2016-02-11 22:58:32 +01:00
|
|
|
from ..utils.access_permissions import BaseAccessPermissions
|
2017-01-15 13:33:54 +01:00
|
|
|
from ..utils.auth import DjangoAnonymousUser, anonymous_is_enabled, has_perm
|
2016-02-11 22:58:32 +01:00
|
|
|
|
|
|
|
|
|
|
|
class UserAccessPermissions(BaseAccessPermissions):
|
|
|
|
"""
|
|
|
|
Access permissions container for User and UserViewSet.
|
|
|
|
"""
|
2016-09-17 22:26:23 +02:00
|
|
|
def check_permissions(self, user):
|
2016-02-11 22:58:32 +01:00
|
|
|
"""
|
|
|
|
Returns True if the user has read access model instances.
|
|
|
|
"""
|
2016-12-17 09:30:20 +01:00
|
|
|
return has_perm(user, 'users.can_see_name')
|
2016-02-11 22:58:32 +01:00
|
|
|
|
2016-03-02 00:46:19 +01:00
|
|
|
def get_serializer_class(self, user=None):
|
2016-02-11 22:58:32 +01:00
|
|
|
"""
|
|
|
|
Returns different serializer classes with respect user's permissions.
|
|
|
|
"""
|
2016-09-18 16:00:31 +02:00
|
|
|
from .serializers import UserFullSerializer
|
2016-02-11 22:58:32 +01:00
|
|
|
|
2016-09-18 16:00:31 +02:00
|
|
|
return UserFullSerializer
|
2016-03-02 00:46:19 +01:00
|
|
|
|
|
|
|
def get_restricted_data(self, full_data, user):
|
|
|
|
"""
|
|
|
|
Returns the restricted serialized data for the instance prepared
|
|
|
|
for the user. Removes several fields for non admins so that they do
|
2016-08-31 16:53:02 +02:00
|
|
|
not get the fields they should not get.
|
2016-03-02 00:46:19 +01:00
|
|
|
"""
|
2016-08-31 16:53:02 +02:00
|
|
|
from .serializers import USERCANSEESERIALIZER_FIELDS, USERCANSEEEXTRASERIALIZER_FIELDS
|
2016-03-02 00:46:19 +01:00
|
|
|
|
2016-09-17 22:26:23 +02:00
|
|
|
NO_DATA = 0
|
|
|
|
LITTLE_DATA = 1
|
|
|
|
MANY_DATA = 2
|
|
|
|
FULL_DATA = 3
|
|
|
|
|
|
|
|
# Check user permissions.
|
2016-12-17 09:30:20 +01:00
|
|
|
if has_perm(user, 'users.can_see_name'):
|
|
|
|
if has_perm(user, 'users.can_see_extra_data'):
|
|
|
|
if has_perm(user, 'users.can_manage'):
|
2016-09-17 22:26:23 +02:00
|
|
|
case = FULL_DATA
|
|
|
|
else:
|
|
|
|
case = MANY_DATA
|
|
|
|
else:
|
|
|
|
case = LITTLE_DATA
|
2017-01-14 09:14:42 +01:00
|
|
|
elif user.pk == full_data.get('id'):
|
|
|
|
case = LITTLE_DATA
|
2016-09-17 22:26:23 +02:00
|
|
|
else:
|
|
|
|
case = NO_DATA
|
|
|
|
|
|
|
|
# Setup data.
|
|
|
|
if case == FULL_DATA:
|
2016-03-02 00:46:19 +01:00
|
|
|
data = full_data
|
2016-09-17 22:26:23 +02:00
|
|
|
elif case == NO_DATA:
|
|
|
|
data = None
|
2016-03-02 00:46:19 +01:00
|
|
|
else:
|
2016-09-17 22:26:23 +02:00
|
|
|
# case in (LITTLE_DATA, ḾANY_DATA)
|
|
|
|
if case == MANY_DATA:
|
2016-08-31 16:53:02 +02:00
|
|
|
fields = USERCANSEEEXTRASERIALIZER_FIELDS
|
|
|
|
else:
|
2016-09-17 22:26:23 +02:00
|
|
|
# case == LITTLE_DATA
|
2016-08-31 16:53:02 +02:00
|
|
|
fields = USERCANSEESERIALIZER_FIELDS
|
|
|
|
# Let only some fields pass this method.
|
2016-03-02 00:46:19 +01:00
|
|
|
data = {}
|
2016-11-08 23:13:15 +01:00
|
|
|
for base_key in fields:
|
|
|
|
for key in (base_key, base_key + '_id'):
|
|
|
|
if key in full_data.keys():
|
|
|
|
data[key] = full_data[key]
|
2016-03-02 00:46:19 +01:00
|
|
|
return data
|
2016-09-17 22:26:23 +02:00
|
|
|
|
|
|
|
def get_projector_data(self, full_data):
|
|
|
|
"""
|
|
|
|
Returns the restricted serialized data for the instance prepared
|
|
|
|
for the projector. Removes several fields.
|
|
|
|
"""
|
|
|
|
from .serializers import USERCANSEESERIALIZER_FIELDS
|
|
|
|
|
|
|
|
# Let only some fields pass this method.
|
|
|
|
data = {}
|
|
|
|
for key in full_data.keys():
|
|
|
|
if key in USERCANSEESERIALIZER_FIELDS:
|
|
|
|
data[key] = full_data[key]
|
|
|
|
return data
|
2016-12-17 09:30:20 +01:00
|
|
|
|
|
|
|
|
|
|
|
class GroupAccessPermissions(BaseAccessPermissions):
|
|
|
|
"""
|
|
|
|
Access permissions container for Groups. Everyone can see them
|
|
|
|
"""
|
|
|
|
def check_permissions(self, user):
|
|
|
|
"""
|
|
|
|
Returns True if the user has read access model instances.
|
|
|
|
"""
|
|
|
|
# Every authenticated user can retrieve groups. Anonymous users can do
|
|
|
|
# so if they are enabled.
|
|
|
|
# Our AnonymousUser is a subclass of the DjangoAnonymousUser. Normaly, a
|
|
|
|
# DjangoAnonymousUser means, that AnonymousUser is disabled. But this is
|
|
|
|
# no garanty. send_data uses the AnonymousUser in any case.
|
2017-01-15 13:33:54 +01:00
|
|
|
return not isinstance(user, DjangoAnonymousUser) or anonymous_is_enabled()
|
2016-12-17 09:30:20 +01:00
|
|
|
|
|
|
|
def get_serializer_class(self, user=None):
|
|
|
|
"""
|
|
|
|
Returns serializer class.
|
|
|
|
"""
|
|
|
|
from .serializers import GroupSerializer
|
|
|
|
|
|
|
|
return GroupSerializer
|