Skip to content

Commit

Permalink
Merge branch 'feature/extend_extra_permissions' into develop
Browse files Browse the repository at this point in the history
  • Loading branch information
@robotichead
robotichead committed Sep 25, 2024
2 parents c92aff8 + e358121 commit f2b4993
Show file tree
Hide file tree
Showing 48 changed files with 5,758 additions and 634 deletions.
151 changes: 0 additions & 151 deletions NearBeach/decorators/check_user_permissions/check_user_permissions.py
View file

This file was deleted.

24 changes: 14 additions & 10 deletions NearBeach/decorators/check_user_permissions/object_permissions.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -64,25 +64,28 @@ def inner(request, *args, **kwargs):
else:
destination = args[0]

# Place Extra Permissions into the kwargs
kwargs["extra_permissions"] = extra_permissions

# If sub object, use partials
if destination == "kanban_card":
# Setup kwargs to have kanban_card_id
kwargs["kanban_card_id"] = kwargs["location_id"]
passes, user_level, extra_level = kanban_card_permissions(request, kwargs, extra_permissions)
passes, user_level, extra_level = kanban_card_permissions(request, kwargs)
elif destination == "requirement_item":
# Setup kwargs to have requirement item id
kwargs["requirement_item_id"] = kwargs["location_id"]
passes, user_level, extra_level = requirement_item_permissions(request, kwargs, extra_permissions)
passes, user_level, extra_level = requirement_item_permissions(request, kwargs)
elif destination == "change_task":
# Setup kwargs to have change task id
kwargs["change_task_id"] = kwargs["location_id"]
passes, user_level, extra_level = change_task_permissions(request, kwargs, extra_permissions)
passes, user_level, extra_level = change_task_permissions(request, kwargs)
elif destination == "organisation":
passes, user_level, extra_level = organisation_permissions(request, kwargs, extra_permissions)
passes, user_level, extra_level = organisation_permissions(request, kwargs)
elif destination == "customer":
passes, user_level, extra_level = customer_permissions(request, kwargs)
else:
passes, user_level, extra_level = generic_permissions(request, destination, kwargs, extra_permissions)
passes, user_level, extra_level = generic_permissions(request, destination, kwargs)

if not passes:
raise PermissionDenied
Expand All @@ -99,7 +102,7 @@ def inner(request, *args, **kwargs):
return decorator


def check_specific_object_permissions(min_permission_level, object_lookup):
def check_specific_object_permissions(min_permission_level, object_lookup, extra_permissions=""):
"""
Checks the user's permissions against the provided object_lookup.
From here it will determine which partial permission it should
Expand All @@ -117,16 +120,17 @@ def inner(request, *args, **kwargs):
if object_lookup == "":
raise PermissionDenied

# Add extra permissions to kwargs
# kwargs["extra_permissions"] = extra_permissions

# Use the FUNCTION_DICT to determine which partial permissions we need to
# reference
passes, user_level, _ = FUNCTION_DICT[object_lookup](request, kwargs, "")
passes, user_level, extra_level = FUNCTION_DICT[object_lookup](request, kwargs)

if not passes:
raise PermissionDenied
raise error_403
# HttpResponseRedirect()HttpResponseRedirect

if user_level >= min_permission_level:
if user_level >= min_permission_level or extra_level:
# Everything is fine - continue on
return func(request, *args, **kwargs, user_level=user_level)

Expand Down
42 changes: 42 additions & 0 deletions NearBeach/decorators/check_user_permissions/organisation_permissions.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,3 +41,45 @@ def inner(request, *args, **kwargs):
return inner

return decorator


def check_user_organisation_note_permissions():
"""
Function is only used when checking user permissions against
organisations. Min Permission Level determines if the user
will have enough permission to proceed.
"""

def decorator(func):
@wraps(func)
def inner(request, *args, **kwargs):
# if user is admin -grant them all permissions
if request.user.is_superuser:
# Return the function with a user_level of 4
return func(request, *args, **kwargs, user_level=4)

# Default user level is 0
user_group_results = UserGroup.objects.filter(
is_deleted=False,
username=request.user,
)

# Get the max permission value from user_group_results
user_level = user_group_results.aggregate(
Max("permission_set__organisation")
)["permission_set__organisation__max"]

extra_level = user_group_results.aggregate(
Max("permission_set__organisation_note"),
)["permission_set__organisation_note__max"]

if user_level >= 2 or extra_level > 0:
# Everything is fine - continue on
return func(request, *args, **kwargs, user_level=user_level)

# Does not meet conditions
raise PermissionDenied

return inner

return decorator
12 changes: 6 additions & 6 deletions NearBeach/decorators/check_user_permissions/partials/change_task_permissions.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,12 @@
from django.db.models import Max, Q


def change_task_permissions(request, kwargs, extra_permissions=""):
def change_task_permissions(request, kwargs):
# Extra Permissions
extra_permissions = ""
if "extra_permissions" in kwargs:
extra_permissions = kwargs.get("extra_permissions")

# Default user level is 0
user_group_results = UserGroup.objects.filter(
is_deleted=False,
Expand Down Expand Up @@ -47,10 +52,5 @@ def change_task_permissions(request, kwargs, extra_permissions=""):
permission_set__document=1,
).count() > 0

# if extra_permissions == "history":
# extra_level = user_group_results.filter(
# permission_set__rfc_history=1,
# ).count() > 0

# Return
return True, user_level, extra_level
17 changes: 10 additions & 7 deletions NearBeach/decorators/check_user_permissions/partials/generic_permissions.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,12 @@
from NearBeach.models import Group, ObjectAssignment, UserGroup


def generic_permissions(request, object_lookup, kwargs, extra_permissions):
def generic_permissions(request, object_lookup, kwargs):
# Extra Permissions
extra_permissions = ""
if "extra_permissions" in kwargs:
extra_permissions = kwargs.get("extra_permissions")

# Default user level is 0
user_group_results = UserGroup.objects.filter(
is_deleted=False,
Expand Down Expand Up @@ -43,11 +48,9 @@ def generic_permissions(request, object_lookup, kwargs, extra_permissions):
permission_set__document=1,
).count() > 0

# TODO: Implement a more generic version, so we can include other objects like requirements, organisations, customers etc.
if object_lookup in ["project", "task"]:
if extra_permissions == "history":
extra_level = user_group_results.filter(
**{F"permission_set__{object_lookup}_history": 1}
).count() > 0
if extra_permissions == "note":
extra_level = user_group_results.filter(
**{F"permission_set__{object_lookup}_note": 1}
).count() > 0

return True, user_level, extra_level
2 changes: 1 addition & 1 deletion NearBeach/decorators/check_user_permissions/partials/kanban_board_permissions.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@


# Internal Function
def kanban_board_permissions(request, kwargs, extra_permissions=""):
def kanban_board_permissions(request, kwargs):
# Default user level is 0
user_group_results = UserGroup.objects.filter(
is_deleted=False,
Expand Down
13 changes: 9 additions & 4 deletions NearBeach/decorators/check_user_permissions/partials/kanban_card_permissions.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,12 @@


# Internal Function
def kanban_card_permissions(request, kwargs, extra_permissions):
def kanban_card_permissions(request, kwargs):
# Extra Permissions
extra_permissions = ""
if "extra_permissions" in kwargs:
extra_permissions = kwargs.get("extra_permissions")

# Default user level is 0
user_group_results = UserGroup.objects.filter(
is_deleted=False,
Expand All @@ -29,7 +34,7 @@ def kanban_card_permissions(request, kwargs, extra_permissions):
# Check to make sure the user groups intersect
if len(group_results) == 0:
# There are no matching groups - i.e. the user does not have any permission
return False, 0
return False, 0, False

# Get the max permission value from user_group_results
user_level = user_group_results.aggregate(
Expand All @@ -43,9 +48,9 @@ def kanban_card_permissions(request, kwargs, extra_permissions):
permission_set__document=1,
).count() > 0

if extra_permissions == "history":
if extra_permissions == "note":
extra_level = user_group_results.filter(
permission_set__kanban_comment=1,
permission_set__kanban_note=1,
).count() > 0

return True, user_level, extra_level
Expand Down
2 changes: 1 addition & 1 deletion NearBeach/decorators/check_user_permissions/partials/kanban_column_permissions.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@


# Internal Function
def kanban_column_permissions(request, kwargs, extra_permissions=""):
def kanban_column_permissions(request, kwargs):
# Default user level is 0
user_group_results = UserGroup.objects.filter(
is_deleted=False,
Expand Down
2 changes: 1 addition & 1 deletion NearBeach/decorators/check_user_permissions/partials/kanban_level_permissions.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@


# Internal Function
def kanban_level_permissions(request, kwargs, extra_permissions=""):
def kanban_level_permissions(request, kwargs):
# Default user level is 0
user_group_results = UserGroup.objects.filter(
is_deleted=False,
Expand Down
2 changes: 1 addition & 1 deletion NearBeach/decorators/check_user_permissions/partials/object_note_permissions.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
from django.db.models import Max, Q


def object_note_permissions(request, kwargs, extra_permissions=""):
def object_note_permissions(request, kwargs):
"""
Checks the user's permission to determine if they have permission to delete this note.
Currently only;
Expand Down
Loading

0 comments on commit f2b4993

Please sign in to comment.