| Dirk Vogt | c9e10ab | 2016-10-12 13:58:15 +0200 | [diff] [blame] | 1 | from crashreports.models import Device |
| 2 | from rest_framework.permissions import BasePermission |
| 3 | |
| 4 | |
| Dirk Vogt | 7160b5e | 2016-10-12 17:04:40 +0200 | [diff] [blame] | 5 | def user_owns_uuid(user, uuid): |
| 6 | try: |
| 7 | device = Device.objects.get(user=user) |
| 8 | except: |
| 9 | return False |
| Mitja Nikolaus | cb50f2c | 2018-08-24 13:54:48 +0200 | [diff] [blame^] | 10 | if uuid == device.uuid: |
| Dirk Vogt | 7160b5e | 2016-10-12 17:04:40 +0200 | [diff] [blame] | 11 | return True |
| 12 | return False |
| 13 | |
| 14 | |
| 15 | def user_is_hiccup_staff(user): |
| Mitja Nikolaus | cb50f2c | 2018-08-24 13:54:48 +0200 | [diff] [blame^] | 16 | if user.groups.filter(name="FairphoneSoftwareTeam").exists(): |
| Borjan Tchakaloff | fa134bd | 2018-04-09 16:16:11 +0200 | [diff] [blame] | 17 | return True |
| 18 | else: |
| Mitja Nikolaus | cb50f2c | 2018-08-24 13:54:48 +0200 | [diff] [blame^] | 19 | return user.has_perms( |
| 20 | [ |
| 21 | # Crashreports |
| 22 | "crashreports.add_crashreport", |
| 23 | "crashreports.change_crashreport", |
| 24 | "crashreports.del_crashreport", |
| 25 | # Heartbeats |
| 26 | "heartbeat.add_crashreport", |
| 27 | "heartbeat.change_crashreport", |
| 28 | "heartbeat.del_crashreport", |
| 29 | # Logfiles |
| 30 | "heartbeat.add_logfile", |
| 31 | "heartbeat.change_logfile", |
| 32 | "heartbeat.del_logfile", |
| 33 | ] |
| 34 | ) |
| 35 | |
| Dirk Vogt | 7160b5e | 2016-10-12 17:04:40 +0200 | [diff] [blame] | 36 | |
| Borjan Tchakaloff | fa134bd | 2018-04-09 16:16:11 +0200 | [diff] [blame] | 37 | class HasStatsAccess(BasePermission): |
| 38 | def has_permission(self, request, view): |
| 39 | return user_is_hiccup_staff(request.user) |
| Dirk Vogt | 7160b5e | 2016-10-12 17:04:40 +0200 | [diff] [blame] | 40 | |
| Mitja Nikolaus | cb50f2c | 2018-08-24 13:54:48 +0200 | [diff] [blame^] | 41 | |
| Dirk Vogt | c9e10ab | 2016-10-12 13:58:15 +0200 | [diff] [blame] | 42 | class HasRightsOrIsDeviceOwnerDeviceCreation(BasePermission): |
| Dirk Vogt | c9e10ab | 2016-10-12 13:58:15 +0200 | [diff] [blame] | 43 | def has_permission(self, request, view): |
| Mitja Nikolaus | cb50f2c | 2018-08-24 13:54:48 +0200 | [diff] [blame^] | 44 | if user_is_hiccup_staff(request.user): |
| Dirk Vogt | c9e10ab | 2016-10-12 13:58:15 +0200 | [diff] [blame] | 45 | return True |
| Dirk Vogt | 57a615d | 2017-05-04 22:29:54 +0200 | [diff] [blame] | 46 | |
| Dirk Vogt | c9e10ab | 2016-10-12 13:58:15 +0200 | [diff] [blame] | 47 | # special case: |
| 48 | # user is the owner of a device. in this case creations are allowed. |
| 49 | # we have to check if the device with the supplied uuid indeed |
| 50 | # belongs to the user |
| Mitja Nikolaus | cb50f2c | 2018-08-24 13:54:48 +0200 | [diff] [blame^] | 51 | if request.method == "POST": |
| 52 | if "uuid" not in request.data: |
| Dirk Vogt | c9e10ab | 2016-10-12 13:58:15 +0200 | [diff] [blame] | 53 | return False |
| Dirk Vogt | 7160b5e | 2016-10-12 17:04:40 +0200 | [diff] [blame] | 54 | return user_owns_uuid(request.user, request.data["uuid"]) |
| Dirk Vogt | c9e10ab | 2016-10-12 13:58:15 +0200 | [diff] [blame] | 55 | return False |