87 lines
3.6 KiB
Python
87 lines
3.6 KiB
Python
from django.core.exceptions import ImproperlyConfigured
|
|
from django.core.exceptions import ObjectDoesNotExist
|
|
from django.core.exceptions import PermissionDenied
|
|
from django.contrib.auth.decorators import login_required
|
|
from django.db.models import Q
|
|
|
|
from tracker.models import Project
|
|
from permissions.models import GlobalPermission
|
|
from permissions.models import PermissionModel as PermModel
|
|
|
|
|
|
# This middleware protect only views of the following modules
|
|
modules = ['accounts.views', 'permissions.views', 'tracker.views']
|
|
|
|
|
|
class ProjectMiddleware:
|
|
"""
|
|
This middleware must be call after authentication middleware.
|
|
"""
|
|
|
|
def process_view(self, request, view, view_args, view_kwargs):
|
|
|
|
if view.__module__ not in modules:
|
|
return
|
|
|
|
if not hasattr(request, 'user'):
|
|
raise ImproperlyConfigured(
|
|
"The project middleware requires the"
|
|
" authentication middleware to be installed. Edit your"
|
|
" MIDDLEWARE_CLASSES setting to insert"
|
|
" 'django.contrib.auth.middleware.AuthenticationMiddleware'"
|
|
" before the ProjectMiddleware class.")
|
|
|
|
# projectS
|
|
if request.user.is_authenticated() and request.user.is_staff:
|
|
projects = Project.objects.all()
|
|
elif request.user.is_authenticated():
|
|
teams = request.user.teams.values_list('id')
|
|
groups = request.user.groups.values_list('id')
|
|
# check for a global permission allowing access
|
|
if GlobalPermission.objects.filter(access_project=True) \
|
|
.filter(
|
|
# directly
|
|
Q(grantee_type=PermModel.GRANTEE_USER,
|
|
grantee_id=request.user.id)
|
|
# through a group
|
|
| Q(grantee_type=PermModel.GRANTEE_GROUP,
|
|
grantee_id__in=groups)
|
|
# through a team
|
|
| Q(grantee_type=PermModel.GRANTEE_TEAM,
|
|
grantee_id__in=teams)
|
|
).exists():
|
|
projects = Project.objects.all()
|
|
# searching project reachable throught project permission
|
|
else:
|
|
# public project
|
|
query = Q(access=Project.ACCESS_PUBLIC)
|
|
# project reserved to logged users
|
|
query |= Q(access=Project.ACCESS_REGISTERED)
|
|
# access granted through a team
|
|
query |= Q(permissions__grantee_type=PermModel.GRANTEE_TEAM,
|
|
permissions__grantee_id__in=teams)
|
|
# access granted through a group
|
|
query |= Q(permissions__grantee_type=PermModel.GRANTEE_GROUP,
|
|
permissions__grantee_id__in=groups)
|
|
# access granted by specific permission
|
|
query |= Q(permissions__grantee_type=PermModel.GRANTEE_USER,
|
|
permissions__grantee_id=request.user.id)
|
|
projects = Project.objects.filter(query).distinct()
|
|
else:
|
|
# only public projects
|
|
projects = Project.objects.filter(access=Project.ACCESS_PUBLIC)
|
|
request.projects = projects
|
|
|
|
# project
|
|
project = view_kwargs.get('project')
|
|
if not project:
|
|
return
|
|
try:
|
|
project = projects.get(name=project)
|
|
except ObjectDoesNotExist:
|
|
if request.user.is_authenticated():
|
|
raise PermissionDenied()
|
|
else:
|
|
return login_required(view)(request, *view_args, **view_kwargs)
|
|
view_kwargs['project'] = project
|
|
request.project = project
|