OpenSlides/openslides/motions/access_permissions.py

from copy import deepcopy
from typing import Any, Dict, List

from ..utils.access_permissions import BaseAccessPermissions
from ..utils.auth import async_has_perm, async_in_some_groups


class MotionAccessPermissions(BaseAccessPermissions):
    """
    Access permissions container for Motion and MotionViewSet.
    """

    base_permission = "motions.can_see"

    async def get_restricted_data(
        self, full_data: List[Dict[str, Any]], user_id: int
    ) -> List[Dict[str, Any]]:
        """
        Returns the restricted serialized data for the instance prepared for
        the user. Removes motion if the user has not the permission to see
        the motion in this state. Removes comments sections for
        some unauthorized users. Ensures that a user can only see his own
        personal notes.
        """
        # Parse data.
        if await async_has_perm(user_id, "motions.can_see"):
            # TODO: Refactor this after personal_notes system is refactored.
            data = []
            for full in full_data:
                # Check if user is submitter of this motion.
                if user_id:
                    is_submitter = user_id in [
                        submitter["user_id"] for submitter in full.get("submitters", [])
                    ]
                else:
                    # Anonymous users can not be submitters.
                    is_submitter = False

                # Check see permission for this motion.
                restriction = full["state_restriction"]

                # Managers can see all motions.
                permission = await async_has_perm(user_id, "motions.can_manage")
                # If restriction field is an empty list, everybody can see the motion.
                permission = permission or not restriction

                if not permission:
                    # Parse values of restriction field.
                    for value in restriction:
                        if value == "managers_only":
                            # permission remains false
                            break
                        elif value in ("motions.can_see_internal", "motions.can_manage_metadata"):
                            if await async_has_perm(user_id, value):
                                permission = True
                                break
                        elif value == "is_submitter":
                            if is_submitter:
                                permission = True
                                break

                # Parse single motion.
                if permission:
                    full_copy = deepcopy(full)
                    full_copy["comments"] = []
                    for comment in full["comments"]:
                        if await async_in_some_groups(
                            user_id, comment["read_groups_id"]
                        ):
                            full_copy["comments"].append(comment)
                    data.append(full_copy)
        else:
            data = []
        return data


class MotionChangeRecommendationAccessPermissions(BaseAccessPermissions):
    """
    Access permissions container for MotionChangeRecommendation and MotionChangeRecommendationViewSet.
    """

    base_permission = "motions.can_see"

    async def get_restricted_data(
        self, full_data: List[Dict[str, Any]], user_id: int
    ) -> List[Dict[str, Any]]:
        """
        Removes change recommendations if they are internal and the user has
        not the can_manage permission. To see change recommendation the user needs
        the can_see permission.
        """
        # Parse data.
        if await async_has_perm(user_id, "motions.can_see"):
            has_manage_perms = await async_has_perm(user_id, "motions.can_manage")
            data = []
            for full in full_data:
                if not full["internal"] or has_manage_perms:
                    data.append(full)
        else:
            data = []

        return data


class MotionCommentSectionAccessPermissions(BaseAccessPermissions):
    """
    Access permissions container for MotionCommentSection and MotionCommentSectionViewSet.
    """

    base_permission = "motions.can_see"

    async def get_restricted_data(
        self, full_data: List[Dict[str, Any]], user_id: int
    ) -> List[Dict[str, Any]]:
        """
        If the user has manage rights, he can see all sections. If not all sections
        will be removed, when the user is not in at least one of the read_groups.
        """
        data: List[Dict[str, Any]] = []
        if await async_has_perm(user_id, "motions.can_manage"):
            data = full_data
        else:
            for full in full_data:
                read_groups = full.get("read_groups_id", [])
                if await async_in_some_groups(user_id, read_groups):
                    data.append(full)
        return data


class StatuteParagraphAccessPermissions(BaseAccessPermissions):
    """
    Access permissions container for StatuteParagraph and StatuteParagraphViewSet.
    """

    base_permission = "motions.can_see"


class CategoryAccessPermissions(BaseAccessPermissions):
    """
    Access permissions container for Category and CategoryViewSet.
    """

    base_permission = "motions.can_see"


class MotionBlockAccessPermissions(BaseAccessPermissions):
    """
    Access permissions container for Category and CategoryViewSet.
    """

    base_permission = "motions.can_see"


class WorkflowAccessPermissions(BaseAccessPermissions):
    """
    Access permissions container for Workflow and WorkflowViewSet.
    """

    base_permission = "motions.can_see"
Fix updating of motion comments for inmemory cache. get_restricted_data() has to use deepcopy(full_data) instead of full_data.copy(). 2016-11-02 00:09:59 +01:00			`from copy import deepcopy`
Remove CollectionElement * Use user_id: int instead of Optional[CollectionElment] in utils * Rewrote autoupdate system without CollectionElement 2018-11-03 23:40:20 +01:00			`from typing import Any, Dict, List`
Fix updating of motion comments for inmemory cache. get_restricted_data() has to use deepcopy(full_data) instead of full_data.copy(). 2016-11-02 00:09:59 +01:00
drop python 3.5 2018-08-22 22:00:08 +02:00			`from ..utils.access_permissions import BaseAccessPermissions`
Remove utils.collections.Collection class and other cleanups * Activate restricted_data_cache on inmemory cache * Use ElementCache in rest-api get requests * Get requests on the restapi return 404 when the user has no permission * Added async function for has_perm and in_some_groups * changed Cachable.get_restricted_data to be an ansync function * rewrote required_user_system * changed default implementation of access_permission.check_permission to check a given permission or check if anonymous is enabled 2018-11-01 17:30:18 +01:00			`from ..utils.auth import async_has_perm, async_in_some_groups`
Massive refactoring for autoupdate optimization. 2016-02-11 22:58:32 +01:00

			`class MotionAccessPermissions(BaseAccessPermissions):`
			`"""`
			`Access permissions container for Motion and MotionViewSet.`
			`"""`
Run black 2019-01-06 16:22:33 +01:00
			`base_permission = "motions.can_see"`
Massive refactoring for autoupdate optimization. 2016-02-11 22:58:32 +01:00
Remove utils.collections.Collection class and other cleanups * Activate restricted_data_cache on inmemory cache * Use ElementCache in rest-api get requests * Get requests on the restapi return 404 when the user has no permission * Added async function for has_perm and in_some_groups * changed Cachable.get_restricted_data to be an ansync function * rewrote required_user_system * changed default implementation of access_permission.check_permission to check a given permission or check if anonymous is enabled 2018-11-01 17:30:18 +01:00			`async def get_restricted_data(`
Run black 2019-01-06 16:22:33 +01:00			`self, full_data: List[Dict[str, Any]], user_id: int`
			`) -> List[Dict[str, Any]]:`
Added generic fields for comments for motions. 2016-07-29 23:33:47 +02:00			`"""`
			`Returns the restricted serialized data for the instance prepared for`
Fixed state flag required permission to see. 2016-12-09 18:00:45 +01:00			`the user. Removes motion if the user has not the permission to see`
Motion rework - remove motion version - migrations for versions and change recommendations - Redone motion comments. Wording changed from comment fields to comment sections - fixed test order, tests are not atomic - introduce get_group_model. Just use OpenSlides Groups and not the django's ones. 2018-08-31 15:33:41 +02:00			`the motion in this state. Removes comments sections for`
Refactoring of data parsing for startup and autoupdate. 2017-05-01 23:12:42 +02:00			`some unauthorized users. Ensures that a user can only see his own`
			`personal notes.`
Added generic fields for comments for motions. 2016-07-29 23:33:47 +02:00			`"""`
Refactoring of data parsing for startup and autoupdate. 2017-05-01 23:12:42 +02:00			`# Parse data.`
Run black 2019-01-06 16:22:33 +01:00			`if await async_has_perm(user_id, "motions.can_see"):`
Refactoring of data parsing for startup and autoupdate. 2017-05-01 23:12:42 +02:00			`# TODO: Refactor this after personal_notes system is refactored.`
			`data = []`
			`for full in full_data:`
			`# Check if user is submitter of this motion.`
Remove CollectionElement * Use user_id: int instead of Optional[CollectionElment] in utils * Rewrote autoupdate system without CollectionElement 2018-11-03 23:40:20 +01:00			`if user_id:`
			`is_submitter = user_id in [`
Run black 2019-01-06 16:22:33 +01:00			`submitter["user_id"] for submitter in full.get("submitters", [])`
			`]`
Refactoring of data parsing for startup and autoupdate. 2017-05-01 23:12:42 +02:00			`else:`
			`# Anonymous users can not be submitters.`
			`is_submitter = False`

			`# Check see permission for this motion.`
Refactored state access level by renaming state field to restriction. 2019-03-20 17:21:01 +01:00			`restriction = full["state_restriction"]`

			`# Managers can see all motions.`
			`permission = await async_has_perm(user_id, "motions.can_manage")`
			`# If restriction field is an empty list, everybody can see the motion.`
			`permission = permission or not restriction`

			`if not permission:`
			`# Parse values of restriction field.`
			`for value in restriction:`
			`if value == "managers_only":`
			`# permission remains false`
			`break`
			`elif value in ("motions.can_see_internal", "motions.can_manage_metadata"):`
			`if await async_has_perm(user_id, value):`
			`permission = True`
			`break`
			`elif value == "is_submitter":`
			`if is_submitter:`
			`permission = True`
			`break`
Refactoring of data parsing for startup and autoupdate. 2017-05-01 23:12:42 +02:00
			`# Parse single motion.`
			`if permission:`
Motion rework - remove motion version - migrations for versions and change recommendations - Redone motion comments. Wording changed from comment fields to comment sections - fixed test order, tests are not atomic - introduce get_group_model. Just use OpenSlides Groups and not the django's ones. 2018-08-31 15:33:41 +02:00			`full_copy = deepcopy(full)`
Run black 2019-01-06 16:22:33 +01:00			`full_copy["comments"] = []`
			`for comment in full["comments"]:`
			`if await async_in_some_groups(`
			`user_id, comment["read_groups_id"]`
			`):`
			`full_copy["comments"].append(comment)`
Motion rework - remove motion version - migrations for versions and change recommendations - Redone motion comments. Wording changed from comment fields to comment sections - fixed test order, tests are not atomic - introduce get_group_model. Just use OpenSlides Groups and not the django's ones. 2018-08-31 15:33:41 +02:00			`data.append(full_copy)`
Refactoring of data parsing for startup and autoupdate. 2017-05-01 23:12:42 +02:00			`else:`
			`data = []`
CollectionElement and Autoupdate cleanups * change get_restricted_data and get_projector_data to always use a list * Add typings to all get_restricted_data and get_projector_data methods * Replace CollectionElementList with a real list * Fixed arguments of inform_deleted_data * Moved CollectionElementCache to cache.py and refactored it * Run tests with cache enabled (using fakeredis) 2017-09-04 00:25:45 +02:00			`return data`
Added generic fields for comments for motions. 2016-07-29 23:33:47 +02:00
Massive refactoring for autoupdate optimization. 2016-02-11 22:58:32 +01:00
Change recommendations 2016-09-10 18:49:38 +02:00			`class MotionChangeRecommendationAccessPermissions(BaseAccessPermissions):`
			`"""`
			`Access permissions container for MotionChangeRecommendation and MotionChangeRecommendationViewSet.`
			`"""`
Run black 2019-01-06 16:22:33 +01:00
			`base_permission = "motions.can_see"`
Change recommendations 2016-09-10 18:49:38 +02:00
Remove utils.collections.Collection class and other cleanups * Activate restricted_data_cache on inmemory cache * Use ElementCache in rest-api get requests * Get requests on the restapi return 404 when the user has no permission * Added async function for has_perm and in_some_groups * changed Cachable.get_restricted_data to be an ansync function * rewrote required_user_system * changed default implementation of access_permission.check_permission to check a given permission or check if anonymous is enabled 2018-11-01 17:30:18 +01:00			`async def get_restricted_data(`
Run black 2019-01-06 16:22:33 +01:00			`self, full_data: List[Dict[str, Any]], user_id: int`
			`) -> List[Dict[str, Any]]:`
Setting change recommendations internal 2018-10-25 15:11:38 +02:00			`"""`
			`Removes change recommendations if they are internal and the user has`
			`not the can_manage permission. To see change recommendation the user needs`
			`the can_see permission.`
			`"""`
			`# Parse data.`
Run black 2019-01-06 16:22:33 +01:00			`if await async_has_perm(user_id, "motions.can_see"):`
Add permissions to ListViews Adds the AuthGuard to certain routes Adds an error-component Also hides certain other elements where permissions should apply 2019-04-05 12:33:34 +02:00			`has_manage_perms = await async_has_perm(user_id, "motions.can_manage")`
Setting change recommendations internal 2018-10-25 15:11:38 +02:00			`data = []`
			`for full in full_data:`
Run black 2019-01-06 16:22:33 +01:00			`if not full["internal"] or has_manage_perms:`
Setting change recommendations internal 2018-10-25 15:11:38 +02:00			`data.append(full)`
			`else:`
			`data = []`

			`return data`

Change recommendations 2016-09-10 18:49:38 +02:00
Motion rework - remove motion version - migrations for versions and change recommendations - Redone motion comments. Wording changed from comment fields to comment sections - fixed test order, tests are not atomic - introduce get_group_model. Just use OpenSlides Groups and not the django's ones. 2018-08-31 15:33:41 +02:00			`class MotionCommentSectionAccessPermissions(BaseAccessPermissions):`
			`"""`
			`Access permissions container for MotionCommentSection and MotionCommentSectionViewSet.`
			`"""`
Run black 2019-01-06 16:22:33 +01:00
			`base_permission = "motions.can_see"`
Motion rework - remove motion version - migrations for versions and change recommendations - Redone motion comments. Wording changed from comment fields to comment sections - fixed test order, tests are not atomic - introduce get_group_model. Just use OpenSlides Groups and not the django's ones. 2018-08-31 15:33:41 +02:00
Remove utils.collections.Collection class and other cleanups * Activate restricted_data_cache on inmemory cache * Use ElementCache in rest-api get requests * Get requests on the restapi return 404 when the user has no permission * Added async function for has_perm and in_some_groups * changed Cachable.get_restricted_data to be an ansync function * rewrote required_user_system * changed default implementation of access_permission.check_permission to check a given permission or check if anonymous is enabled 2018-11-01 17:30:18 +01:00			`async def get_restricted_data(`
Run black 2019-01-06 16:22:33 +01:00			`self, full_data: List[Dict[str, Any]], user_id: int`
			`) -> List[Dict[str, Any]]:`
Motion rework - remove motion version - migrations for versions and change recommendations - Redone motion comments. Wording changed from comment fields to comment sections - fixed test order, tests are not atomic - introduce get_group_model. Just use OpenSlides Groups and not the django's ones. 2018-08-31 15:33:41 +02:00			`"""`
			`If the user has manage rights, he can see all sections. If not all sections`
			`will be removed, when the user is not in at least one of the read_groups.`
			`"""`
			`data: List[Dict[str, Any]] = []`
Run black 2019-01-06 16:22:33 +01:00			`if await async_has_perm(user_id, "motions.can_manage"):`
Motion rework - remove motion version - migrations for versions and change recommendations - Redone motion comments. Wording changed from comment fields to comment sections - fixed test order, tests are not atomic - introduce get_group_model. Just use OpenSlides Groups and not the django's ones. 2018-08-31 15:33:41 +02:00			`data = full_data`
			`else:`
			`for full in full_data:`
Run black 2019-01-06 16:22:33 +01:00			`read_groups = full.get("read_groups_id", [])`
Remove CollectionElement * Use user_id: int instead of Optional[CollectionElment] in utils * Rewrote autoupdate system without CollectionElement 2018-11-03 23:40:20 +01:00			`if await async_in_some_groups(user_id, read_groups):`
Motion rework - remove motion version - migrations for versions and change recommendations - Redone motion comments. Wording changed from comment fields to comment sections - fixed test order, tests are not atomic - introduce get_group_model. Just use OpenSlides Groups and not the django's ones. 2018-08-31 15:33:41 +02:00			`data.append(full)`
			`return data`


New motion features - Added weight and sort_parent fields to the motion model - Added motion sort view (adapted from agenda) - Added statute-paragraph model and tests for it - Added statute_paragraph foreign key to the motion model - Created migrations for sorting and statute-paragraph 2018-09-24 10:28:31 +02:00			`class StatuteParagraphAccessPermissions(BaseAccessPermissions):`
			`"""`
			`Access permissions container for StatuteParagraph and StatuteParagraphViewSet.`
			`"""`
Run black 2019-01-06 16:22:33 +01:00
			`base_permission = "motions.can_see"`
New motion features - Added weight and sort_parent fields to the motion model - Added motion sort view (adapted from agenda) - Added statute-paragraph model and tests for it - Added statute_paragraph foreign key to the motion model - Created migrations for sorting and statute-paragraph 2018-09-24 10:28:31 +02:00

Massive refactoring for autoupdate optimization. 2016-02-11 22:58:32 +01:00			`class CategoryAccessPermissions(BaseAccessPermissions):`
			`"""`
			`Access permissions container for Category and CategoryViewSet.`
			`"""`
Run black 2019-01-06 16:22:33 +01:00
			`base_permission = "motions.can_see"`
Massive refactoring for autoupdate optimization. 2016-02-11 22:58:32 +01:00

New feature blocks for motions. - Added ListView, DetailView, UpdateForm and connection to agenda item for MotionBlock. - Added slide and projection default. - Added custom manager for motion blocks. - Enabled current list of speakers slide and overlay for motion block. 2016-10-01 20:42:44 +02:00			`class MotionBlockAccessPermissions(BaseAccessPermissions):`
			`"""`
			`Access permissions container for Category and CategoryViewSet.`
			`"""`
Run black 2019-01-06 16:22:33 +01:00
			`base_permission = "motions.can_see"`
New feature blocks for motions. - Added ListView, DetailView, UpdateForm and connection to agenda item for MotionBlock. - Added slide and projection default. - Added custom manager for motion blocks. - Enabled current list of speakers slide and overlay for motion block. 2016-10-01 20:42:44 +02:00

Massive refactoring for autoupdate optimization. 2016-02-11 22:58:32 +01:00			`class WorkflowAccessPermissions(BaseAccessPermissions):`
			`"""`
			`Access permissions container for Workflow and WorkflowViewSet.`
			`"""`
Run black 2019-01-06 16:22:33 +01:00
			`base_permission = "motions.can_see"`