OpenSlides/openslides/utils/access_permissions.py

from typing import Any, Dict, List, Optional, Union

from django.db.models import Model
from rest_framework.serializers import Serializer

from .collection import Collection, CollectionElement

Container = Union[CollectionElement, Collection]
RestrictedData = Union[List[Dict[str, Any]], Dict[str, Any], None]


class BaseAccessPermissions:
    """
    Base access permissions container.

    Every app which has autoupdate models has to create classes subclassing
    from this base class for every autoupdate root model.
    """

    def check_permissions(self, user: Optional[CollectionElement]) -> bool:
        """
        Returns True if the user has read access to model instances.
        """
        return False

    def get_serializer_class(self, user: CollectionElement=None) -> Serializer:
        """
        Returns different serializer classes according to users permissions.

        This should return the serializer for full data access if user is
        None. See get_full_data().
        """
        raise NotImplementedError(
            "You have to add the method 'get_serializer_class' to your "
            "access permissions class.".format(self))

    def get_full_data(self, instance: Model) -> Dict[str, Any]:
        """
        Returns all possible serialized data for the given instance.
        """
        return self.get_serializer_class(user=None)(instance).data

    def get_restricted_data(self, container: Container, user: Optional[CollectionElement]) -> RestrictedData:
        """
        Returns the restricted serialized data for the instance prepared
        for the user.

        The argument container should be a CollectionElement or a
        Collection. The type of the return value is a dictionary or a list
        according to the given type (or None). Returns None or an empty
        list if the user has no read access. Returns reduced data if the
        user has limited access. Default: Returns full data if the user has
        read access to model instances.

        Hint: You should override this method if your get_serializer_class()
        method returns different serializers for different users or if you
        have access restrictions in your view or viewset in methods like
        retrieve() or list().
        """
        if self.check_permissions(user):
            data = container.get_full_data()
        elif isinstance(container, Collection):
            data = []
        else:
            data = None
        return data

    def get_projector_data(self, container: Container) -> RestrictedData:
        """
        Returns the serialized data for the projector. Returns None if the
        user has no access to this specific data. Returns reduced data if
        the user has limited access. Default: Returns full data.
        """
        return container.get_full_data()
more typings 2017-08-24 12:26:55 +02:00			`from typing import Any, Dict, List, Optional, Union`
Forwarding JSON instead of Django model instances to autoupdate loop. - Used raw SQL for createing default projector during inital migration. - Removed default_password and hidden agenda items from autoupdate data for some users. - Removed old get_collection_and_id_from_url() function. 2016-03-02 00:46:19 +01:00
more typings 2017-08-24 12:26:55 +02:00			`from django.db.models import Model`
			`from rest_framework.serializers import Serializer`
Forwarding JSON instead of Django model instances to autoupdate loop. - Used raw SQL for createing default projector during inital migration. - Removed default_password and hidden agenda items from autoupdate data for some users. - Removed old get_collection_and_id_from_url() function. 2016-03-02 00:46:19 +01:00
more typings 2017-08-24 12:26:55 +02:00			`from .collection import Collection, CollectionElement`
Forwarding JSON instead of Django model instances to autoupdate loop. - Used raw SQL for createing default projector during inital migration. - Removed default_password and hidden agenda items from autoupdate data for some users. - Removed old get_collection_and_id_from_url() function. 2016-03-02 00:46:19 +01:00
more typings 2017-08-24 12:26:55 +02:00			`Container = Union[CollectionElement, Collection]`
			`RestrictedData = Union[List[Dict[str, Any]], Dict[str, Any], None]`


			`class BaseAccessPermissions:`
Massive refactoring for autoupdate optimization. 2016-02-11 22:58:32 +01:00			`"""`
			`Base access permissions container.`
Forwarding JSON instead of Django model instances to autoupdate loop. - Used raw SQL for createing default projector during inital migration. - Removed default_password and hidden agenda items from autoupdate data for some users. - Removed old get_collection_and_id_from_url() function. 2016-03-02 00:46:19 +01:00
			`Every app which has autoupdate models has to create classes subclassing`
more typings 2017-08-24 12:26:55 +02:00			`from this base class for every autoupdate root model.`
Massive refactoring for autoupdate optimization. 2016-02-11 22:58:32 +01:00			`"""`
Forwarding JSON instead of Django model instances to autoupdate loop. - Used raw SQL for createing default projector during inital migration. - Removed default_password and hidden agenda items from autoupdate data for some users. - Removed old get_collection_and_id_from_url() function. 2016-03-02 00:46:19 +01:00
more typings 2017-08-24 12:26:55 +02:00			`def check_permissions(self, user: Optional[CollectionElement]) -> bool:`
Massive refactoring for autoupdate optimization. 2016-02-11 22:58:32 +01:00			`"""`
Forwarding JSON instead of Django model instances to autoupdate loop. - Used raw SQL for createing default projector during inital migration. - Removed default_password and hidden agenda items from autoupdate data for some users. - Removed old get_collection_and_id_from_url() function. 2016-03-02 00:46:19 +01:00			`Returns True if the user has read access to model instances.`
Massive refactoring for autoupdate optimization. 2016-02-11 22:58:32 +01:00			`"""`
			`return False`

more typings 2017-08-24 12:26:55 +02:00			`def get_serializer_class(self, user: CollectionElement=None) -> Serializer:`
Massive refactoring for autoupdate optimization. 2016-02-11 22:58:32 +01:00			`"""`
			`Returns different serializer classes according to users permissions.`
Forwarding JSON instead of Django model instances to autoupdate loop. - Used raw SQL for createing default projector during inital migration. - Removed default_password and hidden agenda items from autoupdate data for some users. - Removed old get_collection_and_id_from_url() function. 2016-03-02 00:46:19 +01:00
			`This should return the serializer for full data access if user is`
			`None. See get_full_data().`
Massive refactoring for autoupdate optimization. 2016-02-11 22:58:32 +01:00			`"""`
			`raise NotImplementedError(`
Forwarding JSON instead of Django model instances to autoupdate loop. - Used raw SQL for createing default projector during inital migration. - Removed default_password and hidden agenda items from autoupdate data for some users. - Removed old get_collection_and_id_from_url() function. 2016-03-02 00:46:19 +01:00			`"You have to add the method 'get_serializer_class' to your "`
Massive refactoring for autoupdate optimization. 2016-02-11 22:58:32 +01:00			`"access permissions class.".format(self))`

more typings 2017-08-24 12:26:55 +02:00			`def get_full_data(self, instance: Model) -> Dict[str, Any]:`
Massive refactoring for autoupdate optimization. 2016-02-11 22:58:32 +01:00			`"""`
Forwarding JSON instead of Django model instances to autoupdate loop. - Used raw SQL for createing default projector during inital migration. - Removed default_password and hidden agenda items from autoupdate data for some users. - Removed old get_collection_and_id_from_url() function. 2016-03-02 00:46:19 +01:00			`Returns all possible serialized data for the given instance.`
			`"""`
			`return self.get_serializer_class(user=None)(instance).data`

more typings 2017-08-24 12:26:55 +02:00			`def get_restricted_data(self, container: Container, user: Optional[CollectionElement]) -> RestrictedData:`
Forwarding JSON instead of Django model instances to autoupdate loop. - Used raw SQL for createing default projector during inital migration. - Removed default_password and hidden agenda items from autoupdate data for some users. - Removed old get_collection_and_id_from_url() function. 2016-03-02 00:46:19 +01:00			`"""`
			`Returns the restricted serialized data for the instance prepared`
			`for the user.`

Refactoring of data parsing for startup and autoupdate. 2017-05-01 23:12:42 +02:00			`The argument container should be a CollectionElement or a`
			`Collection. The type of the return value is a dictionary or a list`
			`according to the given type (or None). Returns None or an empty`
			`list if the user has no read access. Returns reduced data if the`
			`user has limited access. Default: Returns full data if the user has`
			`read access to model instances.`
Massive refactoring for autoupdate optimization. 2016-02-11 22:58:32 +01:00
Change system for autoupdate on the projector (#2394) * Second websocket channel for the projector * Removed use of projector requirements for REST API requests. Refactored data serializing for projector websocket connection. * Refactor the way that the projector autoupdate get its data. * Fixed missing assignment slide title for hidden items. * Release all items for item list slide and list of speakers slide. Fixed error with motion workflow. * Created CollectionElement class which helps to handle autoupdate. 2016-09-17 22:26:23 +02:00			`Hint: You should override this method if your get_serializer_class()`
			`method returns different serializers for different users or if you`
			`have access restrictions in your view or viewset in methods like`
Added docstrings. Small changes. 2016-09-30 20:42:58 +02:00			`retrieve() or list().`
Massive refactoring for autoupdate optimization. 2016-02-11 22:58:32 +01:00			`"""`
Change system for autoupdate on the projector (#2394) * Second websocket channel for the projector * Removed use of projector requirements for REST API requests. Refactored data serializing for projector websocket connection. * Refactor the way that the projector autoupdate get its data. * Fixed missing assignment slide title for hidden items. * Release all items for item list slide and list of speakers slide. Fixed error with motion workflow. * Created CollectionElement class which helps to handle autoupdate. 2016-09-17 22:26:23 +02:00			`if self.check_permissions(user):`
Refactoring of data parsing for startup and autoupdate. 2017-05-01 23:12:42 +02:00			`data = container.get_full_data()`
			`elif isinstance(container, Collection):`
Changed restricted data parsing. Cached full data on startup. 2017-04-28 00:50:37 +02:00			`data = []`
Refactoring of data parsing for startup and autoupdate. 2017-05-01 23:12:42 +02:00			`else:`
			`data = None`
Massive refactoring for autoupdate optimization. 2016-02-11 22:58:32 +01:00			`return data`
Change system for autoupdate on the projector (#2394) * Second websocket channel for the projector * Removed use of projector requirements for REST API requests. Refactored data serializing for projector websocket connection. * Refactor the way that the projector autoupdate get its data. * Fixed missing assignment slide title for hidden items. * Release all items for item list slide and list of speakers slide. Fixed error with motion workflow. * Created CollectionElement class which helps to handle autoupdate. 2016-09-17 22:26:23 +02:00
more typings 2017-08-24 12:26:55 +02:00			`def get_projector_data(self, container: Container) -> RestrictedData:`
Change system for autoupdate on the projector (#2394) * Second websocket channel for the projector * Removed use of projector requirements for REST API requests. Refactored data serializing for projector websocket connection. * Refactor the way that the projector autoupdate get its data. * Fixed missing assignment slide title for hidden items. * Release all items for item list slide and list of speakers slide. Fixed error with motion workflow. * Created CollectionElement class which helps to handle autoupdate. 2016-09-17 22:26:23 +02:00			`"""`
Added docstrings. Small changes. 2016-09-30 20:42:58 +02:00			`Returns the serialized data for the projector. Returns None if the`
			`user has no access to this specific data. Returns reduced data if`
			`the user has limited access. Default: Returns full data.`
Change system for autoupdate on the projector (#2394) * Second websocket channel for the projector * Removed use of projector requirements for REST API requests. Refactored data serializing for projector websocket connection. * Refactor the way that the projector autoupdate get its data. * Fixed missing assignment slide title for hidden items. * Release all items for item list slide and list of speakers slide. Fixed error with motion workflow. * Created CollectionElement class which helps to handle autoupdate. 2016-09-17 22:26:23 +02:00			`"""`
Fixed get_projector_data impementation. Closed #3282. 2017-06-13 21:44:45 +02:00			`return container.get_full_data()`