richard
/
doccano
mirror of https://github.com/doccano/doccano.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
844 Commits
14 Branches
32 Tags
77 MiB
Tree: 6f217bd7cb
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '6f217bd7cb'
${ noResults }
doccano/app/api/permissions.py

93 lines
2.7 KiB
Raw Normal View History

Role and RoleMapping Models
5 years ago
Add permissions.py
6 years ago
Role and RoleMapping Models
5 years ago
Add permissions.py
6 years ago
Role and RoleMapping Models
5 years ago
Add permissions.py
6 years ago
Role and RoleMapping Models
5 years ago
code quality updates
5 years ago
Role and RoleMapping Models
5 years ago
Add permissions.py
6 years ago
Fix 403 when project admin accesses edit pages
5 years ago
Add permissions.py
6 years ago
Fix 403 when project admin accesses edit pages
5 years ago
Add annotation api
5 years ago
Role and RoleMapping Models
5 years ago
Add annotation api
5 years ago
Role and RoleMapping Models
5 years ago
Add annotation api
5 years ago
Role and RoleMapping Models
5 years ago
Inline is_superuser check
5 years ago
Role and RoleMapping Models
5 years ago
Inline is_superuser check
5 years ago
Role and RoleMapping Models
5 years ago
Replace 'isSuperUser' with specific roles required for frontend
5 years ago
Role and RoleMapping Models
5 years ago
Fix spacing
5 years ago
Role and RoleMapping Models
5 years ago
Replace 'isSuperUser' with specific roles required for frontend
5 years ago
Role and RoleMapping Models
5 years ago
Fix spacing
5 years ago
Replace 'isSuperUser' with specific roles required for frontend
5 years ago
Role and RoleMapping Models
5 years ago
Fix spacing
5 years ago
Role and RoleMapping Models
5 years ago
Replace 'isSuperUser' with specific roles required for frontend
5 years ago
Role and RoleMapping Models
5 years ago
Fix spacing
5 years ago
Role and RoleMapping Models
5 years ago
  1. from django.conf import settings
  2. from django.contrib.auth.mixins import UserPassesTestMixin
  3. from django.db.models import Subquery
  4. from django.shortcuts import get_object_or_404
  5. from rest_framework.permissions import BasePermission, SAFE_METHODS, IsAdminUser
  7. from .models import Project, Role, RoleMapping
  10. class ProjectMixin:
  11. @classmethod
  12. def get_project_id(self, request, view):
  13. return view.kwargs.get('project_id') or request.query_params.get('project_id')
  16. class IsAdminUserAndWriteOnly(BasePermission):
  18. def has_permission(self, request, view):
  19. if request.method in SAFE_METHODS:
  20. return True
  22. return IsAdminUser().has_permission(request, view)
  25. class ProjectAdminMixin(UserPassesTestMixin):
  26. def test_func(self):
  27. return self.request.user.is_superuser or is_in_role(
  28. role_name=IsProjectAdmin.role_name,
  29. user_id=self.request.user.id,
  30. project_id=self.kwargs['project_id'],
  31. )
  34. class IsOwnAnnotation(ProjectMixin, BasePermission):
  36. def has_permission(self, request, view):
  37. project_id = self.get_project_id(request, view)
  38. annotation_id = view.kwargs.get('annotation_id')
  39. project = get_object_or_404(Project, pk=project_id)
  40. model = project.get_annotation_class()
  41. annotation = model.objects.filter(id=annotation_id, user=request.user)
  43. return annotation.exists()
  46. class RolePermission(ProjectMixin, BasePermission):
  47. UNSAFE_METHODS = ('POST', 'PATCH', 'DELETE')
  48. unsafe_methods_check = True
  49. role_name = ''
  51. def has_permission(self, request, view):
  52. if request.user.is_superuser:
  53. return True
  55. if self.unsafe_methods_check and request.method in self.UNSAFE_METHODS:
  56. return request.user.is_superuser
  58. project_id = self.get_project_id(request, view)
  59. if not project_id and request.method in SAFE_METHODS:
  60. return True
  62. return is_in_role(self.role_name, request.user.id, project_id)
  65. class IsProjectAdmin(RolePermission):
  66. unsafe_methods_check = False
  67. role_name = settings.ROLE_PROJECT_ADMIN
  70. class IsAnnotatorAndReadOnly(RolePermission):
  71. role_name = settings.ROLE_ANNOTATOR
  74. class IsAnnotator(RolePermission):
  75. unsafe_methods_check = False
  76. role_name = settings.ROLE_ANNOTATOR
  79. class IsAnnotationApproverAndReadOnly(RolePermission):
  80. role_name = settings.ROLE_ANNOTATION_APPROVER
  83. class IsAnnotationApprover(RolePermission):
  84. unsafe_methods_check = False
  85. role_name = settings.ROLE_ANNOTATION_APPROVER
  88. def is_in_role(role_name, user_id, project_id):
  89. return RoleMapping.objects.filter(
  90. user_id=user_id,
  91. project_id=project_id,
  92. role_id=Subquery(Role.objects.filter(name=role_name).values('id')),
  93. ).exists()