def test_has_perm(self):
userObject = User.objects.create_user('testuser', '*****@*****.**', 'test')
basic, _ = Group.objects.get_or_create(name='account_basic')
userObject.groups.add(basic)
userObject.save()
self.assertFalse(has_perm(userObject, Group.objects, 'projects.can_view'))
userObjectTwo = User.objects.create_user('testuser2', '*****@*****.**', 'test')
premium, _ = Group.objects.get_or_create(name='account_premium')
userObjectTwo.groups.add(premium)
userObjectTwo.save()
project_ct = ContentType.objects.get(app_label='projects', model='Project')
can_view = Permission(name='Test Permssion', codename='test_perm', content_type=project_ct)
can_view.save()
premium.permissions.add(can_view)
self.assertTrue(has_perm(userObjectTwo, Group.objects, 'projects.test_perm'))
def show_comments(request):
try:
if request.is_ajax():
id = int(request.GET.get('id', 0))
if not id:
raise Exception('task not found')
task = Task.objects.get(id=id)
if not has_perm(request.user, task.project.perms, 'projects.can_view'):
raise Exception('invalid permissions')
comments = Comments.objects.all().order_by('-date').filter(task=task)
return JSONResponse(comments.values('id','staff_member__first_name', 'staff_member__last_name', 'comment', 'date', 'time'))
else:
raise Exception('not an ajax request')
except:
return HttpResponse(status=400)
def add_comment(request):
try:
if request.is_ajax():
id = int(request.POST.get('id', 0))
if not id:
raise Exception('task not found')
task = Task.objects.get(id=id)
if not has_perm(request.user, task.project.perms, 'tasks.add_comments'):
raise Exception('invalid permissions')
response_dict = {}
response_dict.update({'errors': {}})
if len(request.POST.get('comment', '')) < 3:
response_dict['errors'].update({'comment': 'Please enter in your comment'})
time = 0
if request.POST.get('time', False):
try:
time = float(request.POST.get('time', False))
except ValueError:
response_dict['errors'].update({'time': 'Please enter in a valid time eg: 4.75 = 4 hours and 45 minutes.'})
if (len(response_dict['errors'].keys()) == 0):
status_id = int(request.POST.get('status_id', 0))
if status_id != task.status.id and status_id > 0:
task.status = Status.objects.get(id=request.POST.get('status_id', 0))
task.save()
Comments.objects.create(task=task, staff_member=request.user, date=datetime.now(), comment=request.POST.get('comment', False), time=time)
response_dict['success'] = True
return JSONResponse(response_dict)
else:
raise Exception('not an ajax request')
except:
return HttpResponse(status=400)