Mitja Nikolaus | 6a67913 | 2018-08-30 14:35:29 +0200 | [diff] [blame] | 1 | """Authorization permission classes for accessing the API.""" |
| 2 | |
Dirk Vogt | c9e10ab | 2016-10-12 13:58:15 +0200 | [diff] [blame] | 3 | from rest_framework.permissions import BasePermission |
Mitja Nikolaus | bcaf502 | 2018-08-30 16:40:38 +0200 | [diff] [blame] | 4 | from crashreports.models import Device |
Dirk Vogt | c9e10ab | 2016-10-12 13:58:15 +0200 | [diff] [blame] | 5 | |
| 6 | |
Dirk Vogt | 7160b5e | 2016-10-12 17:04:40 +0200 | [diff] [blame] | 7 | def user_owns_uuid(user, uuid): |
Mitja Nikolaus | 6a67913 | 2018-08-30 14:35:29 +0200 | [diff] [blame] | 8 | """Determine whether a user is owning the device with the given UUID. |
| 9 | |
| 10 | Args: |
| 11 | user: The user making the request. |
| 12 | uuid: The UUID of the device to be manipulated. |
| 13 | |
| 14 | Returns: True if the user owns the device. |
| 15 | |
| 16 | """ |
Dirk Vogt | 7160b5e | 2016-10-12 17:04:40 +0200 | [diff] [blame] | 17 | try: |
| 18 | device = Device.objects.get(user=user) |
| 19 | except: |
| 20 | return False |
Mitja Nikolaus | cb50f2c | 2018-08-24 13:54:48 +0200 | [diff] [blame] | 21 | if uuid == device.uuid: |
Dirk Vogt | 7160b5e | 2016-10-12 17:04:40 +0200 | [diff] [blame] | 22 | return True |
| 23 | return False |
| 24 | |
| 25 | |
| 26 | def user_is_hiccup_staff(user): |
Mitja Nikolaus | 6a67913 | 2018-08-30 14:35:29 +0200 | [diff] [blame] | 27 | """Determine whether a user is part of the Hiccup staff. |
| 28 | |
| 29 | Returns true if either the user is part of the group |
| 30 | "FairphoneSoftwareTeam", or he/she has all permissions for manipulating |
| 31 | crashreports, heartbeats and logfiles. |
| 32 | |
| 33 | Args: |
| 34 | user: The user making the request. |
| 35 | |
| 36 | Returns: True if user is part of the Hiccup staff. |
| 37 | |
| 38 | """ |
Mitja Nikolaus | cb50f2c | 2018-08-24 13:54:48 +0200 | [diff] [blame] | 39 | if user.groups.filter(name="FairphoneSoftwareTeam").exists(): |
Borjan Tchakaloff | fa134bd | 2018-04-09 16:16:11 +0200 | [diff] [blame] | 40 | return True |
| 41 | else: |
Mitja Nikolaus | cb50f2c | 2018-08-24 13:54:48 +0200 | [diff] [blame] | 42 | return user.has_perms( |
| 43 | [ |
| 44 | # Crashreports |
| 45 | "crashreports.add_crashreport", |
| 46 | "crashreports.change_crashreport", |
| 47 | "crashreports.del_crashreport", |
| 48 | # Heartbeats |
| 49 | "heartbeat.add_crashreport", |
| 50 | "heartbeat.change_crashreport", |
| 51 | "heartbeat.del_crashreport", |
| 52 | # Logfiles |
| 53 | "heartbeat.add_logfile", |
| 54 | "heartbeat.change_logfile", |
| 55 | "heartbeat.del_logfile", |
| 56 | ] |
| 57 | ) |
| 58 | |
Dirk Vogt | 7160b5e | 2016-10-12 17:04:40 +0200 | [diff] [blame] | 59 | |
Borjan Tchakaloff | fa134bd | 2018-04-09 16:16:11 +0200 | [diff] [blame] | 60 | class HasStatsAccess(BasePermission): |
Mitja Nikolaus | 6a67913 | 2018-08-30 14:35:29 +0200 | [diff] [blame] | 61 | """Authorization requires to be part of the Hiccup staff.""" |
| 62 | |
Borjan Tchakaloff | fa134bd | 2018-04-09 16:16:11 +0200 | [diff] [blame] | 63 | def has_permission(self, request, view): |
Mitja Nikolaus | 6a67913 | 2018-08-30 14:35:29 +0200 | [diff] [blame] | 64 | """Check if user is part of the Hiccup staff.""" |
Borjan Tchakaloff | fa134bd | 2018-04-09 16:16:11 +0200 | [diff] [blame] | 65 | return user_is_hiccup_staff(request.user) |
Dirk Vogt | 7160b5e | 2016-10-12 17:04:40 +0200 | [diff] [blame] | 66 | |
Mitja Nikolaus | cb50f2c | 2018-08-24 13:54:48 +0200 | [diff] [blame] | 67 | |
Dirk Vogt | c9e10ab | 2016-10-12 13:58:15 +0200 | [diff] [blame] | 68 | class HasRightsOrIsDeviceOwnerDeviceCreation(BasePermission): |
Mitja Nikolaus | 6a67913 | 2018-08-30 14:35:29 +0200 | [diff] [blame] | 69 | """Authorization requires to be part of Hiccup staff or device owner.""" |
| 70 | |
Dirk Vogt | c9e10ab | 2016-10-12 13:58:15 +0200 | [diff] [blame] | 71 | def has_permission(self, request, view): |
Mitja Nikolaus | 6a67913 | 2018-08-30 14:35:29 +0200 | [diff] [blame] | 72 | """Return true if user is part of Hiccp staff or device owner.""" |
Mitja Nikolaus | cb50f2c | 2018-08-24 13:54:48 +0200 | [diff] [blame] | 73 | if user_is_hiccup_staff(request.user): |
Dirk Vogt | c9e10ab | 2016-10-12 13:58:15 +0200 | [diff] [blame] | 74 | return True |
Dirk Vogt | 57a615d | 2017-05-04 22:29:54 +0200 | [diff] [blame] | 75 | |
Dirk Vogt | c9e10ab | 2016-10-12 13:58:15 +0200 | [diff] [blame] | 76 | # special case: |
| 77 | # user is the owner of a device. in this case creations are allowed. |
| 78 | # we have to check if the device with the supplied uuid indeed |
| 79 | # belongs to the user |
Mitja Nikolaus | cb50f2c | 2018-08-24 13:54:48 +0200 | [diff] [blame] | 80 | if request.method == "POST": |
| 81 | if "uuid" not in request.data: |
Dirk Vogt | c9e10ab | 2016-10-12 13:58:15 +0200 | [diff] [blame] | 82 | return False |
Dirk Vogt | 7160b5e | 2016-10-12 17:04:40 +0200 | [diff] [blame] | 83 | return user_owns_uuid(request.user, request.data["uuid"]) |
Dirk Vogt | c9e10ab | 2016-10-12 13:58:15 +0200 | [diff] [blame] | 84 | return False |