fix group machinerie
[auf_rh_dae.git] / project / permissions.py
1 # -*- encoding: utf-8 -*
2
3 from project import groups
4 from project.groups import get_employe_from_user
5 from project.decorators import in_drh_or_admin
6
7 from rh import models as rh
8
9 def user_gere_obj_de_sa_region(user):
10 user_groups = [g.name for g in user.groups.all()]
11 if groups.CORRESPONDANT_RH in user_groups or \
12 groups.ADMINISTRATEURS in user_groups or \
13 groups.DIRECTEUR_DE_BUREAU in user_groups:
14 return True
15 return False
16
17 def user_can_add_obj(user):
18 if user_gere_obj_de_sa_region(user) or \
19 in_drh_or_admin(user):
20 return True
21 return False
22
23 def user_can_change_obj(user, obj):
24 if in_drh_or_admin(user) or (
25 user_gere_obj_de_sa_region(user) and \
26 obj_in_region_user(user, obj)):
27 return True
28 return False
29
30 def user_can_delete_obj(user, obj):
31 return in_drh_or_admin(user)
32
33 # helpers
34 def obj_in_region_user(user, obj):
35 region_user = get_region_user(user)
36 if isinstance(obj, rh.Employe):
37 return True
38 if isinstance(obj, rh.Dossier):
39 return True
40 if isinstance(obj, rh.Poste):
41 return obj.implantation.region == region_user
42 return False
43
44 def get_region_user(user):
45 # gère actuellement qu'une seule région par user
46 employe = get_employe_from_user(user)
47 region_user = employe.implantation.region
48 return region_user