project/dae/permissions.py

   1 from auf.django.permissions import allow
   2
   3 from project.dae import models as dae
   4 from project.dae.decorators import user_in_dae_groupes
   5 from project.dae.groups import grp_drh, grp_drh2, grp_haute_direction
   6
   7
   8 def user_in_group(*groups):
   9     def test(user, obj):
  10         user_groups = set(user.groups.all())
  11         return any(g in user_groups for g in groups)
  12     return test
  13
  14
  15 allow(
  16     'modifier_dae_numerisee',
  17     dae.Dossier,
  18     user_in_group(grp_drh, grp_drh2, grp_haute_direction)
  19 )
  20
  21 allow(
  22     'consulter',
  23     dae.Dossier,
  24     lambda user, obj: (
  25         user_in_dae_groupes(user) or
  26         dae.Dossier.objects.ma_region_ou_service(user)
  27         .filter(id=obj.id).exists()
  28     )
  29 )