init

AuthApp/api/v1/permissions/personal_api_permissions.py

@@ -0,0 +1,116 @@
+# coding=utf-8
+from rest_framework.permissions import BasePermission
+from rest_framework.exceptions import PermissionDenied
+from tEDataProj.inter import check_user_key_inter
+from AuthApp.models import User
+
+
+def check_of_user_is_manager_of_company(user, view):
+    if not 'pk' in view.kwargs:
+        return False
+
+    try:
+        objs = User.objects.get(
+            user_profile__company_obj__manager_obj=user,
+            id=view.kwargs['pk']
+        )
+    except:
+        return False
+
+    return objs
+
+
+def check_of_user_is_company_staff(user, view):
+    if not 'pk' in view.kwargs:
+        return False
+
+    try:
+        objs = User.objects.get(
+            user_profile__company_obj=user.user_profile.company_obj,
+            id=view.kwargs['pk']
+        )
+    except:
+        return False
+
+    return objs
+
+
+class Personal_API_perms(BasePermission):
+    """
+    Allows access only users w full access.
+    """
+
+    def has_permission(self, request, view):
+
+        if not request.user or request.user.is_anonymous or not request.user.is_active:
+            return False
+
+        # auth_data = request.query_params
+        # if not check_user_key_inter(auth_data):
+        #     raise PermissionDenied(code=403)
+
+        user = request.user
+        groups = user.groups.all()
+
+        groups_name_list = groups.values_list('name', flat=True)
+
+        if u'API 1С импорт' in groups_name_list:
+            return False
+
+        if view.basename == u'user':
+
+            if view.action in ('create',):
+                perm = user.has_perm('AuthApp.UI_company_staff_create')
+                return perm
+
+            if view.action in (
+                    'update', 'partial_update', 'add_communication_item', 'get_connected_mailings', 'possible_mailings',
+                    'change_mailing_status'):
+                # perm = user.has_perm('AuthApp.UI_managers_modify')
+                # return perm
+                if not user.is_staff:
+                    # персонал компании
+                    if user.has_perm('AuthApp.UI_company_staff_modify_if_staff_company'):
+                        return check_of_user_is_company_staff(user, view)
+
+                    return False
+
+                # если персонал
+                else:
+                    if check_of_user_is_manager_of_company(user, view) and user.has_perm(
+                            'AuthApp.UI_company_staff_modify_if_manager'):
+                        return True
+                    elif user.has_perm('AuthApp.UI_company_staff_modify_any'):
+                        return True
+
+            if view.action in ('destroy',):
+                perm = user.has_perm('AuthApp.UI_company_staff_delete')
+                return perm
+
+            if view.action in (
+                    'retrieve', 'list', 'list_by_company_id', 'list_by_office_id',
+                    'possible_departaments_list', 'possible_company_positions_list'
+            ):
+                perm = user.has_perm('AuthApp.UI_company_staff_retrieve_any_no_staff')
+                if not perm:
+                    perm = user.has_perm('AuthApp.UI_company_staff_retrieve')
+                return perm
+
+        # if view.basename == u'userprofile':
+        #
+        #     if view.action in ('create',):
+        #         perm = user.has_perm('AuthApp.add_userprofile')
+        #         return perm
+        #
+        #     if view.action in ('update', 'partial_update'):
+        #         perm = user.has_perm('AuthApp.change_userprofile')
+        #         return perm
+        #
+        #     if view.action in ('destroy',):
+        #         perm = user.has_perm('AuthApp.delete_userprofile')
+        #         return perm
+        #
+        #     if view.action in ('retrieve', 'list'):
+        #         return True
+
+        return False