Merge pull request #7 from bgroff/feature/permissions

Feature/permissions
bgroff · Oct 24, 2017 · 0d0669e · 0d0669e
2 parents 9d75f01 + 31bbfde
commit 0d0669e
Show file tree

Hide file tree

Showing 46 changed files with 623 additions and 503 deletions.
diff --git a/deploy/app_specific.sh b/deploy/app_specific.sh
@@ -6,8 +6,8 @@ PROJECT_URL=$2
 source /home/vagrant/.zshrc
 cd /srv/$PROJECT-app/django_$PROJECT
 python3 manage.py migrate
-echo "from accounts.models import User; user = User.objects.create(**{'email': 'teststaff@example.com', 'is_active': True, 'is_staff': True, 'is_superuser': True, 'is_admin': True, 'last_name': 'Staff', 'username': 'teststaff'}); user.set_password('test'); user.save();" | python3 manage.py shell
-echo "from accounts.models import User; user = User.objects.create(**{'email': 'testuser@example.com', 'first_name': 'Test', 'is_active': True, 'is_staff': False, 'is_superuser': False, 'last_name': 'User', 'username': 'testuser'}); user.set_password('test'); user.save();" | python3 manage.py shell
+echo "from auth.models import User; user = User.objects.create(**{'email': 'teststaff@example.com', 'is_active': True, 'is_staff': True, 'is_superuser': True, 'last_name': 'Staff', 'username': 'teststaff'}); user.set_password('test'); user.save();" | python3 manage.py shell
+echo "from auth.models import User; user = User.objects.create(**{'email': 'testuser@example.com', 'first_name': 'Test', 'is_active': True, 'is_staff': False, 'is_superuser': False, 'last_name': 'User', 'username': 'testuser'}); user.set_password('test'); user.save();" | python3 manage.py shell
 
 # add the admin static pages.
 ln -s /home/vagrant/.virtualenvs/$PROJECT/lib/python3.5/site-packages/django/contrib/admin/static/admin /srv/$PROJECT-app/django_$PROJECT/django_$PROJECT/static

diff --git a/django_kala/auth/migrations/0001_initial.py b/django_kala/auth/migrations/0001_initial.py
@@ -1,10 +1,12 @@
 # -*- coding: utf-8 -*-
-# Generated by Django 1.11.2 on 2017-08-15 02:29
+# Generated by Django 1.11.6 on 2017-10-24 04:06
 from __future__ import unicode_literals
 
+from django.conf import settings
 import django.contrib.auth.models
 import django.contrib.auth.validators
 from django.db import migrations, models
+import django.db.models.deletion
 import django.utils.timezone
 import django_localflavor_us.models
 import timezone_field.fields
@@ -16,8 +18,8 @@ class Migration(migrations.Migration):
     initial = True
 
     dependencies = [
-        ('auth', '0008_alter_user_username_max_length'),
         ('organizations', '__first__'),
+        ('auth', '0008_alter_user_username_max_length'),
     ]
 
     operations = [
@@ -59,4 +61,13 @@ class Migration(migrations.Migration):
                 ('objects', django.contrib.auth.models.UserManager()),
             ],
         ),
+        migrations.CreateModel(
+            name='Permissions',
+            fields=[
+                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('object_uuid', models.UUIDField()),
+                ('permission', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to='auth.Permission')),
+                ('user', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to=settings.AUTH_USER_MODEL)),
+            ],
+        ),
     ]
diff --git a/django_kala/auth/models.py b/django_kala/auth/models.py
@@ -1,5 +1,5 @@
 from django.conf import settings
-from django.contrib.auth.models import UserManager, AbstractUser
+from django.contrib.auth.models import UserManager, AbstractUser, Permission
 from django.db import models
 from django.utils.translation import ugettext_lazy as _
 from django_localflavor_us.models import PhoneNumberField
@@ -8,6 +8,7 @@
 
 import organizations
 import projects
+import documents
 import datetime
 
 
@@ -46,29 +47,77 @@ def set_active(self, active):
             self.removed = datetime.date.today()
         self.save()
 
-    def get_organizations(self, has_projects=True):
+    def get_organizations_with_create(self):
         if self.is_superuser:
-            _organizations = organizations.models.Organization.objects.active()
-        else:
-            _organizations = organizations.models.Organization.objects.active().filter(
-                pk__in=projects.models.Project.clients.through.objects.filter(
-                    user__pk=self.pk
-                ).values('project__organization__pk')
-            )
-        if has_projects:
-            has_projects = organizations.models.Organization.objects.active().filter(
-                pk__in=projects.models.Project.objects.active().values('organization__pk'))
-            return _organizations & has_projects
-        return _organizations
+            return organizations.models.Organization.objects.all()
+        return organizations.models.Organization.objects.filter(
+            uuid__in=Permissions.objects.filter(user=self, permission__codename='add_organization').values_list(
+                'object_uuid', flat=True))
+
+    def get_organizations(self):
+        if self.is_superuser:
+            return organizations.models.Organization.objects.active()
+        project_uuids = Permissions.objects.filter(
+            user=self,
+            permission__codename__in=[
+                'change_project',
+                'add_project',
+                'delete_project'
+            ]
+        ).values_list('object_uuid', flat=True)
+        project_org_uuids = projects.models.Project.objects.filter(
+            uuid__in=project_uuids
+        ).values_list('organization__uuid', flat=True)
+        org_uuids = Permissions.objects.filter(
+            user=self,
+            permission__codename__in=[
+                'change_organization',
+                'add_organization',
+                'delete_organization'
+            ]
+        ).values_list('object_uuid', flat=True)
+        document_project_uuids = Permissions.objects.filter(permission__codename__in=[
+            'change_document',
+            'add_document',
+            'delete_document'
+        ], user=self).values_list('object_uuid', flat=True)
+        document_projects = documents.models.Document.objects.filter(
+            uuid__in=document_project_uuids
+        ).values_list('project__organization__uuid', flat=True)
+        print(document_projects)
+        return organizations.models.Organization.objects.filter(
+            uuid__in=list(project_org_uuids) + list(org_uuids) + list(document_projects)
+        )
 
     def get_projects(self):
         if self.is_superuser:
             return projects.models.Project.objects.active()
         else:
             return projects.models.Project.objects.active().filter(
-                organization__id=self.get_organizations().values_list('organization__pk')
+                organization__id=self.get_organizations().values_list('pk', flat=True)
             )
 
+    def get_documents(self):
+        if self.is_superuser:
+            return documents.models.Document.all()
+        else:
+            projects = self.get_organizations().values_list('project__uuid', flat=True)
+            document_uuids = documents.models.Document.objects.filter(
+                project__uuid__in=projects
+            ).values_list('uuid', flat=True)
+
+            perm_uuids = Permissions.objects.filter(
+                user=self,
+                object_uuid__in=document_uuids
+            ).values_list('object_uuid', flat=True)
+
+            return documents.models.Document.objects.filter(
+                uuid__in=list(perm_uuids) + list(document_uuids)
+            ).prefetch_related(
+                'documentversion_set',
+                'documentversion_set__user',
+            ).select_related('project')
+
     def get_users(self):
         if self.is_superuser:
             return User.objects.all()
@@ -79,5 +128,62 @@ def get_users(self):
     def send_invite(self):
         pass
 
+    def add_perm(self, perm, uuid):
+        Permissions.add_perm(perm=perm, user=self, uuid=uuid)
+
+    def has_perm(self, perm, uuid):
+        return Permissions.has_perm(perm=perm, user=self, uuid=uuid)
+
+    def add_read(self, user):
+        perm = Permission.objects.get(codename='change_user')
+        Permissions.add_perm(perm=perm, user=user, uuid=self.uuid)
+
+    def has_read(self, user):
+        perm = Permission.objects.get(codename='change_user')
+        return Permissions.has_perm(perm=perm, user=user, uuid=self.uuid)
+
+    def add_delete(self, user):
+        perm = Permission.objects.get(codename='delete_user')
+        Permissions.add_perm(perm=perm, user=user, uuid=self.uuid)
+
+    def has_delete(self, user):
+        perm = Permission.objects.get(codename='delete_user')
+        return Permissions.has_perm(perm=perm, user=user, uuid=self.uuid)
+
+    def add_create(self, user):
+        perm = Permission.objects.get(codename='add_user')
+        Permissions.add_perm(perm=perm, user=user, uuid=self.uuid)
+
+    def has_create(self, user):
+        perm = Permission.objects.get(codename='add_user')
+        return Permissions.has_perm(perm=perm, user=user, uuid=self.uuid)
+
     def __str__(self):  # pragma: no cover
         return "{0} {1}".format(self.first_name, self.last_name)
+
+
+class Permissions(models.Model):
+    user = models.ForeignKey(settings.AUTH_USER_MODEL)
+    permission = models.ForeignKey(Permission)
+    object_uuid = models.UUIDField()
+
+    @classmethod
+    def has_perm(cls, perm, user, uuid):
+        if user.is_superuser:
+            return True
+        try:
+            cls.objects.get(user=user, permission=perm, object_uuid=uuid)
+            return True
+        except Permissions.DoesNotExist:
+            return False
+        return False
+
+    @classmethod
+    def has_perms(cls, perms, user, uuid):
+        if user.is_superuser:
+            return True
+        return cls.objects.filter(user=user, permission__codename__in=perms, object_uuid=uuid).exists()
+
+    @classmethod
+    def add_perm(cls, perm, user, uuid):
+        cls.objects.create(user=user, permission=perm, object_uuid=uuid)
diff --git a/django_kala/auth/templates/accounts/settings/details.html b/django_kala/auth/templates/accounts/settings/details.html
@@ -19,10 +19,10 @@
                 <i class="organization icon"></i>
                 Users
             </a>
-            <a class="item">
-                <i class="merge icon"></i>
-                Merge users
-            </a>
+{#            <a class="item">#}
+{#                <i class="merge icon"></i>#}
+{#                Merge users#}
+{#            </a>#}
             <a class="active item" href="{% url 'users:details' user.pk %}">
                 <i class="gear icon"></i>
                 Settings

diff --git a/django_kala/auth/templates/invite_user.html b/django_kala/auth/templates/invite_user.html
@@ -6,8 +6,7 @@
     <div class="repo ribbon">
         <div class="ui container">
             <div class="ui big breadcrumb">
-                <h2 class="active section">Invite
-                    <user></user>
+                <h2 class="active section">Invite User
                 </h2>
             </div>
         </div>