Пример #1
0
    def has_permission(self, request, view):
        """
        Check if the user is authenticated and employee or read-only.

        This permission will also provide (full) access to the
        administrator.

        :param request: The current request instance
        :type request: rest_framework.request.Request

        :param view: The current view instance
        :type view: rest_framework.views.APIView

        :return: Whether the permission was granted or not
        :rtype: bool
        """
        if not IsAuthenticated.has_permission(self, request, view):
            return False

        if (
                is_management(request.user, False) or
                is_employer(request.user, False)
        ):
            return request.method.upper() in (
                'GET', 'HEAD', 'OPTIONS', 'TRACE'
            )

        return is_employee(request.user)
Пример #2
0
    def filter_queryset(self, queryset):
        """
        Filter out the unrelated logo's.

        :return: The image queryset
        :rtype: django.db.models.query.QuerySet
        """
        if is_management(self.request.user):
            return queryset

        return queryset.filter(
            colourtheme__company__members__account=self.request.user)
Пример #3
0
    def filter_queryset(self, queryset):
        """
        Filter out the colour themes that aren't relevant to the user.

        :param queryset: The queryset to filter
        :type queryset: django.db.models.query.QuerySet

        :return: Teh filtered queryset
        :rtype: django.db.models.query.QuerySet
        """
        if is_management(self.request.user):
            return queryset

        return queryset.filter(company__members__account=self.request.user.id)
Пример #4
0
    def filter_queryset(self, queryset):
        """
        Filter out the companies that aren't related to the user.

        :param queryset: The queryset with all the companies
        :type queryset: django.db.models.query.QuerySet

        :return: The filtered queryset
        :rtype: django.db.models.query.QuerySet
        """
        if is_management(self.request.user):
            return queryset

        return queryset.filter(members__account=self.request.user)
Пример #5
0
    def filter_queryset(self, queryset):
        """
        Filter out the records related to other companies.

        :param queryset: The queryset to filter
        :type queryset: django.db.models.query.QuerySet

        :return: The filtered queryset
        :rtype: django.db.models.query.QuerySet
        """
        if is_management(self.request.user):
            return queryset

        company = self.request.user.member.company_id
        return queryset.filter(answerer__member__company=company)
Пример #6
0
    def get_extra_kwargs(self):
        """
        Filter out the 'company' field when the user is from management.

        :return: A sequence with the extra field kwargs.
        :rtype: tuple
        """
        kwargs = ModelSerializer.get_extra_kwargs(self)
        if not is_management(self.context["request"].user):
            return kwargs

        return {
            **kwargs, "company": {
                **kwargs.get("company", {}), "read_only": True
            }
        }
Пример #7
0
    def filter_queryset(self, queryset):
        """
        Filter out the memberships that aren't accessible to the user.

        :param queryset: The queryset with all the memberships
        :type queryset: django.db.models.query.QuerySet

        :return: The filtered queryset
        :rtype: django.db.models.query.QuerySet
        """
        if is_management(self.request.user):
            return queryset

        if is_employee(self.request.user, False):
            return queryset.filter(account=self.request.user)

        return queryset.filter(company__members__account=self.request.user)
Пример #8
0
    def has_permission(self, request, view):
        """
        Check if the user is authenticated and from management.

        This permission will also provide (full) access to the
        administrator.

        :param request: The current request instance
        :type request: rest_framework.request.Request

        :param view: The current view instance
        :type view: rest_framework.views.APIView

        :return: Whether the permission was granted or not
        :rtype: bool
        """
        return (
            IsAuthenticated.has_permission(self, request, view)
            and is_management(request.user)
        )
Пример #9
0
    def filter_queryset(self, queryset):
        """
        Filter the queryset for the appropriate users.

        :param queryset: The queryset to filter
        :type queryset: django.db.models.query.QuerySet

        :return: The queryset with the appropriate allowed users
        :rtype: django.db.models.query.QuerySet
        """
        query = Q()
        if is_employee(self.request.user, False):
            query &= Q(id=self.request.user.id)

        if is_employer(self.request.user, False):
            query &= Q(group=Groups.employee)
            query &= Q(member__company=self.request.user.member.company)

        if is_management(self.request.user, False):
            query &= ~Q(group=Groups.admin)

        return queryset.filter(query)