nk20/apps/permission/templatetags/perms.py

# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
# SPDX-License-Identifier: GPL-3.0-or-later

from django.contrib.contenttypes.models import ContentType
from django.template.defaultfilters import stringfilter
from django import template
from note.models import Transaction
from note_kfet.middlewares import get_current_authenticated_user, get_current_session
from permission.backends import PermissionBackend


@stringfilter
def not_empty_model_list(model_name):
    """
    Return True if and only if the current user has right to see any object of the given model.
    """
    user = get_current_authenticated_user()
    session = get_current_session()
    if user is None:
        return False
    elif user.is_superuser and session.get("permission_mask", 0) >= 42:
        return True
    qs = model_list(model_name)
    return qs.exists()


@stringfilter
def not_empty_model_change_list(model_name):
    """
    Return True if and only if the current user has right to change any object of the given model.
    """
    user = get_current_authenticated_user()
    session = get_current_session()
    if user is None:
        return False
    elif user.is_superuser and session.get("permission_mask", 0) >= 42:
        return True
    qs = model_list(model_name, "change")
    return qs.exists()


@stringfilter
def model_list(model_name, t="view", fetch=True):
    """
    Return the queryset of all visible instances of the given model.
    """
    user = get_current_authenticated_user()
    if user is None:
        return False
    spl = model_name.split(".")
    ct = ContentType.objects.get(app_label=spl[0], model=spl[1])
    qs = ct.model_class().objects.filter(PermissionBackend.filter_queryset(user, ct, t))
    if fetch:
        qs = qs.all()
    return qs


@stringfilter
def model_list_length(model_name, t="view"):
    """
    Return the length of queryset of all visible instances of the given model.
    """
    return model_list(model_name, t, False).count()


def has_perm(perm, obj):
    return PermissionBackend.check_perm(get_current_authenticated_user(), perm, obj)


def can_create_transaction():
    """
    :return: True iff the authenticated user can create a transaction.
    """
    user = get_current_authenticated_user()
    session = get_current_session()
    if user is None:
        return False
    elif user.is_superuser and session.get("permission_mask", 0) >= 42:
        return True
    if session.get("can_create_transaction", None):
        return session.get("can_create_transaction", None) == 1

    empty_transaction = Transaction(
        source=user.note,
        destination=user.note,
        quantity=1,
        amount=0,
        reason="Check permissions",
    )
    session["can_create_transaction"] = PermissionBackend.check_perm(user, "note.add_transaction", empty_transaction)
    return session.get("can_create_transaction") == 1


register = template.Library()
register.filter('not_empty_model_list', not_empty_model_list)
register.filter('not_empty_model_change_list', not_empty_model_change_list)
register.filter('model_list', model_list)
register.filter('model_list_length', model_list_length)
register.filter('has_perm', has_perm)
Protect views from viewing if the user has no right to view an object 2020-03-19 01:26:06 +00:00			`# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay`
			`# SPDX-License-Identifier: GPL-3.0-or-later`

			`from django.contrib.contenttypes.models import ContentType`
			`from django.template.defaultfilters import stringfilter`
			`from django import template`
Add tab for user list 2020-04-01 18:56:24 +00:00			`from note.models import Transaction`
Fix CI 2020-03-22 13:57:51 +00:00			`from note_kfet.middlewares import get_current_authenticated_user, get_current_session`
Restructurate code 2020-03-20 13:43:35 +00:00			`from permission.backends import PermissionBackend`
Protect views from viewing if the user has no right to view an object 2020-03-19 01:26:06 +00:00

			`@stringfilter`
			`def not_empty_model_list(model_name):`
Comment code 2020-03-20 14:58:14 +00:00			`"""`
			`Return True if and only if the current user has right to see any object of the given model.`
			`"""`
Protect views from viewing if the user has no right to view an object 2020-03-19 01:26:06 +00:00			`user = get_current_authenticated_user()`
More optimisation 2020-03-20 00:46:59 +00:00			`session = get_current_session()`
Fix note display for users that don't have enough rights 2020-03-19 13:25:43 +00:00			`if user is None:`
			`return False`
More optimisation 2020-03-20 00:46:59 +00:00			`elif user.is_superuser and session.get("permission_mask", 0) >= 42:`
Protect views from viewing if the user has no right to view an object 2020-03-19 01:26:06 +00:00			`return True`
Add tab for user list 2020-04-01 18:56:24 +00:00			`qs = model_list(model_name)`
Optimize permissions, use memoization 2020-04-01 22:30:22 +00:00			`return qs.exists()`
Protect views from viewing if the user has no right to view an object 2020-03-19 01:26:06 +00:00

			`@stringfilter`
			`def not_empty_model_change_list(model_name):`
Comment code 2020-03-20 14:58:14 +00:00			`"""`
			`Return True if and only if the current user has right to change any object of the given model.`
			`"""`
Protect views from viewing if the user has no right to view an object 2020-03-19 01:26:06 +00:00			`user = get_current_authenticated_user()`
More optimisation 2020-03-20 00:46:59 +00:00			`session = get_current_session()`
Fix note display for users that don't have enough rights 2020-03-19 13:25:43 +00:00			`if user is None:`
			`return False`
More optimisation 2020-03-20 00:46:59 +00:00			`elif user.is_superuser and session.get("permission_mask", 0) >= 42:`
Protect views from viewing if the user has no right to view an object 2020-03-19 01:26:06 +00:00			`return True`
Add tab for user list 2020-04-01 18:56:24 +00:00			`qs = model_list(model_name, "change")`
Optimize permissions, use memoization 2020-04-01 22:30:22 +00:00			`return qs.exists()`
Protect views from viewing if the user has no right to view an object 2020-03-19 01:26:06 +00:00

Add tab for user list 2020-04-01 18:56:24 +00:00			`@stringfilter`
:boom: Improve performances 2020-07-25 15:25:57 +00:00			`def model_list(model_name, t="view", fetch=True):`
Add tab for user list 2020-04-01 18:56:24 +00:00			`"""`
			`Return the queryset of all visible instances of the given model.`
			`"""`
			`user = get_current_authenticated_user()`
			`if user is None:`
			`return False`
			`spl = model_name.split(".")`
			`ct = ContentType.objects.get(app_label=spl[0], model=spl[1])`
:boom: Improve performances 2020-07-25 15:25:57 +00:00			`qs = ct.model_class().objects.filter(PermissionBackend.filter_queryset(user, ct, t))`
			`if fetch:`
			`qs = qs.all()`
Add tab for user list 2020-04-01 18:56:24 +00:00			`return qs`


:boom: Improve performances 2020-07-25 15:25:57 +00:00			`@stringfilter`
			`def model_list_length(model_name, t="view"):`
			`"""`
			`Return the length of queryset of all visible instances of the given model.`
			`"""`
			`return model_list(model_name, t, False).count()`


Open and validate activities 2020-03-27 21:48:20 +00:00			`def has_perm(perm, obj):`
The memoization doesn't work when objects don't have a primary key. 2020-04-02 12:50:28 +00:00			`return PermissionBackend.check_perm(get_current_authenticated_user(), perm, obj)`
Display guests list 2020-03-27 20:18:27 +00:00

Add tab for user list 2020-04-01 18:56:24 +00:00			`def can_create_transaction():`
			`"""`
			`:return: True iff the authenticated user can create a transaction.`
			`"""`
			`user = get_current_authenticated_user()`
			`session = get_current_session()`
			`if user is None:`
			`return False`
			`elif user.is_superuser and session.get("permission_mask", 0) >= 42:`
			`return True`
			`if session.get("can_create_transaction", None):`
			`return session.get("can_create_transaction", None) == 1`

			`empty_transaction = Transaction(`
			`source=user.note,`
			`destination=user.note,`
			`quantity=1,`
			`amount=0,`
			`reason="Check permissions",`
			`)`
The memoization doesn't work when objects don't have a primary key. 2020-04-02 12:50:28 +00:00			`session["can_create_transaction"] = PermissionBackend.check_perm(user, "note.add_transaction", empty_transaction)`
Add tab for user list 2020-04-01 18:56:24 +00:00			`return session.get("can_create_transaction") == 1`


Protect views from viewing if the user has no right to view an object 2020-03-19 01:26:06 +00:00			`register = template.Library()`
			`register.filter('not_empty_model_list', not_empty_model_list)`
			`register.filter('not_empty_model_change_list', not_empty_model_change_list)`
Add tab for user list 2020-04-01 18:56:24 +00:00			`register.filter('model_list', model_list)`
:boom: Improve performances 2020-07-25 15:25:57 +00:00			`register.filter('model_list_length', model_list_length)`
Display guests list 2020-03-27 20:18:27 +00:00			`register.filter('has_perm', has_perm)`