0001-misc-add-get_roles-accessor-to-user-class-7865.patch
wcs/api.py | ||
---|---|---|
360 | 360 |
raise AccessForbiddenError('no user set for backoffice submission') |
361 | 361 |
if not self.formdef.backoffice_submission_roles: |
362 | 362 |
raise AccessForbiddenError('no backoffice submission roles') |
363 |
if not set(user.roles or []).intersection(self.formdef.backoffice_submission_roles):
|
|
363 |
if not set(user.get_roles()).intersection(self.formdef.backoffice_submission_roles):
|
|
364 | 364 |
raise AccessForbiddenError('not cleared for backoffice submit') |
365 | 365 |
formdata.backoffice_submission = True |
366 | 366 |
elif 'user' in json_input: |
... | ... | |
454 | 454 |
continue |
455 | 455 |
authentication_required = True |
456 | 456 |
elif logged_users_role().id not in formdef.roles: |
457 |
for q in user.roles or []:
|
|
457 |
for q in user.get_roles():
|
|
458 | 458 |
if q in formdef.roles: |
459 | 459 |
break |
460 | 460 |
else: |
... | ... | |
465 | 465 |
if not formdef.backoffice_submission_roles: |
466 | 466 |
continue |
467 | 467 |
if not list_all_forms: |
468 |
for role in user.roles or []:
|
|
468 |
for role in user.get_roles():
|
|
469 | 469 |
if role in formdef.backoffice_submission_roles: |
470 | 470 |
break |
471 | 471 |
else: |
... | ... | |
675 | 675 |
if not query_user.can_go_in_backoffice(): |
676 | 676 |
raise AccessForbiddenError('user not allowed to query data from others') |
677 | 677 |
# mark forms that are readable by querying user |
678 |
user_roles = set(query_user.roles or [])
|
|
678 |
user_roles = set(query_user.get_roles())
|
|
679 | 679 |
if get_publisher().is_using_postgresql(): |
680 | 680 |
# use concerned_roles_array attribute that was saved in the |
681 | 681 |
# table. |
wcs/backoffice/data_management.py | ||
---|---|---|
37 | 37 |
return False |
38 | 38 |
# only include data management if there are accessible cards |
39 | 39 |
for carddef in CardDef.select(ignore_errors=True, lightweight=True, iterator=True): |
40 |
for role_id in (user.roles or []):
|
|
40 |
for role_id in user.get_roles():
|
|
41 | 41 |
if role_id in (carddef.backoffice_submission_roles or []): |
42 | 42 |
return True |
43 | 43 |
if role_id in (carddef.workflow_roles or {}).values(): |
... | ... | |
86 | 86 |
def listing_top_actions(self): |
87 | 87 |
if not self.formdef.backoffice_submission_roles: |
88 | 88 |
return '' |
89 |
for role in get_request().user.roles or []:
|
|
89 |
for role in get_request().user.get_roles():
|
|
90 | 90 |
if role in self.formdef.backoffice_submission_roles: |
91 | 91 |
break |
92 | 92 |
else: |
wcs/backoffice/management.py | ||
---|---|---|
216 | 216 |
html_top('management', _('Management')) |
217 | 217 |
# display list of open formdata for the user |
218 | 218 |
formdefs = [x for x in FormDef.select(lightweight=True) if not x.skip_from_360_view] |
219 |
user_roles = set([logged_users_role().id] + (get_request().user.roles or []))
|
|
219 |
user_roles = set([logged_users_role().id] + get_request().user.get_roles())
|
|
220 | 220 |
criterias = [Equal('is_at_endpoint', False), |
221 | 221 |
Equal('user_id', str(self.user.id)), |
222 | 222 |
Contains('formdef_id', [x.id for x in formdefs]), |
... | ... | |
468 | 468 |
r += get_session().display_message() |
469 | 469 | |
470 | 470 |
user = get_request().user |
471 |
user_roles = [logged_users_role().id] + (user.roles or [])
|
|
471 |
user_roles = [logged_users_role().id] + user.get_roles()
|
|
472 | 472 | |
473 | 473 |
forms_without_pending_stuff = [] |
474 | 474 |
forms_with_pending_stuff = [] |
... | ... | |
771 | 771 |
def get_global_listing_criterias(self, ignore_user_roles=False): |
772 | 772 |
parsed_values = {} |
773 | 773 |
user_roles = [logged_users_role().id] |
774 |
if get_request().user and get_request().user.roles:
|
|
775 |
user_roles.extend(get_request().user.roles)
|
|
774 |
if get_request().user: |
|
775 |
user_roles.extend(get_request().user.get_roles())
|
|
776 | 776 |
criterias = get_global_criteria(get_request(), parsed_values) |
777 | 777 |
query_parameters = (get_request().form or {}).copy() |
778 | 778 |
query_parameters.pop('callback', None) # when using jsonp |
... | ... | |
2020 | 2020 |
def _q_index(self): |
2021 | 2021 |
if self.filled.status == 'draft': |
2022 | 2022 |
if self.filled.backoffice_submission: |
2023 |
for role in get_request().user.roles or []:
|
|
2023 |
for role in get_request().user.get_roles():
|
|
2024 | 2024 |
if role in self.formdef.backoffice_submission_roles: |
2025 | 2025 |
return redirect('../../../submission/%s/%s' % ( |
2026 | 2026 |
self.formdef.url_name, self.filled.id)) |
... | ... | |
2061 | 2061 | |
2062 | 2062 |
if not visitors or me_in_visitors: |
2063 | 2063 |
related_user_forms = getattr(self.filled, 'related_user_forms', None) or [] |
2064 |
user_roles = set(get_request().user.roles or [])
|
|
2064 |
user_roles = set(get_request().user.get_roles())
|
|
2065 | 2065 |
for user_formdata in related_user_forms: |
2066 | 2066 |
if user_roles.intersection(user_formdata.actions_roles): |
2067 | 2067 |
user_formdata.mark_as_being_visited() |
... | ... | |
2201 | 2201 |
from wcs import sql |
2202 | 2202 |
formdata = self.filled |
2203 | 2203 |
r = TemplateIO(html=True) |
2204 |
user_roles = [logged_users_role().id] + (get_request().user.roles or [])
|
|
2204 |
user_roles = [logged_users_role().id] + get_request().user.get_roles()
|
|
2205 | 2205 |
criterias = [Equal('is_at_endpoint', False), |
2206 | 2206 |
Equal('user_id', str(formdata.user_id)), |
2207 | 2207 |
Intersects('concerned_roles_array', user_roles), |
wcs/backoffice/root.py | ||
---|---|---|
105 | 105 |
return subdirectory in ('settings', 'users') |
106 | 106 |
return False |
107 | 107 | |
108 |
user_roles = set(get_request().user.roles or [])
|
|
108 |
user_roles = set(get_request().user.get_roles())
|
|
109 | 109 |
authorised_roles = set(get_cfg('admin-permissions', {}).get(subdirectory) or []) |
110 | 110 |
if authorised_roles: |
111 | 111 |
# access is governed by roles set in the settings panel |
... | ... | |
247 | 247 |
# user connecting. |
248 | 248 |
user_roles = set() |
249 | 249 |
else: |
250 |
user_roles = set(get_request().user.roles or [])
|
|
250 |
user_roles = set(get_request().user.get_roles())
|
|
251 | 251 |
menu_items = [] |
252 | 252 |
backoffice_url = get_publisher().get_backoffice_url() |
253 | 253 |
if not backoffice_url.endswith('/'): |
wcs/backoffice/submission.py | ||
---|---|---|
124 | 124 |
return True |
125 | 125 |
if not self.formdef.backoffice_submission_roles: |
126 | 126 |
raise errors.AccessUnauthorizedError() |
127 |
for role in get_request().user.roles or []:
|
|
127 |
for role in get_request().user.get_roles():
|
|
128 | 128 |
if role in self.formdef.backoffice_submission_roles: |
129 | 129 |
break |
130 | 130 |
else: |
... | ... | |
276 | 276 |
continue |
277 | 277 |
if not formdef.backoffice_submission_roles: |
278 | 278 |
continue |
279 |
for role in user.roles or []:
|
|
279 |
for role in user.get_roles():
|
|
280 | 280 |
if role in formdef.backoffice_submission_roles: |
281 | 281 |
break |
282 | 282 |
else: |
wcs/formdef.py | ||
---|---|---|
1292 | 1292 |
# if the formdef itself has some function attributed to the user, grant |
1293 | 1293 |
# access. |
1294 | 1294 |
for role_id in self.workflow_roles.values(): |
1295 |
if role_id in (user.roles or []):
|
|
1295 |
if role_id in user.get_roles():
|
|
1296 | 1296 |
return True |
1297 | 1297 | |
1298 | 1298 |
# if there was some redispatching of function, values will be different |
1299 | 1299 |
# in formdata, check them. |
1300 | 1300 |
if formdata and formdata.workflow_roles: |
1301 | 1301 |
for role_id in formdata.workflow_roles.values(): |
1302 |
if role_id in (user.roles or []):
|
|
1302 |
if role_id in user.get_roles():
|
|
1303 | 1303 |
return True |
1304 | 1304 | |
1305 | 1305 |
# if no formdata was given, lookup if there are some existing formdata |
1306 | 1306 |
# where the user has access. |
1307 | 1307 |
if not formdata: |
1308 | 1308 |
data_class = self.data_class() |
1309 |
for role_id in user.roles or []:
|
|
1309 |
for role_id in user.get_roles():
|
|
1310 | 1310 |
if data_class.get_ids_with_indexed_value('workflow_roles', role_id): |
1311 | 1311 |
return True |
1312 | 1312 | |
... | ... | |
1321 | 1321 |
if user.is_admin: |
1322 | 1322 |
return True |
1323 | 1323 | |
1324 |
if user.roles: # set(None) raise an exception for python>2.6 |
|
1325 |
user_roles = set(user.roles) |
|
1326 |
else: |
|
1327 |
user_roles = set([]) |
|
1324 |
user_roles = set(user.get_roles()) |
|
1328 | 1325 |
user_roles.add(logged_users_role().id) |
1329 | 1326 | |
1330 | 1327 |
def ensure_role_are_strings(roles): |
... | ... | |
1354 | 1351 |
if user and user.is_admin: |
1355 | 1352 |
return True |
1356 | 1353 | |
1357 |
if user and user.roles:
|
|
1358 |
user_roles = set(user.roles)
|
|
1354 |
if user: |
|
1355 |
user_roles = set(user.get_roles())
|
|
1359 | 1356 |
else: |
1360 | 1357 |
user_roles = set([]) |
1361 | 1358 |
wcs/forms/backoffice.py | ||
---|---|---|
124 | 124 |
drafts = {x: True for x in formdata_class.get_ids_with_indexed_value('status', 'draft')} |
125 | 125 |
item_ids = [x for x in item_ids if x not in drafts] |
126 | 126 |
elif selected_filter == 'waiting': |
127 |
user_roles = [logged_users_role().id] + (user.roles or [])
|
|
127 |
user_roles = [logged_users_role().id] + user.get_roles()
|
|
128 | 128 |
item_ids = formdata_class.get_actionable_ids(user_roles) |
129 | 129 |
else: |
130 | 130 |
applied_filters = [] |
... | ... | |
154 | 154 |
# situation where the user is the submitter, and we limit ourselves |
155 | 155 |
# to consider treating roles. |
156 | 156 |
if not user.is_admin: |
157 |
user_roles = set(user.roles or [])
|
|
157 |
user_roles = set(user.get_roles())
|
|
158 | 158 |
concerned_ids = set() |
159 | 159 |
for role in user_roles: |
160 | 160 |
concerned_ids |= set(formdata_class.get_ids_with_indexed_value( |
wcs/forms/root.py | ||
---|---|---|
233 | 233 |
raise errors.AccessUnauthorizedError() |
234 | 234 |
if logged_users_role().id not in self.formdef.roles and not ( |
235 | 235 |
self.user and self.user.is_admin): |
236 |
if self.user and self.user.roles:
|
|
237 |
user_roles = set(self.user.roles)
|
|
236 |
if self.user: |
|
237 |
user_roles = set(self.user.get_roles())
|
|
238 | 238 |
else: |
239 | 239 |
user_roles = set([]) |
240 | 240 |
other_roles = (self.formdef.roles or []) |
... | ... | |
1373 | 1373 |
advertised_forms.append(formdef) |
1374 | 1374 |
continue |
1375 | 1375 |
if logged_users_role().id not in formdef.roles: |
1376 |
for q in user.roles or []:
|
|
1376 |
for q in user.get_roles():
|
|
1377 | 1377 |
if q in formdef.roles: |
1378 | 1378 |
break |
1379 | 1379 |
else: |
wcs/forms/workflows.py | ||
---|---|---|
52 | 52 |
break |
53 | 53 |
if not user: |
54 | 54 |
continue |
55 |
if get_role_translation(self.formdata, role) in (user.roles or []):
|
|
55 |
if get_role_translation(self.formdata, role) in user.get_roles():
|
|
56 | 56 |
break |
57 | 57 |
else: |
58 | 58 |
raise errors.AccessForbiddenError('insufficient roles') |
wcs/users.py | ||
---|---|---|
87 | 87 |
return _('Unknown User') |
88 | 88 |
display_name = property(get_display_name) |
89 | 89 | |
90 |
def get_roles(self): |
|
91 |
return (self.roles or []) |
|
92 | ||
90 | 93 |
def set_attributes_from_formdata(self, formdata): |
91 | 94 |
users_cfg = get_cfg('users', {}) |
92 | 95 |
wcs/workflows.py | ||
---|---|---|
425 | 425 |
break |
426 | 426 |
roles = [get_role_translation(formdata, x) |
427 | 427 |
for x in (trigger.roles or []) if x != '_submitter'] |
428 |
if set(roles).intersection(user.roles or []):
|
|
428 |
if set(roles).intersection(user.get_roles()):
|
|
429 | 429 |
actions.append(action) |
430 | 430 |
break |
431 | 431 |
return actions |
... | ... | |
1439 | 1439 |
if user is None: |
1440 | 1440 |
continue |
1441 | 1441 |
role = get_role_translation(filled, role) |
1442 |
if role in (user.roles or []):
|
|
1442 |
if role in user.get_roles():
|
|
1443 | 1443 |
break |
1444 | 1444 |
else: |
1445 | 1445 |
continue |
... | ... | |
1514 | 1514 |
return True |
1515 | 1515 | |
1516 | 1516 |
if user: |
1517 |
user_roles = set(user.roles or [])
|
|
1517 |
user_roles = set(user.get_roles())
|
|
1518 | 1518 |
user_roles.add(logged_users_role().id) |
1519 | 1519 |
else: |
1520 | 1520 |
user_roles = set([]) |
... | ... | |
1699 | 1699 |
if not user: |
1700 | 1700 |
continue |
1701 | 1701 |
role = get_role_translation(formdata, role) |
1702 |
if role in (user.roles or []):
|
|
1702 |
if role in user.get_roles():
|
|
1703 | 1703 |
return True |
1704 | 1704 | |
1705 | 1705 |
return False |
... | ... | |
2696 | 2696 |
return True |
2697 | 2697 |
elif user: |
2698 | 2698 |
role = get_role_translation(filled, role) |
2699 |
if role in (user.roles or []):
|
|
2699 |
if role in user.get_roles():
|
|
2700 | 2700 |
return True |
2701 | 2701 |
return False |
2702 | 2702 | |
2703 |
- |