首頁 探索 說明
登入
piratas
/
taiga-back
關註 2
讚好 0
複刻 0
Files 問題管理 0 合併請求 0 Wiki
分支: master
分支列表 標籤列表
taiga-back
/
taiga
/
projects
/
history
/
permissions.py

permissions.py 2.8 KB
永久連結 文件歷史 原始文件

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364 
  1. # Copyright (C) 2014 Andrey Antukh <niwi@niwi.be>
    2. 

  2. # Copyright (C) 2014 Jesús Espino <jespinog@gmail.com>
    3. 

  3. # Copyright (C) 2014 David Barragán <bameda@dbarragan.com>
    4. 

  4. # This program is free software: you can redistribute it and/or modify
    5. 

  5. # it under the terms of the GNU Affero General Public License as
    6. 

  6. # published by the Free Software Foundation, either version 3 of the
    7. 

  7. # License, or (at your option) any later version.
    8. 

  8. #
    9. 

  9. # This program is distributed in the hope that it will be useful,
    10. 

  10. # but WITHOUT ANY WARRANTY; without even the implied warranty of
    11. 

  11. # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    12. 

  12. # GNU Affero General Public License for more details.
    13. 

  13. #
    14. 

  14. # You should have received a copy of the GNU Affero General Public License
    15. 

  15. # along with this program.  If not, see <http://www.gnu.org/licenses/>.
    16. 

  16. 

  17. from taiga.base.api.permissions import (TaigaResourcePermission, HasProjectPerm,
    18. 

  18.                                         IsProjectOwner, AllowAny,
    19. 

  19.                                         IsObjectOwner, PermissionComponent)
    20. 

  20. 

  21. from taiga.permissions.service import is_project_owner
    22. 

  22. from taiga.projects.history.services import get_model_from_key, get_pk_from_key
    23. 

  23. 

  24. 

  25. class IsCommentDeleter(PermissionComponent):
    26. 

  26.     def check_permissions(self, request, view, obj=None):
    27. 

  27.         return obj.delete_comment_user and obj.delete_comment_user.get("pk", "not-pk") == request.user.pk
    28. 

  28. 

  29. 

  30. class IsCommentOwner(PermissionComponent):
    31. 

  31.     def check_permissions(self, request, view, obj=None):
    32. 

  32.         return obj.user and obj.user.get("pk", "not-pk") == request.user.pk
    33. 

  33. 

  34. 

  35. class IsCommentProjectOwner(PermissionComponent):
    36. 

  36.     def check_permissions(self, request, view, obj=None):
    37. 

  37.         model = get_model_from_key(obj.key)
    38. 

  38.         pk = get_pk_from_key(obj.key)
    39. 

  39.         project = model.objects.get(pk=pk)
    40. 

  40.         return is_project_owner(request.user, project)
    41. 

  41. 

  42. class UserStoryHistoryPermission(TaigaResourcePermission):
    43. 

  43.     retrieve_perms = HasProjectPerm('view_project')
    44. 

  44.     delete_comment_perms = IsCommentProjectOwner() | IsCommentOwner()
    45. 

  45.     undelete_comment_perms = IsCommentProjectOwner() | IsCommentDeleter()
    46. 

  46. 

  47. 

  48. class TaskHistoryPermission(TaigaResourcePermission):
    49. 

  49.     retrieve_perms = HasProjectPerm('view_project')
    50. 

  50.     delete_comment_perms = IsCommentProjectOwner() | IsCommentOwner()
    51. 

  51.     undelete_comment_perms = IsCommentProjectOwner() | IsCommentDeleter()
    52. 

  52. 

  53. 

  54. class IssueHistoryPermission(TaigaResourcePermission):
    55. 

  55.     retrieve_perms = HasProjectPerm('view_project')
    56. 

  56.     delete_comment_perms = IsCommentProjectOwner() | IsCommentOwner()
    57. 

  57.     undelete_comment_perms = IsCommentProjectOwner() | IsCommentDeleter()
    58. 

  58. 

  59. 

  60. class WikiHistoryPermission(TaigaResourcePermission):
    61. 

  61.     retrieve_perms = HasProjectPerm('view_project')
    62. 

  62.     delete_comment_perms = IsCommentProjectOwner() | IsCommentOwner()
    63. 

  63.     undelete_comment_perms = IsCommentProjectOwner() | IsCommentDeleter()
    64. 

  64.