-# -*- encoding: utf-8 -*-
+# -*- encoding: utf-8 -*
-from django.contrib.auth.decorators import user_passes_test
-from django.contrib.auth.models import Group
+from project import groups
+from project.groups import get_employe_from_user
+from project.decorators import in_drh_or_admin
-# Logique AUF des permissions
+from rh import models as rh
-def is_employe(user):
- return user.is_authenticated() and user.is_active and user.is_staff
+def user_gere_obj_de_sa_region(user):
+ user_groups = [g.name for g in user.groups.all()]
+ if groups.CORRESPONDANT_RH in user_groups or \
+ groups.ADMINISTRATEURS in user_groups or \
+ groups.DIRECTEUR_DE_BUREAU in user_groups:
+ return True
+ return False
-def is_admin(user):
- """
- Un admin est un employé qui est superuser
- """
- return is_employe(user) and user.is_superuser
+def user_can_add_obj(user):
+ if user_gere_obj_de_sa_region(user) or \
+ in_drh_or_admin(user):
+ return True
+ return False
+
+def user_can_change_obj(user, obj):
+ if in_drh_or_admin(user) or (
+ user_gere_obj_de_sa_region(user) and \
+ obj_in_region_user(user, obj)):
+ return True
+ return False
+
+def user_can_delete_obj(user, obj):
+ return in_drh_or_admin(user)
+
+# helpers
+def obj_in_region_user(user, obj):
+ region_user = get_region_user(user)
+ if isinstance(obj, rh.Employe):
+ return True
+ if isinstance(obj, rh.Dossier):
+ return True
+ if isinstance(obj, rh.Poste):
+ return obj.implantation.region == region_user
+ return False
+
+def get_region_user(user):
+ # gère actuellement qu'une seule région par user
+ employe = get_employe_from_user(user)
+ region_user = employe.implantation.region
+ return region_user
projets / auf_rh_dae.git / blobdiff