--- /dev/null
+# -*- encoding: utf-8 -*
+
+from project import groups
+from project.groups import get_employe_from_user
+from project.decorators import in_drh_or_admin
+
+from rh import models as rh
+
+def user_gere_obj_de_sa_region(user):
+ user_groups = user.groups.all()
+ if groups.grp_correspondants_rh in user_groups or \
+ groups.grp_administrateurs in user_groups or \
+ groups.grp_directeurs_bureau in user_groups:
+ return True
+ return False
+
+def user_can_add_obj(user):
+ if user_gere_obj_de_sa_region(user) or \
+ in_drh_or_admin(user):
+ return True
+ return False
+
+def user_can_change_obj(user, obj):
+ if in_drh_or_admin(user) or (
+ user_gere_obj_de_sa_region(user) and \
+ obj_in_region_user(user, obj)):
+ return True
+ return False
+
+def user_can_delete_obj(user, obj):
+ return in_drh_or_admin(user)
+
+# helpers
+def obj_in_region_user(user, obj):
+ region_user = get_region_user(user)
+ if isinstance(obj, rh.Employe):
+ return True
+ if isinstance(obj, rh.Dossier):
+ return True
+ if isinstance(obj, rh.Poste):
+ return obj.implantation.region == region_user
+ return False
+
+def get_region_user(user):
+ # gère actuellement qu'une seule région par user
+ employe = get_employe_from_user(user)
+ region_user = employe.implantation.region
+ return region_user
from project import groups
from project.decorators import in_drh_or_admin
-from project.groups import get_employe_from_user
+from project.permissions import get_region_user, \
+ user_gere_obj_de_sa_region, \
+ user_can_add_obj, \
+ user_can_change_obj, \
+ user_can_delete_obj
import project.rh.models as rh
from project.rh.forms import \
def queryset(self, request):
qs = super(ProtectRegionMixin, self).queryset(request)
- user_groups = request.user.groups.all()
if in_drh_or_admin(request.user):
return qs
- if groups.grp_correspondants_rh in user_groups or\
- groups.grp_administrateurs in user_groups or\
- groups.grp_directeurs_bureau in user_groups:
- employe = get_employe_from_user(request.user)
+ if user_gere_obj_de_sa_region(request.user):
+ region_user = get_region_user(request.user)
q = Q(**{self.model.prefix_implantation: \
- employe.implantation.region})
+ region_user})
qs = qs.filter(q).distinct()
return qs
return qs.none()
def has_add_permission(self, request):
- if not in_drh_or_admin(request.user):
- return False
- else:
- return True
+ return user_can_add_obj(request.user)
def has_change_permission(self, request, obj=None):
- user_groups = request.user.groups.all()
-
- if len(user_groups) == 0 and not request.user.is_superuser:
- return False
-
- if obj is None:
- return True
- ids = [o.id for o in self.queryset(request)]
- return obj.id in ids
+ return user_can_change_obj(request.user, obj)
+ def has_delete_permission(self, request, obj=None):
+ return user_can_delete_obj(request.user, obj)
# Inlines
'remplacement_de': 'dossiers',
}, superclass=DossierForm)
- def has_add_permission(self, request):
- user_groups = request.user.groups.all()
- if groups.grp_correspondants_rh in user_groups or \
- groups.grp_administrateurs in user_groups or \
- groups.grp_directeurs_bureau in user_groups or \
- in_drh_or_admin(request.user):
- return True
- return False
-
- def has_delete_permission(self, request, obj=None):
- return in_drh_or_admin(request.user)
-
def lookup_allowed(self, key, value):
if key in (
'employe__nom__istartswith',
),
)
- def has_add_permission(self, request):
- user_groups = request.user.groups.all()
- if groups.grp_correspondants_rh in user_groups or \
- groups.grp_administrateurs in user_groups or \
- groups.grp_directeurs_bureau in user_groups or \
- in_drh_or_admin(request.user):
- return True
- return False
-
- def has_delete_permission(self, request, obj=None):
- return in_drh_or_admin(request.user)
-
def _apercu(self, obj):
return u"""<a title="Aperçu de l'employé"
onclick="return showAddAnotherPopup(this);"
PosteComparaisonInline,
PosteCommentaireInline, )
- def has_add_permission(self, request):
- user_groups = request.user.groups.all()
- if groups.grp_correspondants_rh in user_groups or \
- groups.grp_administrateurs in user_groups or \
- groups.grp_directeurs_bureau in user_groups or \
- in_drh_or_admin(request.user):
- return True
- return False
-
- def has_delete_permission(self, request, obj=None):
- return in_drh_or_admin(request.user)
-
def lookup_allowed(self, key, value):
return key in (
'date_debut__gte', 'date_debut__isnull', 'date_fin__lte',
from django.core.urlresolvers import reverse
import pygraphviz as pgv
+from project.permissions import user_can_change_obj
from project.rh import models as rh
-def bind_poste_to_graph(graph, postes_by_id):
+def bind_poste_to_graph(user, graph, postes_by_id):
for n in graph.nodes():
+ # poste = node
+ poste = postes_by_id[int(n)]
+
+ # dossiers actifs pour ce poste
dossiers = rh.Dossier.objects.select_related('employe').filter(
(Q(date_fin__gt=date.today()) | Q(date_fin=None)) &
(Q(date_debut__lt=date.today()) | Q(date_debut=None)) &
- Q(poste__id=n)
+ Q(poste=poste)
).exclude(supprime=True).all()
+ # affichage
if dossiers:
employes = "\\n".join(
["[%s] %s %s" %
d.poste.nom, employes, d.poste.implantation
)
else:
- poste = postes_by_id[int(n)]
label = u"%s\\n---\\n%s" % (poste.nom, poste.implantation)
n.attr['fillcolor'] = 'azure4'
n.attr['style'] = 'filled'
n.attr['label'] = label.encode('ascii', 'xmlcharrefreplace')
- n.attr['href'] = reverse("admin:rh_poste_change", args=(n,))
+ # lien seulement si user peut editer poste
+ if user_can_change_obj(user, poste):
+ n.attr['href'] = reverse("admin:rh_poste_change", args=(n,))
return graph
-def organigramme_postes_cluster(cluster_filter, titre=u"Organigramme",
+def organigramme_postes_cluster(user, cluster_filter, titre=u"Organigramme",
cluster_titre=u"Cluster 1"):
"""
Crée un organigramme des postes avec un cluster défini par le keyword
poste_remontant.responsable_id, poste_remontant.id
)
- bind_poste_to_graph(graph, postes_by_id)
+ bind_poste_to_graph(user, graph, postes_by_id)
graph.layout(prog='dot')
a.add_edge(poste_remontant.responsable_id, poste_remontant.id)
poste_remontant = poste_remontant.responsable
- rh_graph.bind_poste_to_graph(a, postes_by_id)
+ rh_graph.bind_poste_to_graph(request.user, a, postes_by_id)
#a.graph_attr['normalize'] = True
#a.graph_attr['level'] = 2
a.layout(prog='dot')
service = get_object_or_404(rh.Service, pk=id)
svg = rh_graph.organigramme_postes_cluster( \
+ request.user, \
cluster_filter={"service": service}, \
titre=u"Organigramme du service %s" % service.nom,
cluster_titre=service.nom)
implantation = get_object_or_404(ref.Implantation, pk=id)
svg = rh_graph.organigramme_postes_cluster( \
+ request.user, \
cluster_filter={"implantation": implantation}, \
titre=u"Organigramme de l'implantation %s" % implantation.nom,
cluster_titre=implantation.nom)
region = get_object_or_404(ref.Region, pk=id)
svg = rh_graph.organigramme_postes_cluster( \
+ request.user, \
cluster_filter={"implantation__region": region}, \
titre=u"Organigramme du bureau de %s" % region.nom,
cluster_titre=region.nom)
projets / auf_rh_dae.git / commitdiff
