83 lines
3 KiB
Python
83 lines
3 KiB
Python
from itertools import chain
|
|
|
|
from ietf.group.models import Group, Role
|
|
from ietf.liaisons.models import LiaisonStatement
|
|
from ietf.ietfauth.utils import has_role, passes_test_decorator
|
|
|
|
# a list of tuples, group query kwargs, role query kwargs
|
|
GROUP_APPROVAL_MAPPING = [
|
|
({'acronym':'ietf'},{'name':'chair'}),
|
|
({'acronym':'iab'},{'name':'chair'}),
|
|
({'type':'area'},{'name':'ad'}),
|
|
({'type':'wg'},{'name':'ad'})]
|
|
|
|
can_submit_liaison_required = passes_test_decorator(
|
|
lambda u, *args, **kwargs: can_add_liaison(u),
|
|
"Restricted to participants who are authorized to submit liaison statements on behalf of the various IETF entities")
|
|
|
|
def approval_roles(group):
|
|
'''Returns roles that have approval authority for group'''
|
|
for group_kwargs,role_kwargs in GROUP_APPROVAL_MAPPING:
|
|
if group in Group.objects.filter(**group_kwargs):
|
|
# TODO is there a cleaner way?
|
|
if group.type == 'wg':
|
|
return Role.objects.filter(group=group.parent,**role_kwargs)
|
|
else:
|
|
return Role.objects.filter(group=group,**role_kwargs)
|
|
|
|
def approvable_liaison_statements(user):
|
|
'''Returns a queryset of Liaison Statements in pending state that user has authority
|
|
to approve'''
|
|
liaisons = LiaisonStatement.objects.filter(state__slug='pending')
|
|
person = get_person_for_user(user)
|
|
if has_role(user, "Secretariat"):
|
|
return liaisons
|
|
|
|
approvable_liaisons = []
|
|
for liaison in liaisons:
|
|
for group in liaison.from_groups.all():
|
|
if person not in [ r.person for r in approval_roles(group) ]:
|
|
break
|
|
else:
|
|
approvable_liaisons.append(liaison.pk)
|
|
|
|
return liaisons.filter(id__in=approvable_liaisons)
|
|
|
|
def can_edit_liaison(user, liaison):
|
|
'''Return True if user is Secretariat or Liaison Manager of all SDO groups involved'''
|
|
if has_role(user, "Secretariat"):
|
|
return True
|
|
if has_role(user, "Liaison Manager"):
|
|
person = get_person_for_user(user)
|
|
for group in chain(liaison.from_groups.filter(type_id='sdo'),liaison.to_groups.filter(type_id='sdo')):
|
|
if not person.role_set.filter(group=group,name='liaiman'):
|
|
return False
|
|
else:
|
|
return True
|
|
|
|
return False
|
|
|
|
def get_person_for_user(user):
|
|
try:
|
|
return user.person
|
|
except:
|
|
return None
|
|
|
|
def can_add_outgoing_liaison(user):
|
|
return has_role(user, ["Area Director","WG Chair","WG Secretary","IETF Chair","IAB Chair",
|
|
"IAB Executive Director","Liaison Manager","Secretariat"])
|
|
|
|
def can_add_incoming_liaison(user):
|
|
return has_role(user, ["Liaison Manager","Authorized Individual","Secretariat"])
|
|
|
|
def can_add_liaison(user):
|
|
return can_add_incoming_liaison(user) or can_add_outgoing_liaison(user)
|
|
|
|
def is_authorized_individual(user, groups):
|
|
'''Returns True if the user has authorized_individual role for each of the groups'''
|
|
for group in groups:
|
|
if not Role.objects.filter(person=user.person, group=group, name="auth"):
|
|
return False
|
|
return True
|
|
|