Пример #1
0
    def assert_can_vote(self, poll, request):
        """
        Raises a permission denied, if the user is not allowed to vote (or has already voted).
        Adds the user to the voted array, so this needs to be reverted on error!
        Analog:                     has to have manage permissions
        Named & Pseudoanonymous:    has to be in a poll group and present
        """
        if poll.type == BasePoll.TYPE_ANALOG:
            if not self.has_manage_permissions():
                self.permission_denied(request)
        else:
            if poll.state != BasePoll.STATE_STARTED:
                raise ValidationError("You can only vote on a started poll.")

            if not request.user.is_present or not in_some_groups(
                    request.user.id,
                    list(poll.groups.values_list("pk", flat=True)),
                    exact=True,
            ):
                self.permission_denied(request)

            try:
                self.add_user_to_voted_array(request.user, poll)
                inform_changed_data(poll)
            except IntegrityError:
                raise ValidationError({"detail": "You have already voted"})
Пример #2
0
def get_mediafile(request, path):
    """
    returnes the mediafile for the requested path and checks, if the user is
    valid to retrieve the mediafile. If not, None will be returned.
    A user must have all access permissions for all folders the the file itself,
    or the file is a special file (logo or font), then it is always returned.

    If the mediafile cannot be found, a Mediafile.DoesNotExist will be raised.
    """
    if not path:
        raise Mediafile.DoesNotExist()
    parts = path.split("/")
    parent = None
    can_see = has_perm(request.user, "mediafiles.can_see")
    for i, part in enumerate(parts):
        is_directory = i < len(parts) - 1
        # A .get would be sufficient, but sometimes someone has uploaded a file twice due to complicated
        # transaction management of two databases during create. So instead of returning a 500er (since
        # .get returned multiple objects) we deliver the first file.
        if is_directory:
            mediafile = Mediafile.objects.filter(parent=parent,
                                                 is_directory=is_directory,
                                                 title=part).first()
        else:
            mediafile = Mediafile.objects.filter(
                parent=parent,
                is_directory=is_directory,
                original_filename=part).first()
        if mediafile is None:
            raise Mediafile.DoesNotExist()
        if mediafile.access_groups.exists() and not in_some_groups(
                request.user.id,
            [group.id for group in mediafile.access_groups.all()]):
            can_see = False
        parent = mediafile

    # Check, if this file is projected
    is_projected = False
    for projector in Projector.objects.all():
        for element in projector.elements:
            name = element.get("name")
            id = element.get("id")
            if name == "mediafiles/mediafile" and id == mediafile.id:
                is_projected = True
                break

    if not can_see and not mediafile.is_special_file and not is_projected:
        mediafile = None

    return mediafile
Пример #3
0
def get_mediafile(request, path):
    """
    returnes the mediafile for the requested path and checks, if the user is
    valid to retrieve the mediafile. If not, None will be returned.
    A user must have all access permissions for all folders the the file itself,
    or the file is a special file (logo or font), then it is always returned.

    If the mediafile cannot be found,  a Mediafile.DoesNotExist will be raised.
    """
    if not path:
        raise Mediafile.DoesNotExist()
    parts = path.split("/")
    parent = None
    can_see = has_perm(request.user, "mediafiles.can_see")
    for i, part in enumerate(parts):
        is_directory = i < len(parts) - 1
        if is_directory:
            mediafile = Mediafile.objects.get(parent=parent,
                                              is_directory=is_directory,
                                              title=part)
        else:
            mediafile = Mediafile.objects.get(parent=parent,
                                              is_directory=is_directory,
                                              original_filename=part)
        if mediafile.access_groups.exists() and not in_some_groups(
                request.user.id,
            [group.id for group in mediafile.access_groups.all()]):
            can_see = False
        parent = mediafile

    # Check, if this file is projected
    is_projected = False
    for projector in Projector.objects.all():
        for element in projector.elements:
            name = element.get("name")
            id = element.get("id")
            if name == "mediafiles/mediafile" and id == mediafile.id:
                is_projected = True
                break

    if not can_see and not mediafile.is_special_file and not is_projected:
        mediafile = None

    return mediafile
Пример #4
0
    def assert_can_vote(self, poll, request, vote_user):
        """
        Raises a permission denied, if the user is not allowed to vote (or has already voted).
        Adds the user to the voted array, so this needs to be reverted if a later error happens!
        Analog:                     has to have manage permissions
        Named & Pseudoanonymous:    has to be in a poll group and present
        """
        # if the request user is not the vote user, the delegation must be right
        if request.user != vote_user and request.user != vote_user.vote_delegated_to:
            raise ValidationError(
                {
                    "detail": f"You cannot vote for {vote_user.id} since the vote right was not delegated to you."
                }
            )

        # If the request user is the vote user, this user must not have any delegation.
        # It is not allowed to vote for oneself, if the vote is delegated
        if request.user == vote_user and request.user.vote_delegated_to is not None:
            raise ValidationError(
                {"detail": "You cannot vote since your vote right is delegated."}
            )

        if poll.type == BasePoll.TYPE_ANALOG:
            if not self.has_manage_permissions():
                self.permission_denied(request)
        else:
            if poll.state != BasePoll.STATE_STARTED:
                raise ValidationError(
                    {"detail": "You can only vote on a started poll."}
                )

            if not request.user.is_present or not in_some_groups(
                vote_user.id,
                list(poll.groups.values_list("pk", flat=True)),
                exact=True,
            ):
                self.permission_denied(request)

            try:
                self.add_user_to_voted_array(vote_user, poll)
                inform_changed_data(poll)
            except IntegrityError:
                raise ValidationError({"detail": "You have already voted."})