def can_view_deid(self): try: ensure_request_has_privilege(self.request, privileges.DEIDENTIFIED_DATA) except PermissionDenied: return False return True
def can_bulk_edit_users(self): try: ensure_request_has_privilege(self.request, privileges.BULK_USER_MANAGEMENT) except PermissionDenied: return False return True
def permissions_check(self, report, request, domain=None, is_navigation_check=False): if is_navigation_check: try: ensure_request_has_privilege(request, privileges.CUSTOM_REPORTS) except PermissionDenied: return False return super(CustomProjectReportDispatcher, self).permissions_check(report, request, domain)
def _can_access_reminders(request): try: ensure_request_has_privilege(request, privileges.REMINDERS_FRAMEWORK) return True except PermissionDenied: return False
def can_edit_roles(self): try: ensure_request_has_privilege(self.request, privileges.ROLE_BASED_ACCESS) except PermissionDenied: return False return self.couch_user.is_domain_admin
def can_bulk_edit_users(self): if not user_can_edit_any_location(self.request.couch_user, self.request.project): return False try: ensure_request_has_privilege(self.request, privileges.BULK_USER_MANAGEMENT) except PermissionDenied: return False return True
def is_viewable(self): try: ensure_request_has_privilege(self._request, privileges.CLOUDCARE) except PermissionDenied: return False return (self.domain and (self.couch_user.can_edit_data() or self.couch_user.is_commcare_user()) and not self.project.commconnect_enabled)
def permissions_check(self, report, request, domain=None, is_navigation_check=False): if is_navigation_check: from corehq.apps.importer.base import ImportCases if report.split('.')[-1] in [ImportCases.__name__]: try: ensure_request_has_privilege(request, privileges.BULK_CASE_MANAGEMENT) except PermissionDenied: return False return request.couch_user.can_edit_data(domain)
def has_privilege(self, request): if not self.privilege: return True try: ensure_request_has_privilege(request, self.privilege) return True except PermissionDenied: return False
def permissions_check(self, report, request, domain=None, is_navigation_check=False): if is_navigation_check: from corehq.apps.reports.standard.export import DeidExportReport if report.split('.')[-1] in [DeidExportReport.__name__]: try: ensure_request_has_privilege(request, privileges.DEIDENTIFIED_DATA) except PermissionDenied: return False return super(DataInterfaceDispatcher, self).permissions_check(report, request, domain)
def load_domain(req, domain): domain_name = normalize_domain_name(domain) domain = Domain.get_by_name(domain_name) req.project = domain req.can_see_organization = True try: ensure_request_has_privilege(req, privileges.CROSS_PROJECT_REPORTS) except PermissionDenied: req.can_see_organization = False return domain_name, domain
def permissions_check(self, report, request, domain=None, is_navigation_check=False): if is_navigation_check: from corehq.apps.importer.base import ImportCases if report.split('.')[-1] in [ImportCases.__name__]: try: ensure_request_has_privilege( request, privileges.BULK_CASE_MANAGEMENT) except PermissionDenied: return False return request.couch_user.can_edit_data(domain)
def can_add_extra_mobile_workers(request): from corehq.apps.users.models import CommCareUser from corehq.apps.accounting.models import BillingAccount num_web_users = CommCareUser.total_by_domain(request.domain) user_limit = request.plan.user_limit if user_limit == -1 or num_web_users < user_limit: return True try: ensure_request_has_privilege(request, privileges.ALLOW_EXCESS_USERS) except PermissionDenied: account = BillingAccount.get_account_by_domain(request.domain) if account is None or account.date_confirmed_extra_charges is None: return False return True
def get_per_domain_context(project, request=None): if project and project.commtrack_enabled: domain_type = 'commtrack' logo_url = static('hqstyle/img/commtrack-logo.png') site_name = "CommTrack" public_site = "http://www.commtrack.org" can_be_your = "mobile logistics solution" elif project and project.commconnect_enabled: domain_type = 'commconnect' logo_url = static('hqstyle/img/commconnect-logo.png') site_name = "CommConnect" public_site = "http://www.commcarehq.org" can_be_your = "mobile health solution" else: domain_type = 'commcare' logo_url = static('hqstyle/img/commcare-logo.png') site_name = "CommCare HQ" public_site = "http://www.commcarehq.org" can_be_your = "mobile health solution" try: if 'commtrack.org' in request.get_host(): logo_url = static('hqstyle/img/commtrack-logo.png') except Exception: # get_host might fail for bad requests, e.g. scheduled reports pass if project and project.has_custom_logo: try: ensure_request_has_privilege(request, privileges.CUSTOM_BRANDING) logo_url = reverse('logo', args=[project.name]) except PermissionDenied: pass return { 'DOMAIN_TYPE': domain_type, 'LOGO_URL': logo_url, 'SITE_NAME': site_name, 'CAN_BE_YOUR': can_be_your, 'PUBLIC_SITE': public_site, }
def sidebar_items(self): items = [] user_is_admin = self.couch_user.is_domain_admin(self.domain) project_info = [] if user_is_admin: from corehq.apps.domain.views import EditBasicProjectInfoView, EditDeploymentProjectInfoView project_info.extend([ { 'title': _(EditBasicProjectInfoView.page_title), 'url': reverse(EditBasicProjectInfoView.urlname, args=[self.domain]) }, { 'title': _(EditDeploymentProjectInfoView.page_title), 'url': reverse(EditDeploymentProjectInfoView.urlname, args=[self.domain]) } ]) from corehq.apps.domain.views import EditMyProjectSettingsView project_info.append({ 'title': _(EditMyProjectSettingsView.page_title), 'url': reverse(EditMyProjectSettingsView.urlname, args=[self.domain]) }) can_view_orgs = (user_is_admin and self.project and self.project.organization) if can_view_orgs: try: ensure_request_has_privilege(self._request, privileges.CROSS_PROJECT_REPORTS) except PermissionDenied: can_view_orgs = False if can_view_orgs: from corehq.apps.domain.views import OrgSettingsView project_info.append({ 'title': _(OrgSettingsView.page_title), 'url': reverse(OrgSettingsView.urlname, args=[self.domain]) }) items.append((_('Project Information'), project_info)) if user_is_admin: from corehq.apps.domain.views import CommTrackSettingsView if self.project.commtrack_enabled: commtrack_settings = [ { 'title': _(CommTrackSettingsView.page_title), 'url': reverse(CommTrackSettingsView.urlname, args=[self.domain]) }, ] items.append((_('CommTrack'), commtrack_settings)) administration = [ { 'title': _('CommCare Exchange'), 'url': reverse('domain_snapshot_settings', args=[self.domain]) }, { 'title': _('Multimedia Sharing'), 'url': reverse('domain_manage_multimedia', args=[self.domain]) } ] def forward_name(repeater_type=None, **context): if repeater_type == 'FormRepeater': return _("Forward Forms") elif repeater_type == 'ShortFormRepeater': return _("Forward Form Stubs") elif repeater_type == 'CaseRepeater': return _("Forward Cases") administration.extend([ {'title': _('Data Forwarding'), 'url': reverse('domain_forwarding', args=[self.domain]), 'subpages': [ {'title': forward_name, 'urlname': 'add_repeater'} ]} ]) administration.append({ 'title': _('Feature Previews'), 'url': reverse('feature_previews', args=[self.domain]) }) items.append((_('Project Administration'), administration)) from corehq.apps.users.models import WebUser if isinstance(self.couch_user, WebUser): user_is_billing_admin, billing_account = BillingAccountAdmin.get_admin_status_and_account( self.couch_user, self.domain) if user_is_billing_admin or self.couch_user.is_superuser: from corehq.apps.domain.views import ( DomainSubscriptionView, EditExistingBillingAccountView, DomainBillingStatementsView, ConfirmSubscriptionRenewalView, ) subscription = [ { 'title': DomainSubscriptionView.page_title, 'url': reverse(DomainSubscriptionView.urlname, args=[self.domain]), 'subpages': [ { 'title': ConfirmSubscriptionRenewalView.page_title, 'urlname': ConfirmSubscriptionRenewalView.urlname, 'url': reverse(ConfirmSubscriptionRenewalView.urlname, args=[self.domain]), } ] }, ] if billing_account is not None: subscription.append( { 'title': EditExistingBillingAccountView.page_title, 'url': reverse(EditExistingBillingAccountView.urlname, args=[self.domain]), }, ) if (billing_account is not None and Invoice.exists_for_domain(self.domain) ): subscription.append( { 'title': DomainBillingStatementsView.page_title, 'url': reverse(DomainBillingStatementsView.urlname, args=[self.domain]), } ) items.append((_('Subscription'), subscription)) if self.couch_user.is_superuser: from corehq.apps.domain.views import EditInternalDomainInfoView, EditInternalCalculationsView internal_admin = [{ 'title': _(EditInternalDomainInfoView.page_title), 'url': reverse(EditInternalDomainInfoView.urlname, args=[self.domain]) }, { 'title': _(EditInternalCalculationsView.page_title), 'url': reverse(EditInternalCalculationsView.urlname, args=[self.domain]) }] items.append((_('Internal Data (Dimagi Only)'), internal_admin)) return items
def can_view_cloudcare(self): try: ensure_request_has_privilege(self._request, privileges.CLOUDCARE) except PermissionDenied: return False return self.couch_user.is_domain_admin()
def can_access_reminders(self): try: ensure_request_has_privilege(self._request, privileges.REMINDERS_FRAMEWORK) return True except PermissionDenied: return False
def can_access_sms(self): try: ensure_request_has_privilege(self._request, privileges.OUTBOUND_SMS) except PermissionDenied: return False return True
def allow_deid(self): try: ensure_request_has_privilege(self.request, privileges.DEIDENTIFIED_DATA) return True except PermissionDenied: return False
def _can_access_sms(request): try: ensure_request_has_privilege(request, privileges.OUTBOUND_SMS) except PermissionDenied: return False return True
def wrapped(request, *args, **kwargs): ensure_request_has_privilege(request, slug, **assignment) return fn(request, *args, **kwargs)
def can_use_survey_reminders(request): try: ensure_request_has_privilege(request, privileges.INBOUND_SMS) except PermissionDenied: return False return True