Routeur: Ajout temporaire des modules workflow et dae en écriture
[auf_rh_dae.git] / project / permissions.py
1 # -*- encoding: utf-8 -*
2
3 from django.core.cache import cache
4
5 from project import groups
6 from project.groups import get_zones_from_user
7 from project.decorators import in_drh_or_admin
8
9 from rh import models as rh
10
11
12 def get_user_groupnames(user):
13 key = "get_user_groupnames_%s" % user.id
14 group_names = cache.get(key, None)
15 if group_names is not None:
16 return group_names.split(',')
17 group_names = [g.name for g in user.groups.all()]
18 cache.set(key, ",".join(group_names))
19 return group_names
20
21
22 def user_gere_obj_de_sa_region(user):
23 key = "user_gere_obj_de_sa_region_%s" % user.id
24 granted = cache.get(key, None)
25 if granted is not None:
26 return granted
27
28 user_groups = [g.name for g in user.groups.all()]
29 if groups.CORRESPONDANT_RH in user_groups or \
30 groups.ADMINISTRATEURS in user_groups or \
31 groups.DIRECTEUR_DE_BUREAU in user_groups:
32 granted = True
33 else:
34 granted = False
35 cache.set(key, granted)
36 return granted
37
38
39 def user_can_add_obj(user):
40 if user_gere_obj_de_sa_region(user) or \
41 in_drh_or_admin(user):
42 return True
43 return False
44
45
46 def user_can_list_obj(user):
47 if user_gere_obj_de_sa_region(user) or \
48 in_drh_or_admin(user):
49 return True
50 return False
51
52
53 def user_can_change_obj(user, obj):
54 if in_drh_or_admin(user) or (
55 user_gere_obj_de_sa_region(user) and
56 obj_in_region_user(user, obj)):
57 return True
58 return False
59
60
61 def user_can_delete_obj(user, obj):
62 return in_drh_or_admin(user)
63
64
65 # helpers
66 def obj_in_region_user(user, obj):
67 zones = get_zones_from_user(user)
68 if isinstance(obj, rh.Employe):
69 return True
70 if isinstance(obj, rh.Dossier):
71 return True
72 if isinstance(obj, rh.Poste):
73 return obj.implantation.zone_administrative in zones
74 return False