start a base.rbac module, first function is get_workable_requests
get_workable_requests() compute the join necessary to list all requests upon which user as rights to do some action.
This commit is contained in:
parent
d1b789bcbb
commit
9ae1831825
|
@ -0,0 +1,54 @@
|
|||
# -*- coding: utf-8 -*-
|
||||
|
||||
from django.db.models import F, Q
|
||||
|
||||
from polynum.base.models import Request
|
||||
|
||||
def get_workable_requests(user):
|
||||
'''Retrieve requests and their actions:
|
||||
- whose entity the user has a role over or is a child of an entity the
|
||||
user has a role over,
|
||||
- whose status the user has power to do some action upon;
|
||||
|
||||
The return value is a queryset, with each request present as many times
|
||||
as their is actions that the user can do upon them. The action id and
|
||||
name are attached to the request object.
|
||||
|
||||
>>> requests = get_workable_requests(user)
|
||||
>>> for request in requests:
|
||||
print request.action_id
|
||||
print request.action_name
|
||||
'''
|
||||
# direct relationship
|
||||
q1 = Q(entity__roleassociation__group__user=user,
|
||||
status__actionassociation__role__roleassociation__group__user=user)
|
||||
# indirect relationship
|
||||
#q2 = Q(entity__parent_relations__parent__roleassociation__group__user=user,
|
||||
# status__actionassociation__role__roleassociation__entity__children_relations__child=F('entity'),
|
||||
# status__actionassociation__role__roleassociation__group__user=user)
|
||||
# qs = Request.objects.filter(q1).distinct()
|
||||
qs = Request.objects.all()
|
||||
# direct relationship
|
||||
# entity__roleassociation__group__user=user
|
||||
qs.query.join((None, "base_request", None, None), promote=True)
|
||||
role_association = qs.query.join(("base_request", "base_roleassociation", "entity_id", "entity_id"), promote=True, always_create=True)
|
||||
auth_user_groups = qs.query.join(("base_roleassociation", "auth_user_groups", "group_id", "group_id"), promote=True, always_create=True)
|
||||
# status__actionassociation__role__roleassociation__group__user=user)
|
||||
action_association = qs.query.join(("base_request", "base_actionassociation", "status_id", "requeststatus_id"), promote=True, always_create=True)
|
||||
qs.query.join((action_association, "base_action", "action_id", "id"), reuse=['base_actionassociation'], promote=True)
|
||||
# q2
|
||||
# 1
|
||||
entity_relation = qs.query.join(("base_request", "base_entityrelation", "entity_id", "child_id"), promote=True, always_create=True)
|
||||
role_association2 = qs.query.join(("base_entityrelation", "base_roleassociation", "parent_id", "entity_id"), promote=True, always_create=True)
|
||||
auth_user_groups2 = qs.query.join((role_association2, "auth_user_groups", "group_id", "group_id"), promote=True, always_create=True)
|
||||
# 2
|
||||
action_association2 = qs.query.join(("base_request", "base_actionassociation", "status_id", "requeststatus_id"), promote=True, always_create=True)
|
||||
|
||||
where1 = '%s."role_id" = %s."role_id" and %s."user_id"=%%s' % (role_association, action_association, auth_user_groups)
|
||||
where2 = '%s."user_id"=%%s and %s."action_id" = "base_action"."id" and %s."role_id" = %s."role_id"' % (auth_user_groups2, action_association2, action_association2, role_association2)
|
||||
|
||||
return qs \
|
||||
.extra(where=['(%s) or (%s)' % (where1, where2)], params=[user.id, user.id]) \
|
||||
.extra(select={'action_id': 'base_actionassociation.action_id', 'action_name': 'base_action.name'}) \
|
||||
.distinct()
|
||||
|
Reference in New Issue