diff --git a/aleksis/apps/alsijil/rules.py b/aleksis/apps/alsijil/rules.py index 171a0765737f8b68164af78b3823c96481eef044..c72915af383fcb852849a20af98695edd692a844 100644 --- a/aleksis/apps/alsijil/rules.py +++ b/aleksis/apps/alsijil/rules.py @@ -20,9 +20,7 @@ from .util.predicates import ( can_view_documentation, can_view_participation_status, can_view_personal_note, - has_lesson_group_object_perm, has_person_group_object_perm, - has_personal_note_group_perm, is_course_group_owner, is_course_member, is_course_teacher, @@ -33,144 +31,11 @@ from .util.predicates import ( is_in_allowed_time_range_for_participation_status, is_lesson_event_group_owner, is_lesson_event_teacher, - is_lesson_original_teacher, - is_lesson_parent_group_owner, - is_lesson_participant, - is_lesson_teacher, - is_none, - is_own_personal_note, is_owner_of_any_group, is_parent_group_owner, is_person_group_owner, - is_person_primary_group_owner, - is_personal_note_lesson_original_teacher, - is_personal_note_lesson_parent_group_owner, - is_personal_note_lesson_teacher, - is_teacher, ) -# View lesson -view_register_object_predicate = has_person & ( - is_none # View is opened as "Current lesson" - | is_lesson_teacher - | is_lesson_original_teacher - | is_lesson_participant - | is_lesson_parent_group_owner - | has_global_perm("alsijil.view_lesson") - | has_lesson_group_object_perm("core.view_week_class_register_group") -) -add_perm("alsijil.view_register_object_rule", view_register_object_predicate) - -# View lesson in menu -add_perm("alsijil.view_lesson_menu_rule", has_person) - -# View lesson personal notes -view_lesson_personal_notes_predicate = view_register_object_predicate & ( - ~is_lesson_participant - | is_lesson_teacher - | is_lesson_original_teacher - | ( - is_lesson_parent_group_owner - & is_site_preference_set("alsijil", "inherit_privileges_from_parent_group") - ) - | has_global_perm("alsijil.view_personalnote") - | has_lesson_group_object_perm("core.view_personalnote_group") -) -add_perm("alsijil.view_register_object_personalnote_rule", view_lesson_personal_notes_predicate) - -# Edit personal note -edit_lesson_personal_note_predicate = view_lesson_personal_notes_predicate & ( - is_lesson_teacher - | ( - is_lesson_original_teacher - & is_site_preference_set("alsijil", "edit_lesson_documentation_as_original_teacher") - ) - | ( - is_lesson_parent_group_owner - & is_site_preference_set("alsijil", "inherit_privileges_from_parent_group") - ) - | has_global_perm("alsijil.change_personalnote") - | has_lesson_group_object_perm("core.edit_personalnote_group") -) -add_perm("alsijil.edit_register_object_personalnote_rule", edit_lesson_personal_note_predicate) - -# View personal note -view_personal_note_predicate = has_person & ( - (is_own_personal_note & is_site_preference_set("alsijil", "view_own_personal_notes")) - | is_personal_note_lesson_teacher - | is_personal_note_lesson_original_teacher - | is_personal_note_lesson_parent_group_owner - | has_global_perm("alsijil.view_personalnote") - | has_personal_note_group_perm("core.view_personalnote_group") -) -add_perm("alsijil.view_personalnote_rule", view_personal_note_predicate) - -# Edit personal note -edit_personal_note_predicate = view_personal_note_predicate & ( - ~is_own_personal_note - & ~( - is_personal_note_lesson_original_teacher - | ~is_site_preference_set("alsijil", "edit_lesson_documentation_as_original_teacher") - ) - | ( - is_personal_note_lesson_parent_group_owner - | is_site_preference_set("alsijil", "inherit_privileges_from_parent_group") - ) - | has_global_perm("alsijil.view_personalnote") - | has_personal_note_group_perm("core.edit_personalnote_group") -) -add_perm("alsijil.edit_personalnote_rule", edit_personal_note_predicate) - -# View lesson documentation -view_lesson_documentation_predicate = view_register_object_predicate -add_perm("alsijil.view_lessondocumentation_rule", view_lesson_documentation_predicate) - -# Edit lesson documentation -edit_lesson_documentation_predicate = view_register_object_predicate & ( - is_lesson_teacher - | ( - is_lesson_original_teacher - & is_site_preference_set("alsijil", "edit_lesson_documentation_as_original_teacher") - ) - | ( - is_lesson_parent_group_owner - & is_site_preference_set("alsijil", "inherit_privileges_from_parent_group") - ) - | has_global_perm("alsijil.change_lessondocumentation") - | has_lesson_group_object_perm("core.edit_lessondocumentation_group") -) -add_perm("alsijil.edit_lessondocumentation_rule", edit_lesson_documentation_predicate) - -# View week overview -view_week_predicate = has_person & ( - is_current_person - | is_group_member - | is_group_owner - | ( - is_parent_group_owner - & is_site_preference_set("alsijil", "inherit_privileges_from_parent_group") - ) - | has_global_perm("alsijil.view_week") - | has_object_perm("core.view_week_class_register_group") -) -add_perm("alsijil.view_week_rule", view_week_predicate) - -# View week overview in menu -add_perm("alsijil.view_week_menu_rule", has_person) - -# View week personal notes -view_week_personal_notes_predicate = has_person & ( - (is_current_person & is_teacher) - | is_group_owner - | ( - is_parent_group_owner - & is_site_preference_set("alsijil", "inherit_privileges_from_parent_group") - ) - | has_global_perm("alsijil.view_personalnote") - | has_object_perm("core.view_personalnote_group") -) -add_perm("alsijil.view_week_personalnote_rule", view_week_personal_notes_predicate) - # Register absence view_register_absence_predicate = has_person & ( can_register_absence_for_at_least_one_group | has_global_perm("alsijil.register_absence") @@ -197,86 +62,6 @@ view_full_register_predicate = has_person & ( ) add_perm("alsijil.view_full_register_rule", view_full_register_predicate) -# View students list -view_my_students_predicate = has_person & is_teacher -add_perm("alsijil.view_my_students_rule", view_my_students_predicate) - -# View groups list -view_my_groups_predicate = has_person & is_teacher -add_perm("alsijil.view_my_groups_rule", view_my_groups_predicate) - -# View students list -view_students_list_predicate = view_my_groups_predicate & ( - is_group_owner - | ( - is_parent_group_owner - & is_site_preference_set("alsijil", "inherit_privileges_from_parent_group") - ) - | has_global_perm("alsijil.view_personalnote") - | has_object_perm("core.view_personalnote_group") -) -add_perm("alsijil.view_students_list_rule", view_students_list_predicate) - -# View person overview -view_person_overview_predicate = has_person & ( - (is_current_person & is_site_preference_set("alsijil", "view_own_personal_notes")) - | is_person_group_owner -) -add_perm("alsijil.view_person_overview_rule", view_person_overview_predicate) - -# View person overview -view_person_overview_menu_predicate = has_person -add_perm("alsijil.view_person_overview_menu_rule", view_person_overview_menu_predicate) - -# View person overview personal notes -view_person_overview_personal_notes_predicate = view_person_overview_predicate & ( - (is_current_person & is_site_preference_set("alsijil", "view_own_personal_notes")) - | is_person_primary_group_owner - | has_global_perm("alsijil.view_personalnote") - | has_person_group_object_perm("core.view_personalnote_group") -) -add_perm( - "alsijil.view_person_overview_personalnote_rule", - view_person_overview_personal_notes_predicate, -) - -# Edit person overview personal notes -edit_person_overview_personal_notes_predicate = view_person_overview_predicate & ( - ~is_current_person - | has_global_perm("alsijil.change_personalnote") - | has_person_group_object_perm("core.edit_personalnote_group") -) -add_perm( - "alsijil.edit_person_overview_personalnote_rule", - edit_person_overview_personal_notes_predicate, -) - -# View person statistics on personal notes -view_person_statistics_personal_notes_predicate = view_person_overview_personal_notes_predicate -add_perm( - "alsijil.view_person_statistics_personalnote_rule", - view_person_statistics_personal_notes_predicate, -) - -# View excuse type list -view_excusetypes_predicate = has_person & has_global_perm("alsijil.view_excusetype") -add_perm("alsijil.view_excusetypes_rule", view_excusetypes_predicate) - -# Add excuse type -add_excusetype_predicate = view_excusetypes_predicate & has_global_perm("alsijil.add_excusetype") -add_perm("alsijil.add_excusetype_rule", add_excusetype_predicate) - -# Edit excuse type -edit_excusetype_predicate = view_excusetypes_predicate & has_global_perm( - "alsijil.change_excusetype" -) -add_perm("alsijil.edit_excusetype_rule", edit_excusetype_predicate) - -# Delete excuse type -delete_excusetype_predicate = view_excusetypes_predicate & has_global_perm( - "alsijil.delete_excusetype" -) -add_perm("alsijil.delete_excusetype_rule", delete_excusetype_predicate) # View extra mark list view_extramarks_predicate = has_person & has_global_perm("alsijil.view_extramark") @@ -327,17 +112,6 @@ view_assigned_group_roles_predicate = has_person & ( ) add_perm("alsijil.view_assigned_grouproles_rule", view_assigned_group_roles_predicate) -view_assigned_group_roles_register_object_predicate = has_person & ( - is_lesson_teacher - | is_lesson_original_teacher - | is_lesson_parent_group_owner - | has_global_perm("alsijil.assign_grouprole") -) -add_perm( - "alsijil.view_assigned_grouproles_for_register_object", - view_assigned_group_roles_register_object_predicate, -) - assign_group_role_person_predicate = has_person & ( is_person_group_owner | has_global_perm("alsijil.assign_grouprole") ) diff --git a/aleksis/apps/alsijil/util/predicates.py b/aleksis/apps/alsijil/util/predicates.py index fd49ca4a2f044064e6739d8f53ed27e8eb0e2539..2a27bca7e2260a13d12199027d3501add3494b60 100644 --- a/aleksis/apps/alsijil/util/predicates.py +++ b/aleksis/apps/alsijil/util/predicates.py @@ -1,4 +1,4 @@ -from typing import Any, Union +from typing import Union from django.contrib.auth.models import User from django.db.models import Q @@ -6,7 +6,7 @@ from django.utils.timezone import localdate, now from rules import predicate -from aleksis.apps.chronos.models import Event, ExtraLesson, LessonEvent, LessonPeriod +from aleksis.apps.chronos.models import LessonEvent from aleksis.apps.cursus.models import Course from aleksis.core.models import Group, Person from aleksis.core.util.core_helpers import get_site_preferences @@ -15,70 +15,6 @@ from aleksis.core.util.predicates import check_object_permission from ..models import Documentation, NewPersonalNote -@predicate -def is_none(user: User, obj: Any) -> bool: - """Predicate that checks if the provided object is None-like.""" - return not bool(obj) - - -@predicate -def is_lesson_teacher(user: User, obj: Union[LessonPeriod, Event, ExtraLesson]) -> bool: - """Predicate for teachers of a lesson. - - Checks whether the person linked to the user is a teacher in the register object. - If the register object is a lesson period and has a substitution linked, - this will **only** check if the person is one of the substitution teachers. - """ - if obj: - return user.person in obj.get_teachers().all() - return False - - -@predicate -def is_lesson_original_teacher(user: User, obj: Union[LessonPeriod, Event, ExtraLesson]) -> bool: - """Predicate for teachers of a lesson. - - Checks whether the person linked to the user is a teacher in the register object. - If the register object is a lesson period and has a substitution linked, - this will **also** check if the person is one of the substitution teachers. - """ - if obj: - if isinstance(obj, LessonPeriod) and user.person in obj.lesson.teachers.all(): - return True - return user.person in obj.get_teachers().all() - return False - - -@predicate -def is_lesson_participant(user: User, obj: LessonPeriod) -> bool: - """Predicate for participants of a lesson. - - Checks whether the person linked to the user is a member in - the groups linked to the given LessonPeriod. - """ - if hasattr(obj, "lesson") or hasattr(obj, "groups"): - for group in obj.get_groups().all(): - if user.person in list(group.members.all()): - return True - return False - - -@predicate -def is_lesson_parent_group_owner(user: User, obj: LessonPeriod) -> bool: - """ - Predicate for parent group owners of a lesson. - - Checks whether the person linked to the user is the owner of - any parent groups of any groups of the given LessonPeriods lesson. - """ - if hasattr(obj, "lesson") or hasattr(obj, "groups"): - for group in obj.get_groups().all(): - for parent_group in group.parent_groups.all(): - if user.person in list(parent_group.owners.all()): - return True - return False - - @predicate def is_group_owner(user: User, obj: Union[Group, Person]) -> bool: """Predicate for group owners of a given group. @@ -130,19 +66,6 @@ def use_prefetched(obj, attr): return getattr(obj, attr).all() -@predicate -def is_person_primary_group_owner(user: User, obj: Person) -> bool: - """ - Predicate for group owners of the person's primary group. - - Checks whether the person linked to the user is - the owner of the primary group of the given person. - """ - if obj.primary_group: - return user.person in use_prefetched(obj.primary_group, "owners") - return False - - def has_person_group_object_perm(perm: str): """Predicate builder for permissions on a set of member groups. @@ -171,55 +94,6 @@ def is_group_member(user: User, obj: Union[Group, Person]) -> bool: return False -def has_lesson_group_object_perm(perm: str): - """Predicate builder for permissions on lesson groups. - - Checks whether a user has a permission on any group of a LessonPeriod. - """ - name = f"has_lesson_group_object_perm:{perm}" - - @predicate(name) - def fn(user: User, obj: LessonPeriod) -> bool: - if hasattr(obj, "lesson"): - groups = obj.lesson.groups.all() - for group in groups: - if check_object_permission(user, perm, group, checker_obj=obj): - return True - return False - - return fn - - -def has_personal_note_group_perm(perm: str): - """Predicate builder for permissions on personal notes. - - Checks whether a user has a permission on any group of a person of a PersonalNote. - """ - name = f"has_personal_note_person_or_group_perm:{perm}" - - @predicate(name) - def fn(user: User, obj) -> bool: - if hasattr(obj, "person"): - groups = obj.person.member_of.all() - for group in groups: - if check_object_permission(user, perm, group, checker_obj=obj): - return True - return False - - return fn - - -@predicate -def is_own_personal_note(user: User, obj) -> bool: - """Predicate for users referred to in a personal note. - - Checks whether the user referred to in a PersonalNote is the active user. - """ - if hasattr(obj, "person") and obj.person is user.person: - return True - return False - - @predicate def is_parent_group_owner(user: User, obj: Group) -> bool: """Predicate which checks whether the user is the owner of any parent group of the group.""" @@ -230,66 +104,6 @@ def is_parent_group_owner(user: User, obj: Group) -> bool: return False -@predicate -def is_personal_note_lesson_teacher(user: User, obj) -> bool: - """Predicate for teachers of a register object linked to a personal note. - - Checks whether the person linked to the user is a teacher - in the register object linked to the personal note. - If the register object is a lesson period and has a substitution linked, - this will **only** check if the person is one of the substitution teachers. - """ - if hasattr(obj, "register_object"): - return user.person in obj.register_object.get_teachers().all() - return False - - -@predicate -def is_personal_note_lesson_original_teacher(user: User, ob) -> bool: - """Predicate for teachers of a register object linked to a personal note. - - Checks whether the person linked to the user is a teacher - in the register object linked to the personal note. - If the register object is a lesson period and has a substitution linked, - this will **also** check if the person is one of the substitution teachers. - """ - if hasattr(obj, "register_object"): - if ( - isinstance(obj.register_object, LessonPeriod) - and user.person in obj.lesson_period.lesson.teachers.all() - ): - return True - - return user.person in obj.register_object.get_teachers().all() - return False - - -@predicate -def is_personal_note_lesson_parent_group_owner(user: User, obj) -> bool: - """ - Predicate for parent group owners of a lesson referred to in the lesson of a personal note. - - Checks whether the person linked to the user is the owner of - any parent groups of any groups of the given LessonPeriod lesson of the given PersonalNote. - If so, also checks whether the person linked to the personal note actually is a member of this - parent group. - """ - if hasattr(obj, "register_object"): - for group in obj.register_object.get_groups().all(): - for parent_group in group.parent_groups.all(): - if user.person in use_prefetched( - parent_group, "owners" - ) and obj.person in use_prefetched(parent_group, "members"): - return True - return False - - -@predicate -def is_teacher(user: User, obj: Person) -> bool: - """Predicate which checks if the provided object is a teacher.""" - return user.person.is_teacher - - @predicate def is_group_role_assignment_group_owner(user: User, obj: Union[Group, Person]) -> bool: """Predicate for group owners of a group role assignment.