Changements au buildout + settings pour me permettre de builder le projet
[auf_rh_dae.git] / project / permissions.py
... / ...
CommitLineData
1# -*- encoding: utf-8 -*
2
3from django.core.cache import cache
4
5from project import groups
6from project.groups import get_zones_from_user
7from project.decorators import in_drh_or_admin
8
9from rh import models as rh
10
11
12def get_user_groupnames(user):
13 key = "get_user_groupnames_%s" % user.id
14 group_names = cache.get(key, None)
15 if group_names is not None:
16 return group_names.split(',')
17 group_names = [g.name for g in user.groups.all()]
18 cache.set(key, ",".join(group_names))
19 return group_names
20
21
22def user_gere_obj_de_sa_region(user):
23 key = "user_gere_obj_de_sa_region_%s" % user.id
24 granted = cache.get(key, None)
25 if granted is not None:
26 return granted
27
28 user_groups = [g.name for g in user.groups.all()]
29 if groups.CORRESPONDANT_RH in user_groups or \
30 groups.ADMINISTRATEURS in user_groups or \
31 groups.DIRECTEUR_DE_BUREAU in user_groups:
32 granted = True
33 else:
34 granted = False
35 cache.set(key, granted)
36 return granted
37
38
39def user_can_add_obj(user):
40 if user_gere_obj_de_sa_region(user) or \
41 in_drh_or_admin(user):
42 return True
43 return False
44
45
46def user_can_list_obj(user):
47 if user_gere_obj_de_sa_region(user) or \
48 in_drh_or_admin(user):
49 return True
50 return False
51
52
53def user_can_change_obj(user, obj):
54 if in_drh_or_admin(user) or (
55 user_gere_obj_de_sa_region(user) and
56 obj_in_region_user(user, obj)):
57 return True
58 return False
59
60
61def user_can_delete_obj(user, obj):
62 return in_drh_or_admin(user)
63
64
65# helpers
66def obj_in_region_user(user, obj):
67 zones = get_zones_from_user(user)
68 if isinstance(obj, rh.Employe):
69 return True
70 if isinstance(obj, rh.Dossier):
71 return True
72 if isinstance(obj, rh.Poste):
73 return obj.implantation.zone_administrative in zones
74 return False