Django Library PaTT
您最多选择25个主题 主题必须以字母或数字开头,可以包含连字符 (-),并且长度不得超过35个字符

access.py 8.9KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208
  1. import logging
  2. from .models import Task, Project, Comment, TASKSTATE_CHOICES, TASKS_IN_WORK, PROJECTS_IN_WORK, PRIO_CHOICES
  3. logger = logging.getLogger('ACC')
  4. def read_attachment(request, rel_path):
  5. item_type, item_id = rel_path.split('/')[1:3]
  6. try:
  7. item_id = int(item_id)
  8. except ValueError:
  9. return False
  10. if item_type == 'task':
  11. acc = acc_task(Task.objects.get(id=item_id), request.user)
  12. return acc.read
  13. elif item_type == 'comment':
  14. acc = acc_task(Comment.objects.get(id=item_id).task, request.user)
  15. return acc.read_comments
  16. elif item_type == 'project':
  17. acc = acc_project(Project.objects.get(id=item_id), request.user)
  18. return acc.read
  19. else:
  20. return False
  21. def modify_attachment(request, rel_path):
  22. item_type, item_id = rel_path.split('/')[1:3]
  23. try:
  24. item_id = int(item_id)
  25. except ValueError:
  26. return False
  27. if item_type == 'task':
  28. acc = acc_task(Task.objects.get(id=item_id), request.user)
  29. return acc.modify or acc.modify_limited
  30. elif item_type == 'comment':
  31. comment = Comment.objects.get(id=item_id)
  32. acc = acc_task(comment.task, request.user)
  33. return request.user == comment.user or acc.modify_comment
  34. elif item_type == 'project':
  35. acc = acc_project(Project.objects.get(id=item_id), request.user)
  36. return acc.modify or acc.modify_limited
  37. else:
  38. return False
  39. class acc_task(object):
  40. def __init__(self, task, user):
  41. self.task = task
  42. self.user = user
  43. self.__read__ = None
  44. self.__modify__ = None
  45. self.__modify_limited__ = None
  46. self.__add_comment__ = None
  47. self.__modify_comment__ = None
  48. self.user_has_leader_rights = user in task.project.role_leader.all() and user.is_staff
  49. self.user_has_memeber_rights = user in task.project.role_member.all() and user.is_staff
  50. self.user_has_visitor_rights = user in task.project.role_visitor.all() and user.is_staff
  51. self.user_has_role_rights = self.user_has_leader_rights or self.user_has_memeber_rights or self.user_has_visitor_rights
  52. self.user_is_assigned_user = user == task.assigned_user
  53. @property
  54. def read(self):
  55. if self.__read__ is None:
  56. if self.user.is_superuser:
  57. logger.debug('acc_task.read: Access granted (Task #%d). User is Superuser.', self.task.id)
  58. self.__read__ = True
  59. elif self.user_is_assigned_user and self.task.state in TASKS_IN_WORK:
  60. logger.debug('acc_task.read: Access granted (Task #%d). User is Taskowner and taskstate is open or finished.', self.task.id)
  61. self.__read__ = True
  62. elif self.user_has_role_rights:
  63. logger.debug('acc_task.read: Access granted (Task #%d). User has a role and is Staff.', self.task.id)
  64. self.__read__ = True
  65. else:
  66. logger.debug('acc_task.read: Access denied (Task #%d).', self.task.id)
  67. self.__read__ = False
  68. return self.__read__
  69. @property
  70. def read_comments(self):
  71. return self.read
  72. @property
  73. def modify_limited(self):
  74. if self.__modify_limited__ is None:
  75. if self.user_is_assigned_user and self.user.is_staff and self.task.state in TASKS_IN_WORK:
  76. logger.debug('acc_task.modify_limited: Access granted (Task #%d). User is Taskowner and taskstate is open or finished.', self.task.id)
  77. self.__modify_limited__ = True
  78. else:
  79. logger.debug('acc_task.modify_limited: Access denied (Task #%d).', self.task.id)
  80. self.__modify_limited__ = False
  81. return self.__modify_limited__
  82. @property
  83. def modify(self):
  84. if self.__modify__ is None:
  85. if self.user.is_superuser:
  86. logger.debug('acc_task.modify: Access granted (Task #%d). User is Superuser.', self.task.id)
  87. self.__modify__ = True
  88. elif self.user_has_leader_rights:
  89. logger.debug('acc_task.modify: Access granted (Task #%d). User is Projectleader and staff.', self.task.id)
  90. self.__modify__ = True
  91. else:
  92. logger.debug('acc_task.modify: Access denied (Task #%d).', self.task.id)
  93. self.__modify__ = False
  94. return self.__modify__
  95. @property
  96. def add_comments(self):
  97. if self.__add_comment__ is None:
  98. if self.user.is_superuser:
  99. logger.debug('acc_task.add_comments: Access granted (Task #%d). User is Superuser.', self.task.id)
  100. self.__add_comment__ = True
  101. elif (self.user_has_leader_rights or self.user_has_memeber_rights) and self.task.state in TASKS_IN_WORK:
  102. logger.debug('acc_task.add_comments: Access granted (Task #%d). User is Staff, has role in the project and the task state is open or finished.', self.task.id)
  103. self.__add_comment__ = True
  104. else:
  105. logger.debug('acc_task.add_comments: Access denied (Task #%d).', self.task.id)
  106. self.__add_comment__ = False
  107. return self.__add_comment__
  108. @property
  109. def modify_comment(self):
  110. if self.__modify_comment__ is None:
  111. if self.user.is_superuser:
  112. logger.debug('acc_task.modify_comment: Access granted (Task #%d). User is Superuser.', self.task.id)
  113. self.__modify_comment__ = True
  114. elif self.user_has_leader_rights:
  115. logger.debug('acc_task.modify_comment: Access granted (Task #%d). User is Projectleader.', self.task.id)
  116. self.__modify_comment__ = True
  117. else:
  118. logger.debug('acc_task.modify_comment: Access denied (Task #%d).', self.task.id)
  119. self.__modify_comment__ = False
  120. return self.__modify_comment__
  121. @property
  122. def allowed_targetstates(self):
  123. if self.modify:
  124. rv = [state[0] for state in TASKSTATE_CHOICES]
  125. elif self.modify_limited:
  126. rv = list(TASKS_IN_WORK)
  127. else:
  128. return []
  129. rv.pop(rv.index(self.task.state))
  130. rv.sort()
  131. rv.reverse()
  132. return rv
  133. @property
  134. def allowed_targetpriority(self):
  135. if self.modify:
  136. rv = [prio[0] for prio in PRIO_CHOICES]
  137. rv.pop(rv.index(self.task.priority))
  138. rv.sort()
  139. rv.reverse()
  140. return rv
  141. return []
  142. class acc_project(object):
  143. def __init__(self, project, user):
  144. self.project = project
  145. self.user = user
  146. self.__modify__ = None
  147. self.user_has_leader_rights = user in project.role_leader.all() and user.is_staff
  148. self.user_has_memeber_rights = user in project.role_member.all() and user.is_staff
  149. self.user_has_visitor_rights = user in project.role_visitor.all() and user.is_staff
  150. self.user_has_role_rights = self.user_has_leader_rights or self.user_has_memeber_rights or self.user_has_visitor_rights
  151. @property
  152. def read(self):
  153. if self.user.is_superuser:
  154. logger.debug('acc_project.read: Access granted (Project #%d). User is Superuser.', self.project.id)
  155. return True
  156. elif self.user_has_leader_rights:
  157. logger.debug('acc_project.read: Access granted (Project #%d). User is projectleader.', self.project.id)
  158. return True
  159. elif self.user_has_role_rights and self.project.state in PROJECTS_IN_WORK:
  160. logger.debug('acc_project.read: Access granted (Project #%d). User has a role and project is in work.', self.project.id)
  161. return True
  162. elif len(self.project.task_set.filter(assigned_user=self.user, state__in=TASKS_IN_WORK)) > 0:
  163. logger.debug('acc_project.read: Access granted (Project #%d). User has open tasks.', self.project.id)
  164. return True
  165. else:
  166. logger.debug('acc_project.read: Access denied (Project #%d). User is not authenticated.', self.project.id)
  167. return False
  168. @property
  169. def modify(self):
  170. if self.__modify__ is None:
  171. if self.user.is_superuser:
  172. logger.debug('acc_project.modify: Access granted (Project #%d). User is Superuser.', self.project.id)
  173. self.__modify__ = True
  174. elif self.user in self.project.role_leader.all() and self.user.is_staff:
  175. logger.debug('acc_project.modify: Access granted (Project #%d). User is Projectleader.', self.project.id)
  176. self.__modify__ = True
  177. else:
  178. logger.debug('acc_project.modify: Access denied (Project #%d).', self.project.id)
  179. self.__modify__ = False
  180. return self.__modify__
  181. def create_task_possible(user):
  182. return len(Project.objects.filter(role_leader__in=[user])) + len(Project.objects.filter(role_member__in=[user])) > 0 and user.is_staff
  183. def create_project_possible(user):
  184. return user.is_superuser