/
user_permissions.py
164 lines (148 loc) · 6.49 KB
/
user_permissions.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
"""
This python script will return the user's permission level for ANY given permission
"""
from .models import *
from django.db.models import Max
"""
Permission table
0 - No permission
1 - Read only
2 - Edit permission
3 - Create permission
4 - Admin/Delete permission
"""
def return_user_permission_level(request, group_list,permission_field):
"""
:param request:
:param group: limits data to a certain group - Null if no group
:param permission_field: which permission field we will be looking at. The available list is;
permission_set_id
permission_set_name
administration_assign_users_to_group
administration_create_group
administration_create_permission_sets
administration_create_users
assign_campus_to_customer
associate_project_and_tasks
customer
invoice
invoice_product
opportunity
organisation
organisation_campus
project
quote
request_for_change
requirement
requirement_link
task
document
contact_history
project_history
task_history
whiteboard
Please note - if you want to look up more than ONE permission, please include them in [] brackets. For example if
you would like to look up; project, project_history, and document, then you would use ['project','project_history','document']
:param min_permission_level: tells us what is the minimum level the user has to be, if they do not meet this requirement
then the system will formward them onto the permission denied page. Default is 1 (read only)
:return:
"""
#Make sure the permission_field is an array/list
if not isinstance(permission_field, list):
permission_field = [permission_field]
#Default NO PERMISSION
user_permission_level = {}
"""
If the user is a superuser, we will return 4 no matter what. This part of the script will see if the user is actually
a super user. If they are then it will return 4 for everything.
"""
if request.user.is_superuser == True:
#Add 4 to all permissions
for row in permission_field:
user_permission_level[row] = 4
#User can add new items and do administration
user_permission_level['new_item'] = 4
user_permission_level['administration'] = 4
return user_permission_level
"""
We are now left with the normal users. We will need to first check to see if there are any groups that have been
passed through. If no groups, then we check the max permission for those attributes.
If the groups have been passed through, we will check to make sure that the end user has permissions for those
particular groups against those particular permission sets.
"""
for row in permission_field:
"""
We want to break out of this for loop if the entry is "". This should only occur when the user is looking at their
profile. The user does not need permission to look at their profile.
"""
if row == "":
break
#Users have no groups
if group_list == None:
#There is no group. Select the max value :)
user_groups_results = user_group.objects.filter(
is_deleted="FALSE",
username=request.user,
permission_set__is_deleted="FALSE",
).aggregate(Max('permission_set__' + row))
user_permission_level[row] = user_groups_results['permission_set__' + row + '__max']
else:
#There is a group, lets find all permissions connected with this group :) and return the max :)
#Default is 0
group_permission = 0
for group_id in group_list:
#Grab user's permission for that group
try:
user_groups_results = user_group.objects.filter(
is_deleted="FALSE",
username=request.user,
permission_set__is_deleted="FALSE",
group_id=group_id['group_id'],
).aggregate(Max('permission_set__' + row))
except:
user_groups_results = user_group.objects.filter(
is_deleted="FALSE",
username=request.user,
permission_set__is_deleted="FALSE",
group_id=group_id['group_id_id'],
).aggregate(Max('permission_set__' + row))
#Get the max value for the permission
if not user_groups_results['permission_set__' + row + '__max'] == None:
if group_permission < user_groups_results['permission_set__' + row + '__max']:
group_permission = user_groups_results['permission_set__' + row + '__max']
user_permission_level[row] = group_permission
"""
The following code is for the menu. We will need to find out if a user can actually ADD any items and do any
administration.
"""
permission_results = user_group.objects.filter(
is_deleted="FALSE",
username=request.user,
permission_set__is_deleted="FALSE",
).aggregate(
Max('permission_set__project'),
Max('permission_set__task'),
Max('permission_set__requirement'),
Max('permission_set__request_for_change'),
Max('permission_set__organisation'),
Max('permission_set__customer'),
Max('permission_set__administration_assign_user_to_group'),
Max('permission_set__administration_create_group'),
Max('permission_set__administration_create_permission_set'),
Max('permission_set__administration_create_user'),
)
user_permission_level['new_item'] = max(
permission_results['permission_set__project__max'],
permission_results['permission_set__task__max'],
permission_results['permission_set__requirement__max'],
permission_results['permission_set__organisation__max'],
permission_results['permission_set__customer__max'],
)
user_permission_level['administration'] = max(
permission_results['permission_set__administration_assign_user_to_group__max'],
permission_results['permission_set__administration_create_group__max'],
permission_results['permission_set__administration_create_permission_set__max'],
permission_results['permission_set__administration_create_user__max'],
)
#END TEMP CODE
return user_permission_level