123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208 |
- import logging
- from .models import Task, Project, Comment, TASKSTATE_CHOICES, TASKS_IN_WORK, PROJECTS_IN_WORK, PRIO_CHOICES
-
-
- logger = logging.getLogger('ACC')
-
-
- def read_attachment(request, rel_path):
- item_type, item_id = rel_path.split('/')[1:3]
- try:
- item_id = int(item_id)
- except ValueError:
- return False
- if item_type == 'task':
- acc = acc_task(Task.objects.get(id=item_id), request.user)
- return acc.read
- elif item_type == 'comment':
- acc = acc_task(Comment.objects.get(id=item_id).task, request.user)
- return acc.read_comments
- elif item_type == 'project':
- acc = acc_project(Project.objects.get(id=item_id), request.user)
- return acc.read
- else:
- return False
-
-
- def modify_attachment(request, rel_path):
- item_type, item_id = rel_path.split('/')[1:3]
- try:
- item_id = int(item_id)
- except ValueError:
- return False
- if item_type == 'task':
- acc = acc_task(Task.objects.get(id=item_id), request.user)
- return acc.modify or acc.modify_limited
- elif item_type == 'comment':
- comment = Comment.objects.get(id=item_id)
- acc = acc_task(comment.task, request.user)
- return request.user == comment.user or acc.modify_comment
- elif item_type == 'project':
- acc = acc_project(Project.objects.get(id=item_id), request.user)
- return acc.modify or acc.modify_limited
- else:
- return False
-
-
- class acc_task(object):
- def __init__(self, task, user):
- self.task = task
- self.user = user
- self.__read__ = None
- self.__modify__ = None
- self.__modify_limited__ = None
- self.__add_comment__ = None
- self.__modify_comment__ = None
- self.user_has_leader_rights = user in task.project.role_leader.all() and user.is_staff
- self.user_has_memeber_rights = user in task.project.role_member.all() and user.is_staff
- self.user_has_visitor_rights = user in task.project.role_visitor.all() and user.is_staff
- self.user_has_role_rights = self.user_has_leader_rights or self.user_has_memeber_rights or self.user_has_visitor_rights
- self.user_is_assigned_user = user == task.assigned_user
-
- @property
- def read(self):
- if self.__read__ is None:
- if self.user.is_superuser:
- logger.debug('acc_task.read: Access granted (Task #%d). User is Superuser.', self.task.id)
- self.__read__ = True
- elif self.user_is_assigned_user and self.task.state in TASKS_IN_WORK:
- logger.debug('acc_task.read: Access granted (Task #%d). User is Taskowner and taskstate is open or finished.', self.task.id)
- self.__read__ = True
- elif self.user_has_role_rights:
- logger.debug('acc_task.read: Access granted (Task #%d). User has a role and is Staff.', self.task.id)
- self.__read__ = True
- else:
- logger.debug('acc_task.read: Access denied (Task #%d).', self.task.id)
- self.__read__ = False
- return self.__read__
-
- @property
- def read_comments(self):
- return self.read
-
- @property
- def modify_limited(self):
- if self.__modify_limited__ is None:
- if self.user_is_assigned_user and self.user.is_staff and self.task.state in TASKS_IN_WORK:
- logger.debug('acc_task.modify_limited: Access granted (Task #%d). User is Taskowner and taskstate is open or finished.', self.task.id)
- self.__modify_limited__ = True
- else:
- logger.debug('acc_task.modify_limited: Access denied (Task #%d).', self.task.id)
- self.__modify_limited__ = False
- return self.__modify_limited__
-
- @property
- def modify(self):
- if self.__modify__ is None:
- if self.user.is_superuser:
- logger.debug('acc_task.modify: Access granted (Task #%d). User is Superuser.', self.task.id)
- self.__modify__ = True
- elif self.user_has_leader_rights:
- logger.debug('acc_task.modify: Access granted (Task #%d). User is Projectleader and staff.', self.task.id)
- self.__modify__ = True
- else:
- logger.debug('acc_task.modify: Access denied (Task #%d).', self.task.id)
- self.__modify__ = False
- return self.__modify__
-
- @property
- def add_comments(self):
- if self.__add_comment__ is None:
- if self.user.is_superuser:
- logger.debug('acc_task.add_comments: Access granted (Task #%d). User is Superuser.', self.task.id)
- self.__add_comment__ = True
- elif (self.user_has_leader_rights or self.user_has_memeber_rights) and self.task.state in TASKS_IN_WORK:
- logger.debug('acc_task.add_comments: Access granted (Task #%d). User is Staff, has role in the project and the task state is open or finished.', self.task.id)
- self.__add_comment__ = True
- else:
- logger.debug('acc_task.add_comments: Access denied (Task #%d).', self.task.id)
- self.__add_comment__ = False
- return self.__add_comment__
-
- @property
- def modify_comment(self):
- if self.__modify_comment__ is None:
- if self.user.is_superuser:
- logger.debug('acc_task.modify_comment: Access granted (Task #%d). User is Superuser.', self.task.id)
- self.__modify_comment__ = True
- elif self.user_has_leader_rights:
- logger.debug('acc_task.modify_comment: Access granted (Task #%d). User is Projectleader.', self.task.id)
- self.__modify_comment__ = True
- else:
- logger.debug('acc_task.modify_comment: Access denied (Task #%d).', self.task.id)
- self.__modify_comment__ = False
- return self.__modify_comment__
-
- @property
- def allowed_targetstates(self):
- if self.modify:
- rv = [state[0] for state in TASKSTATE_CHOICES]
- elif self.modify_limited:
- rv = list(TASKS_IN_WORK)
- else:
- return []
- rv.pop(rv.index(self.task.state))
- rv.sort()
- rv.reverse()
- return rv
-
- @property
- def allowed_targetpriority(self):
- if self.modify:
- rv = [prio[0] for prio in PRIO_CHOICES]
- rv.pop(rv.index(self.task.priority))
- rv.sort()
- rv.reverse()
- return rv
- return []
-
-
- class acc_project(object):
- def __init__(self, project, user):
- self.project = project
- self.user = user
- self.__modify__ = None
- self.user_has_leader_rights = user in project.role_leader.all() and user.is_staff
- self.user_has_memeber_rights = user in project.role_member.all() and user.is_staff
- self.user_has_visitor_rights = user in project.role_visitor.all() and user.is_staff
- self.user_has_role_rights = self.user_has_leader_rights or self.user_has_memeber_rights or self.user_has_visitor_rights
-
- @property
- def read(self):
- if self.user.is_superuser:
- logger.debug('acc_project.read: Access granted (Project #%d). User is Superuser.', self.project.id)
- return True
- elif self.user_has_leader_rights:
- logger.debug('acc_project.read: Access granted (Project #%d). User is projectleader.', self.project.id)
- return True
- elif self.user_has_role_rights and self.project.state in PROJECTS_IN_WORK:
- logger.debug('acc_project.read: Access granted (Project #%d). User has a role and project is in work.', self.project.id)
- return True
- elif len(self.project.task_set.filter(assigned_user=self.user, state__in=TASKS_IN_WORK)) > 0:
- logger.debug('acc_project.read: Access granted (Project #%d). User has open tasks.', self.project.id)
- return True
- else:
- logger.debug('acc_project.read: Access denied (Project #%d). User is not authenticated.', self.project.id)
- return False
-
- @property
- def modify(self):
- if self.__modify__ is None:
- if self.user.is_superuser:
- logger.debug('acc_project.modify: Access granted (Project #%d). User is Superuser.', self.project.id)
- self.__modify__ = True
- elif self.user in self.project.role_leader.all() and self.user.is_staff:
- logger.debug('acc_project.modify: Access granted (Project #%d). User is Projectleader.', self.project.id)
- self.__modify__ = True
- else:
- logger.debug('acc_project.modify: Access denied (Project #%d).', self.project.id)
- self.__modify__ = False
- return self.__modify__
-
-
- def create_task_possible(user):
- return len(Project.objects.filter(role_leader__in=[user])) + len(Project.objects.filter(role_member__in=[user])) > 0 and user.is_staff
-
-
- def create_project_possible(user):
- return user.is_superuser
|