def add_forening_permission(request): user = User.objects.get(id=request.POST['user']) forening = Forening.objects.get(id=request.POST['forening']) role = request.POST['role'] if role not in ['admin', 'user']: raise PermissionDenied # Verify that the user performing this action has the required permissions all_foreninger = request.user.all_foreninger() if role == 'admin': # Setting admin requires admin if forening not in [a for a in all_foreninger if a.role == 'admin']: raise PermissionDenied elif role == 'user': # Any role can set user if forening not in all_foreninger: raise PermissionDenied if not user.has_perm('sherpa/association/user', association_id=forening.id): user.add_perm( 'sherpa/association/user', association_id=forening.id, created_by=request.user ) if role == 'admin' and not user.has_perm('sherpa/association/admin', association_id=forening.id): user.add_perm( 'sherpa/association/admin', association_id=forening.id, created_by=request.user ) if request.POST.get('send_email', '') != '': if user.get_sherpa_email() == '': messages.warning(request, 'no_email_for_user') else: if send_access_granted_email(user, forening, request.user): messages.info(request, 'access_email_success') else: messages.warning(request, 'access_email_failure') cache.delete('user.%s.all_foreninger' % user.id) cache.delete('user.%s.children_foreninger' % user.id) return redirect( '%s#tilganger' % reverse('admin:users.show', args=[user.id]) )
def add_forening_permission(request): user = User.objects.get(id=request.POST['user']) forening = Forening.objects.get(id=request.POST['forening']) role = request.POST['role'] if role not in [r[0] for r in ForeningRole.ROLE_CHOICES]: raise PermissionDenied # Verify that the user performing this action has the required permissions all_foreninger = request.user.all_foreninger() if role == 'admin': # Setting admin requires admin if forening not in [a for a in all_foreninger if a.role == 'admin']: raise PermissionDenied elif role == 'user': # Any role can set user if forening not in all_foreninger: raise PermissionDenied try: role = ForeningRole.objects.get(user=user, forening=forening) role.role = request.POST['role'] role.save() except ForeningRole.DoesNotExist: role = ForeningRole(user=user, forening=forening, role=request.POST['role']) role.save() if request.POST.get('send_email', '') != '': if user.get_sherpa_email() == '': messages.warning(request, 'no_email_for_user') else: if send_access_granted_email(user, forening, request.user): messages.info(request, 'access_email_success') else: messages.warning(request, 'access_email_failure') cache.delete('user.%s.all_foreninger' % user.id) cache.delete('user.%s.children_foreninger' % user.id) return redirect('%s#tilganger' % reverse('admin:users.show', args=[user.id]))
def users_give_access(request, forening_id): current_forening = Forening.objects.get(id=forening_id) if current_forening not in request.user.all_foreninger(): raise PermissionDenied wanted_role = request.POST['wanted_role'] if wanted_role not in ['user', 'admin']: raise PermissionDenied perm_name = ( 'sherpa/association/admin' if wanted_role == 'admin' else 'sherpa/association/user' ) # Verify that the user has the same access that they're giving cur_user_is_valid = request.user.has_perm( perm_name, association_id=current_forening.id ) if not cur_user_is_valid and not request.user.has_perm('sherpa/admin'): raise PermissionDenied other_user = User.get_users( include_pending=True).get(id=request.POST['user']) if other_user.has_perm('sherpa/admin'): messages.info(request, 'user_is_sherpa_admin') return redirect('admin:foreninger.users', current_forening.id) # Adding the sherpa permission, if missing, is implicit - and informed # about client-side other_user.add_perm( 'sherpa/user', created_by=request.user ) for forening in other_user.all_foreninger(): if forening == current_forening: # The user already has access to this forening if forening.role == 'user' and wanted_role == 'admin': # But it's a user role and we want admin! Update it. other_user.add_perm( 'sherpa/association/admin', association_id=forening.id, created_by=request.user ) messages.info(request, 'permission_created') elif forening.role == 'admin' and wanted_role == 'user': # We want user access, but they have admin. Chcek if it's an # explicit relationship: is_admin_in_specified_association = other_user.has_perm( 'sherpa/association/admin', association_id=forening.id ) if is_admin_in_specified_association: other_user.remove_perm( 'sherpa/association/admin', association_id=forening.id ) else: # No explicit relationship, so the user must have admin # access to a parent messages.info(request, 'user_has_admin_in_parent') else: # In this case, forening.role should equal wanted_role, so just # inform the user that all is in order messages.info(request, 'equal_permission_already_exists') cache.delete('user.%s.all_foreninger' % other_user.id) return redirect('admin:foreninger.users', current_forening.id) # If we reach this code path, this is a new relationship - create it other_user.add_perm( 'sherpa/association/user', association_id=current_forening.id, created_by=request.user ) if wanted_role == 'admin': other_user.add_perm( 'sherpa/association/admin', association_id=current_forening.id, created_by=request.user ) if request.POST.get('send_email', '') != '': if send_access_granted_email(other_user, current_forening, request.user): messages.info(request, 'access_email_success') else: messages.warning(request, 'access_email_failure') messages.info(request, 'permission_created') cache.delete('user.%s.all_foreninger' % other_user.id) return redirect('admin:foreninger.users', current_forening.id)
def users_give_access(request, forening_id): current_forening = Forening.objects.get(id=forening_id) if current_forening not in request.user.all_foreninger(): raise PermissionDenied wanted_role = request.POST['wanted_role'] if wanted_role not in [role[0] for role in ForeningRole.ROLE_CHOICES]: raise PermissionDenied # Verify that the user has the same access that they're giving passed = False for forening in request.user.all_foreninger(): if forening == request.active_forening: if wanted_role == 'admin' and forening.role == 'user': raise PermissionDenied else: passed = True if not passed: raise PermissionDenied other_user = User.get_users(include_pending=True).get(id=request.POST['user']) if other_user.has_perm('sherpa_admin'): messages.info(request, 'user_is_sherpa_admin') return redirect('admin:foreninger.users', current_forening.id) # Adding the sherpa permission, if missing, is implicit - and informed about client-side if not other_user.has_perm('sherpa'): p = Permission.objects.get(name='sherpa') other_user.permissions.add(p) for forening in other_user.all_foreninger(): if forening == request.active_forening: # The user already has access to this forening if forening.role == 'user' and wanted_role == 'admin': # But it's a user role and we want admin! Update it. forening_role = ForeningRole.objects.get(user=other_user, forening=forening) forening_role.role = 'admin' forening_role.save() messages.info(request, 'permission_created') elif forening.role == 'admin' and wanted_role == 'user': # We want user access, but they have admin. Chcek if it's an explicit relationship: try: forening_role = ForeningRole.objects.get(user=other_user, forening=forening) forening_role.role = 'user' forening_role.save() messages.info(request, 'permission_created') except ForeningRole.DoesNotExist: # No explicit relationship, so the user must have admin access to a parent messages.info(request, 'user_has_admin_in_parent') else: # In this case, forening.role should equal wanted_role, so just inform the user that all is in order messages.info(request, 'equal_permission_already_exists') cache.delete('user.%s.all_foreninger' % other_user.id) return redirect('admin:foreninger.users', current_forening.id) # If we reach this code path, this is a new relationship - create it forening_role = ForeningRole( user=other_user, forening=request.active_forening, role=wanted_role, ) forening_role.save() if request.POST.get('send_email', '') != '': if send_access_granted_email(other_user, request.active_forening, request.user): messages.info(request, 'access_email_success') else: messages.warning(request, 'access_email_failure') messages.info(request, 'permission_created') cache.delete('user.%s.all_foreninger' % other_user.id) return redirect('admin:foreninger.users', current_forening.id)