fix group machinerie
[auf_rh_dae.git] / project / dae / permissions.py
1 from auf.django.permissions import allow
2
3 from project import groups
4 from project.dae import models as dae
5 from project.dae.decorators import user_in_dae_groupes
6
7
8 def user_in_group(*groups):
9 def test(user, obj):
10 user_groups = set(user.groups.all())
11 return any(g in user_groups for g in groups)
12 return test
13
14
15 allow(
16 'modifier_dae_numerisee',
17 dae.Dossier,
18 user_in_group(groups.DRH_NIVEAU_1, groups.DRH_NIVEAU_2,
19 groups.HAUTE_DIRECTION)
20 )
21
22 allow(
23 'consulter',
24 dae.Dossier,
25 lambda user, obj: (
26 user_in_dae_groupes(user) or
27 dae.Dossier.objects.ma_region_ou_service(user)
28 .filter(id=obj.id).exists()
29 )
30 )