U h`S@sdZddlmZddlmZddlmZddlmZ ddl m Z m Z Gdd d ej ZGd d d ej ZGd d d ej ZGdddej ZGdddej ZGdddej ZGdddej ZGdddej ZddZddZdS)a Adtlas Activities Permissions This module contains custom permission classes for the activities app, providing fine-grained access control for activity tracking, monitoring, and management functionality. Features: - Role-based access control - Object-level permissions - Activity viewing permissions - Activity management permissions - User-specific activity access - Admin and superuser overrides Author: Adtlas Development Team Version: 1.0.0 Last Updated: 2025-01-27 ) permissions Permission ContentType) gettext_lazy)ActivityActivityCategoryc@s(eZdZdZedZddZddZdS)CanViewActivitiesa Permission class for viewing activities. This permission allows users to view activities based on their role and specific permissions. Users can view their own activities by default, while viewing others' activities requires specific permissions. Rules: - Superusers: Can view all activities - Staff with 'view_activity' permission: Can view all activities - Regular users: Can only view their own activities - Anonymous users: No access z.You do not have permission to view activities.cCsJ|jr|jjsdS|jjrdS|jdr.dS|jjrF|jdrFdSdS)a Check if user has permission to view activities. Args: request: Django request object view: Django view object Returns: bool: True if user has permission, False otherwise FTactivities.view_activity)useris_authenticated is_superuserhas_permis_staffselfrequestviewr6/var/www/html/Focus/src/apps/activities/permissions.pyhas_permission/s  z CanViewActivities.has_permissioncCsj|jjr dS|jdrdS|j|jkr,dSt|jdrf|jj}|jrft|jdrf|jj|krfdSdS)a, Check if user has permission to view a specific activity. Args: request: Django request object view: Django view object obj: Activity object Returns: bool: True if user has permission, False otherwise Tr managed_departments departmentF)r rrhasattrrallr)rrrobjZuser_departmentsrrrhas_object_permissionMs      z'CanViewActivities.has_object_permissionN__name__ __module__ __qualname____doc___messagerrrrrrr sr c@s(eZdZdZedZddZddZdS)CanManageActivitiesa Permission class for managing activities. This permission allows users to create, update, and delete activities based on their role and specific permissions. Rules: - Superusers: Can manage all activities - Staff with 'add_activity', 'change_activity', 'delete_activity': Can manage activities - Regular users: Can create activities and manage their own - Anonymous users: No access z0You do not have permission to manage activities.cCst|jr|jjsdS|jjrdS|jdkr<|jdp:|jjS|jdkrR|jdS|jdkrh|jdS|jdS) a Check if user has permission to manage activities. Args: request: Django request object view: Django view object Returns: bool: True if user has permission, False otherwise FTcreatezactivities.add_activityupdatepartial_updateactivities.change_activitydestroyactivities.delete_activityr rractionrrrrrrs       z"CanManageActivities.has_permissioncCsh|jjr dS|jdkr.|jdp,|j|jkS|jdkr\|jdpZ|j|jkoZ|jdS|jdS)a. Check if user has permission to manage a specific activity. Args: request: Django request object view: Django view object obj: Activity object Returns: bool: True if user has permission, False otherwise Tr(r+r,r-)r rr/rrrrrrrrrs      z)CanManageActivities.has_object_permissionNrrrrrr&os #r&c@s(eZdZdZedZddZddZdS)CanViewActivityCategoriesap Permission class for viewing activity categories. This permission allows users to view activity categories based on their authentication status and role. Rules: - All authenticated users: Can view active categories - Staff with permissions: Can view all categories including inactive - Anonymous users: No access z7You do not have permission to view activity categories.cCs|jr|jjsdSdS)a  Check if user has permission to view activity categories. Args: request: Django request object view: Django view object Returns: bool: True if user has permission, False otherwise FT)r rrrrrrs z(CanViewActivityCategories.has_permissioncCs|jjs|jjrdS|jS)a4 Check if user has permission to view a specific category. Args: request: Django request object view: Django view object obj: ActivityCategory object Returns: bool: True if user has permission, False otherwise T)r rr is_activer0rrrrs z/CanViewActivityCategories.has_object_permissionNrrrrrr1s r1c@s eZdZdZedZddZdS)CanManageActivityCategoriesa Permission class for managing activity categories. This permission allows users to create, update, and delete activity categories based on their role and specific permissions. Rules: - Superusers: Can manage all categories - Staff with category permissions: Can manage categories - Regular users: No access - Anonymous users: No access z9You do not have permission to manage activity categories.cCsl|jr|jjsdS|jjrdS|jdkr4|jdS|jdkrJ|jdS|jdkr`|jdS|jdS) a  Check if user has permission to manage activity categories. Args: request: Django request object view: Django view object Returns: bool: True if user has permission, False otherwise FTr'zactivities.add_activitycategoryr(z"activities.change_activitycategoryr,z"activities.delete_activitycategoryr.rrrrr s       z*CanManageActivityCategories.has_permissionNr r!r"r#r$r%rrrrrr3s r3c@s eZdZdZedZddZdS)CanViewActivityAnalyticsa Permission class for viewing activity analytics. This permission allows users to access activity analytics and reporting functionality based on their role and permissions. Rules: - Superusers: Can view all analytics - Staff with analytics permissions: Can view analytics - Managers: Can view their team's analytics - Regular users: Can view their own analytics - Anonymous users: No access z6You do not have permission to view activity analytics.cCsf|jr|jjsdS|jjrdS|jdr.dS|jjrF|jdrFdSt|jdrb|jjrbdSdS)a  Check if user has permission to view activity analytics. Args: request: Django request object view: Django view object Returns: bool: True if user has permission, False otherwise FTz"activities.view_activity_analyticsr rr rrrrrrexistsrrrrr<s  z'CanViewActivityAnalytics.has_permissionNr4rrrrr5+sr5c@s eZdZdZedZddZdS)CanExportActivitiesa Permission class for exporting activities. This permission allows users to export activity data based on their role and specific permissions. Rules: - Superusers: Can export all activities - Staff with export permissions: Can export activities - Managers: Can export their team's activities - Regular users: Can export their own activities - Anonymous users: No access z0You do not have permission to export activities.cCsf|jr|jjsdS|jjrdS|jdr.dS|jjrF|jdrFdSt|jdrb|jjrbdSdS)a Check if user has permission to export activities. Args: request: Django request object view: Django view object Returns: bool: True if user has permission, False otherwise FTzactivities.export_activityr rr6rrrrrps  z"CanExportActivities.has_permissionNr4rrrrr8_sr8c@s(eZdZdZedZddZddZdS)IsActivityOwnerOrReadOnlyaz Permission class for activity ownership. This permission allows read access to all authenticated users but write access only to the activity owner or users with appropriate permissions. Rules: - Read access: All authenticated users (subject to other permissions) - Write access: Activity owner or users with change permissions z(You can only modify your own activities.cCs*|jr|jjsdS|jtjkr"dS|jjS)a Check if user has permission for the requested action. Args: request: Django request object view: Django view object Returns: bool: True if user has permission, False otherwise FT)r rmethodr SAFE_METHODSrrrrrs  z(IsActivityOwnerOrReadOnly.has_permissioncCs8|jtjkrdS|jjrdS|jdr,dS|j|jkS)a( Check if user has permission for the specific object. Args: request: Django request object view: Django view object obj: Activity object Returns: bool: True if user has permission, False otherwise Tr+)r:rr;r rrr0rrrrs  z/IsActivityOwnerOrReadOnly.has_object_permissionNrrrrrr9s r9c@s eZdZdZedZddZdS)CanAccessActivityDashboarda Permission class for accessing activity dashboard. This permission controls access to the activity dashboard and monitoring interfaces. Rules: - Superusers: Full dashboard access - Staff with dashboard permissions: Dashboard access - Managers: Limited dashboard access for their teams - Regular users: Personal dashboard access - Anonymous users: No access zr@r?)r>r@defaults) django.contrib.auth.modelsr"django.contrib.contenttypes.modelsrobjects get_for_modelr r get_or_createappend) rrZ activity_ctZ category_ctZcustom_permissionsZcreated_permissionsZ perm_data permissioncreatedrrrcreate_activity_permissionssN    $  rLc Csddlm}m}|jjdd\}}|jjdd\}}|jjdd\}}|jjdd}gggd }|D] }|j||d |j qd|jd d d ddddddg d} | D] }|j||d|j q|jd ddgd} | D] }|j||d|j q|S)z Assign default permissions to user groups. This function assigns appropriate permissions to default user groups for the activities app. Returns: dict: Summary of assigned permissions r)GrouprzActivity Administrators)r?zActivity ManagerszActivity Viewers activities)content_type__app_label) admin_group manager_group viewer_grouprPZ view_activityZ add_activityZchange_activityZview_activitycategoryZadd_activitycategoryZchange_activitycategoryr=rArB)Z codename__inrQrR) rDrMrrFrHfilterraddrIr>) rMrrPr$rQrRZactivity_permissionsZassignment_summarypermZ manager_permsZ viewer_permsrrrassign_default_permissionsMsN    rVN)r#rest_frameworkrrDrrErdjango.utils.translationrr$modelsr r BasePermissionr r&r1r3r5r8r9r<rLrVrrrrs    QV5144A4E