start a base.rbac module, first function is get_workable_requests

get_workable_requests() compute the join necessary to list all requests upon which user as rights to do some action.
2012-05-16 19:31:55 +02:00 · 2012-05-16 19:31:55 +02:00 · 9ae1831825
parent d1b789bcbb
commit 9ae1831825
1 changed files with 54 additions and 0 deletions
--- a/polynum/base/rbac.py
+++ b/polynum/base/rbac.py
@ -0,0 +1,54 @@
+# -*- coding: utf-8 -*-
+
+from django.db.models import F, Q
+
+from polynum.base.models import Request
+
+def get_workable_requests(user):
+    '''Retrieve requests and their actions:
+       - whose entity the user has a role over or is a child of an entity the
+         user has a role over,
+       - whose status the user has power to do some action upon;
+       
+       The return value is a queryset, with each request present as many times
+       as their is actions that the user can do upon them. The action id and
+       name are attached to the request object.
+       
+        >>> requests = get_workable_requests(user)
+        >>> for request in requests:
+                print request.action_id
+                print request.action_name
+    '''
+    # direct relationship
+    q1 = Q(entity__roleassociation__group__user=user,
+            status__actionassociation__role__roleassociation__group__user=user)
+    # indirect relationship
+    #q2 = Q(entity__parent_relations__parent__roleassociation__group__user=user,
+    #        status__actionassociation__role__roleassociation__entity__children_relations__child=F('entity'),
+    #        status__actionassociation__role__roleassociation__group__user=user)
+    # qs = Request.objects.filter(q1).distinct()
+    qs = Request.objects.all()
+    # direct relationship
+    # entity__roleassociation__group__user=user
+    qs.query.join((None, "base_request", None, None), promote=True)
+    role_association = qs.query.join(("base_request", "base_roleassociation", "entity_id", "entity_id"), promote=True, always_create=True)
+    auth_user_groups = qs.query.join(("base_roleassociation", "auth_user_groups", "group_id", "group_id"), promote=True, always_create=True)
+    # status__actionassociation__role__roleassociation__group__user=user)
+    action_association = qs.query.join(("base_request", "base_actionassociation", "status_id", "requeststatus_id"), promote=True, always_create=True)
+    qs.query.join((action_association, "base_action", "action_id", "id"), reuse=['base_actionassociation'], promote=True)
+    # q2
+    # 1
+    entity_relation = qs.query.join(("base_request", "base_entityrelation", "entity_id", "child_id"), promote=True, always_create=True)
+    role_association2 = qs.query.join(("base_entityrelation", "base_roleassociation", "parent_id", "entity_id"), promote=True, always_create=True)
+    auth_user_groups2 = qs.query.join((role_association2, "auth_user_groups", "group_id", "group_id"), promote=True, always_create=True)
+    # 2
+    action_association2 = qs.query.join(("base_request", "base_actionassociation", "status_id", "requeststatus_id"), promote=True, always_create=True)
+
+    where1 = '%s."role_id" = %s."role_id" and %s."user_id"=%%s' % (role_association, action_association, auth_user_groups)
+    where2 = '%s."user_id"=%%s and %s."action_id" = "base_action"."id" and %s."role_id" = %s."role_id"' % (auth_user_groups2, action_association2, action_association2, role_association2)
+
+    return qs \
+             .extra(where=['(%s) or (%s)' % (where1, where2)], params=[user.id, user.id]) \
+             .extra(select={'action_id': 'base_actionassociation.action_id', 'action_name': 'base_action.name'}) \
+             .distinct()
+