def get_user_type_ids(user): type_ids = [] provider = user_is_provider(user) if provider: if user_is_physician(provider): if provider.clinical_clerk: type_ids.append(USER_TYPE_MEDICAL_STUDENT) else: type_ids.append(USER_TYPE_DOCTOR) if user_is_np_pa(provider): type_ids.append(USER_TYPE_NPPA) staff = user_is_office_staff(user) if staff: type_ids.append(USER_TYPE_OFFICE_STAFF) if user_is_office_manager(staff): type_ids.append(USER_TYPE_OFFICE_MANAGER) if user_is_dietician(staff): type_ids.append(USER_TYPE_DIETICIAN) if user_is_nurse(staff): type_ids.append(USER_TYPE_NURSE) if is_techadmin(user): type_ids.append(USER_TYPE_TECH_ADMIN) return type_ids
def clean(self): """ ValidationError raised here if tech-admin doing something they ain't supposed to.... """ if is_techadmin(self.request.user): if Group.objects.filter(id=self.instance.id).exists(): raise ValidationError( _("Tech admin not allowed to modify groups.")) return super(TechAdminGroupForm, self).clean()
def clean_permissions(self): if is_techadmin(self.request.user): self.cleaned_data['permissions'] = [ p for p in itertools.chain(self.cleaned_data['permissions'], self.orig_perms) ] return self.cleaned_data['permissions']
def queryset(self, request): """ :returns: QuerySet used by changelist_view. """ qs = super(TechAdmin, self).queryset(request) if is_techadmin(request.user): qs = self.techadmin_queryset(request, qs) return qs
def save(self, commit=True): """ For tech-admins assign new group to this tech-admin """ group = super(TechAdminGroupForm, self).save(commit) if is_techadmin(self.request.user): group.save() self.request.user.groups.add(group) return group
def get_form(self, request, obj=None, **kwargs): form = super(Regional_ManagerAdmin, self).get_form(request, obj, **kwargs) from MHLogin.Administration.tech_admin.utils import is_techadmin if is_techadmin(request.user) and 'office_mgr' in form.base_fields: self._modify_user_query(request.user, form.base_fields['office_mgr']) return form
def get_form(self, request, obj=None, **kwargs): """ Override, set request on form and for tech-admin exclude superuser, staff """ form = super(TechMHLUserAdmin, self).get_form(request, obj, **kwargs) form.request = request if is_techadmin(request.user): form.base_fields.pop('is_superuser', None) form.base_fields.pop('is_staff', None) return form
def clean_user_permissions(self): if is_techadmin(self.request.user): # add back personal permissions if user belongs to ones not part of tech-admin self.cleaned_data['user_permissions'] = [ p for p in itertools.chain( self.cleaned_data['user_permissions'], self.personal_perms) ] return self.cleaned_data['user_permissions']
def save(self, commit=True): """ For tech-admins default new user's groups to non tech-admin's """ user = super(TechAdminUserCreationForm, self).save(commit) if is_techadmin(self.request.user): # before assigning default groups need to save model user.save() user.groups = self.request.user.groups.exclude(name=TECH_ADMIN_GROUP) return user
def has_permission(self, request): """ :returns: True if user is active and has either superuser or techadmin access. If tech-admin then permission model is used to determine what models they can view/delete/modify. """ return request.user.is_active and (request.user.is_superuser or request.user.is_staff or is_techadmin(request.user))
def clean(self): """ ValidationError raised here will not be associated with a particular field. """ if is_techadmin(self.request.user): if not self.request.user.groups.exclude(name=TECH_ADMIN_GROUP): raise ValidationError(_("You must belong to at least one " "non tech-admin group to add users.")) # TODO: TEMPORARY # raise ValidationError("Creation of users is temporarily " # "disabled for Tech Admins.") return super(TechAdminUserCreationForm, self).clean()
def save(self, commit=True): """ For tech-admins default new user's groups to non tech-admin's """ user = super(TechAdminUserCreationForm, self).save(commit) if is_techadmin(self.request.user): # before assigning default groups need to save model user.save() user.groups = self.request.user.groups.exclude( name=TECH_ADMIN_GROUP) return user
def clean_groups(self): if is_techadmin(self.request.user): if not self.cleaned_data['groups'] or (self.cleaned_data['groups'] and not self.cleaned_data['groups'].exclude(name=TECH_ADMIN_GROUP)): raise ValidationError(_("%s must belong to at least " "one non tech-admin group." % self.instance.username)) # add back personal groups if user belongs to other groups # besides the ones this tech-admin is administering self.cleaned_data['groups'] = [g for g in itertools.chain( self.cleaned_data['groups'], self.personal_grps)] return self.cleaned_data['groups']
def clean(self): """ ValidationError raised here will not be associated with a particular field. """ if is_techadmin(self.request.user): if not self.request.user.groups.exclude(name=TECH_ADMIN_GROUP): raise ValidationError( _("You must belong to at least one " "non tech-admin group to add users.")) # TODO: TEMPORARY # raise ValidationError("Creation of users is temporarily " # "disabled for Tech Admins.") return super(TechAdminUserCreationForm, self).clean()
def render(self, context): if (self.ctxvar in context): raise TemplateSyntaxError("Template variable '%s' already declared " "in this template context" % self.ctxvar) context[self.ctxvar] = 'false' if 'sender_types' in context: # show tech menu if Administrator or tech-admin or read-only admin if 'Administrator' in context['sender_types']: context[self.ctxvar] = 'true' else: if 'MHLUser' in context['sender_types']: user = User.objects.get(id=context['sender_types']['MHLUser']) if is_techadmin(user) or is_readonly_admin(user): context[self.ctxvar] = 'true' return ''
def clean_groups(self): if is_techadmin(self.request.user): if not self.cleaned_data['groups'] or ( self.cleaned_data['groups'] and not self.cleaned_data['groups'].exclude( name=TECH_ADMIN_GROUP)): raise ValidationError( _("%s must belong to at least " "one non tech-admin group." % self.instance.username)) # add back personal groups if user belongs to other groups # besides the ones this tech-admin is administering self.cleaned_data['groups'] = [ g for g in itertools.chain(self.cleaned_data['groups'], self.personal_grps) ] return self.cleaned_data['groups']
def __init__(self, *args, **kwargs): assert (self.request != None) # set by admin get_form() if is_techadmin(self.request.user): # Set available group/permissions based on tech-admins permissions self.base_fields['groups']._queryset = self.request.user.groups.all() self.base_fields['user_permissions']._queryset = get_user_permissions(self.request.user) super(TechAdminUserForm, self).__init__(*args, **kwargs) # after init save user's personal groups not part of tech-admins if any self.personal_grps = self.instance.groups.exclude( id__in=(g.id for g in self.request.user.groups.all())) self.personal_perms = self.instance.user_permissions.exclude( id__in=(p.id for p in get_user_permissions(self.request.user))) for locfield in ['lat', 'longit', 'office_lat', 'office_longit']: if locfield in self.fields: self.fields[locfield].widget.attrs['disabled'] = 'disabled'
def render(self, context): if (self.ctxvar in context): raise TemplateSyntaxError( "Template variable '%s' already declared " "in this template context" % self.ctxvar) context[self.ctxvar] = 'false' if 'sender_types' in context: # show tech menu if Administrator or tech-admin or read-only admin if 'Administrator' in context['sender_types']: context[self.ctxvar] = 'true' else: if 'MHLUser' in context['sender_types']: user = User.objects.get( id=context['sender_types']['MHLUser']) if is_techadmin(user) or is_readonly_admin(user): context[self.ctxvar] = 'true' return ''
def clean(self): """ ValidationError raised here will not be associated with a particular field. """ # Allow tech admin to change practice if all users belong to the same group(s) # he does minus his tech-admin. And allow edits on empty practices but no deletes. if is_techadmin(self.request.user): outcasts = [] grps = self.request.user.groups.exclude(name=TECH_ADMIN_GROUP) # now check every user belongs to at least one of the groups tech admin does for _, user in self.fields['members'].choices: if not user.groups.filter(id__in=(g.id for g in grps)): outcasts.append(user) if outcasts: raise ValidationError(_("Cannot modify practice, one or more practice " "members do not belong to your group: %s" % ', '.join(str(o) for o in outcasts))) return super(PracticeLocationForm, self).clean()
def __init__(self, *args, **kwargs): if is_techadmin(self.request.user): # Set available group/permissions based on tech-admins permissions self.base_fields['permissions']._queryset = get_user_permissions(self.request.user) super(TechAdminGroupForm, self).__init__(*args, **kwargs) users = self.orig_perms = [] if 'instance' in kwargs: # helper to show users belonging to this group if any users = kwargs['instance'].user_set.all() # save orig perms not in tech admin's perm list self.orig_perms = kwargs['instance'].permissions.exclude(id__in=(p.id for p in get_user_permissions(self.request.user))) # Set the form fields based on the model object self.fields['members'].choices = [(u.id, ' '.join([u.first_name, u.last_name])) for u in users] self.fields['members'].widget.attrs['disabled'] = 'disabled'
def clean(self): """ ValidationError raised here will not be associated with a particular field. """ # Allow tech admin to change practice if all users belong to the same group(s) # he does minus his tech-admin. And allow edits on empty practices but no deletes. if is_techadmin(self.request.user): outcasts = [] grps = self.request.user.groups.exclude(name=TECH_ADMIN_GROUP) # now check every user belongs to at least one of the groups tech admin does for _, user in self.fields['members'].choices: if not user.groups.filter(id__in=(g.id for g in grps)): outcasts.append(user) if outcasts: raise ValidationError( _("Cannot modify practice, one or more practice " "members do not belong to your group: %s" % ', '.join(str(o) for o in outcasts))) return super(PracticeLocationForm, self).clean()
def __init__(self, *args, **kwargs): assert (self.request != None) # set by admin get_form() if is_techadmin(self.request.user): # Set available group/permissions based on tech-admins permissions self.base_fields[ 'groups']._queryset = self.request.user.groups.all() self.base_fields[ 'user_permissions']._queryset = get_user_permissions( self.request.user) super(TechAdminUserForm, self).__init__(*args, **kwargs) # after init save user's personal groups not part of tech-admins if any self.personal_grps = self.instance.groups.exclude( id__in=(g.id for g in self.request.user.groups.all())) self.personal_perms = self.instance.user_permissions.exclude( id__in=(p.id for p in get_user_permissions(self.request.user))) for locfield in ['lat', 'longit', 'office_lat', 'office_longit']: if locfield in self.fields: self.fields[locfield].widget.attrs['disabled'] = 'disabled'
def __init__(self, *args, **kwargs): if is_techadmin(self.request.user): # Set available group/permissions based on tech-admins permissions self.base_fields['permissions']._queryset = get_user_permissions( self.request.user) super(TechAdminGroupForm, self).__init__(*args, **kwargs) users = self.orig_perms = [] if 'instance' in kwargs: # helper to show users belonging to this group if any users = kwargs['instance'].user_set.all() # save orig perms not in tech admin's perm list self.orig_perms = kwargs['instance'].permissions.exclude( id__in=(p.id for p in get_user_permissions(self.request.user))) # Set the form fields based on the model object self.fields['members'].choices = [ (u.id, ' '.join([u.first_name, u.last_name])) for u in users ] self.fields['members'].widget.attrs['disabled'] = 'disabled'
def has_delete_permission(self, request, obj=None): """ Temporary, disable delete in view for tech-admin """ # TEMPORARY return False if is_techadmin(request.user) else \ super(TechAdmin, self).has_delete_permission(request, obj)
def can_view_dcadmin(self, user): from MHLogin.Administration.tech_admin.utils import is_techadmin, is_readonly_admin return "ACCEPT" if is_techadmin(user) or is_readonly_admin(user) or \ user.is_superuser else "DENY"
def clean(self): """ ValidationError raised here if tech-admin doing something they ain't supposed to.... """ if is_techadmin(self.request.user): if Group.objects.filter(id=self.instance.id).exists(): raise ValidationError(_("Tech admin not allowed to modify groups.")) return super(TechAdminGroupForm, self).clean()
def clean_permissions(self): if is_techadmin(self.request.user): self.cleaned_data['permissions'] = [p for p in itertools.chain( self.cleaned_data['permissions'], self.orig_perms)] return self.cleaned_data['permissions']
def clean_user_permissions(self): if is_techadmin(self.request.user): # add back personal permissions if user belongs to ones not part of tech-admin self.cleaned_data['user_permissions'] = [p for p in itertools.chain( self.cleaned_data['user_permissions'], self.personal_perms)] return self.cleaned_data['user_permissions']