hydroserver-api-services/domains/iam/models/collaborator.py at d1e4a280fb48f8cc30d702d8fea48a4df2eb8e00 · hydroserver2/hydroserver-api-services · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
import typing
from typing import Literal, Optional
from django.db import models
from django.db.models import Q
from django.conf import settings
from .utils import PermissionChecker

if typing.TYPE_CHECKING:
    from django.contrib.auth import get_user_model
    from domains.iam.models import Workspace

    User = get_user_model()


class CollaboratorQueryset(models.QuerySet):
    def visible(self, principal: Optional["User"]):
        if principal is None:
            return self.filter(Q(workspace__is_private=False))
        elif hasattr(principal, "account_type"):
            if principal.account_type == "admin":
                return self
            else:
                return self.filter(
                    Q(workspace__is_private=False)
                    | Q(workspace__owner=principal)
                    | Q(
                        workspace__collaborators__user=principal,
                        workspace__collaborators__role__permissions__resource_type__in=[
                            "*",
                            "Collaborator",
                        ],
                        workspace__collaborators__role__permissions__permission_type__in=[
                            "*",
                            "view",
                        ],
                    )
                )
        else:
            return self.filter(Q(workspace__is_private=False))


class Collaborator(models.Model, PermissionChecker):
    workspace = models.ForeignKey(
        "Workspace", on_delete=models.DO_NOTHING, related_name="collaborators"
    )
    user = models.ForeignKey(
        settings.AUTH_USER_MODEL,
        on_delete=models.DO_NOTHING,
        related_name="workspace_roles",
    )
    role = models.ForeignKey(
        "Role", on_delete=models.DO_NOTHING, related_name="collaborator_assignments"
    )

    objects = CollaboratorQueryset.as_manager()

    @classmethod
    def can_principal_create(cls, principal: Optional["User"], workspace: "Workspace"):
        return cls.check_create_permissions(
            principal=principal, workspace=workspace, resource_type="Collaborator"
        )

    def get_principal_permissions(
        self, principal: Optional["User"]
    ) -> list[Literal["edit", "delete", "view"]]:
        permissions = self.check_object_permissions(
            principal=principal, workspace=self.workspace, resource_type="Collaborator"
        )

        return permissions

    class Meta:
        unique_together = ("user", "workspace")