2016-11-02 00:09:59 +01:00
|
|
|
from copy import deepcopy
|
|
|
|
|
2016-07-29 23:33:47 +02:00
|
|
|
from ..core.config import config
|
2016-02-11 22:58:32 +01:00
|
|
|
from ..utils.access_permissions import BaseAccessPermissions
|
2016-12-17 09:30:20 +01:00
|
|
|
from ..utils.auth import has_perm
|
2017-05-01 23:12:42 +02:00
|
|
|
from ..utils.collection import Collection, CollectionElement
|
2016-02-11 22:58:32 +01:00
|
|
|
|
|
|
|
|
|
|
|
class MotionAccessPermissions(BaseAccessPermissions):
|
|
|
|
"""
|
|
|
|
Access permissions container for Motion and MotionViewSet.
|
|
|
|
"""
|
2016-09-17 22:26:23 +02:00
|
|
|
def check_permissions(self, user):
|
2016-02-11 22:58:32 +01:00
|
|
|
"""
|
|
|
|
Returns True if the user has read access model instances.
|
|
|
|
"""
|
2016-12-17 09:30:20 +01:00
|
|
|
return has_perm(user, 'motions.can_see')
|
2016-02-11 22:58:32 +01:00
|
|
|
|
2016-03-02 00:46:19 +01:00
|
|
|
def get_serializer_class(self, user=None):
|
2016-02-11 22:58:32 +01:00
|
|
|
"""
|
|
|
|
Returns serializer class.
|
|
|
|
"""
|
|
|
|
from .serializers import MotionSerializer
|
|
|
|
|
|
|
|
return MotionSerializer
|
|
|
|
|
2017-05-01 23:12:42 +02:00
|
|
|
def get_restricted_data(self, container, user):
|
2016-07-29 23:33:47 +02:00
|
|
|
"""
|
|
|
|
Returns the restricted serialized data for the instance prepared for
|
2016-12-09 18:00:45 +01:00
|
|
|
the user. Removes motion if the user has not the permission to see
|
|
|
|
the motion in this state. Removes non public comment fields for
|
2017-05-01 23:12:42 +02:00
|
|
|
some unauthorized users. Ensures that a user can only see his own
|
|
|
|
personal notes.
|
2016-07-29 23:33:47 +02:00
|
|
|
"""
|
2017-05-01 23:12:42 +02:00
|
|
|
# Expand full_data to a list if it is not one.
|
|
|
|
full_data = container.get_full_data() if isinstance(container, Collection) else [container.get_full_data()]
|
|
|
|
|
|
|
|
# Parse data.
|
|
|
|
if has_perm(user, 'motions.can_see'):
|
|
|
|
# TODO: Refactor this after personal_notes system is refactored.
|
|
|
|
data = []
|
|
|
|
for full in full_data:
|
|
|
|
# Check if user is submitter of this motion.
|
|
|
|
if isinstance(user, CollectionElement):
|
|
|
|
is_submitter = user.get_full_data()['id'] in full.get('submitters_id', [])
|
|
|
|
else:
|
|
|
|
# Anonymous users can not be submitters.
|
|
|
|
is_submitter = False
|
|
|
|
|
|
|
|
# Check see permission for this motion.
|
|
|
|
required_permission_to_see = full['state_required_permission_to_see']
|
|
|
|
permission = (
|
|
|
|
not required_permission_to_see or
|
|
|
|
has_perm(user, required_permission_to_see) or
|
|
|
|
has_perm(user, 'motions.can_manage') or
|
|
|
|
is_submitter)
|
|
|
|
|
|
|
|
# Parse single motion.
|
|
|
|
if permission:
|
|
|
|
if has_perm(user, 'motions.can_see_and_manage_comments') or not full.get('comments'):
|
|
|
|
# Provide access to all fields.
|
|
|
|
motion = full
|
2017-04-28 00:50:37 +02:00
|
|
|
else:
|
2017-05-01 23:12:42 +02:00
|
|
|
# Set private comment fields to None.
|
|
|
|
full_copy = deepcopy(full)
|
2017-04-28 00:50:37 +02:00
|
|
|
for i, field in enumerate(config['motions_comments']):
|
|
|
|
if not field.get('public'):
|
|
|
|
try:
|
2017-05-01 23:12:42 +02:00
|
|
|
full_copy['comments'][i] = None
|
2017-04-28 00:50:37 +02:00
|
|
|
except IndexError:
|
|
|
|
# No data in range. Just do nothing.
|
|
|
|
pass
|
2017-05-01 23:12:42 +02:00
|
|
|
motion = full_copy
|
|
|
|
|
2017-04-28 00:50:37 +02:00
|
|
|
# Now filter personal notes.
|
2017-05-01 23:12:42 +02:00
|
|
|
motion = motion.copy()
|
|
|
|
motion['personal_notes'] = []
|
2017-04-28 00:50:37 +02:00
|
|
|
if user is not None:
|
2017-05-01 23:12:42 +02:00
|
|
|
for personal_note in full.get('personal_notes', []):
|
2017-04-28 00:50:37 +02:00
|
|
|
if personal_note.get('user_id') == user.id:
|
2017-05-01 23:12:42 +02:00
|
|
|
motion['personal_notes'].append(personal_note)
|
2017-04-28 00:50:37 +02:00
|
|
|
break
|
2017-05-01 23:12:42 +02:00
|
|
|
|
|
|
|
data.append(motion)
|
|
|
|
else:
|
|
|
|
data = []
|
|
|
|
|
|
|
|
# Reduce result to a single item or None if it was not a collection at
|
|
|
|
# the beginning of the method.
|
|
|
|
if isinstance(container, Collection):
|
|
|
|
restricted_data = data
|
|
|
|
elif data:
|
|
|
|
restricted_data = data[0]
|
|
|
|
else:
|
|
|
|
restricted_data = None
|
|
|
|
|
|
|
|
return restricted_data
|
2016-07-29 23:33:47 +02:00
|
|
|
|
2016-09-17 22:26:23 +02:00
|
|
|
def get_projector_data(self, full_data):
|
|
|
|
"""
|
|
|
|
Returns the restricted serialized data for the instance prepared
|
|
|
|
for the projector. Removes several fields.
|
|
|
|
"""
|
|
|
|
data = full_data.copy()
|
2016-11-14 13:16:34 +01:00
|
|
|
if data.get('comments') is not None:
|
|
|
|
for i, field in enumerate(config['motions_comments']):
|
|
|
|
if not field.get('public'):
|
|
|
|
try:
|
|
|
|
data['comments'][i] = None
|
|
|
|
except IndexError:
|
|
|
|
# No data in range. Just do nothing.
|
|
|
|
pass
|
2016-09-17 22:26:23 +02:00
|
|
|
return data
|
|
|
|
|
2016-02-11 22:58:32 +01:00
|
|
|
|
2016-09-10 18:49:38 +02:00
|
|
|
class MotionChangeRecommendationAccessPermissions(BaseAccessPermissions):
|
|
|
|
"""
|
|
|
|
Access permissions container for MotionChangeRecommendation and MotionChangeRecommendationViewSet.
|
|
|
|
"""
|
|
|
|
def check_permissions(self, user):
|
|
|
|
"""
|
|
|
|
Returns True if the user has read access model instances.
|
|
|
|
"""
|
2016-12-17 09:30:20 +01:00
|
|
|
return has_perm(user, 'motions.can_see')
|
2016-09-10 18:49:38 +02:00
|
|
|
|
|
|
|
def get_serializer_class(self, user=None):
|
|
|
|
"""
|
|
|
|
Returns serializer class.
|
|
|
|
"""
|
|
|
|
from .serializers import MotionChangeRecommendationSerializer
|
|
|
|
|
|
|
|
return MotionChangeRecommendationSerializer
|
|
|
|
|
|
|
|
|
2016-02-11 22:58:32 +01:00
|
|
|
class CategoryAccessPermissions(BaseAccessPermissions):
|
|
|
|
"""
|
|
|
|
Access permissions container for Category and CategoryViewSet.
|
|
|
|
"""
|
2016-09-17 22:26:23 +02:00
|
|
|
def check_permissions(self, user):
|
2016-02-11 22:58:32 +01:00
|
|
|
"""
|
|
|
|
Returns True if the user has read access model instances.
|
|
|
|
"""
|
2016-12-17 09:30:20 +01:00
|
|
|
return has_perm(user, 'motions.can_see')
|
2016-02-11 22:58:32 +01:00
|
|
|
|
2016-03-02 00:46:19 +01:00
|
|
|
def get_serializer_class(self, user=None):
|
2016-02-11 22:58:32 +01:00
|
|
|
"""
|
|
|
|
Returns serializer class.
|
|
|
|
"""
|
|
|
|
from .serializers import CategorySerializer
|
|
|
|
|
|
|
|
return CategorySerializer
|
|
|
|
|
|
|
|
|
2016-10-01 20:42:44 +02:00
|
|
|
class MotionBlockAccessPermissions(BaseAccessPermissions):
|
|
|
|
"""
|
|
|
|
Access permissions container for Category and CategoryViewSet.
|
|
|
|
"""
|
|
|
|
def check_permissions(self, user):
|
|
|
|
"""
|
|
|
|
Returns True if the user has read access model instances.
|
|
|
|
"""
|
2016-12-17 09:30:20 +01:00
|
|
|
return has_perm(user, 'motions.can_see')
|
2016-10-01 20:42:44 +02:00
|
|
|
|
|
|
|
def get_serializer_class(self, user=None):
|
|
|
|
"""
|
|
|
|
Returns serializer class.
|
|
|
|
"""
|
|
|
|
from .serializers import MotionBlockSerializer
|
|
|
|
|
|
|
|
return MotionBlockSerializer
|
|
|
|
|
|
|
|
|
2016-02-11 22:58:32 +01:00
|
|
|
class WorkflowAccessPermissions(BaseAccessPermissions):
|
|
|
|
"""
|
|
|
|
Access permissions container for Workflow and WorkflowViewSet.
|
|
|
|
"""
|
2016-09-17 22:26:23 +02:00
|
|
|
def check_permissions(self, user):
|
2016-02-11 22:58:32 +01:00
|
|
|
"""
|
|
|
|
Returns True if the user has read access model instances.
|
|
|
|
"""
|
2016-12-17 09:30:20 +01:00
|
|
|
return has_perm(user, 'motions.can_see')
|
2016-02-11 22:58:32 +01:00
|
|
|
|
2016-03-02 00:46:19 +01:00
|
|
|
def get_serializer_class(self, user=None):
|
2016-02-11 22:58:32 +01:00
|
|
|
"""
|
|
|
|
Returns serializer class.
|
|
|
|
"""
|
|
|
|
from .serializers import WorkflowSerializer
|
|
|
|
|
|
|
|
return WorkflowSerializer
|