Exemplo n.º 1
0
 def validate_managed_users_are_not_managers_or_bosses(managed_users):
     managed_user_ids = [item["user"]["id"] for item in managed_users]
     managed_users = CUser.objects.filter(id__in=managed_user_ids).all()
     for user in managed_users:
         if user.is_superuser or is_manager(user):
             raise serializers.ValidationError(
                 "A manager can't manage other managers or bosses")
Exemplo n.º 2
0
 def test_given_a_boss_can_convert_a_manager_to_end_hitman_removing_all_his_managed_hitmen(
     self,
 ):
     update_url = reverse("users-detail", args=[str(self.manager.id)])
     self.client.force_authenticate(self.boss)
     payload = {"is_active": True, "managed_users": []}
     response = self.client.put(update_url, payload)
     self.assertEquals(response.status_code, status.HTTP_200_OK)
     self.hitman2.refresh_from_db()
     self.assertTrue(not is_manager(self.manager))
     self.assertTrue(is_hitman(self.manager))
Exemplo n.º 3
0
 def test_given_a_boss_then_can_promote_a_hitman_to_manager_adding_managed_users_to_end_hitman(
     self,
 ):
     update_url = reverse("users-detail", args=[str(self.hitman.id)])
     self.client.force_authenticate(self.boss)
     payload = {
         "is_active": True,
         "managed_users": [{"id": self.hitman2.id}],
     }
     response = self.client.put(update_url, payload)
     self.assertEquals(response.status_code, status.HTTP_200_OK)
     self.hitman2.refresh_from_db()
     self.assertTrue(is_manager(self.hitman))
     self.assertTrue(not is_hitman(self.hitman))
Exemplo n.º 4
0
    def get_queryset(self):  # Filters the available hits by user role
        user = self.request.user

        if user.is_superuser:
            return self.queryset.all()

        if is_manager(user):
            return self.queryset.filter(
                Q(assigned_to=user)
                | Q(assigned_to__in=[
                    lackey.user for lackey in ManagerUser.objects.filter(
                        manager=user).all()
                ])).all()

        return self.queryset.filter(assigned_to=user).all()
Exemplo n.º 5
0
    def can_create_hit_for_assigned_user(self, request):
        if not "assigned_to" in request.data:
            return False

        if request.data["assigned_to"] == request.user.email:
            return False

        if request.user.is_superuser:
            return True

        if (is_manager(request.user) and ManagerUser.objects.filter(
                user=CUser.objects.get(email=request.data["assigned_to"]),
                manager=request.user,
        ).first()):  # Check that assigned user is a lackey of logged user
            return True

        return False
Exemplo n.º 6
0
    def has_permission(self, request, view):
        user = request.user

        if "assigned_to" not in request.data:
            return True

        if request.data["assigned_to"] == user.email:
            return False

        if user.is_superuser:
            return True

        if (is_manager(request.user) and ManagerUser.objects.filter(
                user=CUser.objects.get(email=request.data["assigned_to"]),
                manager=request.user,
        ).first()):  # Check that assigned user is a lackey of logged user
            return True

        return False
Exemplo n.º 7
0
 def has_permission(self, request, view):
     self.can_create_hit_for_assigned_user(request)
     user = request.user
     return (is_manager(user) or user.is_superuser
             ) and self.can_create_hit_for_assigned_user(request)
Exemplo n.º 8
0
 def has_permission(self, request, view):
     user = request.user
     return is_manager(user) or user.is_superuser
Exemplo n.º 9
0
    def get_queryset(self):
        if is_manager(self.request.user):
            return self.queryset.filter(user__manager_id=self.request.user.id).all()

        return super(UserViewSet, self).get_queryset()