OpenSlides/openslides/motions/access_permissions.py

from copy import deepcopy
from typing import Any, Dict, List, Optional

from ..utils.access_permissions import BaseAccessPermissions
from ..utils.auth import has_perm, in_some_groups
from ..utils.collection import CollectionElement


class MotionAccessPermissions(BaseAccessPermissions):
    """
    Access permissions container for Motion and MotionViewSet.
    """
    def check_permissions(self, user):
        """
        Returns True if the user has read access model instances.
        """
        return has_perm(user, 'motions.can_see')

    def get_serializer_class(self, user=None):
        """
        Returns serializer class.
        """
        from .serializers import MotionSerializer

        return MotionSerializer

    def get_restricted_data(
            self,
            full_data: List[Dict[str, Any]],
            user: Optional[CollectionElement]) -> List[Dict[str, Any]]:
        """
        Returns the restricted serialized data for the instance prepared for
        the user. Removes motion if the user has not the permission to see
        the motion in this state. Removes comments sections for
        some unauthorized users. Ensures that a user can only see his own
        personal notes.
        """
        # Parse data.
        if has_perm(user, 'motions.can_see'):
            # TODO: Refactor this after personal_notes system is refactored.
            data = []
            for full in full_data:
                # Check if user is submitter of this motion.
                if isinstance(user, CollectionElement):
                    is_submitter = user.get_full_data()['id'] in [
                        submitter['user_id'] for submitter in full.get('submitters', [])]
                else:
                    # Anonymous users can not be submitters.
                    is_submitter = False

                # Check see permission for this motion.
                required_permission_to_see = full['state_required_permission_to_see']
                permission = (
                    not required_permission_to_see or
                    has_perm(user, required_permission_to_see) or
                    has_perm(user, 'motions.can_manage') or
                    is_submitter)

                # Parse single motion.
                if permission:
                    full_copy = deepcopy(full)
                    full_copy['comments'] = []
                    for comment in full['comments']:
                        if in_some_groups(user, comment['read_groups_id']):
                            full_copy['comments'].append(comment)
                    data.append(full_copy)
        else:
            data = []

        return data

    def get_projector_data(self, full_data: List[Dict[str, Any]]) -> List[Dict[str, Any]]:
        """
        Returns the restricted serialized data for the instance prepared
        for the projector. Removes all comments.
        """
        data = []
        for full in full_data:
            full_copy = deepcopy(full)
            full_copy['comments'] = []
            data.append(full_copy)
        return data


class MotionChangeRecommendationAccessPermissions(BaseAccessPermissions):
    """
    Access permissions container for MotionChangeRecommendation and MotionChangeRecommendationViewSet.
    """
    def check_permissions(self, user):
        """
        Returns True if the user has read access model instances.
        """
        return has_perm(user, 'motions.can_see')

    def get_serializer_class(self, user=None):
        """
        Returns serializer class.
        """
        from .serializers import MotionChangeRecommendationSerializer

        return MotionChangeRecommendationSerializer


class MotionCommentSectionAccessPermissions(BaseAccessPermissions):
    """
    Access permissions container for MotionCommentSection and MotionCommentSectionViewSet.
    """
    def check_permissions(self, user):
        """
        Returns True if the user has read access model instances.
        """
        return has_perm(user, 'motions.can_see')

    def get_serializer_class(self, user=None):
        """
        Returns serializer class.
        """
        from .serializers import MotionCommentSectionSerializer

        return MotionCommentSectionSerializer

    def get_restricted_data(
            self,
            full_data: List[Dict[str, Any]],
            user: Optional[CollectionElement]) -> List[Dict[str, Any]]:
        """
        If the user has manage rights, he can see all sections. If not all sections
        will be removed, when the user is not in at least one of the read_groups.
        """
        data: List[Dict[str, Any]] = []
        if has_perm(user, 'motions.can_manage'):
            data = full_data
        else:
            for full in full_data:
                read_groups = full.get('read_groups_id', [])
                if in_some_groups(user, read_groups):
                    data.append(full)
        return data


class CategoryAccessPermissions(BaseAccessPermissions):
    """
    Access permissions container for Category and CategoryViewSet.
    """
    def check_permissions(self, user):
        """
        Returns True if the user has read access model instances.
        """
        return has_perm(user, 'motions.can_see')

    def get_serializer_class(self, user=None):
        """
        Returns serializer class.
        """
        from .serializers import CategorySerializer

        return CategorySerializer


class MotionBlockAccessPermissions(BaseAccessPermissions):
    """
    Access permissions container for Category and CategoryViewSet.
    """
    def check_permissions(self, user):
        """
        Returns True if the user has read access model instances.
        """
        return has_perm(user, 'motions.can_see')

    def get_serializer_class(self, user=None):
        """
        Returns serializer class.
        """
        from .serializers import MotionBlockSerializer

        return MotionBlockSerializer


class WorkflowAccessPermissions(BaseAccessPermissions):
    """
    Access permissions container for Workflow and WorkflowViewSet.
    """
    def check_permissions(self, user):
        """
        Returns True if the user has read access model instances.
        """
        return has_perm(user, 'motions.can_see')

    def get_serializer_class(self, user=None):
        """
        Returns serializer class.
        """
        from .serializers import WorkflowSerializer

        return WorkflowSerializer
Fix updating of motion comments for inmemory cache. get_restricted_data() has to use deepcopy(full_data) instead of full_data.copy(). 2016-11-02 00:09:59 +01:00			`from copy import deepcopy`
CollectionElement and Autoupdate cleanups * change get_restricted_data and get_projector_data to always use a list * Add typings to all get_restricted_data and get_projector_data methods * Replace CollectionElementList with a real list * Fixed arguments of inform_deleted_data * Moved CollectionElementCache to cache.py and refactored it * Run tests with cache enabled (using fakeredis) 2017-09-04 00:25:45 +02:00			`from typing import Any, Dict, List, Optional`
Fix updating of motion comments for inmemory cache. get_restricted_data() has to use deepcopy(full_data) instead of full_data.copy(). 2016-11-02 00:09:59 +01:00
drop python 3.5 2018-08-22 22:00:08 +02:00			`from ..utils.access_permissions import BaseAccessPermissions`
Motion rework - remove motion version - migrations for versions and change recommendations - Redone motion comments. Wording changed from comment fields to comment sections - fixed test order, tests are not atomic - introduce get_group_model. Just use OpenSlides Groups and not the django's ones. 2018-08-31 15:33:41 +02:00			`from ..utils.auth import has_perm, in_some_groups`
CollectionElement and Autoupdate cleanups * change get_restricted_data and get_projector_data to always use a list * Add typings to all get_restricted_data and get_projector_data methods * Replace CollectionElementList with a real list * Fixed arguments of inform_deleted_data * Moved CollectionElementCache to cache.py and refactored it * Run tests with cache enabled (using fakeredis) 2017-09-04 00:25:45 +02:00			`from ..utils.collection import CollectionElement`
Massive refactoring for autoupdate optimization. 2016-02-11 22:58:32 +01:00

			`class MotionAccessPermissions(BaseAccessPermissions):`
			`"""`
			`Access permissions container for Motion and MotionViewSet.`
			`"""`
Change system for autoupdate on the projector (#2394) * Second websocket channel for the projector * Removed use of projector requirements for REST API requests. Refactored data serializing for projector websocket connection. * Refactor the way that the projector autoupdate get its data. * Fixed missing assignment slide title for hidden items. * Release all items for item list slide and list of speakers slide. Fixed error with motion workflow. * Created CollectionElement class which helps to handle autoupdate. 2016-09-17 22:26:23 +02:00			`def check_permissions(self, user):`
Massive refactoring for autoupdate optimization. 2016-02-11 22:58:32 +01:00			`"""`
			`Returns True if the user has read access model instances.`
			`"""`
Performance improvements * Add caching support to users/group * Add a function has_perm that works with the cache. * Removed our session backend so other session backends (without the database) can be used 2016-12-17 09:30:20 +01:00			`return has_perm(user, 'motions.can_see')`
Massive refactoring for autoupdate optimization. 2016-02-11 22:58:32 +01:00
Forwarding JSON instead of Django model instances to autoupdate loop. - Used raw SQL for createing default projector during inital migration. - Removed default_password and hidden agenda items from autoupdate data for some users. - Removed old get_collection_and_id_from_url() function. 2016-03-02 00:46:19 +01:00			`def get_serializer_class(self, user=None):`
Massive refactoring for autoupdate optimization. 2016-02-11 22:58:32 +01:00			`"""`
			`Returns serializer class.`
			`"""`
			`from .serializers import MotionSerializer`

			`return MotionSerializer`

CollectionElement and Autoupdate cleanups * change get_restricted_data and get_projector_data to always use a list * Add typings to all get_restricted_data and get_projector_data methods * Replace CollectionElementList with a real list * Fixed arguments of inform_deleted_data * Moved CollectionElementCache to cache.py and refactored it * Run tests with cache enabled (using fakeredis) 2017-09-04 00:25:45 +02:00			`def get_restricted_data(`
			`self,`
			`full_data: List[Dict[str, Any]],`
			`user: Optional[CollectionElement]) -> List[Dict[str, Any]]:`
Added generic fields for comments for motions. 2016-07-29 23:33:47 +02:00			`"""`
			`Returns the restricted serialized data for the instance prepared for`
Fixed state flag required permission to see. 2016-12-09 18:00:45 +01:00			`the user. Removes motion if the user has not the permission to see`
Motion rework - remove motion version - migrations for versions and change recommendations - Redone motion comments. Wording changed from comment fields to comment sections - fixed test order, tests are not atomic - introduce get_group_model. Just use OpenSlides Groups and not the django's ones. 2018-08-31 15:33:41 +02:00			`the motion in this state. Removes comments sections for`
Refactoring of data parsing for startup and autoupdate. 2017-05-01 23:12:42 +02:00			`some unauthorized users. Ensures that a user can only see his own`
			`personal notes.`
Added generic fields for comments for motions. 2016-07-29 23:33:47 +02:00			`"""`
Refactoring of data parsing for startup and autoupdate. 2017-05-01 23:12:42 +02:00			`# Parse data.`
			`if has_perm(user, 'motions.can_see'):`
			`# TODO: Refactor this after personal_notes system is refactored.`
			`data = []`
			`for full in full_data:`
			`# Check if user is submitter of this motion.`
			`if isinstance(user, CollectionElement):`
Sort submitters 2018-06-12 14:17:02 +02:00			`is_submitter = user.get_full_data()['id'] in [`
			`submitter['user_id'] for submitter in full.get('submitters', [])]`
Refactoring of data parsing for startup and autoupdate. 2017-05-01 23:12:42 +02:00			`else:`
			`# Anonymous users can not be submitters.`
			`is_submitter = False`

			`# Check see permission for this motion.`
			`required_permission_to_see = full['state_required_permission_to_see']`
			`permission = (`
			`not required_permission_to_see or`
			`has_perm(user, required_permission_to_see) or`
			`has_perm(user, 'motions.can_manage') or`
			`is_submitter)`

			`# Parse single motion.`
			`if permission:`
Motion rework - remove motion version - migrations for versions and change recommendations - Redone motion comments. Wording changed from comment fields to comment sections - fixed test order, tests are not atomic - introduce get_group_model. Just use OpenSlides Groups and not the django's ones. 2018-08-31 15:33:41 +02:00			`full_copy = deepcopy(full)`
			`full_copy['comments'] = []`
			`for comment in full['comments']:`
			`if in_some_groups(user, comment['read_groups_id']):`
			`full_copy['comments'].append(comment)`
			`data.append(full_copy)`
Refactoring of data parsing for startup and autoupdate. 2017-05-01 23:12:42 +02:00			`else:`
			`data = []`

CollectionElement and Autoupdate cleanups * change get_restricted_data and get_projector_data to always use a list * Add typings to all get_restricted_data and get_projector_data methods * Replace CollectionElementList with a real list * Fixed arguments of inform_deleted_data * Moved CollectionElementCache to cache.py and refactored it * Run tests with cache enabled (using fakeredis) 2017-09-04 00:25:45 +02:00			`return data`
Added generic fields for comments for motions. 2016-07-29 23:33:47 +02:00
CollectionElement and Autoupdate cleanups * change get_restricted_data and get_projector_data to always use a list * Add typings to all get_restricted_data and get_projector_data methods * Replace CollectionElementList with a real list * Fixed arguments of inform_deleted_data * Moved CollectionElementCache to cache.py and refactored it * Run tests with cache enabled (using fakeredis) 2017-09-04 00:25:45 +02:00			`def get_projector_data(self, full_data: List[Dict[str, Any]]) -> List[Dict[str, Any]]:`
Change system for autoupdate on the projector (#2394) * Second websocket channel for the projector * Removed use of projector requirements for REST API requests. Refactored data serializing for projector websocket connection. * Refactor the way that the projector autoupdate get its data. * Fixed missing assignment slide title for hidden items. * Release all items for item list slide and list of speakers slide. Fixed error with motion workflow. * Created CollectionElement class which helps to handle autoupdate. 2016-09-17 22:26:23 +02:00			`"""`
			`Returns the restricted serialized data for the instance prepared`
Motion rework - remove motion version - migrations for versions and change recommendations - Redone motion comments. Wording changed from comment fields to comment sections - fixed test order, tests are not atomic - introduce get_group_model. Just use OpenSlides Groups and not the django's ones. 2018-08-31 15:33:41 +02:00			`for the projector. Removes all comments.`
Change system for autoupdate on the projector (#2394) * Second websocket channel for the projector * Removed use of projector requirements for REST API requests. Refactored data serializing for projector websocket connection. * Refactor the way that the projector autoupdate get its data. * Fixed missing assignment slide title for hidden items. * Release all items for item list slide and list of speakers slide. Fixed error with motion workflow. * Created CollectionElement class which helps to handle autoupdate. 2016-09-17 22:26:23 +02:00			`"""`
Fixed get_projector_data impementation. Closed #3282. 2017-06-13 21:44:45 +02:00			`data = []`
			`for full in full_data:`
Motion rework - remove motion version - migrations for versions and change recommendations - Redone motion comments. Wording changed from comment fields to comment sections - fixed test order, tests are not atomic - introduce get_group_model. Just use OpenSlides Groups and not the django's ones. 2018-08-31 15:33:41 +02:00			`full_copy = deepcopy(full)`
			`full_copy['comments'] = []`
			`data.append(full_copy)`
CollectionElement and Autoupdate cleanups * change get_restricted_data and get_projector_data to always use a list * Add typings to all get_restricted_data and get_projector_data methods * Replace CollectionElementList with a real list * Fixed arguments of inform_deleted_data * Moved CollectionElementCache to cache.py and refactored it * Run tests with cache enabled (using fakeredis) 2017-09-04 00:25:45 +02:00			`return data`
Change system for autoupdate on the projector (#2394) * Second websocket channel for the projector * Removed use of projector requirements for REST API requests. Refactored data serializing for projector websocket connection. * Refactor the way that the projector autoupdate get its data. * Fixed missing assignment slide title for hidden items. * Release all items for item list slide and list of speakers slide. Fixed error with motion workflow. * Created CollectionElement class which helps to handle autoupdate. 2016-09-17 22:26:23 +02:00
Massive refactoring for autoupdate optimization. 2016-02-11 22:58:32 +01:00
Change recommendations 2016-09-10 18:49:38 +02:00			`class MotionChangeRecommendationAccessPermissions(BaseAccessPermissions):`
			`"""`
			`Access permissions container for MotionChangeRecommendation and MotionChangeRecommendationViewSet.`
			`"""`
			`def check_permissions(self, user):`
			`"""`
			`Returns True if the user has read access model instances.`
			`"""`
Performance improvements * Add caching support to users/group * Add a function has_perm that works with the cache. * Removed our session backend so other session backends (without the database) can be used 2016-12-17 09:30:20 +01:00			`return has_perm(user, 'motions.can_see')`
Change recommendations 2016-09-10 18:49:38 +02:00
			`def get_serializer_class(self, user=None):`
			`"""`
			`Returns serializer class.`
			`"""`
			`from .serializers import MotionChangeRecommendationSerializer`

			`return MotionChangeRecommendationSerializer`


Motion rework - remove motion version - migrations for versions and change recommendations - Redone motion comments. Wording changed from comment fields to comment sections - fixed test order, tests are not atomic - introduce get_group_model. Just use OpenSlides Groups and not the django's ones. 2018-08-31 15:33:41 +02:00			`class MotionCommentSectionAccessPermissions(BaseAccessPermissions):`
			`"""`
			`Access permissions container for MotionCommentSection and MotionCommentSectionViewSet.`
			`"""`
			`def check_permissions(self, user):`
			`"""`
			`Returns True if the user has read access model instances.`
			`"""`
			`return has_perm(user, 'motions.can_see')`

			`def get_serializer_class(self, user=None):`
			`"""`
			`Returns serializer class.`
			`"""`
			`from .serializers import MotionCommentSectionSerializer`

			`return MotionCommentSectionSerializer`

			`def get_restricted_data(`
			`self,`
			`full_data: List[Dict[str, Any]],`
			`user: Optional[CollectionElement]) -> List[Dict[str, Any]]:`
			`"""`
			`If the user has manage rights, he can see all sections. If not all sections`
			`will be removed, when the user is not in at least one of the read_groups.`
			`"""`
			`data: List[Dict[str, Any]] = []`
			`if has_perm(user, 'motions.can_manage'):`
			`data = full_data`
			`else:`
			`for full in full_data:`
			`read_groups = full.get('read_groups_id', [])`
			`if in_some_groups(user, read_groups):`
			`data.append(full)`
			`return data`


Massive refactoring for autoupdate optimization. 2016-02-11 22:58:32 +01:00			`class CategoryAccessPermissions(BaseAccessPermissions):`
			`"""`
			`Access permissions container for Category and CategoryViewSet.`
			`"""`
Change system for autoupdate on the projector (#2394) * Second websocket channel for the projector * Removed use of projector requirements for REST API requests. Refactored data serializing for projector websocket connection. * Refactor the way that the projector autoupdate get its data. * Fixed missing assignment slide title for hidden items. * Release all items for item list slide and list of speakers slide. Fixed error with motion workflow. * Created CollectionElement class which helps to handle autoupdate. 2016-09-17 22:26:23 +02:00			`def check_permissions(self, user):`
Massive refactoring for autoupdate optimization. 2016-02-11 22:58:32 +01:00			`"""`
			`Returns True if the user has read access model instances.`
			`"""`
Performance improvements * Add caching support to users/group * Add a function has_perm that works with the cache. * Removed our session backend so other session backends (without the database) can be used 2016-12-17 09:30:20 +01:00			`return has_perm(user, 'motions.can_see')`
Massive refactoring for autoupdate optimization. 2016-02-11 22:58:32 +01:00
Forwarding JSON instead of Django model instances to autoupdate loop. - Used raw SQL for createing default projector during inital migration. - Removed default_password and hidden agenda items from autoupdate data for some users. - Removed old get_collection_and_id_from_url() function. 2016-03-02 00:46:19 +01:00			`def get_serializer_class(self, user=None):`
Massive refactoring for autoupdate optimization. 2016-02-11 22:58:32 +01:00			`"""`
			`Returns serializer class.`
			`"""`
			`from .serializers import CategorySerializer`

			`return CategorySerializer`


New feature blocks for motions. - Added ListView, DetailView, UpdateForm and connection to agenda item for MotionBlock. - Added slide and projection default. - Added custom manager for motion blocks. - Enabled current list of speakers slide and overlay for motion block. 2016-10-01 20:42:44 +02:00			`class MotionBlockAccessPermissions(BaseAccessPermissions):`
			`"""`
			`Access permissions container for Category and CategoryViewSet.`
			`"""`
			`def check_permissions(self, user):`
			`"""`
			`Returns True if the user has read access model instances.`
			`"""`
Performance improvements * Add caching support to users/group * Add a function has_perm that works with the cache. * Removed our session backend so other session backends (without the database) can be used 2016-12-17 09:30:20 +01:00			`return has_perm(user, 'motions.can_see')`
New feature blocks for motions. - Added ListView, DetailView, UpdateForm and connection to agenda item for MotionBlock. - Added slide and projection default. - Added custom manager for motion blocks. - Enabled current list of speakers slide and overlay for motion block. 2016-10-01 20:42:44 +02:00
			`def get_serializer_class(self, user=None):`
			`"""`
			`Returns serializer class.`
			`"""`
			`from .serializers import MotionBlockSerializer`

			`return MotionBlockSerializer`


Massive refactoring for autoupdate optimization. 2016-02-11 22:58:32 +01:00			`class WorkflowAccessPermissions(BaseAccessPermissions):`
			`"""`
			`Access permissions container for Workflow and WorkflowViewSet.`
			`"""`
Change system for autoupdate on the projector (#2394) * Second websocket channel for the projector * Removed use of projector requirements for REST API requests. Refactored data serializing for projector websocket connection. * Refactor the way that the projector autoupdate get its data. * Fixed missing assignment slide title for hidden items. * Release all items for item list slide and list of speakers slide. Fixed error with motion workflow. * Created CollectionElement class which helps to handle autoupdate. 2016-09-17 22:26:23 +02:00			`def check_permissions(self, user):`
Massive refactoring for autoupdate optimization. 2016-02-11 22:58:32 +01:00			`"""`
			`Returns True if the user has read access model instances.`
			`"""`
Performance improvements * Add caching support to users/group * Add a function has_perm that works with the cache. * Removed our session backend so other session backends (without the database) can be used 2016-12-17 09:30:20 +01:00			`return has_perm(user, 'motions.can_see')`
Massive refactoring for autoupdate optimization. 2016-02-11 22:58:32 +01:00
Forwarding JSON instead of Django model instances to autoupdate loop. - Used raw SQL for createing default projector during inital migration. - Removed default_password and hidden agenda items from autoupdate data for some users. - Removed old get_collection_and_id_from_url() function. 2016-03-02 00:46:19 +01:00			`def get_serializer_class(self, user=None):`
Massive refactoring for autoupdate optimization. 2016-02-11 22:58:32 +01:00			`"""`
			`Returns serializer class.`
			`"""`
			`from .serializers import WorkflowSerializer`

			`return WorkflowSerializer`