class DocumentManager(models.Manager): @staticmethod def open_search( query, case=None, confidential_status=None, organisation=None, user_type=None, **kwargs, # noqa ): case = get_case(case) organisation = get_organisation(organisation) if isinstance(query, dict): _query = query else: _query = { "bool": { "must": [ { "multi_match": { "query": query, "fields": ["name^2", "content"], "type": "phrase_prefix", } } ] } } if case: _query["bool"].setdefault("filter", []) _query["bool"]["filter"].append({"match": {"case_id": case.id}}) if confidential_status is not None: _query["bool"].setdefault("filter", []) _query["bool"]["filter"].append({"term": {"confidential": confidential_status}}) if organisation: _query["bool"].setdefault("filter", []) _query["bool"]["filter"].append( {"match": {"organisation": {"id": str(organisation.id)}}} ) if user_type in ("TRA", "PUB"): _query["bool"].setdefault("filter", []) _query["bool"]["filter"].append({"match": {"user_type": user_type}}) try: client = get_open_search() except OSWrapperError as e: logger.error(e) return None else: search_results = client.search( index=settings.OPENSEARCH_INDEX["document"], doc_type="document", body={"query": _query, "highlight": {"fields": {"content": {}}}}, ) return search_results
def validate_user_organisation(user, organisation): """ Validate a user can access this organisation. This is true if the user is either a member of the organisation, or is a case worker. TODO: At the moment TRA side is fairly open. Consider this. """ if user.is_tra(): return True organisation = get_organisation(organisation) org_user = OrganisationUser.objects.filter(organisation=organisation, user=user).exists() return org_user
def _validate_invitation(self, organisation, email, user_id=None): """ Validate an invitation exists for this email address. If a user_id is provided it is used to more precisely find the invited user """ organisation = get_organisation(organisation) invitation = self.filter(email=email.strip(), organisation=organisation) if user_id: invitation = invitation.filter(user_id=user_id) if invitation: return invitation.first() else: return False
def initial(self, request, *args, **kwargs): """Initial override. Override initial to collect some standard request parameters into the API View Object. :param (HttpRequest) request: Request object. """ super().initial(request, *args, **kwargs) organisation_id = kwargs.get("organisation_id") self.case_id = kwargs.get("case_id") self.user = request.user self.organisation = get_organisation(organisation_id) if self.organisation: self.organisation.set_user_context(request.user) if self.allowed_groups: self.raise_on_invalid_access() self._start = int(request.query_params.get("start", 0)) self._limit = int( request.query_params.get("limit", settings.DEFAULT_QUERYSET_PAGE_SIZE)) self._search = request.query_params.get("q") self._order_by = request.query_params.get("order_by") self._order_dir = request.query_params.get("order_dir", "asc")
def post(self, request, organisation_id=None, *args, **kwargs): return ResponseSuccess({ "result": request.user.is_representing(get_organisation(organisation_id)) })
return True organisation = get_organisation(organisation) org_user = OrganisationUser.objects.filter(organisation=organisation, user=user).exists() return org_user def validate_user_case(user, case, organisation): """ Validate the user has access to this case and organisation Fairly simplistic at the moment """ if user.is_tra(): return True case = get_case(case) organisation = get_organisation(organisation) return user.has_case_access(case, organisation) # Setup/Bootsrapping utility funcitons def create_groups(): for group_data in GROUPS: group, created = Group.objects.get_or_create(name=group_data[0]) logger.info("\t{0} created? {1}".format(group_data[0], created)) def assign_group_permissions(): all_permissions = [] for group_name in GROUP_PERMISSIONS: logger.info("Assigning {0} permissions to {1}".format( len(GROUP_PERMISSIONS[group_name]), group_name))