Rights: Testování práv pro editaci práv

Stanovena hierarchie rolí podle pořadí v rights.roles.

Rights: Testování práv pro editaci práv
255dd09b · Jiří Setnička · cfe24e34 · 255dd09b
Commit 255dd09b authored 4 years ago by Jiří Setnička
--- a/mo/rights.py
+++ b/mo/rights.py
@@ -29,6 +29,9 @@ class Role:
    rights: Set[Right]
+# Order in this list represents hierarchy for assign_rights right
+# (garant could assign role of garant or garant_kraj, but garant_kraj cannot
+# assign role garant).
 roles: List[Role] = [
    Role(
        role=db.RoleType.garant,
@@ -87,6 +90,7 @@ roles: List[Role] = [
 roles_by_type: Dict[db.RoleType, Role] = {r.role: r for r in roles}
+role_order_by_type: Dict[db.RoleType, int] = {r.role: i for (i, r) in enumerate(roles)}
 class Rights:
@@ -110,11 +114,15 @@ class Rights:
        rs = " ".join([r.role.name for r in self.roles])
        return f"Rights(uid={self.user.user_id} roles=<{rs}>)"
-    def get_for(self, place: Optional[db.Place] = None, year: Optional[int] = None, cat: Optional[str] = None, seq: Optional[int] = None):
+    def get_for(
+            self, place: Optional[db.Place] = None, year: Optional[int] = None,
+            cat: Optional[str] = None, seq: Optional[int] = None,
+            min_role: Optional[db.RoleType] = None):
        """Posbírá role a práva, která se vztahují k danému místu (možno i tranzitivně) a soutěži.
        Pokud place=None, omezení role na místo se nebere v úvahu.
        Pokud year==None, vyhovují role s libovolným ročníkem; pokud year=0, vyhovují jen ty s neuvedeným ročníkem.
-        Podobně cat a seq."""
+        Podobně cat a seq.
+        Pokud min_role!=None, tak se uvažují jen role, které jsou v hierarchii alespoň na úrovni min_role."""
        self.current_place = place
        self.current_roles = []
@@ -124,7 +132,8 @@ class Rights:
            if ((at is None or role.place_id == at.place_id)
                    and (role.year is None or year is None or role.year == year)
                    and (role.category is None or cat is None or role.category == cat)
-                    and (role.seq is None or seq is None or role.seq == seq)):
+                    and (role.seq is None or seq is None or role.seq == seq)
+                    and (min_role is None or role_order_by_type[min_role] >= role_order_by_type[role.role])):
                self.current_roles.append(role)
                r = roles_by_type[role.role]
                self.current_rights |= r.rights
@@ -172,3 +181,19 @@ class Rights:
        elif user.is_org:
            return self.have_right(Right.edit_orgs)
        return self.have_right(Right.edit_users)
+    def can_set_role(self, role: db.UserRole):
+        # We will use get_for but we need to slightly modify its behavior. Can
+        # set role with * year only if current user has role with * year, thus we
+        # need to pass year=0 for * year (cat and seq similarly).
+        print("YYYY", role.role)
+        self.get_for(
+            place=role.place,
+            year=role.year or 0,
+            cat=role.category or '',
+            seq=role.seq or 0,
+            min_role=role.role
+        )
+        print(self.current_place)
+        print(self.current_rights)
+        return self.have_right(Right.assign_rights)