.obj1, self.obj2]))
def index(request): # categories = Category.objects.prefetch_related('forum_set').all().order_by('position') if request.user.is_authenticated(): categories = get_objects_for_user(request.user, ['djero.view_category'], use_groups=True) else: categories = get_objects_for_group(everybody_group, ['djero.view_category']) categories.prefetch_related('forum_set').order_by('position') return render(request, "forum/index.html", { "categories" : categories, })
def home(request): if request.user.is_superuser: users = User.objects.all() else: users = [] if not request.user.is_authenticated(): group = ExtendedGroup.objects.public_group() projects = get_objects_for_group( group, "core.read_project").filter(is_catch_all=False) workflow_engines = get_objects_for_group(group, "core.read_workflowengine") data_sets = get_objects_for_group(group, "core.read_dataset") workflows = get_objects_for_group( group, "core.read_workflow").filter(is_active=True) unassigned_analyses = [] else: projects = get_objects_for_user( request.user, "core.read_project").filter(is_catch_all=False) try: unassigned_analyses = request.user.get_profile( ).catch_all_project.analyses.all().order_by("-time_start") except: unassigned_analyses = [] logger.warning("User " + request.user + " does not have a \"catch all\" project.") workflow_engines = get_objects_for_user(request.user, "core.read_workflowengine") workflows = get_objects_for_user( request.user, "core.read_workflow").filter(is_active=True) data_sets = get_objects_for_user(request.user, "core.read_dataset") return render_to_response('core/home.html', { 'users': users, 'projects': projects, 'unassigned_analyses': unassigned_analyses, 'workflow_engines': workflow_engines, 'workflows': workflows, 'data_sets': data_sets }, context_instance=RequestContext(request))
def test_has_any_group_permissions(self): # We use groups as objects. group_names = ["group1", "group2", "group3"] groups = [Group.objects.create(name=name) for name in group_names] for group in groups: assign_perm("change_group", self.group, group) objects = get_objects_for_group(self.group, [], Group) self.assertEqual(len(objects), len(groups)) self.assertTrue(isinstance(objects, QuerySet)) self.assertEqual(set(objects), set(groups))
def test_any_of_multiple_perms_to_check(self): assign_perm("change_contenttype", self.group1, self.obj1) assign_perm("delete_contenttype", self.group1, self.obj1) assign_perm("add_contenttype", self.group1, self.obj2) assign_perm("delete_contenttype", self.group1, self.obj3) objects = get_objects_for_group( self.group1, ["contenttypes.change_contenttype", "contenttypes.delete_contenttype"], any_perm=True ) self.assertTrue(isinstance(objects, QuerySet)) self.assertEqual([obj for obj in objects.order_by("name")], [self.obj1, self.obj3])
def test_has_any_group_permissions(self): # We use groups as objects. group_names = ['group1', 'group2', 'group3'] groups = [Group.objects.create(name=name) for name in group_names] for group in groups: assign_perm('change_group', self.group, group) objects = get_objects_for_group(self.group, [], Group) self.assertEqual(len(objects), len(groups)) self.assertTrue(isinstance(objects, QuerySet)) self.assertEqual(set(objects), set(groups))
def test_multiple_perms_to_check(self): assign_perm('change_contenttype', self.group1, self.obj1) assign_perm('delete_contenttype', self.group1, self.obj1) assign_perm('change_contenttype', self.group1, self.obj2) objects = get_objects_for_group(self.group1, [ 'contenttypes.change_contenttype', 'contenttypes.delete_contenttype']) self.assertEqual(len(objects), 1) self.assertTrue(isinstance(objects, QuerySet)) self.assertEqual(objects[0], self.obj1)
def filter_by_group(self, queryset, name, value): try: if self.request.user.is_superuser: group = Group.objects.get(name=value) else: group = self.request.user.groups.get(name=value) except Group.DoesNotExist: return queryset return get_objects_for_group( group, ["view_secret", "change_secret"], queryset, any_perm=True )
def test_any_of_multiple_perms_to_check(self): assign_perm('change_contenttype', self.group1, self.obj1) assign_perm('delete_contenttype', self.group1, self.obj1) assign_perm('add_contenttype', self.group1, self.obj2) assign_perm('delete_contenttype', self.group1, self.obj3) objects = get_objects_for_group(self.group1, ['contenttypes.change_contenttype', 'contenttypes.delete_contenttype'], any_perm=True) self.assertTrue(isinstance(objects, QuerySet)) self.assertEqual([obj for obj in objects.order_by('app_label')], [self.obj1, self.obj3])
def get_context_data(self, **kwargs): context = super().get_context_data(**kwargs) # get the model manager method depending on the cluster filter # and call it to get the base queryset clusters = get_objects_for_user( self.request.user, "clusters.view_cluster", getattr(Cluster.objects, self.clusters_shown)().order_by("-created_at"), use_groups=False, with_superuser=False, ) sparkjob_qs = SparkJob.objects.all().order_by("-start_date") if self.jobs_shown == self.mine_job_filter: spark_jobs = get_objects_for_user( self.request.user, "jobs.view_sparkjob", sparkjob_qs, use_groups=False, with_superuser=False, ) elif self.jobs_shown == self.all_job_filter: spark_jobs = get_objects_for_group( self.jobs_maintainer_group, "jobs.view_sparkjob", sparkjob_qs, any_perm=False, accept_global_perms=False, ) else: spark_jobs = sparkjob_qs.none() context.update({"clusters": clusters, "spark_jobs": spark_jobs}) # a list of modification datetimes of the clusters and Spark jobs to use # for getting the last changes on the dashboard cluster_mod_datetimes = list( clusters.values_list("modified_at", flat=True)) spark_job_mod_datetimes = [ spark_job.latest_run.modified_at for spark_job in spark_jobs.with_runs().order_by("-runs__modified_at") ] modified_datetimes = sorted(cluster_mod_datetimes + spark_job_mod_datetimes, reverse=True) if modified_datetimes: context["modified_date"] = modified_datetimes[0] return context
def test_any_of_multiple_perms_to_check(self): assign_perm('change_contenttype', self.group1, self.obj1) assign_perm('delete_contenttype', self.group1, self.obj1) assign_perm('add_contenttype', self.group1, self.obj2) assign_perm('delete_contenttype', self.group1, self.obj3) objects = get_objects_for_group(self.group1, ['contenttypes.change_contenttype', 'contenttypes.delete_contenttype'], any_perm=True) self.assertTrue(isinstance(objects, QuerySet)) self.assertEqual([obj for obj in objects.order_by('app_label')], [self.obj1, self.obj3])
def get_context_data(self, **kwargs): context = super().get_context_data(**kwargs) # get the model manager method depending on the cluster filter # and call it to get the base queryset clusters = get_objects_for_user( self.request.user, 'clusters.view_cluster', getattr(Cluster.objects, self.clusters_shown)().order_by('-created_at'), use_groups=False, with_superuser=False, ) sparkjob_qs = SparkJob.objects.all().order_by('-start_date') if self.jobs_shown == self.mine_job_filter: spark_jobs = get_objects_for_user( self.request.user, 'jobs.view_sparkjob', sparkjob_qs, use_groups=False, with_superuser=False, ) elif self.jobs_shown == self.all_job_filter: spark_jobs = get_objects_for_group( self.jobs_maintainer_group, 'jobs.view_sparkjob', sparkjob_qs, any_perm=False, accept_global_perms=False, ) else: spark_jobs = sparkjob_qs.none() context.update({ 'clusters': clusters, 'spark_jobs': spark_jobs, }) # a list of modification datetimes of the clusters and Spark jobs to use # for getting the last changes on the dashboard cluster_mod_datetimes = list(clusters.values_list('modified_at', flat=True)) spark_job_mod_datetimes = [ spark_job.latest_run.modified_at for spark_job in spark_jobs.with_runs().order_by('-runs__modified_at') ] modified_datetimes = sorted(cluster_mod_datetimes + spark_job_mod_datetimes, reverse=True) if modified_datetimes: context['modified_date'] = modified_datetimes[0] return context
def assign_workstation_permissions(self): perm = f"view_{Workstation._meta.model_name}" group = self.readers_group workstations = get_objects_for_group(group=group, perms=perm, klass=Workstation) if (self.workstation not in workstations) or workstations.count() > 1: remove_perm(perm=perm, user_or_group=group, obj=workstations) # Allow readers to view the workstation used for this reader study assign_perm(perm=perm, user_or_group=group, obj=self.workstation)
def transfer_project_info(source_project, destination_project): """Transfers the given project""" # destination_project.name - keep project name as is # destination_project.deprecated_project_id - keep as is destination_project.description = choose_one( destination_project, "description", source_project.description, destination_project.description) # update permissions - transfer source project users for user in source_project.can_edit_group.user_set.all(): destination_project.can_edit_group.user_set.add(user) for user in source_project.can_view_group.user_set.all(): destination_project.can_view_group.user_set.add(user) # update permissions - transfer source project gene lists for locus_list in get_objects_for_group(source_project.can_view_group, CAN_VIEW, LocusList): assign_perm(user_or_group=destination_project.can_view_group, perm=CAN_VIEW, obj=locus_list) # update permissions - transfer SampleBatches for sample_batch in SampleBatch.objects.filter( sample__individual__family__project=source_project): assign_perm(user_or_group=destination_project.can_edit_group, perm=CAN_EDIT, obj=sample_batch) assign_perm(user_or_group=destination_project.can_view_group, perm=CAN_VIEW, obj=sample_batch) # transfer custom reference populations for p in source_project.custom_reference_populations.all(): destination_project.custom_reference_populations.add(p) # phenotips and MME destination_project.is_phenotips_enabled = True # TODO check for each individual whether the source project has phenotips data destination_project.phenotips_user_id = source_project.phenotips_user_id destination_project.is_mme_enabled = source_project.is_mme_enabled or destination_project.is_mme_enabled destination_project.mme_primary_data_owner = choose_one( destination_project, "mme_primary_data_owner", source_project.mme_primary_data_owner, destination_project.mme_primary_data_owner) destination_project.save()
def filter_queryset(self, request, queryset, view): groupname = request.GET.get("group", "") if groupname: group = Group.objects.filter(name=groupname).first() if group: group_hosts = get_objects_for_group(group, ["hosts.is_owner_host"], klass=Host) return queryset.filter( pk__in=[host.pk for host in group_hosts]) else: return queryset.none() else: return queryset
def _get_json_for_locus_lists(project): result = [] for locus_list in get_objects_for_group(project.can_view_group, CAN_VIEW, LocusList): result.append({ 'locusListGuid': locus_list.guid, 'createdDate': locus_list.created_date, 'name': locus_list.name, 'deprecatedGeneListId': _slugify(locus_list.name), 'description': locus_list.description, 'numEntries': LocusListEntry.objects.filter(parent=locus_list).count(), }) return sorted(result, key=lambda locus_list: locus_list['createdDate'])
def resources(self, resource_type=None): """ Returns a generator of objects that this group has permissions on. :param resource_type: Filter's the queryset to objects with the same type. """ queryset = get_objects_for_group(self.group, ['base.view_resourcebase', 'base.change_resourcebase'], any_perm=True) if resource_type: queryset = [item for item in queryset if hasattr(item,resource_type)] for resource in queryset: yield resource
def data_sets(request): if not request.user.is_authenticated(): group = ExtendedGroup.objects.public_group() dataset_list = get_objects_for_group( group, "core.read_dataset" ) else: dataset_list = get_objects_for_user(request.user, 'core.read_dataset') investigation_titles = list() studies = list() assays = list() for dataset in dataset_list: try: investigation = dataset.get_investigation() investigation_titles.append(investigation.get_title()) study_count = investigation.get_study_count() if study_count > 1: studies.append("%d studies" % study_count) else: studies.append("1 study") assay_count = investigation.get_assay_count() if assay_count > 1: assays.append("%d assays" % assay_count) else: assays.append("1 assay") except: investigation_titles.append("--") studies.append("0 studies") assays.append("0 assays") datasets_info = zip(dataset_list, investigation_titles, studies, assays) #pagination paginator = Paginator(datasets_info, 15) page = request.GET.get('page') try: datasets = paginator.page(page) except PageNotAnInteger: datasets = paginator.page(1) except EmptyPage: datasets = paginator.page(paginator.num_pages) except TypeError: datasets = paginator.page(1) return render_to_response("core/data_sets.html", {'datasets': datasets}, context_instance=RequestContext(request))
def get_user_or_group_view_environments(user_or_group: Union[User, Group]): environments = Environment.objects.active() perms = ('view_environment', ) if isinstance(user_or_group, Group): return get_objects_for_group(group=user_or_group, perms=perms, any_perm=True, klass=environments) return get_objects_for_user(user=user_or_group, perms=perms, any_perm=True, klass=environments)
def assign_workstation_permissions(self): """Allow the editors and users group to view the workstation.""" perm = f"view_{Workstation._meta.model_name}" for group in [self.users_group, self.editors_group]: workstations = get_objects_for_group(group=group, perms=perm, klass=Workstation) if (self.workstation not in workstations) or workstations.count() > 1: remove_perm(perm=perm, user_or_group=group, obj=workstations) assign_perm(perm=perm, user_or_group=group, obj=self.workstation)
def assign_workstation_permissions(self): """Allow the editors and users group to view the workstation.""" perm = "workstations.view_workstation" for group in [self.users_group, self.editors_group]: workstations = get_objects_for_group(group=group, perms=perm, accept_global_perms=False) if (self.workstation not in workstations) or workstations.count() > 1: remove_perm(perm=perm, user_or_group=group, obj=workstations) assign_perm(perm=perm, user_or_group=group, obj=self.workstation)
def filter_queryset(self, request, queryset, view): groupname = request.GET.get('group', '') if groupname: group = Group.objects.filter(name=groupname).first() if group: group_hosts = get_objects_for_group( group, ['hosts.is_owner_host'], klass=Host, ) return queryset.filter(pk__in=[host.pk for host in group_hosts]) else: return queryset.none() else: return queryset
def data_sets(request): if not request.user.is_authenticated(): group = ExtendedGroup.objects.public_group() dataset_list = get_objects_for_group(group, "core.read_dataset") else: dataset_list = get_objects_for_user(request.user, 'core.read_dataset') investigation_titles = list() studies = list() assays = list() for dataset in dataset_list: try: investigation = dataset.get_investigation() investigation_titles.append(investigation.get_title()) study_count = investigation.get_study_count() if study_count > 1: studies.append("%d studies" % study_count) else: studies.append("1 study") assay_count = investigation.get_assay_count() if assay_count > 1: assays.append("%d assays" % assay_count) else: assays.append("1 assay") except: investigation_titles.append("--") studies.append("0 studies") assays.append("0 assays") datasets_info = zip(dataset_list, investigation_titles, studies, assays) #pagination paginator = Paginator(datasets_info, 15) page = request.GET.get('page') try: datasets = paginator.page(page) except PageNotAnInteger: datasets = paginator.page(1) except EmptyPage: datasets = paginator.page(paginator.num_pages) except TypeError: datasets = paginator.page(1) return render_to_response("core/data_sets.html", {'datasets': datasets}, context_instance=RequestContext(request))
def user_dashboard(request, username): ''' Dashboard seen when a user signs in or views another user's profile. The dashboard contains links to a users the private/public data repos. Private repos are only shown if the user has permission to view them. ''' # Are we looking at our own profile or someone elses? is_other_user = request.user.username != username user = get_object_or_404(User, username=username) # Find all the organization this user belongs to organizations = OrganizationUser.objects.filter(user=user) # Grab a list of forms uploaded by the user if is_other_user: user_repos = Repository.objects.list_by_user( user=user, organizations=organizations, public=True) user_studies = [] else: user_repos = Repository.objects.list_by_user( user=user, organizations=organizations) user_studies = Study.objects.filter(user=user) # Get repos shared with orgs user is a member of orgs = OrganizationUser.objects.filter(user=user) orgs = map(lambda ou: ou.organization, orgs) for org in orgs: user_repos = user_repos | get_objects_for_group( org, 'view_repository', Repository) serializer = RepoSerializer() repo_json = json.dumps(serializer.serialize(user_repos)) serializer = StudySerializer() study_json = json.dumps(serializer.serialize(user_studies)) return render_to_response('dashboard.html', { 'user_studies': study_json, 'user_repos': repo_json, 'is_other_user': is_other_user, 'account': user, 'organizations': organizations }, context_instance=RequestContext(request))
def assign_workstation_permissions(self): perm = "workstations.view_workstation" for group in (self.editors_group, self.readers_group): workstations = get_objects_for_group( group=group, perms=perm, accept_global_perms=False ) if ( self.workstation not in workstations ) or workstations.count() > 1: remove_perm(perm=perm, user_or_group=group, obj=workstations) # Allow readers to view the workstation used for this study assign_perm( perm=perm, user_or_group=group, obj=self.workstation )
def essays(request, group_id): # Check which essays to show only here. # Do we need the group? # Do we need the user? # Does anything have to be passed to essays() latest_essay_list = [] if request.user.is_authenticated(): current_user = request.user grp = Group.objects.get(id=group_id) e_group_users = grp.user_set.all() group_name = grp.name latest_essay_list = get_objects_for_group(grp, 'tapp.view_essay') context = {'latest_essay_list': latest_essay_list, 'group_id': group_id, 'group_name': group_name, 'e_group_users': e_group_users} return render(request, 'tapp/essays.html', context)
def list(request, groupid): groupid = int(groupid) try: group = Group.objects.get(id=groupid) except ObjectDoesNotExist: raise SuspiciousOperation result = {} # we show all documents for which the requested group has edit permissions # e.g. if you request FSR minutes, all minutes for which the FSR group has edit rights will be shown minutes = get_objects_for_group(group, "minutes.change_minutesdocument", MinutesDocument).order_by('-date') for m in minutes: if not request.user.has_perm(MinutesDocument.get_view_permission(), m): continue if m.date.year not in result: result[m.date.year] = [] result[m.date.year].append(m) return render(request, "minutes_list.html", { 'minutes': result, })
def visible_to_group(self, group): """ Return annotations the specified group is allowed to view. Objects are found based on view_annotation permission and per-object permissions. .. Note:: Due to the use of :meth:`guardian.shortcuts.get_objects_for_user`, it is recommended to use this method first; it does combine the existing queryset query, but it does not chain as querysets normally do. """ qs = get_objects_for_group(group, 'view_annotation', Annotation) # combine current queryset query, if any, with the newly # created queryset from django guardian qs.query.combine(self.query, 'AND') return qs
def resources(self, resource_type=None): """ Returns a generator of objects that this group has permissions on. :param resource_type: Filter's the queryset to objects with the same type. """ queryset = get_objects_for_group( self.group, ['base.view_resourcebase', 'base.change_resourcebase'], any_perm=True) _queryset = [] if resource_type: for item in queryset: try: if hasattr(item, resource_type): _queryset.append(item) except Exception as e: logger.debug(e) queryset = _queryset if _queryset else queryset yield from queryset
def load_group_menu_perms(group_obj): """ 获取权限组的所有菜单权限 :param group_obj: 组对象 :return: """ check_perm = "account.view_menus" menu_perm_info = list() all_menus_obj = Menus.objects.filter(is_avaible=1).order_by("menu_code") # 获取组所能访问的菜单 if not group_obj: # 组不存在,则所有权限认为为空 group_menu_obj = list() else: group_menu_obj = get_objects_for_group(group_obj, check_perm) for menu_obj in all_menus_obj: has_perm = 1 if menu_obj in group_menu_obj else 0 menu_perm = dict(id=menu_obj.id, name=menu_obj.menu_name, view=has_perm) menu_perm_info.append(menu_perm) return menu_perm_info
def update_repo_perms(apps, schema_editor): """ Assign push repo perms to the namespace and distribution groups. """ AccessPolicy = apps.get_model('core', 'AccessPolicy') push_repo_viewset = 'repositories/container/container-push' dist_viewset = 'distributions/container/container' namespace_viewset = 'pulp_container/namespaces' viewset_names = (dist_viewset, namespace_viewset, push_repo_viewset) existing_perms = ( 'container.modify_content_containerpushrepository', 'container.namespace_modify_content_containerpushrepository', ) groups_ns = Group.objects.filter( name__regex=r'container.(distribution|namespace).(collaborators|owners)' ) for viewset_name in viewset_names: try: db_access_policy = AccessPolicy.objects.get( viewset_name=viewset_name) except AccessPolicy.DoesNotExist: pass else: if not db_access_policy.customized: for perm in existing_perms: for group in groups_ns: objs = get_objects_for_group(group, perm, accept_global_perms=False) for obj in objs: if obj.ACCESS_POLICY_VIEWSET_NAME == namespace_viewset: assign_perm( 'container.namespace_change_containerpushrepository', group, obj) elif obj.ACCESS_POLICY_VIEWSET_NAME == push_repo_viewset: assign_perm( 'container.change_containerpushrepository', group, obj)
def load_groups_perms(group_obj, app_label, model, custid=None): """ 获取组在某个模块的所有权限对象 :param group_obj: 权限组对象 :param app_label: app名 :param model:models名 :return: 组包含的所有对象权限 """ project_perm_obj = dict() content_type = ContentType.objects.get(app_label=app_label, model=model) check_perm_list = content_type.permission_set.all() # 获取权限组对象拥有的所有project列表 for check_perm in check_perm_list: perm_type = check_perm.codename.split("_")[0] if not group_obj: perm_projects = [] else: perm_projects = get_objects_for_group(group_obj, "{0}.{1}".format(check_perm.content_type.app_label, check_perm.codename)) # 对于分客户的处理,将单个组的所有权限对象进行客户过滤 if custid: perm_projects.filter(object_pk__startswith=custid) project_perm_obj.update({perm_type: perm_projects}) return project_perm_obj
def test_ensure_returns_queryset(self): objects = get_objects_for_group(self.group1, ['contenttypes.change_contenttype']) self.assertTrue(isinstance(objects, QuerySet))
def test_klass_as_queryset(self): assign_perm('contenttypes.change_contenttype', self.group1, self.obj1) objects = get_objects_for_group(self.group1, ['change_contenttype'], ContentType.objects.all()) self.assertEqual(list(objects), [self.obj1])
def test_perms_single(self): perm = 'contenttypes.change_contenttype' assign_perm(perm, self.group1, self.obj1) self.assertEqual(set(get_objects_for_group(self.group1, perm)), set(get_objects_for_group(self.group1, [perm])))
def test_empty_perms_sequence(self): self.assertEqual( set(get_objects_for_group(self.group1, [], ContentType)), set())
def test_has_global_permission(self): assign_perm('contenttypes.change_contenttype', self.group1) objects = get_objects_for_group(self.group1, ['contenttypes.change_contenttype']) self.assertEquals(set(objects), set(ContentType.objects.all()))