Django Library PaTT
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

access.py 8.9KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209
  1. from django.conf import settings
  2. import logging
  3. from .models import Task, Project, Comment, TASKSTATE_CHOICES, TASKS_IN_WORK, PROJECTS_IN_WORK, PRIO_CHOICES
  4. logger = logging.getLogger(settings.ROOT_LOGGER_NAME).getChild(__name__)
  5. def read_attachment(request, rel_path):
  6. item_type, item_id = rel_path.split('/')[1:3]
  7. try:
  8. item_id = int(item_id)
  9. except ValueError:
  10. return False
  11. if item_type == 'task':
  12. acc = acc_task(Task.objects.get(id=item_id), request.user)
  13. return acc.read
  14. elif item_type == 'comment':
  15. acc = acc_task(Comment.objects.get(id=item_id).task, request.user)
  16. return acc.read_comments
  17. elif item_type == 'project':
  18. acc = acc_project(Project.objects.get(id=item_id), request.user)
  19. return acc.read
  20. else:
  21. return False
  22. def modify_attachment(request, rel_path):
  23. item_type, item_id = rel_path.split('/')[1:3]
  24. try:
  25. item_id = int(item_id)
  26. except ValueError:
  27. return False
  28. if item_type == 'task':
  29. acc = acc_task(Task.objects.get(id=item_id), request.user)
  30. return acc.modify or acc.modify_limited
  31. elif item_type == 'comment':
  32. comment = Comment.objects.get(id=item_id)
  33. acc = acc_task(comment.task, request.user)
  34. return request.user == comment.user or acc.modify_comment
  35. elif item_type == 'project':
  36. acc = acc_project(Project.objects.get(id=item_id), request.user)
  37. return acc.modify or acc.modify_limited
  38. else:
  39. return False
  40. class acc_task(object):
  41. def __init__(self, task, user):
  42. self.task = task
  43. self.user = user
  44. self.__read__ = None
  45. self.__modify__ = None
  46. self.__modify_limited__ = None
  47. self.__add_comment__ = None
  48. self.__modify_comment__ = None
  49. self.user_has_leader_rights = user in task.project.role_leader.all() and user.is_staff
  50. self.user_has_memeber_rights = user in task.project.role_member.all() and user.is_staff
  51. self.user_has_visitor_rights = user in task.project.role_visitor.all() and user.is_staff
  52. self.user_has_role_rights = self.user_has_leader_rights or self.user_has_memeber_rights or self.user_has_visitor_rights
  53. self.user_is_assigned_user = user == task.assigned_user
  54. @property
  55. def read(self):
  56. if self.__read__ is None:
  57. if self.user.is_superuser:
  58. logger.debug('acc_task.read: Access granted (Task #%d). User is Superuser.', self.task.id)
  59. self.__read__ = True
  60. elif self.user_is_assigned_user and self.task.state in TASKS_IN_WORK:
  61. logger.debug('acc_task.read: Access granted (Task #%d). User is Taskowner and taskstate is open or finished.', self.task.id)
  62. self.__read__ = True
  63. elif self.user_has_role_rights:
  64. logger.debug('acc_task.read: Access granted (Task #%d). User has a role and is Staff.', self.task.id)
  65. self.__read__ = True
  66. else:
  67. logger.debug('acc_task.read: Access denied (Task #%d).', self.task.id)
  68. self.__read__ = False
  69. return self.__read__
  70. @property
  71. def read_comments(self):
  72. return self.read
  73. @property
  74. def modify_limited(self):
  75. if self.__modify_limited__ is None:
  76. if self.user_is_assigned_user and self.user.is_staff and self.task.state in TASKS_IN_WORK:
  77. logger.debug('acc_task.modify_limited: Access granted (Task #%d). User is Taskowner and taskstate is open or finished.', self.task.id)
  78. self.__modify_limited__ = True
  79. else:
  80. logger.debug('acc_task.modify_limited: Access denied (Task #%d).', self.task.id)
  81. self.__modify_limited__ = False
  82. return self.__modify_limited__
  83. @property
  84. def modify(self):
  85. if self.__modify__ is None:
  86. if self.user.is_superuser:
  87. logger.debug('acc_task.modify: Access granted (Task #%d). User is Superuser.', self.task.id)
  88. self.__modify__ = True
  89. elif self.user_has_leader_rights:
  90. logger.debug('acc_task.modify: Access granted (Task #%d). User is Projectleader and staff.', self.task.id)
  91. self.__modify__ = True
  92. else:
  93. logger.debug('acc_task.modify: Access denied (Task #%d).', self.task.id)
  94. self.__modify__ = False
  95. return self.__modify__
  96. @property
  97. def add_comments(self):
  98. if self.__add_comment__ is None:
  99. if self.user.is_superuser:
  100. logger.debug('acc_task.add_comments: Access granted (Task #%d). User is Superuser.', self.task.id)
  101. self.__add_comment__ = True
  102. elif (self.user_has_leader_rights or self.user_has_memeber_rights) and self.task.state in TASKS_IN_WORK:
  103. logger.debug('acc_task.add_comments: Access granted (Task #%d). User is Staff, has role in the project and the task state is open or finished.', self.task.id)
  104. self.__add_comment__ = True
  105. else:
  106. logger.debug('acc_task.add_comments: Access denied (Task #%d).', self.task.id)
  107. self.__add_comment__ = False
  108. return self.__add_comment__
  109. @property
  110. def modify_comment(self):
  111. if self.__modify_comment__ is None:
  112. if self.user.is_superuser:
  113. logger.debug('acc_task.modify_comment: Access granted (Task #%d). User is Superuser.', self.task.id)
  114. self.__modify_comment__ = True
  115. elif self.user_has_leader_rights:
  116. logger.debug('acc_task.modify_comment: Access granted (Task #%d). User is Projectleader.', self.task.id)
  117. self.__modify_comment__ = True
  118. else:
  119. logger.debug('acc_task.modify_comment: Access denied (Task #%d).', self.task.id)
  120. self.__modify_comment__ = False
  121. return self.__modify_comment__
  122. @property
  123. def allowed_targetstates(self):
  124. if self.modify:
  125. rv = [state[0] for state in TASKSTATE_CHOICES]
  126. elif self.modify_limited:
  127. rv = list(TASKS_IN_WORK)
  128. else:
  129. return []
  130. rv.pop(rv.index(self.task.state))
  131. rv.sort()
  132. rv.reverse()
  133. return rv
  134. @property
  135. def allowed_targetpriority(self):
  136. if self.modify:
  137. rv = [prio[0] for prio in PRIO_CHOICES]
  138. rv.pop(rv.index(self.task.priority))
  139. rv.sort()
  140. rv.reverse()
  141. return rv
  142. return []
  143. class acc_project(object):
  144. def __init__(self, project, user):
  145. self.project = project
  146. self.user = user
  147. self.__modify__ = None
  148. self.user_has_leader_rights = user in project.role_leader.all() and user.is_staff
  149. self.user_has_memeber_rights = user in project.role_member.all() and user.is_staff
  150. self.user_has_visitor_rights = user in project.role_visitor.all() and user.is_staff
  151. self.user_has_role_rights = self.user_has_leader_rights or self.user_has_memeber_rights or self.user_has_visitor_rights
  152. @property
  153. def read(self):
  154. if self.user.is_superuser:
  155. logger.debug('acc_project.read: Access granted (Project #%d). User is Superuser.', self.project.id)
  156. return True
  157. elif self.user_has_leader_rights:
  158. logger.debug('acc_project.read: Access granted (Project #%d). User is projectleader.', self.project.id)
  159. return True
  160. elif self.user_has_role_rights and self.project.state in PROJECTS_IN_WORK:
  161. logger.debug('acc_project.read: Access granted (Project #%d). User has a role and project is in work.', self.project.id)
  162. return True
  163. elif len(self.project.task_set.filter(assigned_user=self.user, state__in=TASKS_IN_WORK)) > 0:
  164. logger.debug('acc_project.read: Access granted (Project #%d). User has open tasks.', self.project.id)
  165. return True
  166. else:
  167. logger.debug('acc_project.read: Access denied (Project #%d). User is not authenticated.', self.project.id)
  168. return False
  169. @property
  170. def modify(self):
  171. if self.__modify__ is None:
  172. if self.user.is_superuser:
  173. logger.debug('acc_project.modify: Access granted (Project #%d). User is Superuser.', self.project.id)
  174. self.__modify__ = True
  175. elif self.user in self.project.role_leader.all() and self.user.is_staff:
  176. logger.debug('acc_project.modify: Access granted (Project #%d). User is Projectleader.', self.project.id)
  177. self.__modify__ = True
  178. else:
  179. logger.debug('acc_project.modify: Access denied (Project #%d).', self.project.id)
  180. self.__modify__ = False
  181. return self.__modify__
  182. def create_task_possible(user):
  183. return len(Project.objects.filter(role_leader__in=[user])) + len(Project.objects.filter(role_member__in=[user])) > 0 and user.is_staff
  184. def create_project_possible(user):
  185. return user.is_superuser