-# -*- encoding: utf-8 -*-
+# -*- encoding: utf-8 -*
-from django.contrib.auth.decorators import user_passes_test
-from django.contrib.auth.models import Group
+from project import groups
+from project.groups import get_employe_from_user, get_zones_from_user
+from project.decorators import in_drh_or_admin
-# Logique AUF des permissions
+from auf.django.references import models as ref
+from rh import models as rh
-def is_employe(user):
- return user.is_authenticated() and user.is_active and user.is_staff
+def user_gere_obj_de_sa_region(user):
+ user_groups = [g.name for g in user.groups.all()]
+ if groups.CORRESPONDANT_RH in user_groups or \
+ groups.ADMINISTRATEURS in user_groups or \
+ groups.DIRECTEUR_DE_BUREAU in user_groups:
+ return True
+ return False
-def is_admin(user):
- """
- Un admin est un employé qui est superuser
- """
- return is_employe(user) and user.is_superuser
+def user_can_add_obj(user):
+ if user_gere_obj_de_sa_region(user) or \
+ in_drh_or_admin(user):
+ return True
+ return False
+
+def user_can_list_obj(user):
+ if user_gere_obj_de_sa_region(user) or \
+ in_drh_or_admin(user):
+ return True
+ return False
+
+def user_can_change_obj(user, obj):
+ if in_drh_or_admin(user) or (
+ user_gere_obj_de_sa_region(user) and \
+ obj_in_region_user(user, obj)):
+ return True
+ return False
+
+def user_can_delete_obj(user, obj):
+ return in_drh_or_admin(user)
+
+
+# helpers
+def obj_in_region_user(user, obj):
+ zones = get_zones_from_user(user)
+ if isinstance(obj, rh.Employe):
+ return True
+ if isinstance(obj, rh.Dossier):
+ return True
+ if isinstance(obj, rh.Poste):
+ return obj.implantation.zone_administrative in zones
+ return False
+
projets / auf_rh_dae.git / blobdiff