django_lib
/
patt


			
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209
							from django.conf import settings
import logging
from .models import Task, Project, Comment, TASKSTATE_CHOICES, TASKS_IN_WORK, PROJECTS_IN_WORK, PRIO_CHOICES


logger = logging.getLogger(settings.ROOT_LOGGER_NAME).getChild(__name__)


def read_attachment(request, rel_path):
    item_type, item_id = rel_path.split('/')[1:3]
    try:
        item_id = int(item_id)
    except ValueError:
        return False
    if item_type == 'task':
        acc = acc_task(Task.objects.get(id=item_id), request.user)
        return acc.read
    elif item_type == 'comment':
        acc = acc_task(Comment.objects.get(id=item_id).task, request.user)
        return acc.read_comments
    elif item_type == 'project':
        acc = acc_project(Project.objects.get(id=item_id), request.user)
        return acc.read
    else:
        return False


def modify_attachment(request, rel_path):
    item_type, item_id = rel_path.split('/')[1:3]
    try:
        item_id = int(item_id)
    except ValueError:
        return False
    if item_type == 'task':
        acc = acc_task(Task.objects.get(id=item_id), request.user)
        return acc.modify or acc.modify_limited
    elif item_type == 'comment':
        comment = Comment.objects.get(id=item_id)
        acc = acc_task(comment.task, request.user)
        return request.user == comment.user or acc.modify_comment
    elif item_type == 'project':
        acc = acc_project(Project.objects.get(id=item_id), request.user)
        return acc.modify or acc.modify_limited
    else:
        return False


class acc_task(object):
    def __init__(self, task, user):
        self.task = task
        self.user = user
        self.__read__ = None
        self.__modify__ = None
        self.__modify_limited__ = None
        self.__add_comment__ = None
        self.__modify_comment__ = None
        self.user_has_leader_rights = user in task.project.role_leader.all() and user.is_staff
        self.user_has_memeber_rights = user in task.project.role_member.all() and user.is_staff
        self.user_has_visitor_rights = user in task.project.role_visitor.all() and user.is_staff
        self.user_has_role_rights = self.user_has_leader_rights or self.user_has_memeber_rights or self.user_has_visitor_rights
        self.user_is_assigned_user = user == task.assigned_user

    @property
    def read(self):
        if self.__read__ is None:
            if self.user.is_superuser:
                logger.debug('acc_task.read: Access granted (Task #%d). User is Superuser.', self.task.id)
                self.__read__ = True
            elif self.user_is_assigned_user and self.task.state in TASKS_IN_WORK:
                logger.debug('acc_task.read: Access granted (Task #%d). User is Taskowner and taskstate is open or finished.', self.task.id)
                self.__read__ = True
            elif self.user_has_role_rights:
                logger.debug('acc_task.read: Access granted (Task #%d). User has a role and is Staff.', self.task.id)
                self.__read__ = True
            else:
                logger.debug('acc_task.read: Access denied (Task #%d).', self.task.id)
                self.__read__ = False
        return self.__read__

    @property
    def read_comments(self):
        return self.read

    @property
    def modify_limited(self):
        if self.__modify_limited__ is None:
            if self.user_is_assigned_user and self.user.is_staff and self.task.state in TASKS_IN_WORK:
                logger.debug('acc_task.modify_limited: Access granted (Task #%d). User is Taskowner and taskstate is open or finished.', self.task.id)
                self.__modify_limited__ = True
            else:
                logger.debug('acc_task.modify_limited: Access denied (Task #%d).', self.task.id)
                self.__modify_limited__ = False
        return self.__modify_limited__

    @property
    def modify(self):
        if self.__modify__ is None:
            if self.user.is_superuser:
                logger.debug('acc_task.modify: Access granted (Task #%d). User is Superuser.', self.task.id)
                self.__modify__ = True
            elif self.user_has_leader_rights:
                logger.debug('acc_task.modify: Access granted (Task #%d). User is Projectleader and staff.', self.task.id)
                self.__modify__ = True
            else:
                logger.debug('acc_task.modify: Access denied (Task #%d).', self.task.id)
                self.__modify__ = False
        return self.__modify__

    @property
    def add_comments(self):
        if self.__add_comment__ is None:
            if self.user.is_superuser:
                logger.debug('acc_task.add_comments: Access granted (Task #%d). User is Superuser.', self.task.id)
                self.__add_comment__ = True
            elif (self.user_has_leader_rights or self.user_has_memeber_rights) and self.task.state in TASKS_IN_WORK:
                logger.debug('acc_task.add_comments: Access granted (Task #%d). User is Staff, has role in the project and the task state is open or finished.', self.task.id)
                self.__add_comment__ = True
            else:
                logger.debug('acc_task.add_comments: Access denied (Task #%d).', self.task.id)
                self.__add_comment__ = False
        return self.__add_comment__

    @property
    def modify_comment(self):
        if self.__modify_comment__ is None:
            if self.user.is_superuser:
                logger.debug('acc_task.modify_comment: Access granted (Task #%d). User is Superuser.', self.task.id)
                self.__modify_comment__ = True
            elif self.user_has_leader_rights:
                logger.debug('acc_task.modify_comment: Access granted (Task #%d). User is Projectleader.', self.task.id)
                self.__modify_comment__ = True
            else:
                logger.debug('acc_task.modify_comment: Access denied (Task #%d).', self.task.id)
                self.__modify_comment__ = False
        return self.__modify_comment__

    @property
    def allowed_targetstates(self):
        if self.modify:
            rv = [state[0] for state in TASKSTATE_CHOICES]
        elif self.modify_limited:
            rv = list(TASKS_IN_WORK)
        else:
            return []
        rv.pop(rv.index(self.task.state))
        rv.sort()
        rv.reverse()
        return rv

    @property
    def allowed_targetpriority(self):
        if self.modify:
            rv = [prio[0] for prio in PRIO_CHOICES]
            rv.pop(rv.index(self.task.priority))
            rv.sort()
            rv.reverse()
            return rv
        return []


class acc_project(object):
    def __init__(self, project, user):
        self.project = project
        self.user = user
        self.__modify__ = None
        self.user_has_leader_rights = user in project.role_leader.all() and user.is_staff
        self.user_has_memeber_rights = user in project.role_member.all() and user.is_staff
        self.user_has_visitor_rights = user in project.role_visitor.all() and user.is_staff
        self.user_has_role_rights = self.user_has_leader_rights or self.user_has_memeber_rights or self.user_has_visitor_rights

    @property
    def read(self):
        if self.user.is_superuser:
            logger.debug('acc_project.read: Access granted (Project #%d). User is Superuser.', self.project.id)
            return True
        elif self.user_has_leader_rights:
            logger.debug('acc_project.read: Access granted (Project #%d). User is projectleader.', self.project.id)
            return True
        elif self.user_has_role_rights and self.project.state in PROJECTS_IN_WORK:
            logger.debug('acc_project.read: Access granted (Project #%d). User has a role and project is in work.', self.project.id)
            return True
        elif len(self.project.task_set.filter(assigned_user=self.user, state__in=TASKS_IN_WORK)) > 0:
            logger.debug('acc_project.read: Access granted (Project #%d). User has open tasks.', self.project.id)
            return True
        else:
            logger.debug('acc_project.read: Access denied (Project #%d). User is not authenticated.', self.project.id)
            return False

    @property
    def modify(self):
        if self.__modify__ is None:
            if self.user.is_superuser:
                logger.debug('acc_project.modify: Access granted (Project #%d). User is Superuser.', self.project.id)
                self.__modify__ = True
            elif self.user in self.project.role_leader.all() and self.user.is_staff:
                logger.debug('acc_project.modify: Access granted (Project #%d). User is Projectleader.', self.project.id)
                self.__modify__ = True
            else:
                logger.debug('acc_project.modify: Access denied (Project #%d).', self.project.id)
                self.__modify__ = False
        return self.__modify__


def create_task_possible(user):
    return len(Project.objects.filter(role_leader__in=[user])) + len(Project.objects.filter(role_member__in=[user])) > 0 and user.is_staff


def create_project_possible(user):
    return user.is_superuser