2018-11-03 23:40:20 +01:00
|
|
|
from typing import Any, Dict, List, Set
|
2017-08-24 12:26:55 +02:00
|
|
|
|
2018-11-01 17:30:18 +01:00
|
|
|
from ..utils.access_permissions import BaseAccessPermissions, required_user
|
|
|
|
from ..utils.auth import async_has_perm
|
2018-11-03 23:40:20 +01:00
|
|
|
from ..utils.utils import get_model_from_collection_string
|
2016-02-11 22:58:32 +01:00
|
|
|
|
|
|
|
|
|
|
|
class UserAccessPermissions(BaseAccessPermissions):
|
|
|
|
"""
|
|
|
|
Access permissions container for User and UserViewSet.
|
|
|
|
"""
|
|
|
|
|
2018-11-01 17:30:18 +01:00
|
|
|
async def get_restricted_data(
|
2019-01-06 16:22:33 +01:00
|
|
|
self, full_data: List[Dict[str, Any]], user_id: int
|
|
|
|
) -> List[Dict[str, Any]]:
|
2016-03-02 00:46:19 +01:00
|
|
|
"""
|
|
|
|
Returns the restricted serialized data for the instance prepared
|
|
|
|
for the user. Removes several fields for non admins so that they do
|
2016-08-31 16:53:02 +02:00
|
|
|
not get the fields they should not get.
|
2016-03-02 00:46:19 +01:00
|
|
|
"""
|
2019-01-06 16:22:33 +01:00
|
|
|
from .serializers import (
|
|
|
|
USERCANSEESERIALIZER_FIELDS,
|
|
|
|
USERCANSEEEXTRASERIALIZER_FIELDS,
|
|
|
|
)
|
2016-03-02 00:46:19 +01:00
|
|
|
|
2017-05-01 23:12:42 +02:00
|
|
|
def filtered_data(full_data, whitelist):
|
2017-04-28 00:50:37 +02:00
|
|
|
"""
|
2017-05-01 23:12:42 +02:00
|
|
|
Returns a new dict like full_data but only with whitelisted keys.
|
2017-04-28 00:50:37 +02:00
|
|
|
"""
|
2017-05-01 23:12:42 +02:00
|
|
|
return {key: full_data[key] for key in whitelist}
|
2017-04-28 00:50:37 +02:00
|
|
|
|
2018-07-09 23:22:26 +02:00
|
|
|
# We have five sets of data to be sent:
|
|
|
|
# * full data i. e. all fields (including session_auth_hash),
|
|
|
|
# * all data i. e. all fields but not session_auth_hash,
|
|
|
|
# * many data i. e. all fields but not the default password and session_auth_hash,
|
|
|
|
# * little data i. e. all fields but not the default password, session_auth_hash, comments and active status,
|
2017-05-01 23:12:42 +02:00
|
|
|
# * no data.
|
|
|
|
|
2018-07-09 23:22:26 +02:00
|
|
|
# Prepare field set for users with "all" data, "many" data and with "little" data.
|
|
|
|
all_data_fields = set(USERCANSEEEXTRASERIALIZER_FIELDS)
|
2019-01-06 16:22:33 +01:00
|
|
|
all_data_fields.add("groups_id")
|
|
|
|
all_data_fields.discard("groups")
|
|
|
|
all_data_fields.add("default_password")
|
2018-07-09 23:22:26 +02:00
|
|
|
many_data_fields = all_data_fields.copy()
|
2019-01-06 16:22:33 +01:00
|
|
|
many_data_fields.discard("default_password")
|
2017-05-01 23:12:42 +02:00
|
|
|
litte_data_fields = set(USERCANSEESERIALIZER_FIELDS)
|
2019-01-06 16:22:33 +01:00
|
|
|
litte_data_fields.add("groups_id")
|
|
|
|
litte_data_fields.discard("groups")
|
2016-09-17 22:26:23 +02:00
|
|
|
|
|
|
|
# Check user permissions.
|
2019-01-06 16:22:33 +01:00
|
|
|
if await async_has_perm(user_id, "users.can_see_name"):
|
|
|
|
if await async_has_perm(user_id, "users.can_see_extra_data"):
|
|
|
|
if await async_has_perm(user_id, "users.can_manage"):
|
2018-07-09 23:22:26 +02:00
|
|
|
data = [filtered_data(full, all_data_fields) for full in full_data]
|
2016-09-17 22:26:23 +02:00
|
|
|
else:
|
2017-05-01 23:12:42 +02:00
|
|
|
data = [filtered_data(full, many_data_fields) for full in full_data]
|
2016-09-17 22:26:23 +02:00
|
|
|
else:
|
2017-05-01 23:12:42 +02:00
|
|
|
data = [filtered_data(full, litte_data_fields) for full in full_data]
|
2016-09-17 22:26:23 +02:00
|
|
|
else:
|
2017-05-01 23:12:42 +02:00
|
|
|
# Build a list of users, that can be seen without any permissions (with little fields).
|
|
|
|
|
|
|
|
# Everybody can see himself. Also everybody can see every user
|
|
|
|
# that is required e. g. as speaker, motion submitter or
|
|
|
|
# assignment candidate.
|
|
|
|
|
2018-11-01 17:30:18 +01:00
|
|
|
can_see_collection_strings: Set[str] = set()
|
|
|
|
for collection_string in required_user.get_collection_strings():
|
2019-01-06 16:22:33 +01:00
|
|
|
if await async_has_perm(
|
|
|
|
user_id,
|
|
|
|
get_model_from_collection_string(
|
|
|
|
collection_string
|
|
|
|
).can_see_permission,
|
|
|
|
):
|
2018-11-01 17:30:18 +01:00
|
|
|
can_see_collection_strings.add(collection_string)
|
|
|
|
|
2019-01-06 16:22:33 +01:00
|
|
|
user_ids = await required_user.get_required_users(
|
|
|
|
can_see_collection_strings
|
|
|
|
)
|
2018-11-01 17:30:18 +01:00
|
|
|
|
2017-05-01 23:12:42 +02:00
|
|
|
# Add oneself.
|
2018-11-03 23:40:20 +01:00
|
|
|
if user_id:
|
|
|
|
user_ids.add(user_id)
|
2017-04-28 00:50:37 +02:00
|
|
|
|
2017-05-01 23:12:42 +02:00
|
|
|
# Parse data.
|
2017-04-28 00:50:37 +02:00
|
|
|
data = [
|
2017-05-01 23:12:42 +02:00
|
|
|
filtered_data(full, litte_data_fields)
|
2019-01-06 16:22:33 +01:00
|
|
|
for full in full_data
|
|
|
|
if full["id"] in user_ids
|
|
|
|
]
|
2017-04-28 00:50:37 +02:00
|
|
|
|
2017-09-04 00:25:45 +02:00
|
|
|
return data
|
2016-09-17 22:26:23 +02:00
|
|
|
|
2016-12-17 09:30:20 +01:00
|
|
|
|
|
|
|
class GroupAccessPermissions(BaseAccessPermissions):
|
|
|
|
"""
|
|
|
|
Access permissions container for Groups. Everyone can see them
|
|
|
|
"""
|
|
|
|
|
2017-05-23 14:07:06 +02:00
|
|
|
|
|
|
|
class PersonalNoteAccessPermissions(BaseAccessPermissions):
|
|
|
|
"""
|
|
|
|
Access permissions container for personal notes. Every authenticated user
|
|
|
|
can handle personal notes.
|
|
|
|
"""
|
|
|
|
|
2018-11-01 17:30:18 +01:00
|
|
|
async def get_restricted_data(
|
2019-01-06 16:22:33 +01:00
|
|
|
self, full_data: List[Dict[str, Any]], user_id: int
|
|
|
|
) -> List[Dict[str, Any]]:
|
2017-05-23 14:07:06 +02:00
|
|
|
"""
|
|
|
|
Returns the restricted serialized data for the instance prepared
|
|
|
|
for the user. Everybody gets only his own personal notes.
|
|
|
|
"""
|
|
|
|
# Parse data.
|
2018-11-03 23:40:20 +01:00
|
|
|
if not user_id:
|
2018-08-22 22:00:08 +02:00
|
|
|
data: List[Dict[str, Any]] = []
|
2017-08-31 21:12:39 +02:00
|
|
|
else:
|
|
|
|
for full in full_data:
|
2019-01-06 16:22:33 +01:00
|
|
|
if full["user_id"] == user_id:
|
2017-08-31 21:12:39 +02:00
|
|
|
data = [full]
|
|
|
|
break
|
|
|
|
else:
|
|
|
|
data = []
|
2017-05-23 14:07:06 +02:00
|
|
|
|
2017-09-04 00:25:45 +02:00
|
|
|
return data
|