def class_based_access(cls, account):
""" Based on the AUTH class we are creating, we might offer some default access
to certain groups from the account. By default, permissions should only be given to
admin type users. This can be overwritten in specific classes as needed. E.G. messages -> agents ?
"""
if account is None:
return []
return default_admin_group(account)
def create_by_user(self, user, **kw):
if user.current_account:
# Force class based access
account = user.current_account
kw['acl'] = [
default_admin_group(account),
default_analyst_group(account),
default_reviewer_group(account)
]
return AuthManager.create_by_user(self, user, **kw)
def default_access_groups(user, ignore_admins=False):
""" Return the default groups we use in case a object is not restricted
to some specific groups. These groups are inferred based on the user role
of the creation: AGENT, ANALYST or REVIEWER.
"""
groups = []
if user.is_admin and not ignore_admins:
groups.append(default_admin_group(user.current_account))
if user.is_reviewer:
groups.append(default_reviewer_group(user.current_account))
if user.is_agent:
groups.append(default_agent_group(user.current_account))
if user.is_analyst:
groups.append(default_analyst_group(user.current_account))
return groups
def populate_acl(self, user, kw):
if user.is_superuser:
# In case a superuser will create some objects, we can't default to their groups
# Just use default groups based on the created class. E.G. Messages -> Agents + Admins
if 'acl' not in kw or not kw['acl']:
kw['acl'] = self.doc_class.class_based_access(
user.current_account)
return
groups = kw.get('acl', [])
account = kw.get('account', None) or user.current_account
admin_perms = default_admin_group(account)
if not groups:
groups = default_access_groups(user)
# No matter what was the case, admins of the account should have access
if admin_perms not in groups:
groups.append(admin_perms)
if str(user.id) not in groups:
groups.append(str(user.id))
kw['acl'] = groups
'error':
'Saved changes. But could not synchronize for matching. Error: %s. Try manual activation, or contact support.'
% str(e)
}
else:
from solariat_bottle.db.group import default_admin_group, default_agent_group
# As a default, try to share with groups that I'm part of. If I'm not part of any specific
# groups, just share with the default admin and agent groups
if user.is_agent and user.groups:
# If an agent creates a new message, share with all his groups
acl = [str(g) for g in user.groups]
else:
# If admin/staff creates message, share with all agents and all admins
acl = [
default_admin_group(user.current_account),
default_agent_group(user.current_account)
]
print acl
matchable = Matchable.objects.create_by_user(
user,
channels=channels,
creative=creative,
intention_types=intention_types,
intention_topics=topics,
acl=acl,
_lang_code=language)
#print "Refreshing"
try:
MatchableCollection().index.refresh()