2013-03-20 06:26:35 +04:00
from django . http import HttpResponse
from django . views . decorators . csrf import csrf_exempt
from lib . main . models import *
2013-03-22 19:35:26 +04:00
from django . contrib . auth . models import User
2013-03-20 06:26:35 +04:00
from lib . main . serializers import *
2013-03-21 08:34:59 +04:00
from lib . main . rbac import *
2013-03-21 22:20:59 +04:00
from django . core . exceptions import PermissionDenied
2013-03-20 06:26:35 +04:00
from rest_framework import mixins
from rest_framework import generics
from rest_framework import permissions
2013-03-22 17:50:42 +04:00
from rest_framework . response import Response
from rest_framework import status
2013-03-21 18:25:49 +04:00
import exceptions
2013-03-21 22:20:59 +04:00
import datetime
2013-03-23 00:52:44 +04:00
from base_views import BaseList , BaseDetail , BaseSubList
2013-03-21 22:20:59 +04:00
class OrganizationsList ( BaseList ) :
2013-03-20 06:26:35 +04:00
model = Organization
serializer_class = OrganizationSerializer
permission_classes = ( CustomRbac , )
2013-03-21 23:43:35 +04:00
# I can see the organizations if:
# I am a superuser
# I am an admin of the organization
# I am a member of the organization
2013-03-21 07:14:09 +04:00
2013-03-21 22:20:59 +04:00
def _get_queryset ( self ) :
2013-03-23 23:34:16 +04:00
''' I can see organizations when I am a superuser, or I am an admin or user in that organization '''
base = Organization . objects
2013-03-21 07:14:09 +04:00
if self . request . user . is_superuser :
2013-03-23 23:34:16 +04:00
return base . all ( )
return base . filter (
2013-03-22 19:35:26 +04:00
admins__in = [ self . request . user ]
2013-03-23 23:34:16 +04:00
) . distinct ( ) | base . filter (
2013-03-22 19:35:26 +04:00
users__in = [ self . request . user ]
2013-03-21 22:20:59 +04:00
) . distinct ( )
class OrganizationsDetail ( BaseDetail ) :
2013-03-21 18:25:49 +04:00
2013-03-20 06:26:35 +04:00
model = Organization
serializer_class = OrganizationSerializer
permission_classes = ( CustomRbac , )
2013-03-24 00:50:25 +04:00
class OrganizationsAuditTrailList ( BaseSubList ) :
2013-03-21 23:43:35 +04:00
model = AuditTrail
serializer_class = AuditTrailSerializer
permission_classes = ( CustomRbac , )
2013-03-24 00:50:25 +04:00
parent_model = Organization
relationship = ' audit_trail '
postable = False
def _get_queryset ( self ) :
''' to list tags in the organization, I must be a superuser or org admin '''
organization = Organization . objects . get ( pk = self . kwargs [ ' pk ' ] )
if not ( self . request . user . is_superuser or self . request . user in organization . admins . all ( ) ) :
# FIXME: use: organization.can_user_administrate(self.request.user)
raise PermissionDenied ( )
2013-03-24 01:07:24 +04:00
return AuditTrail . objects . filter ( organization_by_audit_trail__in = [ organization ] )
2013-03-24 00:50:25 +04:00
2013-03-21 23:43:35 +04:00
2013-03-24 00:03:17 +04:00
class OrganizationsUsersList ( BaseSubList ) :
2013-03-21 23:43:35 +04:00
model = User
serializer_class = UserSerializer
permission_classes = ( CustomRbac , )
2013-03-24 00:03:17 +04:00
parent_model = Organization
relationship = ' users '
2013-03-24 00:50:25 +04:00
postable = True
2013-03-24 00:03:17 +04:00
2013-03-21 23:43:35 +04:00
def _get_queryset ( self ) :
2013-03-23 23:34:16 +04:00
''' to list users in the organization, I must be a superuser or org admin '''
organization = Organization . objects . get ( pk = self . kwargs [ ' pk ' ] )
2013-03-23 23:43:59 +04:00
if not self . request . user . is_superuser and not self . request . user in organization . admins . all ( ) :
2013-03-23 23:34:16 +04:00
raise PermissionDenied ( )
return User . objects . filter ( organizations__in = [ organization ] )
2013-03-21 23:11:47 +04:00
2013-03-24 00:03:17 +04:00
class OrganizationsAdminsList ( BaseSubList ) :
2013-03-21 23:43:35 +04:00
model = User
serializer_class = UserSerializer
permission_classes = ( CustomRbac , )
2013-03-24 00:03:17 +04:00
parent_model = Organization
relationship = ' admins '
2013-03-24 00:50:25 +04:00
p ostable = True
2013-03-21 23:43:35 +04:00
def _get_queryset ( self ) :
2013-03-23 23:34:16 +04:00
''' to list admins in the organization, I must be a superuser or org admin '''
organization = Organization . objects . get ( pk = self . kwargs [ ' pk ' ] )
2013-03-23 23:43:59 +04:00
if not self . request . user . is_superuser and not self . request . user in organization . admins . all ( ) :
2013-03-23 23:34:16 +04:00
raise PermissionDenied ( )
2013-03-23 23:43:59 +04:00
return User . objects . filter ( admin_of_organizations__in = [ organization ] )
2013-03-21 23:11:47 +04:00
2013-03-23 00:52:44 +04:00
class OrganizationsProjectsList ( BaseSubList ) :
2013-03-21 23:43:35 +04:00
2013-03-22 01:38:53 +04:00
model = Project
serializer_class = ProjectSerializer
permission_classes = ( CustomRbac , )
2013-03-23 02:16:40 +04:00
parent_model = Organization # for sub list
relationship = ' projects ' # " "
2013-03-24 00:50:25 +04:00
postable = True
2013-03-22 01:38:53 +04:00
2013-03-21 23:43:35 +04:00
def _get_queryset ( self ) :
2013-03-23 23:34:16 +04:00
''' to list projects in the organization, I must be a superuser or org admin '''
organization = Organization . objects . get ( pk = self . kwargs [ ' pk ' ] )
if not ( self . request . user . is_superuser or self . request . user in organization . admins . all ( ) ) :
raise PermissionDenied ( )
return Project . objects . filter ( organizations__in = [ organization ] )
2013-03-21 23:11:47 +04:00
2013-03-24 00:34:52 +04:00
class OrganizationsTagsList ( BaseSubList ) :
2013-03-24 00:03:17 +04:00
model = Tag
serializer_class = TagSerializer
permission_classes = ( CustomRbac , )
parent_model = Organization # for sub list
relationship = ' tags ' # " "
2013-03-24 00:50:25 +04:00
postable = True
2013-03-24 00:03:17 +04:00
def _get_queryset ( self ) :
''' to list tags in the organization, I must be a superuser or org admin '''
organization = Organization . objects . get ( pk = self . kwargs [ ' pk ' ] )
if not ( self . request . user . is_superuser or self . request . user in organization . admins . all ( ) ) :
# FIXME: use: organization.can_user_administrate(self.request.user)
raise PermissionDenied ( )
return Tag . objects . filter ( organization_by_tag__in = [ organization ] )
2013-03-21 23:11:47 +04:00
2013-03-22 01:38:53 +04:00
class ProjectsDetail ( BaseDetail ) :
model = Project
serializer_class = ProjectSerializer
permission_classes = ( CustomRbac , )
2013-03-24 00:03:17 +04:00
class TagsDetail ( BaseDetail ) :
model = Tag
serializer_class = TagSerializer
permission_classes = ( CustomRbac , )
2013-03-22 01:38:53 +04:00
2013-03-21 23:11:47 +04:00