[auf_rh_dae.git] / project / permissions.py

# -*- encoding: utf-8 -*

from django.core.cache import cache

from project import groups
from project.groups import get_zones_from_user
from project.decorators import in_drh_or_admin

from rh import models as rh


def get_user_groupnames(user):
    key = "get_user_groupnames_%s" % user.id
    group_names = cache.get(key, None)
    if group_names is not None:
        return group_names.split(',')
    group_names = [g.name for g in user.groups.all()]
    cache.set(key, ",".join(group_names))
    return group_names


def user_gere_obj_de_sa_region(user):
    key = "user_gere_obj_de_sa_region_%s" % user.id
    granted = cache.get(key, None)
    if granted is not None:
        return granted

    user_groups = [g.name for g in user.groups.all()]
    if groups.CORRESPONDANT_RH in user_groups or \
            groups.ADMINISTRATEURS in user_groups or \
            groups.DIRECTEUR_DE_BUREAU in user_groups:
        granted = True
    else:
        granted = False
    cache.set(key, granted)
    return granted


def user_can_add_obj(user):
    if user_gere_obj_de_sa_region(user) or \
            in_drh_or_admin(user):
        return True
    return False


def user_can_list_obj(user):
    if user_gere_obj_de_sa_region(user) or \
            in_drh_or_admin(user):
        return True
    return False


def user_can_change_obj(user, obj):
    if in_drh_or_admin(user) or (
            user_gere_obj_de_sa_region(user) and
            obj_in_region_user(user, obj)):
        return True
    return False


def user_can_delete_obj(user, obj):
    return in_drh_or_admin(user)


# helpers
def obj_in_region_user(user, obj):
    zones = get_zones_from_user(user)
    if isinstance(obj, rh.Employe):
        return True
    if isinstance(obj, rh.Dossier):
        return True
    if isinstance(obj, rh.Poste):
        return obj.implantation.zone_administrative in zones
    return False
Commit	Line	Data
	1	# -- encoding: utf-8 -
	2
	3	from django.core.cache import cache
	4
	5	from project import groups
	6	from project.groups import get_zones_from_user
	7	from project.decorators import in_drh_or_admin
	8
	9	from rh import models as rh
	10
	11
	12	def get_user_groupnames(user):
	13	key = "get_user_groupnames_%s" % user.id
	14	group_names = cache.get(key, None)
	15	if group_names is not None:
	16	return group_names.split(',')
	17	group_names = [g.name for g in user.groups.all()]
	18	cache.set(key, ",".join(group_names))
	19	return group_names
	20
	21
	22	def user_gere_obj_de_sa_region(user):
	23	key = "user_gere_obj_de_sa_region_%s" % user.id
	24	granted = cache.get(key, None)
	25	if granted is not None:
	26	return granted
	27
	28	user_groups = [g.name for g in user.groups.all()]
	29	if groups.CORRESPONDANT_RH in user_groups or \
	30	groups.ADMINISTRATEURS in user_groups or \
	31	groups.DIRECTEUR_DE_BUREAU in user_groups:
	32	granted = True
	33	else:
	34	granted = False
	35	cache.set(key, granted)
	36	return granted
	37
	38
	39	def user_can_add_obj(user):
	40	if user_gere_obj_de_sa_region(user) or \
	41	in_drh_or_admin(user):
	42	return True
	43	return False
	44
	45
	46	def user_can_list_obj(user):
	47	if user_gere_obj_de_sa_region(user) or \
	48	in_drh_or_admin(user):
	49	return True
	50	return False
	51
	52
	53	def user_can_change_obj(user, obj):
	54	if in_drh_or_admin(user) or (
	55	user_gere_obj_de_sa_region(user) and
	56	obj_in_region_user(user, obj)):
	57	return True
	58	return False
	59
	60
	61	def user_can_delete_obj(user, obj):
	62	return in_drh_or_admin(user)
	63
	64
	65	# helpers
	66	def obj_in_region_user(user, obj):
	67	zones = get_zones_from_user(user)
	68	if isinstance(obj, rh.Employe):
	69	return True
	70	if isinstance(obj, rh.Dossier):
	71	return True
	72	if isinstance(obj, rh.Poste):
	73	return obj.implantation.zone_administrative in zones
	74	return False