94 lines
3.1 KiB
Python
94 lines
3.1 KiB
Python
"""
|
|
Author: Michel Peltriaux
|
|
Organization: Struktur- und Genehmigungsdirektion Nord, Rhineland-Palatinate, Germany
|
|
Contact: michel.peltriaux@sgdnord.rlp.de
|
|
Created on: 16.11.20
|
|
|
|
"""
|
|
|
|
from functools import wraps
|
|
|
|
from django.contrib import messages
|
|
from django.core.exceptions import ObjectDoesNotExist
|
|
from django.shortcuts import redirect
|
|
from django.urls import reverse
|
|
from django.utils.translation import gettext_lazy as _
|
|
|
|
from konova.models import RoleGroup
|
|
from konova.utils.session import get_session_user_role
|
|
from organisation.enums import RoleTypeEnum
|
|
from process.enums import PROCESS_EDITABLE_STATE
|
|
from process.models import Process
|
|
|
|
|
|
def staff_required(function):
|
|
"""
|
|
A decorator for functions which shall only be usable for staff members of the system
|
|
"""
|
|
@wraps(function)
|
|
def wrap(request, *args, **kwargs):
|
|
user = request.user
|
|
if user.is_staff:
|
|
return function(request, *args, **kwargs)
|
|
else:
|
|
messages.info(request, _("You need to be staff to perform this action!"))
|
|
return redirect(request.META.get("HTTP_REFERER", reverse("home")))
|
|
return wrap
|
|
|
|
|
|
def superuser_required(function):
|
|
"""
|
|
A decorator for functions which shall only be usable for superusers of the system
|
|
"""
|
|
@wraps(function)
|
|
def wrap(request, *args, **kwargs):
|
|
user = request.user
|
|
if user.is_superuser:
|
|
return function(request, *args, **kwargs)
|
|
else:
|
|
messages.info(request, _("You need to be administrator to perform this action!"))
|
|
return redirect(request.META.get("HTTP_REFERER", reverse("home")))
|
|
return wrap
|
|
|
|
|
|
def resolve_user_role(function):
|
|
"""
|
|
A decorator for functions to resolve the current user role and store it in the user object
|
|
"""
|
|
@wraps(function)
|
|
def wrap(request, *args, **kwargs):
|
|
user = request.user
|
|
role = get_session_user_role(request)
|
|
try:
|
|
role = RoleGroup.objects.get(id=role.get("id", -1))
|
|
user.current_role = role
|
|
except ObjectDoesNotExist:
|
|
user.current_role = None
|
|
return function(request, *args, **kwargs)
|
|
return wrap
|
|
|
|
|
|
def valid_process_role_required(function):
|
|
"""
|
|
A decorator for functions to check whether the user has a valid role selected
|
|
"""
|
|
@wraps(function)
|
|
def wrap(request, *args, **kwargs):
|
|
user = request.user
|
|
if user.current_role is None:
|
|
role = get_session_user_role(request)
|
|
else:
|
|
role = user.current_role
|
|
try:
|
|
process = Process.objects.get(id=kwargs.get("id"))
|
|
editable = PROCESS_EDITABLE_STATE.get(process.state)
|
|
role_enum = RoleTypeEnum[role.role.type]
|
|
if role_enum in editable:
|
|
return function(request, *args, **kwargs)
|
|
else:
|
|
messages.error(request, _("Your current role is not allowed to do this"))
|
|
return redirect(request.META.get("HTTP_REFERER", "home"))
|
|
except ObjectDoesNotExist:
|
|
process = None
|
|
return function(request, *args, **kwargs)
|
|
return wrap |