4d8b00f57251c3aa67f732c0e62f7636a3b43fdd
[auf_rh_dae.git] / project / dae / permissions.py
1 from auf.django.permissions import allow
2
3 from project.dae.decorators import user_in_dae_groupes
4 from project.dae.groups import grp_drh, grp_drh2, grp_haute_direction
5 import project.dae.models as dae
6
7
8 def user_in_group(*groups):
9 def test(user, obj):
10 user_groups = set(user.groups.all())
11 return any(g in user_groups for g in groups)
12 return test
13
14 allow('modifier_dae_numerisee', dae.Dossier, user_in_group(grp_drh, grp_drh2, grp_haute_direction))
15
16 allow('consulter', dae.Dossier,
17 lambda user, obj: (user_in_dae_groupes(user) or
18 dae.Dossier.objects.ma_region_ou_service(user).filter(id=obj.id).exists()))