def has_permission(self, request, view):
project_id = view.kwargs.get('project_id')
lead_id = view.kwargs.get('lead_id')
entry_id = view.kwargs.get('entry_id')
analysis_pillar_id = view.kwargs.get('analysis_pillar_id')
if project_id:
return Project.get_for_member(
request.user).filter(id=project_id).exists()
elif lead_id:
return Lead.get_for(request.user).filter(id=lead_id).exists()
elif entry_id:
return Entry.get_for(request.user).filter(id=entry_id).exists()
elif analysis_pillar_id:
return AnalysisPillar.objects.filter(
analysis__project__projectmembership__member=request.user,
id=analysis_pillar_id).exists()
return True
def get(self, request, uuid=None, filename=None):
queryset = File.objects.prefetch_related('lead_set')
file = get_object_or_404(queryset, uuid=uuid)
user = request.user
leads_pk = file.lead_set.values_list('pk', flat=True)
if (file.is_public
or Lead.get_for(user).filter(pk__in=leads_pk).exists()
or Entry.get_for(user).filter(image=file).exists() or Entry.
get_for(user).filter(image_raw=request.build_absolute_uri(
reverse('file', kwargs={'file_id': file.pk}), )).exists()
# TODO: Add Profile
):
if file.file:
return redirect(request.build_absolute_uri(file.file.url))
return response.Response({
'error': 'File doesn\'t exists',
},
status=status.HTTP_404_NOT_FOUND)
return response.Response({
'error': 'Access Forbidden, Contact Admin',
},
status=status.HTTP_403_FORBIDDEN)
def get_filtered_entries(user, queries):
"""
Get queryset of entries based on dynamic filters
"""
entries = Entry.get_for(user)
project = queries.get('project')
if project:
entries = entries.filter(lead__project__id=project)
filters = Filter.get_for(user)
ONE_DAY = 24 * 60 * 60
created_at__lt = queries.get('created_at__lt')
if created_at__lt:
created_at__lt = datetime.fromtimestamp(created_at__lt * ONE_DAY)
entries = entries.filter(created_at__lte=created_at__lt)
created_at__gt = queries.get('created_at__gt')
if created_at__gt:
created_at__gt = datetime.fromtimestamp(created_at__gt * ONE_DAY)
entries = entries.filter(created_at__gte=created_at__gt)
modified_at__lt = queries.get('modified_at__lt')
if modified_at__lt:
modified_at__lt = datetime.fromtimestamp(modified_at__lt * ONE_DAY)
entries = entries.filter(modified_at__lte=modified_at__lt)
modified_at__gt = queries.get('modified_at__gt')
if modified_at__gt:
modified_at__gt = datetime.fromtimestamp(modified_at__gt * ONE_DAY)
entries = entries.filter(modified_at__gte=modified_at__gt)
for filter in filters:
# For each filter, see if there is a query for that filter
# and then perform filtering based on that query.
query = queries.get(filter.key)
query_lt = queries.get(filter.key + '__lt')
query_gt = queries.get(filter.key + '__gt')
if filter.filter_type == Filter.NUMBER:
if query:
entries = entries.filter(
filterdata__filter=filter,
filterdata__number=query,
)
if query_lt:
entries = entries.filter(
filterdata__filter=filter,
filterdata__number__lte=query_lt,
)
if query_gt:
entries = entries.filter(
filterdata__filter=filter,
filterdata__number__gte=query_gt,
)
if filter.filter_type == Filter.LIST and query:
if not isinstance(query, list):
query = query.split(',')
if len(query) > 0:
entries = entries.filter(
filterdata__filter=filter,
filterdata__values__overlap=query,
)
return entries.order_by('-lead__created_by', 'lead')
