def is_visible_in(cls, category):
"""
Create a filter that checks whether the event is visible in
the specified category.
"""
cte = category.visible_categories_cte
return (db.exists(db.select([1]))
.where(db.and_(cte.c.id == Event.category_id,
db.or_(Event.visibility.is_(None), Event.visibility > cte.c.level))))
def is_visible_in(cls, category):
"""
Create a filter that checks whether the event is visible in
the specified category.
"""
cte = category.visible_categories_cte
return (db.exists(db.select([1])).where(
db.and_(
cte.c.id == Event.category_id,
db.or_(Event.visibility.is_(None),
Event.visibility > cte.c.level))))
def get_permissions_for_user(cls, user, allow_admin=True):
"""Get the permissions for all rooms for a user.
In case of multipass-based groups it will try to get a list of
all groups the user is in, and if that's not possible check the
permissions one by one for each room (which may result in many
group membership lookups).
It is recommended to not call this in any place where performance
matters and to memoize the result.
"""
# XXX: When changing the logic in here, make sure to update can_* as well!
all_rooms_query = (Room.query.filter(~Room.is_deleted).options(
load_only('id', 'protection_mode',
'reservations_need_confirmation', 'is_reservable',
'owner_id'),
joinedload('owner').load_only('id'), joinedload('acl_entries')))
is_admin = allow_admin and cls.is_user_admin(user)
if (is_admin and allow_admin) or not user.can_get_all_multipass_groups:
# check one by one if we can't get a list of all groups the user is in
return {
r.id: {
'book': r.can_book(user, allow_admin=allow_admin),
'prebook': r.can_prebook(user, allow_admin=allow_admin),
'override': r.can_override(user, allow_admin=allow_admin),
'moderate': r.can_moderate(user, allow_admin=allow_admin),
'manage': r.can_manage(user, allow_admin=allow_admin),
}
for r in all_rooms_query
}
criteria = [
db.and_(RoomPrincipal.type == PrincipalType.user,
RoomPrincipal.user_id == user.id)
]
for group in user.local_groups:
criteria.append(
db.and_(RoomPrincipal.type == PrincipalType.local_group,
RoomPrincipal.local_group_id == group.id))
for group in user.iter_all_multipass_groups():
criteria.append(
db.and_(
RoomPrincipal.type == PrincipalType.multipass_group,
RoomPrincipal.multipass_group_provider ==
group.provider.name,
db.func.lower(RoomPrincipal.multipass_group_name) ==
group.name.lower()))
data = {}
permissions = {'book', 'prebook', 'override', 'moderate', 'manage'}
prebooking_required_rooms = set()
non_reservable_rooms = set()
for room in all_rooms_query:
is_owner = user == room.owner
data[room.id] = {x: False for x in permissions}
if room.reservations_need_confirmation:
prebooking_required_rooms.add(room.id)
if not room.is_reservable:
non_reservable_rooms.add(room.id)
if (room.is_reservable and
(room.is_public or is_owner)) or (is_admin and allow_admin):
if not room.reservations_need_confirmation or is_owner or (
is_admin and allow_admin):
data[room.id]['book'] = True
if room.reservations_need_confirmation:
data[room.id]['prebook'] = True
if is_owner or (is_admin and allow_admin):
data[room.id]['override'] = True
data[room.id]['moderate'] = True
data[room.id]['manage'] = True
query = (RoomPrincipal.query.join(Room).filter(
~Room.is_deleted, db.or_(*criteria)).options(
load_only('room_id', 'full_access', 'permissions')))
for principal in query:
is_reservable = principal.room_id not in non_reservable_rooms
for permission in permissions:
if not is_reservable and not (is_admin and allow_admin
) and permission in ('book',
'prebook'):
continue
explicit = permission == 'prebook' and principal.room_id not in prebooking_required_rooms
check_permission = None if permission == 'manage' else permission
if principal.has_management_permission(check_permission,
explicit=explicit):
data[principal.room_id][permission] = True
return data
def get_permissions_for_user(cls, user, allow_admin=True):
"""Get the permissions for all rooms for a user.
In case of multipass-based groups it will try to get a list of
all groups the user is in, and if that's not possible check the
permissions one by one for each room (which may result in many
group membership lookups).
It is recommended to not call this in any place where performance
matters and to memoize the result.
"""
# XXX: When changing the logic in here, make sure to update can_* as well!
all_rooms_query = (Room.query
.filter(~Room.is_deleted)
.options(load_only('id', 'protection_mode', 'reservations_need_confirmation',
'is_reservable', 'owner_id'),
joinedload('owner').load_only('id'),
joinedload('acl_entries')))
is_admin = allow_admin and cls.is_user_admin(user)
if (is_admin and allow_admin) or not user.can_get_all_multipass_groups:
# check one by one if we can't get a list of all groups the user is in
return {r.id: {
'book': r.can_book(user, allow_admin=allow_admin),
'prebook': r.can_prebook(user, allow_admin=allow_admin),
'override': r.can_override(user, allow_admin=allow_admin),
'moderate': r.can_moderate(user, allow_admin=allow_admin),
'manage': r.can_manage(user, allow_admin=allow_admin),
} for r in all_rooms_query}
criteria = [db.and_(RoomPrincipal.type == PrincipalType.user, RoomPrincipal.user_id == user.id)]
for group in user.local_groups:
criteria.append(db.and_(RoomPrincipal.type == PrincipalType.local_group,
RoomPrincipal.local_group_id == group.id))
for group in user.iter_all_multipass_groups():
criteria.append(db.and_(RoomPrincipal.type == PrincipalType.multipass_group,
RoomPrincipal.multipass_group_provider == group.provider.name,
db.func.lower(RoomPrincipal.multipass_group_name) == group.name.lower()))
data = {}
permissions = {'book', 'prebook', 'override', 'moderate', 'manage'}
prebooking_required_rooms = set()
non_reservable_rooms = set()
for room in all_rooms_query:
is_owner = user == room.owner
data[room.id] = {x: False for x in permissions}
if room.reservations_need_confirmation:
prebooking_required_rooms.add(room.id)
if not room.is_reservable:
non_reservable_rooms.add(room.id)
if (room.is_reservable and (room.is_public or is_owner)) or (is_admin and allow_admin):
if not room.reservations_need_confirmation or is_owner or (is_admin and allow_admin):
data[room.id]['book'] = True
if room.reservations_need_confirmation:
data[room.id]['prebook'] = True
if is_owner or (is_admin and allow_admin):
data[room.id]['override'] = True
data[room.id]['moderate'] = True
data[room.id]['manage'] = True
query = (RoomPrincipal.query
.join(Room)
.filter(~Room.is_deleted, db.or_(*criteria))
.options(load_only('room_id', 'full_access', 'permissions')))
for principal in query:
is_reservable = principal.room_id not in non_reservable_rooms
for permission in permissions:
if not is_reservable and not (is_admin and allow_admin) and permission in ('book', 'prebook'):
continue
explicit = permission == 'prebook' and principal.room_id not in prebooking_required_rooms
check_permission = None if permission == 'manage' else permission
if principal.has_management_permission(check_permission, explicit=explicit):
data[principal.room_id][permission] = True
return data