2017-08-24 12:26:55 +02:00
|
|
|
from typing import Iterable # noqa
|
|
|
|
|
|
|
|
from ..utils.access_permissions import ( # noqa
|
|
|
|
BaseAccessPermissions,
|
|
|
|
RestrictedData,
|
|
|
|
)
|
2016-12-17 09:30:20 +01:00
|
|
|
from ..utils.auth import has_perm
|
2017-05-01 23:12:42 +02:00
|
|
|
from ..utils.collection import Collection
|
2016-02-11 22:58:32 +01:00
|
|
|
|
2016-02-11 11:29:19 +01:00
|
|
|
|
2016-02-11 22:58:32 +01:00
|
|
|
class ItemAccessPermissions(BaseAccessPermissions):
|
|
|
|
"""
|
|
|
|
Access permissions container for Item and ItemViewSet.
|
|
|
|
"""
|
2016-09-17 22:26:23 +02:00
|
|
|
def check_permissions(self, user):
|
2016-02-11 11:29:19 +01:00
|
|
|
"""
|
2016-02-11 22:58:32 +01:00
|
|
|
Returns True if the user has read access model instances.
|
2016-02-11 11:29:19 +01:00
|
|
|
"""
|
2016-12-17 09:30:20 +01:00
|
|
|
return has_perm(user, 'agenda.can_see')
|
2016-02-11 22:58:32 +01:00
|
|
|
|
2016-03-02 00:46:19 +01:00
|
|
|
def get_serializer_class(self, user=None):
|
2016-02-11 22:58:32 +01:00
|
|
|
"""
|
|
|
|
Returns serializer class.
|
|
|
|
"""
|
|
|
|
from .serializers import ItemSerializer
|
|
|
|
|
|
|
|
return ItemSerializer
|
2016-03-02 00:46:19 +01:00
|
|
|
|
2016-09-17 22:26:23 +02:00
|
|
|
# TODO: In the following method we use full_data['is_hidden'] but this can be out of date.
|
|
|
|
|
2017-05-01 23:12:42 +02:00
|
|
|
def get_restricted_data(self, container, user):
|
2016-03-02 00:46:19 +01:00
|
|
|
"""
|
|
|
|
Returns the restricted serialized data for the instance prepared
|
|
|
|
for the user.
|
2017-05-01 23:12:42 +02:00
|
|
|
|
|
|
|
We remove comments for non admins/managers and a lot of fields of
|
|
|
|
hidden items for users without permission to see hidden items.
|
2016-03-02 00:46:19 +01:00
|
|
|
"""
|
2017-04-28 00:50:37 +02:00
|
|
|
def filtered_data(full_data, blocked_keys):
|
|
|
|
"""
|
|
|
|
Returns a new dict like full_data but with all blocked_keys removed.
|
|
|
|
"""
|
|
|
|
whitelist = full_data.keys() - blocked_keys
|
|
|
|
return {key: full_data[key] for key in whitelist}
|
|
|
|
|
2017-05-01 23:12:42 +02:00
|
|
|
# Expand full_data to a list if it is not one.
|
|
|
|
full_data = container.get_full_data() if isinstance(container, Collection) else [container.get_full_data()]
|
2017-04-28 00:50:37 +02:00
|
|
|
|
2017-05-01 23:12:42 +02:00
|
|
|
# Parse data.
|
2017-03-03 10:54:41 +01:00
|
|
|
if has_perm(user, 'agenda.can_see'):
|
2017-05-01 23:12:42 +02:00
|
|
|
if has_perm(user, 'agenda.can_manage') and has_perm(user, 'agenda.can_see_hidden_items'):
|
|
|
|
# Managers with special permission can see everything.
|
2017-04-28 00:50:37 +02:00
|
|
|
data = full_data
|
|
|
|
elif has_perm(user, 'agenda.can_see_hidden_items'):
|
2017-05-01 23:12:42 +02:00
|
|
|
# Non managers with special permission can see everything but comments.
|
2017-04-28 00:50:37 +02:00
|
|
|
blocked_keys = ('comment',)
|
|
|
|
data = [filtered_data(full, blocked_keys) for full in full_data]
|
|
|
|
else:
|
2017-05-01 23:12:42 +02:00
|
|
|
# Users without special permissin for hidden items.
|
|
|
|
|
|
|
|
# In hidden case managers and non managers see only some fields
|
|
|
|
# so that list of speakers is provided regardless.
|
2017-08-24 12:26:55 +02:00
|
|
|
blocked_keys_hidden_case = set(full_data[0].keys()) - set((
|
2017-03-03 10:54:41 +01:00
|
|
|
'id',
|
|
|
|
'title',
|
|
|
|
'speakers',
|
|
|
|
'speaker_list_closed',
|
2017-08-24 12:26:55 +02:00
|
|
|
'content_object'))
|
2017-05-01 23:12:42 +02:00
|
|
|
|
|
|
|
# In non hidden case managers see everything and non managers see
|
|
|
|
# everything but comments.
|
|
|
|
if has_perm(user, 'agenda.can_manage'):
|
2017-08-24 12:26:55 +02:00
|
|
|
blocked_keys_non_hidden_case = [] # type: Iterable[str]
|
2017-05-01 23:12:42 +02:00
|
|
|
else:
|
|
|
|
blocked_keys_non_hidden_case = ('comment',)
|
|
|
|
|
|
|
|
data = []
|
2017-04-28 00:50:37 +02:00
|
|
|
for full in full_data:
|
|
|
|
if full['is_hidden']:
|
2017-05-01 23:12:42 +02:00
|
|
|
data.append(filtered_data(full, blocked_keys_hidden_case))
|
2017-04-28 00:50:37 +02:00
|
|
|
else:
|
2017-05-01 23:12:42 +02:00
|
|
|
data.append(filtered_data(full, blocked_keys_non_hidden_case))
|
|
|
|
else:
|
|
|
|
data = []
|
|
|
|
|
|
|
|
# Reduce result to a single item or None if it was not a collection at
|
|
|
|
# the beginning of the method.
|
|
|
|
if isinstance(container, Collection):
|
2017-08-24 12:26:55 +02:00
|
|
|
restricted_data = data # type: RestrictedData
|
2017-05-01 23:12:42 +02:00
|
|
|
elif data:
|
|
|
|
restricted_data = data[0]
|
2016-03-02 00:46:19 +01:00
|
|
|
else:
|
2017-05-01 23:12:42 +02:00
|
|
|
restricted_data = None
|
2017-04-28 00:50:37 +02:00
|
|
|
|
2017-05-01 23:12:42 +02:00
|
|
|
return restricted_data
|
2016-09-17 22:26:23 +02:00
|
|
|
|
2017-06-13 21:44:45 +02:00
|
|
|
def get_projector_data(self, container):
|
2016-09-17 22:26:23 +02:00
|
|
|
"""
|
|
|
|
Returns the restricted serialized data for the instance prepared
|
|
|
|
for the projector. Removes field 'comment'.
|
|
|
|
"""
|
2017-06-13 21:44:45 +02:00
|
|
|
def filtered_data(full_data, blocked_keys):
|
|
|
|
"""
|
|
|
|
Returns a new dict like full_data but with all blocked_keys removed.
|
|
|
|
"""
|
|
|
|
whitelist = full_data.keys() - blocked_keys
|
|
|
|
return {key: full_data[key] for key in whitelist}
|
|
|
|
|
|
|
|
# Expand full_data to a list if it is not one.
|
|
|
|
full_data = container.get_full_data() if isinstance(container, Collection) else [container.get_full_data()]
|
|
|
|
|
|
|
|
# Parse data.
|
|
|
|
blocked_keys = ('comment',)
|
|
|
|
data = [filtered_data(full, blocked_keys) for full in full_data]
|
|
|
|
|
|
|
|
# Reduce result to a single item or None if it was not a collection at
|
|
|
|
# the beginning of the method.
|
|
|
|
if isinstance(container, Collection):
|
2017-08-24 12:26:55 +02:00
|
|
|
projector_data = data # type: RestrictedData
|
2017-06-13 21:44:45 +02:00
|
|
|
elif data:
|
|
|
|
projector_data = data[0]
|
|
|
|
else:
|
|
|
|
projector_data = None
|
|
|
|
|
|
|
|
return projector_data
|