OpenSlides/openslides/users/access_permissions.py

from ..utils.access_permissions import BaseAccessPermissions
from ..utils.auth import DjangoAnonymousUser, has_perm


class UserAccessPermissions(BaseAccessPermissions):
    """
    Access permissions container for User and UserViewSet.
    """
    def check_permissions(self, user):
        """
        Returns True if the user has read access model instances.
        """
        return has_perm(user, 'users.can_see_name')

    def get_serializer_class(self, user=None):
        """
        Returns different serializer classes with respect user's permissions.
        """
        from .serializers import UserFullSerializer

        return UserFullSerializer

    def get_restricted_data(self, full_data, user):
        """
        Returns the restricted serialized data for the instance prepared
        for the user. Removes several fields for non admins so that they do
        not get the fields they should not get.
        """
        from .serializers import USERCANSEESERIALIZER_FIELDS, USERCANSEEEXTRASERIALIZER_FIELDS

        NO_DATA = 0
        LITTLE_DATA = 1
        MANY_DATA = 2
        FULL_DATA = 3

        # Check user permissions.
        if has_perm(user, 'users.can_see_name'):
            if has_perm(user, 'users.can_see_extra_data'):
                if has_perm(user, 'users.can_manage'):
                    case = FULL_DATA
                else:
                    case = MANY_DATA
            else:
                case = LITTLE_DATA
        elif user.pk == full_data.get('id'):
            case = LITTLE_DATA
        else:
            case = NO_DATA

        # Setup data.
        if case == FULL_DATA:
            data = full_data
        elif case == NO_DATA:
            data = None
        else:
            # case in (LITTLE_DATA, ḾANY_DATA)
            if case == MANY_DATA:
                fields = USERCANSEEEXTRASERIALIZER_FIELDS
            else:
                # case == LITTLE_DATA
                fields = USERCANSEESERIALIZER_FIELDS
            # Let only some fields pass this method.
            data = {}
            for base_key in fields:
                for key in (base_key, base_key + '_id'):
                    if key in full_data.keys():
                        data[key] = full_data[key]
        return data

    def get_projector_data(self, full_data):
        """
        Returns the restricted serialized data for the instance prepared
        for the projector. Removes several fields.
        """
        from .serializers import USERCANSEESERIALIZER_FIELDS

        # Let only some fields pass this method.
        data = {}
        for key in full_data.keys():
            if key in USERCANSEESERIALIZER_FIELDS:
                data[key] = full_data[key]
        return data


class GroupAccessPermissions(BaseAccessPermissions):
    """
    Access permissions container for Groups. Everyone can see them
    """
    def check_permissions(self, user):
        """
        Returns True if the user has read access model instances.
        """
        from ..core.config import config

        # Every authenticated user can retrieve groups. Anonymous users can do
        # so if they are enabled.
        # Our AnonymousUser is a subclass of the DjangoAnonymousUser. Normaly, a
        # DjangoAnonymousUser means, that AnonymousUser is disabled. But this is
        # no garanty. send_data uses the AnonymousUser in any case.
        return not isinstance(user, DjangoAnonymousUser) or config['general_system_enable_anonymous']

    def get_serializer_class(self, user=None):
        """
        Returns serializer class.
        """
        from .serializers import GroupSerializer

        return GroupSerializer
Massive refactoring for autoupdate optimization. 2016-02-11 22:58:32 +01:00			`from ..utils.access_permissions import BaseAccessPermissions`
Performance improvements * Add caching support to users/group * Add a function has_perm that works with the cache. * Removed our session backend so other session backends (without the database) can be used 2016-12-17 09:30:20 +01:00			`from ..utils.auth import DjangoAnonymousUser, has_perm`
Massive refactoring for autoupdate optimization. 2016-02-11 22:58:32 +01:00

			`class UserAccessPermissions(BaseAccessPermissions):`
			`"""`
			`Access permissions container for User and UserViewSet.`
			`"""`
Change system for autoupdate on the projector (#2394) * Second websocket channel for the projector * Removed use of projector requirements for REST API requests. Refactored data serializing for projector websocket connection. * Refactor the way that the projector autoupdate get its data. * Fixed missing assignment slide title for hidden items. * Release all items for item list slide and list of speakers slide. Fixed error with motion workflow. * Created CollectionElement class which helps to handle autoupdate. 2016-09-17 22:26:23 +02:00			`def check_permissions(self, user):`
Massive refactoring for autoupdate optimization. 2016-02-11 22:58:32 +01:00			`"""`
			`Returns True if the user has read access model instances.`
			`"""`
Performance improvements * Add caching support to users/group * Add a function has_perm that works with the cache. * Removed our session backend so other session backends (without the database) can be used 2016-12-17 09:30:20 +01:00			`return has_perm(user, 'users.can_see_name')`
Massive refactoring for autoupdate optimization. 2016-02-11 22:58:32 +01:00
Forwarding JSON instead of Django model instances to autoupdate loop. - Used raw SQL for createing default projector during inital migration. - Removed default_password and hidden agenda items from autoupdate data for some users. - Removed old get_collection_and_id_from_url() function. 2016-03-02 00:46:19 +01:00			`def get_serializer_class(self, user=None):`
Massive refactoring for autoupdate optimization. 2016-02-11 22:58:32 +01:00			`"""`
			`Returns different serializer classes with respect user's permissions.`
			`"""`
Adds a cache system to the CollectionElement and add a Collection class that can be used to call a collection used this for the list and receive rest api. 2016-09-18 16:00:31 +02:00			`from .serializers import UserFullSerializer`
Massive refactoring for autoupdate optimization. 2016-02-11 22:58:32 +01:00
Adds a cache system to the CollectionElement and add a Collection class that can be used to call a collection used this for the list and receive rest api. 2016-09-18 16:00:31 +02:00			`return UserFullSerializer`
Forwarding JSON instead of Django model instances to autoupdate loop. - Used raw SQL for createing default projector during inital migration. - Removed default_password and hidden agenda items from autoupdate data for some users. - Removed old get_collection_and_id_from_url() function. 2016-03-02 00:46:19 +01:00
			`def get_restricted_data(self, full_data, user):`
			`"""`
			`Returns the restricted serialized data for the instance prepared`
			`for the user. Removes several fields for non admins so that they do`
Refactored user serializers for different client permissions. See #1871. 2016-08-31 16:53:02 +02:00			`not get the fields they should not get.`
Forwarding JSON instead of Django model instances to autoupdate loop. - Used raw SQL for createing default projector during inital migration. - Removed default_password and hidden agenda items from autoupdate data for some users. - Removed old get_collection_and_id_from_url() function. 2016-03-02 00:46:19 +01:00			`"""`
Refactored user serializers for different client permissions. See #1871. 2016-08-31 16:53:02 +02:00			`from .serializers import USERCANSEESERIALIZER_FIELDS, USERCANSEEEXTRASERIALIZER_FIELDS`
Forwarding JSON instead of Django model instances to autoupdate loop. - Used raw SQL for createing default projector during inital migration. - Removed default_password and hidden agenda items from autoupdate data for some users. - Removed old get_collection_and_id_from_url() function. 2016-03-02 00:46:19 +01:00
Change system for autoupdate on the projector (#2394) * Second websocket channel for the projector * Removed use of projector requirements for REST API requests. Refactored data serializing for projector websocket connection. * Refactor the way that the projector autoupdate get its data. * Fixed missing assignment slide title for hidden items. * Release all items for item list slide and list of speakers slide. Fixed error with motion workflow. * Created CollectionElement class which helps to handle autoupdate. 2016-09-17 22:26:23 +02:00			`NO_DATA = 0`
			`LITTLE_DATA = 1`
			`MANY_DATA = 2`
			`FULL_DATA = 3`

			`# Check user permissions.`
Performance improvements * Add caching support to users/group * Add a function has_perm that works with the cache. * Removed our session backend so other session backends (without the database) can be used 2016-12-17 09:30:20 +01:00			`if has_perm(user, 'users.can_see_name'):`
			`if has_perm(user, 'users.can_see_extra_data'):`
			`if has_perm(user, 'users.can_manage'):`
Change system for autoupdate on the projector (#2394) * Second websocket channel for the projector * Removed use of projector requirements for REST API requests. Refactored data serializing for projector websocket connection. * Refactor the way that the projector autoupdate get its data. * Fixed missing assignment slide title for hidden items. * Release all items for item list slide and list of speakers slide. Fixed error with motion workflow. * Created CollectionElement class which helps to handle autoupdate. 2016-09-17 22:26:23 +02:00			`case = FULL_DATA`
			`else:`
			`case = MANY_DATA`
			`else:`
			`case = LITTLE_DATA`
Refactored WhoAmI view and startup process. 2017-01-14 09:14:42 +01:00			`elif user.pk == full_data.get('id'):`
			`case = LITTLE_DATA`
Change system for autoupdate on the projector (#2394) * Second websocket channel for the projector * Removed use of projector requirements for REST API requests. Refactored data serializing for projector websocket connection. * Refactor the way that the projector autoupdate get its data. * Fixed missing assignment slide title for hidden items. * Release all items for item list slide and list of speakers slide. Fixed error with motion workflow. * Created CollectionElement class which helps to handle autoupdate. 2016-09-17 22:26:23 +02:00			`else:`
			`case = NO_DATA`

			`# Setup data.`
			`if case == FULL_DATA:`
Forwarding JSON instead of Django model instances to autoupdate loop. - Used raw SQL for createing default projector during inital migration. - Removed default_password and hidden agenda items from autoupdate data for some users. - Removed old get_collection_and_id_from_url() function. 2016-03-02 00:46:19 +01:00			`data = full_data`
Change system for autoupdate on the projector (#2394) * Second websocket channel for the projector * Removed use of projector requirements for REST API requests. Refactored data serializing for projector websocket connection. * Refactor the way that the projector autoupdate get its data. * Fixed missing assignment slide title for hidden items. * Release all items for item list slide and list of speakers slide. Fixed error with motion workflow. * Created CollectionElement class which helps to handle autoupdate. 2016-09-17 22:26:23 +02:00			`elif case == NO_DATA:`
			`data = None`
Forwarding JSON instead of Django model instances to autoupdate loop. - Used raw SQL for createing default projector during inital migration. - Removed default_password and hidden agenda items from autoupdate data for some users. - Removed old get_collection_and_id_from_url() function. 2016-03-02 00:46:19 +01:00			`else:`
Change system for autoupdate on the projector (#2394) * Second websocket channel for the projector * Removed use of projector requirements for REST API requests. Refactored data serializing for projector websocket connection. * Refactor the way that the projector autoupdate get its data. * Fixed missing assignment slide title for hidden items. * Release all items for item list slide and list of speakers slide. Fixed error with motion workflow. * Created CollectionElement class which helps to handle autoupdate. 2016-09-17 22:26:23 +02:00			`# case in (LITTLE_DATA, ḾANY_DATA)`
			`if case == MANY_DATA:`
Refactored user serializers for different client permissions. See #1871. 2016-08-31 16:53:02 +02:00			`fields = USERCANSEEEXTRASERIALIZER_FIELDS`
			`else:`
Change system for autoupdate on the projector (#2394) * Second websocket channel for the projector * Removed use of projector requirements for REST API requests. Refactored data serializing for projector websocket connection. * Refactor the way that the projector autoupdate get its data. * Fixed missing assignment slide title for hidden items. * Release all items for item list slide and list of speakers slide. Fixed error with motion workflow. * Created CollectionElement class which helps to handle autoupdate. 2016-09-17 22:26:23 +02:00			`# case == LITTLE_DATA`
Refactored user serializers for different client permissions. See #1871. 2016-08-31 16:53:02 +02:00			`fields = USERCANSEESERIALIZER_FIELDS`
			`# Let only some fields pass this method.`
Forwarding JSON instead of Django model instances to autoupdate loop. - Used raw SQL for createing default projector during inital migration. - Removed default_password and hidden agenda items from autoupdate data for some users. - Removed old get_collection_and_id_from_url() function. 2016-03-02 00:46:19 +01:00			`data = {}`
Fixes user permissions Fix #2597 2016-11-08 23:13:15 +01:00			`for base_key in fields:`
			`for key in (base_key, base_key + '_id'):`
			`if key in full_data.keys():`
			`data[key] = full_data[key]`
Forwarding JSON instead of Django model instances to autoupdate loop. - Used raw SQL for createing default projector during inital migration. - Removed default_password and hidden agenda items from autoupdate data for some users. - Removed old get_collection_and_id_from_url() function. 2016-03-02 00:46:19 +01:00			`return data`
Change system for autoupdate on the projector (#2394) * Second websocket channel for the projector * Removed use of projector requirements for REST API requests. Refactored data serializing for projector websocket connection. * Refactor the way that the projector autoupdate get its data. * Fixed missing assignment slide title for hidden items. * Release all items for item list slide and list of speakers slide. Fixed error with motion workflow. * Created CollectionElement class which helps to handle autoupdate. 2016-09-17 22:26:23 +02:00
			`def get_projector_data(self, full_data):`
			`"""`
			`Returns the restricted serialized data for the instance prepared`
			`for the projector. Removes several fields.`
			`"""`
			`from .serializers import USERCANSEESERIALIZER_FIELDS`

			`# Let only some fields pass this method.`
			`data = {}`
			`for key in full_data.keys():`
			`if key in USERCANSEESERIALIZER_FIELDS:`
			`data[key] = full_data[key]`
			`return data`
Performance improvements * Add caching support to users/group * Add a function has_perm that works with the cache. * Removed our session backend so other session backends (without the database) can be used 2016-12-17 09:30:20 +01:00

			`class GroupAccessPermissions(BaseAccessPermissions):`
			`"""`
			`Access permissions container for Groups. Everyone can see them`
			`"""`
			`def check_permissions(self, user):`
			`"""`
			`Returns True if the user has read access model instances.`
			`"""`
			`from ..core.config import config`

			`# Every authenticated user can retrieve groups. Anonymous users can do`
			`# so if they are enabled.`
			`# Our AnonymousUser is a subclass of the DjangoAnonymousUser. Normaly, a`
			`# DjangoAnonymousUser means, that AnonymousUser is disabled. But this is`
			`# no garanty. send_data uses the AnonymousUser in any case.`
			`return not isinstance(user, DjangoAnonymousUser) or config['general_system_enable_anonymous']`

			`def get_serializer_class(self, user=None):`
			`"""`
			`Returns serializer class.`
			`"""`
			`from .serializers import GroupSerializer`

			`return GroupSerializer`