richard
/
doccano
mirror of https://github.com/doccano/doccano.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1288 Commits
11 Branches
32 Tags
77 MiB
Tree: 8721b91698
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '8721b91698'
${ noResults }
doccano/app/api/permissions.py

96 lines
2.8 KiB
Raw Normal View History

Role and RoleMapping Models
5 years ago
Add permissions.py
6 years ago
Role and RoleMapping Models
5 years ago
Add permissions.py
6 years ago
Role and RoleMapping Models
5 years ago
Add permissions.py
6 years ago
Role and RoleMapping Models
5 years ago
code quality updates
5 years ago
Role and RoleMapping Models
5 years ago
Add permissions.py
6 years ago
Fix 403 when project admin accesses edit pages
5 years ago
Add permissions.py
6 years ago
Fix 403 when project admin accesses edit pages
5 years ago
Add annotation api
5 years ago
Role and RoleMapping Models
5 years ago
Add annotation api
5 years ago
Enable superuser to delete user annotations
5 years ago
Role and RoleMapping Models
5 years ago
Add annotation api
5 years ago
Role and RoleMapping Models
5 years ago
Inline is_superuser check
5 years ago
Role and RoleMapping Models
5 years ago
Inline is_superuser check
5 years ago
Role and RoleMapping Models
5 years ago
Replace 'isSuperUser' with specific roles required for frontend
5 years ago
Role and RoleMapping Models
5 years ago
Fix spacing
5 years ago
Role and RoleMapping Models
5 years ago
Replace 'isSuperUser' with specific roles required for frontend
5 years ago
Role and RoleMapping Models
5 years ago
Fix spacing
5 years ago
Replace 'isSuperUser' with specific roles required for frontend
5 years ago
Role and RoleMapping Models
5 years ago
Fix spacing
5 years ago
Role and RoleMapping Models
5 years ago
Replace 'isSuperUser' with specific roles required for frontend
5 years ago
Role and RoleMapping Models
5 years ago
Fix spacing
5 years ago
Role and RoleMapping Models
5 years ago
  1. from django.conf import settings
  2. from django.contrib.auth.mixins import UserPassesTestMixin
  3. from django.db.models import Subquery
  4. from django.shortcuts import get_object_or_404
  5. from rest_framework.permissions import BasePermission, SAFE_METHODS, IsAdminUser
  7. from .models import Project, Role, RoleMapping
  10. class ProjectMixin:
  11. @classmethod
  12. def get_project_id(self, request, view):
  13. return view.kwargs.get('project_id') or request.query_params.get('project_id')
  16. class IsAdminUserAndWriteOnly(BasePermission):
  18. def has_permission(self, request, view):
  19. if request.method in SAFE_METHODS:
  20. return True
  22. return IsAdminUser().has_permission(request, view)
  25. class ProjectAdminMixin(UserPassesTestMixin):
  26. def test_func(self):
  27. return self.request.user.is_superuser or is_in_role(
  28. role_name=IsProjectAdmin.role_name,
  29. user_id=self.request.user.id,
  30. project_id=self.kwargs['project_id'],
  31. )
  34. class IsOwnAnnotation(ProjectMixin, BasePermission):
  36. def has_permission(self, request, view):
  37. if request.user.is_superuser:
  38. return True
  40. project_id = self.get_project_id(request, view)
  41. annotation_id = view.kwargs.get('annotation_id')
  42. project = get_object_or_404(Project, pk=project_id)
  43. model = project.get_annotation_class()
  44. annotation = model.objects.filter(id=annotation_id, user=request.user)
  46. return annotation.exists()
  49. class RolePermission(ProjectMixin, BasePermission):
  50. UNSAFE_METHODS = ('POST', 'PATCH', 'DELETE')
  51. unsafe_methods_check = True
  52. role_name = ''
  54. def has_permission(self, request, view):
  55. if request.user.is_superuser:
  56. return True
  58. if self.unsafe_methods_check and request.method in self.UNSAFE_METHODS:
  59. return request.user.is_superuser
  61. project_id = self.get_project_id(request, view)
  62. if not project_id and request.method in SAFE_METHODS:
  63. return True
  65. return is_in_role(self.role_name, request.user.id, project_id)
  68. class IsProjectAdmin(RolePermission):
  69. unsafe_methods_check = False
  70. role_name = settings.ROLE_PROJECT_ADMIN
  73. class IsAnnotatorAndReadOnly(RolePermission):
  74. role_name = settings.ROLE_ANNOTATOR
  77. class IsAnnotator(RolePermission):
  78. unsafe_methods_check = False
  79. role_name = settings.ROLE_ANNOTATOR
  82. class IsAnnotationApproverAndReadOnly(RolePermission):
  83. role_name = settings.ROLE_ANNOTATION_APPROVER
  86. class IsAnnotationApprover(RolePermission):
  87. unsafe_methods_check = False
  88. role_name = settings.ROLE_ANNOTATION_APPROVER
  91. def is_in_role(role_name, user_id, project_id):
  92. return RoleMapping.objects.filter(
  93. user_id=user_id,
  94. project_id=project_id,
  95. role_id=Subquery(Role.objects.filter(name=role_name).values('id')),
  96. ).exists()