ag-admin/OpenSlides
0
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
ef451afae1
OpenSlides/server/openslides/agenda/access_permissions.py
FinnStutzenstein 2bcab5d098
Repository restructure 
- moved all server related things into the folder `server`, so this
configuration is parallel to the client.
- All main "services" are now folders in the root directory
- Added Dockerfiles to each service (currently server and client)
- Added a docker compose configuration to start everything together.
Currently there are heavy dependencies into https://github.com/OpenSlides/openslides-docker-compose
- Resturctured the .gitignore. If someone needs something excluded,
please add it to the right section.
- Added initial build setup with Docker and docker-compose.
- removed setup.py. We won't deliver OpenSlides via pip anymore.
2020-08-21 08:11:13 +02:00

73 lines
2.6 KiB
Python
Raw Blame History

from typing import Any, Dict, List
from ..utils.access_permissions import BaseAccessPermissions
from ..utils.auth import async_has_perm
class ItemAccessPermissions(BaseAccessPermissions):
"""
Access permissions container for Item and ItemViewSet.
"""
base_permission = "agenda.can_see"
# TODO: In the following method we use full_data['is_hidden'] and
# full_data['is_internal'] but this can be out of date.
async def get_restricted_data(
self, full_data: List[Dict[str, Any]], user_id: int
) -> List[Dict[str, Any]]:
"""
Returns the restricted serialized data for the instance prepared
for the user. If the user does not have agenda.can_see, no data will
be retuned.
Hidden items can only be seen by managers with can_manage permission. If a user
does not have this permission, he is not allowed to see comments.
Internal items can only be seen by users with can_see_internal_items. If a user
does not have this permission, he is not allowed to see the duration.
"""
def filtered_data(full_data, blocked_keys):
"""
Returns a new dict like full_data but with all blocked_keys removed.
"""
whitelist = full_data.keys() - blocked_keys
return {key: full_data[key] for key in whitelist}
# Parse data.
if full_data and await async_has_perm(user_id, "agenda.can_see"):
# Assume the user has all permissions. Restrict this below.
data = full_data
blocked_keys: List[str] = []
# Restrict data for non managers
if not await async_has_perm(user_id, "agenda.can_manage"):
data = [
full for full in data if not full["is_hidden"]
] # filter hidden items
blocked_keys.append("comment")
# Restrict data for users without can_see_internal_items
if not await async_has_perm(user_id, "agenda.can_see_internal_items"):
data = [full for full in data if not full["is_internal"]]
blocked_keys.append("duration")
if len(blocked_keys) > 0:
data = [filtered_data(full, blocked_keys) for full in data]
else:
data = []
return data
class ListOfSpeakersAccessPermissions(BaseAccessPermissions):
"""
Access permissions container for ListOfSpeakers and ListOfSpeakersViewSet.
No data will be restricted, because everyone can see the list of speakers
at any time.
"""
base_permission = "agenda.can_see_list_of_speakers"
Reference in New Issue View Git Blame Copy Permalink