richard
/
doccano
mirror of https://github.com/doccano/doccano.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2144 Commits
11 Branches
32 Tags
77 MiB
Tree: 146726a3cd
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '146726a3cd'
${ noResults }
doccano/backend/api/permissions.py

110 lines
3.3 KiB
Raw Normal View History

Role and RoleMapping Models
5 years ago
Add permissions.py
6 years ago
Role and RoleMapping Models
5 years ago
Add permissions.py
6 years ago
Add linter to the workflow
3 years ago
Add permissions.py
6 years ago
Role and RoleMapping Models
5 years ago
Add permissions.py
6 years ago
Role and RoleMapping Models
5 years ago
code quality updates
5 years ago
Role and RoleMapping Models
5 years ago
Add permissions.py
6 years ago
Fix 403 when project admin accesses edit pages
5 years ago
Add permissions.py
6 years ago
Fix 403 when project admin accesses edit pages
5 years ago
Add annotation api
5 years ago
Role and RoleMapping Models
5 years ago
Add annotation api
5 years ago
Enable superuser to delete user annotations
5 years ago
Role and RoleMapping Models
5 years ago
Add annotation api
5 years ago
Role and RoleMapping Models
5 years ago
Add option to comment on documents
4 years ago
Fix codacy
4 years ago
Add option to comment on documents
4 years ago
Role and RoleMapping Models
5 years ago
Inline is_superuser check
5 years ago
Role and RoleMapping Models
5 years ago
Inline is_superuser check
5 years ago
Role and RoleMapping Models
5 years ago
Replace 'isSuperUser' with specific roles required for frontend
5 years ago
Role and RoleMapping Models
5 years ago
Fix spacing
5 years ago
Role and RoleMapping Models
5 years ago
Replace 'isSuperUser' with specific roles required for frontend
5 years ago
Role and RoleMapping Models
5 years ago
Fix spacing
5 years ago
Replace 'isSuperUser' with specific roles required for frontend
5 years ago
Role and RoleMapping Models
5 years ago
Fix spacing
5 years ago
Role and RoleMapping Models
5 years ago
Replace 'isSuperUser' with specific roles required for frontend
5 years ago
Role and RoleMapping Models
5 years ago
Fix spacing
5 years ago
Role and RoleMapping Models
5 years ago
Separate views
3 years ago
  1. from django.conf import settings
  2. from django.contrib.auth.mixins import UserPassesTestMixin
  3. from django.db.models import Subquery
  4. from django.shortcuts import get_object_or_404
  5. from rest_framework.permissions import (SAFE_METHODS, BasePermission,
  6. IsAdminUser)
  8. from .models import Project, Role, RoleMapping
  11. class ProjectMixin:
  12. @classmethod
  13. def get_project_id(self, request, view):
  14. return view.kwargs.get('project_id') or request.query_params.get('project_id')
  17. class IsAdminUserAndWriteOnly(BasePermission):
  19. def has_permission(self, request, view):
  20. if request.method in SAFE_METHODS:
  21. return True
  23. return IsAdminUser().has_permission(request, view)
  26. class ProjectAdminMixin(UserPassesTestMixin):
  27. def test_func(self):
  28. return self.request.user.is_superuser or is_in_role(
  29. role_name=IsProjectAdmin.role_name,
  30. user_id=self.request.user.id,
  31. project_id=self.kwargs['project_id'],
  32. )
  35. class IsOwnAnnotation(ProjectMixin, BasePermission):
  37. def has_permission(self, request, view):
  38. if request.user.is_superuser:
  39. return True
  41. project_id = self.get_project_id(request, view)
  42. annotation_id = view.kwargs.get('annotation_id')
  43. project = get_object_or_404(Project, pk=project_id)
  44. model = project.get_annotation_class()
  45. annotation = model.objects.filter(id=annotation_id, user=request.user)
  47. return annotation.exists()
  50. class IsOwnComment(ProjectMixin, BasePermission):
  51. @classmethod
  52. def has_object_permission(cls, request, view, obj):
  53. if request.user.is_superuser:
  54. return True
  56. return obj.user.id == request.user.id
  59. class RolePermission(ProjectMixin, BasePermission):
  60. UNSAFE_METHODS = ('POST', 'PATCH', 'DELETE')
  61. unsafe_methods_check = True
  62. role_name = ''
  64. def has_permission(self, request, view):
  65. if request.user.is_superuser:
  66. return True
  68. if self.unsafe_methods_check and request.method in self.UNSAFE_METHODS:
  69. return request.user.is_superuser
  71. project_id = self.get_project_id(request, view)
  72. if not project_id and request.method in SAFE_METHODS:
  73. return True
  75. return is_in_role(self.role_name, request.user.id, project_id)
  78. class IsProjectAdmin(RolePermission):
  79. unsafe_methods_check = False
  80. role_name = settings.ROLE_PROJECT_ADMIN
  83. class IsAnnotatorAndReadOnly(RolePermission):
  84. role_name = settings.ROLE_ANNOTATOR
  87. class IsAnnotator(RolePermission):
  88. unsafe_methods_check = False
  89. role_name = settings.ROLE_ANNOTATOR
  92. class IsAnnotationApproverAndReadOnly(RolePermission):
  93. role_name = settings.ROLE_ANNOTATION_APPROVER
  96. class IsAnnotationApprover(RolePermission):
  97. unsafe_methods_check = False
  98. role_name = settings.ROLE_ANNOTATION_APPROVER
  101. def is_in_role(role_name, user_id, project_id):
  102. return RoleMapping.objects.filter(
  103. user_id=user_id,
  104. project_id=project_id,
  105. role_id=Subquery(Role.objects.filter(name=role_name).values('id')),
  106. ).exists()
  109. IsInProjectReadOnlyOrAdmin = (IsAnnotatorAndReadOnly | IsAnnotationApproverAndReadOnly | IsProjectAdmin)
  110. IsInProjectOrAdmin = (IsAnnotator | IsAnnotationApprover | IsProjectAdmin)