5215b8690116e7fd5a7605e467842e291718f061
[auf_rh_dae.git] / project / dae / permissions.py
1 from auf.django.permissions import allow
2
3 from project.dae import models as dae
4 from project.dae.decorators import user_in_dae_groupes
5 from project.dae.groups import grp_drh, grp_drh2, grp_haute_direction
6
7
8 def user_in_group(*groups):
9 def test(user, obj):
10 user_groups = set(user.groups.all())
11 return any(g in user_groups for g in groups)
12 return test
13
14
15 allow(
16 'modifier_dae_numerisee',
17 dae.Dossier,
18 user_in_group(grp_drh, grp_drh2, grp_haute_direction)
19 )
20
21 allow(
22 'consulter',
23 dae.Dossier,
24 lambda user, obj: (
25 user_in_dae_groupes(user) or
26 dae.Dossier.objects.ma_region_ou_service(user)
27 .filter(id=obj.id).exists()
28 )
29 )