def __init__(self, *args, **kwargs): feature_type = kwargs.pop('feature_type') user = kwargs.pop('user', None) super().__init__(*args, **kwargs) project = feature_type.project # Status choices initial = 'draft' choices = tuple(x for x in Feature.STATUS_CHOICES) if not project.moderation: choices = tuple(x for x in Feature.STATUS_CHOICES if x[0] != 'pending') initial = 'published' if not self.instance else self.instance.status if project.moderation and not Authorization.has_permission(user, 'can_publish_feature', project): choices = tuple(x for x in Feature.STATUS_CHOICES if x[0] in ['draft', 'pending']) initial = 'pending' if project.moderation and Authorization.has_permission(user, 'can_publish_feature', project): choices = tuple(x for x in Feature.STATUS_CHOICES if x[0] in ['draft', 'published', 'archived']) initial = 'draft' self.fields['status'] = forms.ChoiceField( choices=choices, initial=initial, label='Statut' )
def test_func(self): return True user = self.request.user feature_type = self.get_object() project = feature_type.project return Authorization.has_permission(user, 'can_create_feature', project)
def __init__(self, *args, **kwargs): feature_type = kwargs.pop('feature_type') user = kwargs.pop('user', None) super().__init__(*args, **kwargs) project = feature_type.project # Status choices initial = 'draft' choices = tuple(x for x in Feature.STATUS_CHOICES) if not project.moderation: choices = tuple(x for x in Feature.STATUS_CHOICES if x[0] != 'pending') initial = 'published' if not self.instance else self.instance.status if project.moderation and not Authorization.has_permission( user, 'can_publish_feature', project): choices = tuple(x for x in Feature.STATUS_CHOICES if x[0] in ['draft', 'pending']) initial = 'pending' if project.moderation and Authorization.has_permission( user, 'can_publish_feature', project): choices = tuple(x for x in Feature.STATUS_CHOICES if x[0] in ['draft', 'published', 'archived']) initial = 'draft' self.fields['status'] = forms.ChoiceField(choices=choices, initial=initial, label='Statut') # TODO: factoriser les attributs de champs geom if feature_type.geom_type == "point": self.fields['geom'] = forms.PointField(label="Localisation", required=True, srid=4326) if feature_type.geom_type == "linestring": self.fields['geom'] = forms.LineStringField(label="Localisation", required=True, srid=4326) if feature_type.geom_type == "polygon": self.fields['geom'] = forms.PolygonField(label="Localisation", required=True, srid=4326)
def test_func(self): user = self.request.user feature_type = self.get_object() project = feature_type.project # On interdit l'édition d'un feature_type si des signalements ont déja été crée if Feature.objects.filter(feature_type=feature_type).exists(): return False return Authorization.has_permission(user, 'can_create_feature_type', project)
def get(self, request): data = {} user = request.user # data['user'] = user # on liste les droits de l'utilisateur pour chaque projet data['permissions'] = {} data['rank'] = {} for project in Project.objects.all(): data['permissions'][project.slug] = Authorization.has_permission( user, 'can_view_project', project) try: rank = Authorization.objects.get(project=project, user=user).level rank = AuthorizationSerializer(rank).data except Exception: if user.is_superuser: usertype = choices.ADMIN else: usertype = choices.LOGGED_USER serializer_rank = UserLevelPermission.objects.get( user_type_id=usertype) rank = UserLevelPermissionSerializer(serializer_rank).data data['rank'][project.slug] = rank project_authorized = Authorization.objects.filter(user=user).filter( level__rank__lte=2).values_list('project__pk', flat=True) serialized_projects = ProjectDetailedSerializer(Project.objects.filter( Q(pk__in=project_authorized) | Q(creator=user)).order_by('-created_on'), many=True) all_events = Event.objects.filter(user=user).order_by('-created_on') serialized_events = EventSerializer(all_events[0:5], many=True) feature_events = Event.objects.filter( user=user, object_type='feature').order_by('-created_on') serialized_feature_events = EventSerializer(feature_events[0:5], many=True) comment_events = Event.objects.filter( user=user, object_type='comment').order_by('-created_on') serialized_comment_events = EventSerializer(comment_events[0:5], many=True) data['projects'] = serialized_projects.data data['events'] = serialized_events.data data['features'] = serialized_feature_events.data data['comments'] = serialized_comment_events.data data['title'] = "Mon compte" return Response(data=data, status=status.HTTP_200_OK)
def get(self, request): context = {} user = request.user # context['user'] = user # on liste les droits de l'utilisateur pour chaque projet context['permissions'] = {} context['rank'] = {} for project in Project.objects.all(): context['permissions'][ project.slug] = Authorization.has_permission( user, 'can_view_project', project) try: rank = Authorization.objects.get(project=project, user=user).level except Exception: if user.is_superuser: usertype = choices.ADMIN else: usertype = choices.LOGGED_USER rank = UserLevelPermission.objects.get(user_type_id=usertype) context['rank'][project.slug] = rank project_authorized = Authorization.objects.filter(user=user).filter( level__rank__lte=2).values_list('project__pk', flat=True) serilized_projects = ProjectDetailedSerializer(Project.objects.filter( Q(pk__in=project_authorized) | Q(creator=user)).order_by('-created_on'), many=True) all_events = Event.objects.filter(user=user).order_by('-created_on') serialized_events = EventSerializer(all_events[0:5], many=True) feature_events = Event.objects.filter( user=user, object_type='feature').order_by('-created_on') serialized_feature_events = EventSerializer(feature_events[0:5], many=True) comment_events = Event.objects.filter( user=user, object_type='comment').order_by('-created_on') serialized_comment_events = EventSerializer(comment_events[0:5], many=True) context['projects'] = serilized_projects.data context['events'] = serialized_events.data context['features'] = serialized_feature_events.data context['comments'] = serialized_comment_events.data return render(request, 'geocontrib/my_account.html', context)
def test_func(self): user = self.request.user project = self.get_object() return Authorization.has_permission(user, 'can_update_project', project)
def test_func(self): user = self.request.user project = self.get_object() return Authorization.has_permission(user, 'is_project_administrator', project)
def test_func(self): user = self.request.user project = self.get_object() return Authorization.has_permission(user, 'can_create_feature_type', project)
def test_func(self): user = self.request.user feature = self.get_object() project = feature.project return Authorization.has_permission(user, 'can_update_feature', project, feature)
def validate_project(self, obj): user = self.context['request'].user if not Authorization.has_permission(user, 'can_create_feature_type', obj): raise serializers.ValidationError({ 'error': "Vous ne pouvez pas éditer de type de signalement pour ce projet. "}) return obj
def has_object_permission(self, request, view, obj): if request.method in permissions.SAFE_METHODS: return True return Authorization.has_permission(request.user, 'can_update_project', obj)