Skip to content

Commit

Permalink
restringido acceso a task y departaments de otras companies
Browse files Browse the repository at this point in the history
  • Loading branch information
@anddonram
anddonram committed Jun 26, 2017
1 parent 4654ea4 commit f4bb88c
Show file tree
Hide file tree
Showing 2 changed files with 22 additions and 20 deletions.
5 changes: 3 additions & 2 deletions Metronus-Project/metronus_app/controllers/departmentController.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -153,7 +153,8 @@ def edit(request, department_id):
"""

# Check that the current user is an administrator
admin = check_department(None, request)
department = get_object_or_404(Department, pk=department_id)
admin = check_department(department, request)
repeated_name = False

# if this is a POST request we need to process the form data
Expand All @@ -165,7 +166,7 @@ def edit(request, department_id):
# process the data in form.cleaned_data as required
# ...
# redirect to a new URL:
department = get_object_or_404(Department, pk=form.cleaned_data['department_id'])


dep = find_name(form.cleaned_data['name'], admin)
# dep does not exists or it's the same
Expand Down
37 changes: 19 additions & 18 deletions Metronus-Project/metronus_app/controllers/taskController.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -202,7 +202,8 @@ def edit(request, task_id):
task_form.html
"""
# Check that the user is logged in
actor = check_task(None, request)
task = get_object_or_404(Task, pk=task_id)
actor = check_task(task, request)

errors = []

Expand All @@ -214,7 +215,6 @@ def edit(request, task_id):
if form.is_valid():
# process the data in form.cleaned_data as required
errors=process_task_form(form)
task = get_object_or_404(Task, pk=form.cleaned_data['task_id'])
check_task(task, request)
# find tasks with the same name
pro = Task.objects.filter(name=form.cleaned_data['name'],
Expand All @@ -230,7 +230,6 @@ def edit(request, task_id):

# if a GET (or any other method) we'll create a blank form
else:
task = get_object_or_404(Task, pk=task_id)
form = TaskForm(initial={"name": task.name, "description": task.description,
"task_id": task.id,
"production_goal": task.production_goal if task.production_goal is not None else "",
Expand Down Expand Up @@ -553,6 +552,7 @@ def check_role_for_list(request):
else:
# not a manager
task = Task.objects.filter(actor_id__company_id=actor.company_id,
projectDepartment_id__project_id__deleted=False,projectDepartment_id__department_id__active=True,
projectDepartment_id__projectdepartmentemployeerole__employee_id=actor,
active=True).distinct()
else:
Expand Down Expand Up @@ -627,19 +627,20 @@ def find_collections(request):

if actor.user_type != 'A':
# not an admin
is_team_manager = ProjectDepartmentEmployeeRole.objects.filter(employee_id=actor, role_id__tier=30)
res = is_team_manager.count() > 0
is_executive = ProjectDepartmentEmployeeRole.objects.filter(employee_id=actor, role_id__tier=50)
res = is_executive.count() > 0


if res:
# is manager
# is executive
proyectos = Project.objects.filter(company_id=actor.company_id, deleted=False)
departamentos = Department.objects.filter(company_id=actor.company_id, active=True)
else:
# not a manager
roles_pro = ProjectDepartmentEmployeeRole.objects.filter(employee_id=actor, role_id__tier__gte=40)
roles_dep = ProjectDepartmentEmployeeRole.objects.filter(employee_id=actor, role_id__tier=20)
# not an executive

roles_dep = ProjectDepartmentEmployeeRole.objects.filter(employee_id=actor, role_id__tier__gte=20)

if roles_pro.count() > 0 or roles_dep.count() > 0:
if roles_dep.count() > 0:
# you're a project manager. Loading your projects
proyectos = Project.objects.filter(
company_id=actor.company_id, deleted=False,
Expand Down Expand Up @@ -671,19 +672,19 @@ def find_departments(request):

if actor.user_type != 'A':
# not an admin
is_team_manager = ProjectDepartmentEmployeeRole.objects.filter(employee_id=actor, role_id__tier=30)
res = is_team_manager.count() > 0
is_executive = ProjectDepartmentEmployeeRole.objects.filter(employee_id=actor, role_id__tier=50)
res = is_executive.count() > 0

if res:
# is manager
# is executive
departamentos = Department.objects.filter(company_id=actor.company_id, active=True)
else:
# not a manager
roles_pro = ProjectDepartmentEmployeeRole.objects.filter(employee_id=actor, role_id__tier__gte=40)
roles_dep = ProjectDepartmentEmployeeRole.objects.filter(employee_id=actor, role_id__tier=20)
# not an executive
roles_dep = ProjectDepartmentEmployeeRole.objects.filter(employee_id=actor, role_id__tier__gte=20,
projectDepartment_id__project_id__deleted=False,projectDepartment_id__department_id__active=True)

if roles_pro.count() > 0 or roles_dep.count() > 0:
# you're a project manager or a coordinator. Loading your projects
if roles_dep.count() > 0:
# you're a project manager or a coordinator. Loading your departments for the selected project
departamentos = Department.objects.filter(
company_id=actor.company_id, active=True,
projectdepartment__projectdepartmentemployeerole__employee_id=actor,
Expand Down

0 comments on commit f4bb88c

Please sign in to comment.