Skip to content
Snippets Groups Projects
Select Git revision
  • 7b94843bb870c8f88991260a94aedd9d95ad3d13
  • master default protected
  • pw-autocomplete-off
  • redis-rate-limits
  • typehints
  • incremental-sync
  • test_instance_path
  • consistent_strings
  • qol_edits
  • v1.2.x
  • v1.x.x
  • v1.1.x
  • feature_invite_validuntil_minmax
  • Dockerfile
  • pylint_disable_consider-using-f-string
  • v1.0.x
  • roles-recursive-cte
  • v2.2.0
  • v2.1.0
  • v2.0.1
  • v2.0.0
  • v1.2.0
  • v1.1.2
  • v1.1.1
  • v1.0.2
  • v1.1.0
  • v1.0.1
  • v1.0.0
  • v0.3.0
  • v0.2.0
  • v0.1.5
  • v0.1.4
  • v0.1.2
33 results

utils.py

Blame
    • Forked from uffd / uffd
    Source project has a limited visibility.
    permissions.py 4.83 KiB
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
    31
    32
    33
    34
    35
    36
    37
    38
    39
    40
    41
    42
    43
    44
    45
    46
    47
    48
    49
    50
    51
    52
    53
    54
    55
    56
    57
    58
    59
    60
    61
    62
    63
    64
    65
    66
    67
    68
    69
    70
    71
    72
    73
    74
    75
    76
    77
    78
    79
    80
    81
    82
    83
    84
    85
    86
    87
    88
    89
    90
    91
    92
    93
    94
    95
    96
    97
    98
    99
    100
    101
    102
    103
    104
    105
    106
    107
    108
    109
    110
    111
    112
    113
    114
    115
    116
    117
    118
    119
    120
    121
    122
    123
    124
    125
    126
    127
    128
    129
    130
    131
    132
    133
    134
    135
    136
    137
    138
    139
    140
    141
    142 
    

    

    

    from rest_framework import permissions

from django.conf import settings
from django.core.exceptions import ImproperlyConfigured, ObjectDoesNotExist

from core.models.assemblies import Assembly
from core.models.badges import Badge
from core.models.conference import Conference
from core.models.users import PlatformUser


class IsApiUserOrReadOnly(permissions.BasePermission):
    def has_permission(self, request, view):
        return self.has_object_permission(request, view)

    def has_object_permission(self, request, view, obj=None):
        if request.method in permissions.SAFE_METHODS:
            return True

        if not settings.API_USERS:
            return False

        if not isinstance(settings.API_USERS, list):
            raise ImproperlyConfigured('API_USERS is not a list')
        return request.user.is_authenticated and request.user.username in settings.API_USERS


class IsReadOnly(permissions.BasePermission):
    def has_object_permission(self, request, view, obj):
        return request.method in permissions.SAFE_METHODS

    def has_permission(self, request, view):
        return request.method in permissions.SAFE_METHODS


class IsSuperUser(permissions.BasePermission):
    def has_object_permission(self, request, view, obj):
        return request.user.is_superuser

    def has_permission(self, request, view):
        return request.user.is_superuser


class ConferencePermission(permissions.BasePermission):
    def get_conference(self, *, view, obj=None) -> Conference:
        if hasattr(view, 'conference'):
            conference = view.conference
        elif isinstance(obj, Conference):
            conference = obj
        elif hasattr(obj, 'conference'):
            conference = obj.conference
        else:
            raise ObjectDoesNotExist('Conference for this view not found')
        return conference


class IsConferenceService(ConferencePermission):
    def has_permission(self, request, view):
        return self.has_object_permission(request, view)

    def has_object_permission(self, request, view, obj=None):
        if not request.user.is_authenticated:
            return False
        if request.user.user_type != PlatformUser.Type.SERVICE:
            return False

        try:
            conference = self.get_conference(view=view)
        except ObjectDoesNotExist:
            return False
        query_set = Conference.objects.filter(pk=conference.id)

        return query_set.filter(users__user=request.user, users__roles__contains=view.required_service_classes).exists()


class AssemblyPermission(ConferencePermission):
    def get_assembly(self, *, view, obj=None) -> Assembly:
        if hasattr(view, 'assembly'):
            assembly = view.assembly
        elif isinstance(obj, Assembly):
            assembly = obj
        elif hasattr(obj, 'assembly'):
            assembly = obj.assembly
        else:
            raise ObjectDoesNotExist('Assembly for this view not found')
        return assembly


class IsPublicAssemblyReadOnly(AssemblyPermission):
    def has_permission(self, request, view):
        return self.has_object_permission(request, view)

    def has_object_permission(self, request, view, obj=None):
        try:
            assembly = self.get_assembly(view=view)
        except ObjectDoesNotExist:
            return False
        return request.method in permissions.SAFE_METHODS and assembly.is_public


class IsAssemblyService(AssemblyPermission):
    def has_permission(self, request, view):
        return self.has_object_permission(request, view)

    def has_object_permission(self, request, view, obj=None):
        assembly = self.get_assembly(view=view, obj=obj)

        return assembly.technical_user == request.user


class IsAssemblyManager(AssemblyPermission):
    def has_permission(self, request, view):
        return self.has_object_permission(request, view)

    def has_object_permission(self, request, view, obj=None):
        user = request.user
        if not user.is_authenticated:
            return False
        if user.user_type != PlatformUser.Type.HUMAN:
            return False

        try:
            assembly = self.get_assembly(view=view)
        except ObjectDoesNotExist:
            return False
        query_set = Assembly.objects.filter(pk=assembly.id)
        return query_set.filter(members__member=user, members__can_manage_assembly=True).exists()


class HasIssuingToken(AssemblyPermission):
    def has_permission(self, request, view):
        return self.has_object_permission(request, view)

    def has_object_permission(self, request, view, obj=None):
        try:
            assembly = self.get_assembly(view=view)
        except ObjectDoesNotExist:
            return False
        if not (issuing_token := view.kwargs.get('issuing_token', None)):
            return False
        return Badge.objects.filter(issuing_token=issuing_token, issuing_assembly=assembly).exists()

    Impressum - Datenschutzerklärung