import logging from .models import Task, Project, Comment, TASKSTATE_CHOICES, TASKS_IN_WORK, PROJECTS_IN_WORK, PRIO_CHOICES logger = logging.getLogger('ACC') def read_attachment(request, rel_path): item_type, item_id = rel_path.split('/')[1:3] try: item_id = int(item_id) except ValueError: return False if item_type == 'task': acc = acc_task(Task.objects.get(id=item_id), request.user) return acc.read elif item_type == 'comment': acc = acc_task(Comment.objects.get(id=item_id).task, request.user) return acc.read_comments elif item_type == 'project': acc = acc_project(Project.objects.get(id=item_id), request.user) return acc.read else: return False def modify_attachment(request, rel_path): item_type, item_id = rel_path.split('/')[1:3] try: item_id = int(item_id) except ValueError: return False if item_type == 'task': acc = acc_task(Task.objects.get(id=item_id), request.user) return acc.modify or acc.modify_limited elif item_type == 'comment': comment = Comment.objects.get(id=item_id) acc = acc_task(comment.task, request.user) return request.user == comment.user or acc.modify_comment elif item_type == 'project': acc = acc_project(Project.objects.get(id=item_id), request.user) return acc.modify or acc.modify_limited else: return False class acc_task(object): def __init__(self, task, user): self.task = task self.user = user self.__read__ = None self.__modify__ = None self.__modify_limited__ = None self.__add_comment__ = None self.__modify_comment__ = None self.user_has_leader_rights = user in task.project.role_leader.all() and user.is_staff self.user_has_memeber_rights = user in task.project.role_member.all() and user.is_staff self.user_has_visitor_rights = user in task.project.role_visitor.all() and user.is_staff self.user_has_role_rights = self.user_has_leader_rights or self.user_has_memeber_rights or self.user_has_visitor_rights self.user_is_assigned_user = user == task.assigned_user @property def read(self): if self.__read__ is None: if self.user.is_superuser: logger.debug('acc_task.read: Access granted (Task #%d). User is Superuser.', self.task.id) self.__read__ = True elif self.user_is_assigned_user and self.task.state in TASKS_IN_WORK: logger.debug('acc_task.read: Access granted (Task #%d). User is Taskowner and taskstate is open or finished.', self.task.id) self.__read__ = True elif self.user_has_role_rights: logger.debug('acc_task.read: Access granted (Task #%d). User has a role and is Staff.', self.task.id) self.__read__ = True else: logger.debug('acc_task.read: Access denied (Task #%d).', self.task.id) self.__read__ = False return self.__read__ @property def read_comments(self): return self.read @property def modify_limited(self): if self.__modify_limited__ is None: if self.user_is_assigned_user and self.user.is_staff and self.task.state in TASKS_IN_WORK: logger.debug('acc_task.modify_limited: Access granted (Task #%d). User is Taskowner and taskstate is open or finished.', self.task.id) self.__modify_limited__ = True else: logger.debug('acc_task.modify_limited: Access denied (Task #%d).', self.task.id) self.__modify_limited__ = False return self.__modify_limited__ @property def modify(self): if self.__modify__ is None: if self.user.is_superuser: logger.debug('acc_task.modify: Access granted (Task #%d). User is Superuser.', self.task.id) self.__modify__ = True elif self.user_has_leader_rights: logger.debug('acc_task.modify: Access granted (Task #%d). User is Projectleader and staff.', self.task.id) self.__modify__ = True else: logger.debug('acc_task.modify: Access denied (Task #%d).', self.task.id) self.__modify__ = False return self.__modify__ @property def add_comments(self): if self.__add_comment__ is None: if self.user.is_superuser: logger.debug('acc_task.add_comments: Access granted (Task #%d). User is Superuser.', self.task.id) self.__add_comment__ = True elif (self.user_has_leader_rights or self.user_has_memeber_rights) and self.task.state in TASKS_IN_WORK: logger.debug('acc_task.add_comments: Access granted (Task #%d). User is Staff, has role in the project and the task state is open or finished.', self.task.id) self.__add_comment__ = True else: logger.debug('acc_task.add_comments: Access denied (Task #%d).', self.task.id) self.__add_comment__ = False return self.__add_comment__ @property def modify_comment(self): if self.__modify_comment__ is None: if self.user.is_superuser: logger.debug('acc_task.modify_comment: Access granted (Task #%d). User is Superuser.', self.task.id) self.__modify_comment__ = True elif self.user_has_leader_rights: logger.debug('acc_task.modify_comment: Access granted (Task #%d). User is Projectleader.', self.task.id) self.__modify_comment__ = True else: logger.debug('acc_task.modify_comment: Access denied (Task #%d).', self.task.id) self.__modify_comment__ = False return self.__modify_comment__ @property def allowed_targetstates(self): if self.modify: rv = [state[0] for state in TASKSTATE_CHOICES] elif self.modify_limited: rv = list(TASKS_IN_WORK) else: return [] rv.pop(rv.index(self.task.state)) rv.sort() rv.reverse() return rv @property def allowed_targetpriority(self): if self.modify: rv = [prio[0] for prio in PRIO_CHOICES] rv.pop(rv.index(self.task.priority)) rv.sort() rv.reverse() return rv return [] class acc_project(object): def __init__(self, project, user): self.project = project self.user = user self.__modify__ = None self.user_has_leader_rights = user in project.role_leader.all() and user.is_staff self.user_has_memeber_rights = user in project.role_member.all() and user.is_staff self.user_has_visitor_rights = user in project.role_visitor.all() and user.is_staff self.user_has_role_rights = self.user_has_leader_rights or self.user_has_memeber_rights or self.user_has_visitor_rights @property def read(self): if self.user.is_superuser: logger.debug('acc_project.read: Access granted (Project #%d). User is Superuser.', self.project.id) return True elif self.user_has_leader_rights: logger.debug('acc_project.read: Access granted (Project #%d). User is projectleader.', self.project.id) return True elif self.user_has_role_rights and self.project.state in PROJECTS_IN_WORK: logger.debug('acc_project.read: Access granted (Project #%d). User has a role and project is in work.', self.project.id) return True elif len(self.project.task_set.filter(assigned_user=self.user, state__in=TASKS_IN_WORK)) > 0: logger.debug('acc_project.read: Access granted (Project #%d). User has open tasks.', self.project.id) return True else: logger.debug('acc_project.read: Access denied (Project #%d). User is not authenticated.', self.project.id) return False @property def modify(self): if self.__modify__ is None: if self.user.is_superuser: logger.debug('acc_project.modify: Access granted (Project #%d). User is Superuser.', self.project.id) self.__modify__ = True elif self.user in self.project.role_leader.all() and self.user.is_staff: logger.debug('acc_project.modify: Access granted (Project #%d). User is Projectleader.', self.project.id) self.__modify__ = True else: logger.debug('acc_project.modify: Access denied (Project #%d).', self.project.id) self.__modify__ = False return self.__modify__ def create_task_possible(user): return len(Project.objects.filter(role_leader__in=[user])) + len(Project.objects.filter(role_member__in=[user])) > 0 and user.is_staff def create_project_possible(user): return user.is_superuser