Skip to content
Snippets Groups Projects
Select Git revision
  • drop-django-two-factor-auth
  • weblate-frontend
  • master default protected
  • check/update-pyproject-toml
  • check/update-builddeps-package-json
  • check/update-tox-ini
  • migrate-crud-to-vue-3-and-generalize
  • 1182-migration-to-vue-3-and-vuetify-3
  • feature/object-routes
  • stable/4.0.0
  • fix/migrations-leftovers
  • migrate-to-uv
  • 1307-free-busy-feed-does-not-handle-recurrences-and-date-ranges-correctly
  • 1268-add-specific-availability-planning-frontend
  • db-init
  • 1259-generalise-places
  • 1298-vcard-content-type-and-version
  • tmp-ticdesk-4-0
  • 1297-freebusy-calendar-does-not-work-over-caldav
  • 1288-email-field-of-person-form-has-to-pass-empty-string-instead-of-null
  • 4.0.3 protected
  • 4.0.2 protected
  • 4.0.1 protected
  • 4.0.0 protected
  • 4.0.0.dev16 protected
  • 3.2.2 protected
  • 3.1.7 protected
  • 4.0.0.dev15 protected
  • 4.0.0.dev14 protected
  • 4.0.0.dev13 protected
  • 4.0.0.dev12 protected
  • 4.0.0.dev11 protected
  • 3.2.1 protected
  • 3.1.6 protected
  • 4.0.0.dev10 protected
  • 4.0.0.dev9 protected
  • 4.0.0.dev8 protected
  • 4.0.0.dev7 protected
  • 4.0.0.dev6 protected
  • 4.0.0.dev5 protected
40 results
Blame Permalink
predicates.py 2.65 KiB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94 






from django.contrib.auth.backends import ModelBackend
from django.contrib.auth.models import User
from django.db.models import Model
from django.http import HttpRequest

from guardian.backends import ObjectPermissionBackend
from guardian.shortcuts import get_objects_for_user
from rules import predicate

from ..models import Group
from .core_helpers import has_person as has_person_helper


def permission_validator(request: HttpRequest, perm: str) -> bool:
    """Checks whether the request user has a permission."""
    if request.user:
        return request.user.has_perm(perm)
    return False


def check_global_permission(user: User, perm: str) -> bool:
    """Checks whether a user has a global permission."""
    return ModelBackend().has_perm(user, perm)


def check_object_permission(user: User, perm: str, obj: Model) -> bool:
    """Checks whether a user has a permission on a object."""
    return ObjectPermissionBackend().has_perm(user, perm, obj)


def has_global_perm(perm: str):
    """Builds predicate which checks whether a user has a global permission."""
    name = f"has_global_perm:{perm}"

    @predicate(name)
    def fn(user: User) -> bool:
        return check_global_permission(user, perm)

    return fn


def has_object_perm(perm: str):
    """Builds predicate which checks whether a user has a permission on a object."""
    name = f"has_global_perm:{perm}"

    @predicate(name)
    def fn(user: User, obj: Model) -> bool:
        if not obj:
            return False
        return check_object_permission(user, perm, obj)

    return fn


def has_any_object(perm: str, klass):
    """
    Build predicate which checks whether a user has access to objects with the provided permission.
    """
    name = f"has_any_object:{perm}"

    @predicate(name)
    def fn(user: User) -> bool:
        objs = get_objects_for_user(user, perm, klass)
        return len(objs) > 0

    return fn


@predicate
def has_person(user: User) -> bool:
    """Predicate which checks whether a user has a linked person."""
    return has_person_helper(user)


@predicate
def is_current_person(user: User, obj: Model) -> bool:
    """Predicate which checks if the provided object is the person linked to the user object."""
    return user.person == obj


@predicate
def is_group_owner(user: User, group: Group) -> bool:
    """Predicate which checks if the user is a owner of the provided group."""
    return group.owners.filter(owners=user.person).exists()


@predicate
def is_notification_recipient(user: User, obj: Model) -> bool:
    """
    Predicate which checks whether the recipient of the
    notification a user wants to mark read is this user.
    """
    return user == obj.recipient.user