Skip to content

Commit

Permalink
Merge pull request #1531 from DDMAL/fixed-1527-permissions
Browse files Browse the repository at this point in the history
Fixed: Allow superusers all access
  • Loading branch information
dchiller authored Jun 14, 2024
2 parents c987e1c + ea9a0f2 commit e50b82f
Showing 1 changed file with 25 additions and 18 deletions.
43 changes: 25 additions & 18 deletions django/cantusdb_project/main_app/permissions.py
Original file line number Diff line number Diff line change
Expand Up @@ -14,11 +14,14 @@ def user_can_edit_chants_in_source(user: User, source: Optional[Source]) -> bool
Used in ChantDetail, ChantList, ChantCreate, ChantDelete, ChantEdit,
ChantEditSyllabification, and SourceDetail views.
"""
if user.is_anonymous or (source is None):
if user.is_superuser:
return True

if user.is_anonymous or source is None:
return False

source_id = source.id
user_is_assigned_to_source: bool = user.sources_user_can_edit.filter(
user_is_assigned_to_source: bool = user.sources_user_can_edit.filter( # noqa
id=source_id
).exists()

Expand All @@ -27,7 +30,7 @@ def user_can_edit_chants_in_source(user: User, source: Optional[Source]) -> bool
user_is_contributor: bool = user.groups.filter(name="contributor").exists()

return (
(user_is_project_manager)
user_is_project_manager
or (user_is_editor and user_is_assigned_to_source)
or (user_is_editor and source.created_by == user)
or (user_is_contributor and user_is_assigned_to_source)
Expand All @@ -40,26 +43,29 @@ def user_can_proofread_chant(user: User, chant: Chant) -> bool:
Checks if the user can access the proofreading page of a given Source.
Used in SourceEditChantsView.
"""
source_id = chant.source.id
if user.is_superuser:
return True

if user.is_anonymous:
return False
user_is_assigned_to_source: bool = user.sources_user_can_edit.filter(

source_id = chant.source.id
user_is_assigned_to_source: bool = user.sources_user_can_edit.filter( # noqa
id=source_id
).exists()

user_is_project_manager: bool = user.groups.filter(name="project manager").exists()
user_is_editor: bool = user.groups.filter(name="editor").exists()

return (user_is_project_manager) or (user_is_editor and user_is_assigned_to_source)
return user_is_project_manager or (user_is_editor and user_is_assigned_to_source)


def user_can_view_source(user: User, source: Source) -> bool:
"""
Checks if the user can view an unpublished Source on the site.
Used in ChantDetail, SequenceDetail, and SourceDetail views.
"""
user_is_authenticated: bool = user.is_authenticated
return (source.published) or (user_is_authenticated)
return source.published or user.is_authenticated


def user_can_view_chant(user: User, chant: Chant) -> bool:
Expand All @@ -68,8 +74,7 @@ def user_can_view_chant(user: User, chant: Chant) -> bool:
Used in ChantDetail, SequenceDetail, and SourceDetail views.
"""
source = chant.source
user_is_authenticated: bool = user.is_authenticated
return (source is not None) and ((source.published) or (user_is_authenticated))
return (source is not None) and (source.published or user.is_authenticated)


def user_can_view_sequence(user: User, sequence: Sequence) -> bool:
Expand All @@ -78,21 +83,23 @@ def user_can_view_sequence(user: User, sequence: Sequence) -> bool:
Used in ChantDetail, SequenceDetail, and SourceDetail views.
"""
source = sequence.source
user_is_authenticated: bool = user.is_authenticated
return (source is not None) and ((source.published) or (user_is_authenticated))
return (source is not None) and (source.published or user.is_authenticated)


def user_can_edit_sequences(user: User, sequence: Sequence) -> bool:
"""
Checks if the user has permission to edit a Sequence object.
Used in SequenceDetail and SequenceEdit views.
"""
if user.is_superuser:
return True

source = sequence.source
if user.is_anonymous or (source is None):
if user.is_anonymous or source is None:
return False

source_id = source.id
user_is_assigned_to_source: bool = user.sources_user_can_edit.filter(
user_is_assigned_to_source: bool = user.sources_user_can_edit.filter( # noqa
id=source_id
).exists()

Expand All @@ -101,7 +108,7 @@ def user_can_edit_sequences(user: User, sequence: Sequence) -> bool:
user_is_contributor: bool = user.groups.filter(name="contributor").exists()

return (
(user_is_project_manager)
user_is_project_manager
or (user_is_editor and user_is_assigned_to_source)
or (user_is_editor and source.created_by == user)
or (user_is_contributor and user_is_assigned_to_source)
Expand All @@ -128,14 +135,14 @@ def user_can_edit_source(user: User, source: Source) -> bool:
if user.is_anonymous:
return False
source_id = source.id
assigned_to_source = user.sources_user_can_edit.filter(id=source_id)
assigned_to_source = user.sources_user_can_edit.filter(id=source_id) # noqa

is_project_manager: bool = user.groups.filter(name="project manager").exists()
is_editor: bool = user.groups.filter(name="editor").exists()
is_contributor: bool = user.groups.filter(name="contributor").exists()

return (
(is_project_manager)
is_project_manager
or (is_editor and assigned_to_source)
or (is_editor and source.created_by == user)
or (is_contributor and source.created_by == user)
Expand All @@ -155,4 +162,4 @@ def user_can_manage_source_editors(user: User) -> bool:
Checks if the user has permission to change the editors assigned to a Source.
Used in SourceDetailView.
"""
return user.is_staff or user.groups.filter(name="project manager").exists()
return user.is_superuser or user.is_staff or user.groups.filter(name="project manager").exists()

0 comments on commit e50b82f

Please sign in to comment.