OpenSlides/openslides/motions/access_permissions.py

from copy import deepcopy

from ..core.config import config
from ..utils.access_permissions import BaseAccessPermissions
from ..utils.auth import has_perm
from ..utils.collection import CollectionElement


class MotionAccessPermissions(BaseAccessPermissions):
    """
    Access permissions container for Motion and MotionViewSet.
    """
    def check_permissions(self, user):
        """
        Returns True if the user has read access model instances.
        """
        return has_perm(user, 'motions.can_see')

    def get_serializer_class(self, user=None):
        """
        Returns serializer class.
        """
        from .serializers import MotionSerializer

        return MotionSerializer

    def get_restricted_data(self, full_data, user):
        """
        Returns the restricted serialized data for the instance prepared for
        the user. Removes motion if the user has not the permission to see
        the motion in this state. Removes non public comment fields for
        some unauthorized users.
        """
        many_items = not isinstance(full_data, dict)
        full_data_list = full_data if many_items else [full_data]
        out = []
        for full_data in full_data_list:
            if isinstance(user, CollectionElement):
                is_submitter = user.get_full_data()['id'] in full_data.get('submitters_id', [])
            else:
                # Anonymous users can not be submitters
                is_submitter = False

            required_permission_to_see = full_data['state_required_permission_to_see']
            data = None
            if has_perm(user, 'motions.can_see'):
                if (not required_permission_to_see or
                        has_perm(user, required_permission_to_see) or
                        has_perm(user, 'motions.can_manage') or
                        is_submitter):
                    if has_perm(user, 'motions.can_see_and_manage_comments') or not full_data.get('comments'):
                        data = full_data
                    else:
                        data = deepcopy(full_data)
                        for i, field in enumerate(config['motions_comments']):
                            if not field.get('public'):
                                try:
                                    data['comments'][i] = None
                                except IndexError:
                                    # No data in range. Just do nothing.
                                    pass
                    # Now filter personal notes.
                    data = data.copy()
                    data['personal_notes'] = []
                    if user is not None:
                        for personal_note in full_data.get('personal_notes', []):
                            if personal_note.get('user_id') == user.id:
                                data['personal_notes'].append(personal_note)
                                break
            out.append(data)
        return out if many_items else out[0]

    def get_projector_data(self, full_data):
        """
        Returns the restricted serialized data for the instance prepared
        for the projector. Removes several fields.
        """
        data = full_data.copy()
        if data.get('comments') is not None:
            for i, field in enumerate(config['motions_comments']):
                if not field.get('public'):
                    try:
                        data['comments'][i] = None
                    except IndexError:
                        # No data in range. Just do nothing.
                        pass
        return data


class MotionChangeRecommendationAccessPermissions(BaseAccessPermissions):
    """
    Access permissions container for MotionChangeRecommendation and MotionChangeRecommendationViewSet.
    """
    def check_permissions(self, user):
        """
        Returns True if the user has read access model instances.
        """
        return has_perm(user, 'motions.can_see')

    def get_serializer_class(self, user=None):
        """
        Returns serializer class.
        """
        from .serializers import MotionChangeRecommendationSerializer

        return MotionChangeRecommendationSerializer


class CategoryAccessPermissions(BaseAccessPermissions):
    """
    Access permissions container for Category and CategoryViewSet.
    """
    def check_permissions(self, user):
        """
        Returns True if the user has read access model instances.
        """
        return has_perm(user, 'motions.can_see')

    def get_serializer_class(self, user=None):
        """
        Returns serializer class.
        """
        from .serializers import CategorySerializer

        return CategorySerializer


class MotionBlockAccessPermissions(BaseAccessPermissions):
    """
    Access permissions container for Category and CategoryViewSet.
    """
    def check_permissions(self, user):
        """
        Returns True if the user has read access model instances.
        """
        return has_perm(user, 'motions.can_see')

    def get_serializer_class(self, user=None):
        """
        Returns serializer class.
        """
        from .serializers import MotionBlockSerializer

        return MotionBlockSerializer


class WorkflowAccessPermissions(BaseAccessPermissions):
    """
    Access permissions container for Workflow and WorkflowViewSet.
    """
    def check_permissions(self, user):
        """
        Returns True if the user has read access model instances.
        """
        return has_perm(user, 'motions.can_see')

    def get_serializer_class(self, user=None):
        """
        Returns serializer class.
        """
        from .serializers import WorkflowSerializer

        return WorkflowSerializer