patt/access.py

209 lines
8.9 KiB
Python

import logging
from .models import Task, Project, Comment, TASKSTATE_CHOICES, TASKS_IN_WORK, PROJECTS_IN_WORK, PRIO_CHOICES
logger = logging.getLogger('ACC')
def read_attachment(request, rel_path):
item_type, item_id = rel_path.split('/')[1:3]
try:
item_id = int(item_id)
except ValueError:
return False
if item_type == 'task':
acc = acc_task(Task.objects.get(id=item_id), request.user)
return acc.read
elif item_type == 'comment':
acc = acc_task(Comment.objects.get(id=item_id).task, request.user)
return acc.read_comments
elif item_type == 'project':
acc = acc_project(Project.objects.get(id=item_id), request.user)
return acc.read
else:
return False
def modify_attachment(request, rel_path):
item_type, item_id = rel_path.split('/')[1:3]
try:
item_id = int(item_id)
except ValueError:
return False
if item_type == 'task':
acc = acc_task(Task.objects.get(id=item_id), request.user)
return acc.modify or acc.modify_limited
elif item_type == 'comment':
comment = Comment.objects.get(id=item_id)
acc = acc_task(comment.task, request.user)
return request.user == comment.user or acc.modify_comment
elif item_type == 'project':
acc = acc_project(Project.objects.get(id=item_id), request.user)
return acc.modify or acc.modify_limited
else:
return False
class acc_task(object):
def __init__(self, task, user):
self.task = task
self.user = user
self.__read__ = None
self.__modify__ = None
self.__modify_limited__ = None
self.__add_comment__ = None
self.__modify_comment__ = None
self.user_has_leader_rights = user in task.project.role_leader.all() and user.is_staff
self.user_has_memeber_rights = user in task.project.role_member.all() and user.is_staff
self.user_has_visitor_rights = user in task.project.role_visitor.all() and user.is_staff
self.user_has_role_rights = self.user_has_leader_rights or self.user_has_memeber_rights or self.user_has_visitor_rights
self.user_is_assigned_user = user == task.assigned_user
@property
def read(self):
if self.__read__ is None:
if self.user.is_superuser:
logger.debug('acc_task.read: Access granted (Task #%d). User is Superuser.', self.task.id)
self.__read__ = True
elif self.user_is_assigned_user and self.task.state in TASKS_IN_WORK:
logger.debug('acc_task.read: Access granted (Task #%d). User is Taskowner and taskstate is open or finished.', self.task.id)
self.__read__ = True
elif self.user_has_role_rights:
logger.debug('acc_task.read: Access granted (Task #%d). User has a role and is Staff.', self.task.id)
self.__read__ = True
else:
logger.debug('acc_task.read: Access denied (Task #%d).', self.task.id)
self.__read__ = False
return self.__read__
@property
def read_comments(self):
return self.read
@property
def modify_limited(self):
if self.__modify_limited__ is None:
if self.user_is_assigned_user and self.user.is_staff and self.task.state in TASKS_IN_WORK:
logger.debug('acc_task.modify_limited: Access granted (Task #%d). User is Taskowner and taskstate is open or finished.', self.task.id)
self.__modify_limited__ = True
else:
logger.debug('acc_task.modify_limited: Access denied (Task #%d).', self.task.id)
self.__modify_limited__ = False
return self.__modify_limited__
@property
def modify(self):
if self.__modify__ is None:
if self.user.is_superuser:
logger.debug('acc_task.modify: Access granted (Task #%d). User is Superuser.', self.task.id)
self.__modify__ = True
elif self.user_has_leader_rights:
logger.debug('acc_task.modify: Access granted (Task #%d). User is Projectleader and staff.', self.task.id)
self.__modify__ = True
else:
logger.debug('acc_task.modify: Access denied (Task #%d).', self.task.id)
self.__modify__ = False
return self.__modify__
@property
def add_comments(self):
if self.__add_comment__ is None:
if self.user.is_superuser:
logger.debug('acc_task.add_comments: Access granted (Task #%d). User is Superuser.', self.task.id)
self.__add_comment__ = True
elif (self.user_has_leader_rights or self.user_has_memeber_rights) and self.task.state in TASKS_IN_WORK:
logger.debug('acc_task.add_comments: Access granted (Task #%d). User is Staff, has role in the project and the task state is open or finished.', self.task.id)
self.__add_comment__ = True
else:
logger.debug('acc_task.add_comments: Access denied (Task #%d).', self.task.id)
self.__add_comment__ = False
return self.__add_comment__
@property
def modify_comment(self):
if self.__modify_comment__ is None:
if self.user.is_superuser:
logger.debug('acc_task.modify_comment: Access granted (Task #%d). User is Superuser.', self.task.id)
self.__modify_comment__ = True
elif self.user_has_leader_rights:
logger.debug('acc_task.modify_comment: Access granted (Task #%d). User is Projectleader.', self.task.id)
self.__modify_comment__ = True
else:
logger.debug('acc_task.modify_comment: Access denied (Task #%d).', self.task.id)
self.__modify_comment__ = False
return self.__modify_comment__
@property
def allowed_targetstates(self):
if self.modify:
rv = [state[0] for state in TASKSTATE_CHOICES]
elif self.modify_limited:
rv = list(TASKS_IN_WORK)
else:
return []
rv.pop(rv.index(self.task.state))
rv.sort()
rv.reverse()
return rv
@property
def allowed_targetpriority(self):
if self.modify:
rv = [prio[0] for prio in PRIO_CHOICES]
rv.pop(rv.index(self.task.priority))
rv.sort()
rv.reverse()
return rv
return []
class acc_project(object):
def __init__(self, project, user):
self.project = project
self.user = user
self.__modify__ = None
self.user_has_leader_rights = user in project.role_leader.all() and user.is_staff
self.user_has_memeber_rights = user in project.role_member.all() and user.is_staff
self.user_has_visitor_rights = user in project.role_visitor.all() and user.is_staff
self.user_has_role_rights = self.user_has_leader_rights or self.user_has_memeber_rights or self.user_has_visitor_rights
@property
def read(self):
if self.user.is_superuser:
logger.debug('acc_project.read: Access granted (Project #%d). User is Superuser.', self.project.id)
return True
elif self.user_has_leader_rights:
logger.debug('acc_project.read: Access granted (Project #%d). User is projectleader.', self.project.id)
return True
elif self.user_has_role_rights and self.project.state in PROJECTS_IN_WORK:
logger.debug('acc_project.read: Access granted (Project #%d). User has a role and project is in work.', self.project.id)
return True
elif len(self.project.task_set.filter(assigned_user=self.user, state__in=TASKS_IN_WORK)) > 0:
logger.debug('acc_project.read: Access granted (Project #%d). User has open tasks.', self.project.id)
return True
else:
logger.debug('acc_project.read: Access denied (Project #%d). User is not authenticated.', self.project.id)
return False
@property
def modify(self):
if self.__modify__ is None:
if self.user.is_superuser:
logger.debug('acc_project.modify: Access granted (Project #%d). User is Superuser.', self.project.id)
self.__modify__ = True
elif self.user in self.project.role_leader.all() and self.user.is_staff:
logger.debug('acc_project.modify: Access granted (Project #%d). User is Projectleader.', self.project.id)
self.__modify__ = True
else:
logger.debug('acc_project.modify: Access denied (Project #%d).', self.project.id)
self.__modify__ = False
return self.__modify__
def create_task_possible(user):
return len(Project.objects.filter(role_leader__in=[user])) + len(Project.objects.filter(role_member__in=[user])) > 0 and user.is_staff
def create_project_possible(user):
return user.is_superuser