Blame - crashreports/permissions.py - tools/hiccup/hiccup-server

blob: ff79149f111fb1bae18a4c229bfa9ef808ff6b73 [file] [log] [blame]

Dirk Vogt	c9e10ab	2016-10-12 13:58:15 +0200	[diff] [blame]	1	from crashreports.models import Device
				2	from rest_framework.permissions import BasePermission
				3
				4
Dirk Vogt	7160b5e	2016-10-12 17:04:40 +0200	[diff] [blame]	5	def user_owns_uuid(user, uuid):
				6	try:
				7	device = Device.objects.get(user=user)
				8	except:
				9	return False
				10	if (uuid == device.uuid):
				11	return True
				12	return False
				13
				14
				15	def user_is_hiccup_staff(user):
Borjan Tchakaloff	fa134bd	2018-04-09 16:16:11 +0200	[diff] [blame]	16	if (user.groups.filter(name='FairphoneSoftwareTeam').exists()):
				17	return True
				18	else:
				19	return user.has_perms([
				20	# Crashreports
				21	'crashreports.add_crashreport', 'crashreports.change_crashreport',
				22	'crashreports.del_crashreport',
				23	# Heartbeats
				24	'heartbeat.add_crashreport', 'heartbeat.change_crashreport',
				25	'heartbeat.del_crashreport',
				26	# Logfiles
				27	'heartbeat.add_logfile', 'heartbeat.change_logfile',
				28	'heartbeat.del_logfile',
				29	])
Dirk Vogt	7160b5e	2016-10-12 17:04:40 +0200	[diff] [blame]	30
Borjan Tchakaloff	fa134bd	2018-04-09 16:16:11 +0200	[diff] [blame]	31	class HasStatsAccess(BasePermission):
				32	def has_permission(self, request, view):
				33	return user_is_hiccup_staff(request.user)
Dirk Vogt	7160b5e	2016-10-12 17:04:40 +0200	[diff] [blame]	34
Dirk Vogt	c9e10ab	2016-10-12 13:58:15 +0200	[diff] [blame]	35	class HasRightsOrIsDeviceOwnerDeviceCreation(BasePermission):
Dirk Vogt	c9e10ab	2016-10-12 13:58:15 +0200	[diff] [blame]	36	def has_permission(self, request, view):
Dirk Vogt	7160b5e	2016-10-12 17:04:40 +0200	[diff] [blame]	37	if (user_is_hiccup_staff(request.user)):
Dirk Vogt	c9e10ab	2016-10-12 13:58:15 +0200	[diff] [blame]	38	return True
Dirk Vogt	57a615d	2017-05-04 22:29:54 +0200	[diff] [blame]	39
Dirk Vogt	c9e10ab	2016-10-12 13:58:15 +0200	[diff] [blame]	40	# special case:
				41	# user is the owner of a device. in this case creations are allowed.
				42	# we have to check if the device with the supplied uuid indeed
				43	# belongs to the user
				44	if request.method == 'POST':
Dirk Vogt	c9e10ab	2016-10-12 13:58:15 +0200	[diff] [blame]	45	if ('uuid' not in request.data):
				46	return False
Dirk Vogt	7160b5e	2016-10-12 17:04:40 +0200	[diff] [blame]	47	return user_owns_uuid(request.user, request.data["uuid"])
Dirk Vogt	c9e10ab	2016-10-12 13:58:15 +0200	[diff] [blame]	48	return False