def to_value(self, instance):
# Name attributes must be translated
for attr in ["epic_statuses_attr", "userstory_statuses_attr", "points_attr", "task_statuses_attr",
"issue_statuses_attr", "issue_types_attr", "priorities_attr", "severities_attr",
"epic_custom_attributes_attr", "userstory_custom_attributes_attr",
"task_custom_attributes_attr", "issue_custom_attributes_attr", "roles_attr"]:
assert hasattr(instance, attr), "instance must have a {} attribute".format(attr)
val = getattr(instance, attr)
if val is None:
continue
for elem in val:
elem["name"] = _(elem["name"])
ret = super().to_value(instance)
admin_fields = [
"epics_csv_uuid", "userstories_csv_uuid", "tasks_csv_uuid", "issues_csv_uuid",
"is_private_extra_info", "max_memberships", "transfer_token",
]
is_admin_user = False
if "request" in self.context:
user = self.context["request"].user
is_admin_user = permissions_services.is_project_admin(user, instance)
if not is_admin_user:
for admin_field in admin_fields:
del(ret[admin_field])
return ret
def handle(self, *args, **options):
username_or_email = options["user"]
dump_format = options["format"]
project_slugs = options["project_slugs"]
try:
user = User.objects.get(Q(username=username_or_email) | Q(email=username_or_email))
except Exception:
raise CommandError("Error loading user".format(username_or_email))
for project_slug in project_slugs:
try:
project = Project.objects.get(slug=project_slug)
except Project.DoesNotExist:
raise CommandError("Project '{}' does not exist".format(project_slug))
if not is_project_admin(user, project):
self.stderr.write(
self.style.ERROR(
"ERROR: Not sending task because user '{}' doesn't have permissions to export '{}' project".format(
username_or_email, project_slug
)
)
)
continue
task = tasks.dump_project.delay(user, project, dump_format)
tasks.delete_project_dump.apply_async(
(project.pk, project.slug, task.id, dump_format), countdown=settings.EXPORTS_TTL
)
print("-> Sent task for dump of project '{}' as user {}".format(project.name, username_or_email))
def get_serializer_class(self):
use_admin_serializer = False
if self.action == "create":
use_admin_serializer = True
if self.action == "retrieve":
use_admin_serializer = permissions_services.is_project_admin(self.request.user, self.object.project)
project_id = self.request.QUERY_PARAMS.get("project", None)
if self.action == "list" and project_id is not None:
project = get_object_or_404(models.Project, pk=project_id)
use_admin_serializer = permissions_services.is_project_admin(self.request.user, project)
if use_admin_serializer:
return self.admin_serializer_class
else:
return self.serializer_class
def get_serializer_class(self):
serializer_class = self.serializer_class
if self.action == "list":
serializer_class = self.list_serializer_class
elif self.action != "create":
if self.action == "by_slug":
slug = self.request.QUERY_PARAMS.get("slug", None)
project = get_object_or_404(models.Project, slug=slug)
else:
project = self.get_object()
if permissions_services.is_project_admin(self.request.user, project):
serializer_class = self.admin_serializer_class
return serializer_class
def get_i_am_admin(self, obj):
if "request" in self.context:
return is_project_admin(self.context["request"].user, obj)
return False
def check_permissions(self, request, view, obj=None):
model = get_model_from_key(obj.key)
pk = get_pk_from_key(obj.key)
project = model.objects.get(pk=pk)
return is_project_admin(request.user, project)
def check_permissions(self, request, view, obj=None):
return is_project_admin(request.user, obj)
def get_i_am_admin(self, obj):
if "request" in self.context:
return is_project_admin(self.context["request"].user, obj)
return False
def check_permissions(self, request, view, obj=None):
return is_project_admin(request.user, obj.webhook.project)
def check_permissions(self, request, view, obj=None):
model = get_model_from_key(obj.key)
pk = get_pk_from_key(obj.key)
project = model.objects.get(pk=pk)
return is_project_admin(request.user, project)