o ^h+@sddlmZddlmZddlmZddlmZddlm Z ddl m Z ddl m Z ddlmZdd lmZdd lmZdd lmZd d lmZmZddZddZddZddZddZddZddZddZddZ d d!Z!d"d#Z"d$d%Z#Gd&d'd'eZ$Gd(d)d)eZ%Gd*d+d+eZ&Gd,d-d-eZ'Gd.d/d/eZ(Gd0d1d1e&Z)Gd2d3d3e)Z*Gd4d5d5e)Z+Gd6d7d7e)Z,Gd8d9d9e&Z-d:d;Z.d view_tickets view_calendarview_customersr)r"permission__is_active permission)setis_authenticatedr robjectsfilter values_listgroupsall permissionsaddcodename startswithis_staffupdater!rr"rselect_relatedr4r#) rr<all_permissions user_groupsgroupgroup_permissionspermr"assigned_permissions assignmentrrrget_user_permissions)sD       rJcCsh|jsdS|jr dSd|vr||rdSngd}|D]}||d|r+dSqt|}||vS)z'Check if user has a specific permissionFT.) customerstickets expenditurebillinghrpaymentssettingsnetwork notifications)r6r has_permrJ)rr4 common_appsappuser_permissionsrrrr\s rcfdd}|S)z(Decorator to require specific permissioncttfdd}|S)NcsV|jds|jdst|jr#|g|Ri|Stdd)Nz customers.ztickets. Permission ' ' required)rrUrrrequestargskwargs)r4 view_funcrr _wrapped_viewxs z=permission_required..decorator.._wrapped_viewrrrarbr4rar decoratorwsz&permission_required..decoratorr)r4rgrrerpermission_requiredus  rhcrY)z5Decorator to require any of the specified permissionscrZ)Ncs|t|jg}D]}t|ttfr||q ||q tfdd|Ds3tdd ||g|Ri|S)Nc3|]}|vVqdSNr.0rGrXrr zTany_permission_required..decorator.._wrapped_view..#One of these permissions required: , ) rJr isinstancelisttupleextendappendanyrjoin)r^r_r`flattened_permissionsrG)r<rarmrrbs   zAany_permission_required..decorator.._wrapped_viewrcrdr<rfrrgs z*any_permission_required..decoratorr)r<rgrrzrany_permission_requireds r{cC|jS)z1Check if user has management/superuser privilegesr rrrrhas_management_privilegesr~cCr|)z?Check if user can access settings - superusers have full accessr}rrrrcan_access_settingsrrcCr|)z@Check if user can access HR module - superusers have full accessr}rrrr can_access_hrrrcCr|)z.rprq) rr6rpermissions_requiredrJrwrrxrrrrrmrrs z#AnyPermissionRequiredMixin.dispatch)rrrrrrrrrrrrrrc eZdZdZfddZZS)EmployeeRequiredMixinz(Mixin to require employee authenticationcR|jjs|St|jdr|jjst|dtdStj |g|Ri|S)Nrz*This page is only accessible to employees.zaccounts:employee_login) rr6rr!rrerrorrrrrrrrr  zEmployeeRequiredMixin.dispatchrrrrrrrrrrrrcr)CustomerRequiredMixinz(Mixin to require customer authenticationcr)Ncustomer_profilez*This page is only accessible to customers.zcustomers:customer_login) rr6rr!rrrrrrrrrrrrzCustomerRequiredMixin.dispatchrrrrrrrrcr)AdminRequiredMixinz/Mixin to require admin/superuser authenticationcsJ|jjs|S|jjs|jjst|dttj |g|Ri|S)Nz,This page requires administrator privileges.) rr6rr r@rrrrrrrrrrs  zAdminRequiredMixin.dispatchrrrrrrrrcr)DepartmentRequiredMixinz/Mixin to require specific department membershipNcsltj|g|Ri|}t|dr|jdkr|S|jj}|jr'|jj|jkr4t |d|jdt |S)N status_codez This page is only accessible to z staff.) rrr!rrrr"r#department_namerrr)rr^r_r`responseemployeerrrrsz DepartmentRequiredMixin.dispatch)rrrrrrrrrrrrrrc@eZdZdZdZdS)ManagementRequiredMixinz1Mixin to require Management department membershiprNrrrrrrrrrrrc@r)TechnicianRequiredMixinz1Mixin to require Technician department membership TechnicianNrrrrrr rrc@r)MarketingRequiredMixinz0Mixin to require Marketing department membership MarketingNrrrrrr rrcr)FinancialAccessMixinz-Mixin to require financial access permissionscsPtj|g|Ri|}t|dr|jdkr|St|js&t|dt|S)Nrrz;You do not have permission to access financial information.) rrr!rrrrrr)rr^r_r`rrrrrs  zFinancialAccessMixin.dispatchrrrrrrrrcsttfdd}|S)z?Decorator to ensure customers can only access their own objectscs|g|Ri|Srjrr]rfrrrb!sz+customer_owns_object.._wrapped_viewrcrdrrfrcustomer_owns_objectsrN)/ functoolsrdjango.contrib.auth.decoratorsrdjango.contrib.auth.mixinsrdjango.core.exceptionsrdjango.contribrdjango.shortcutsr django.httprdjango.templater django.contrib.auth.modelsr r hr.modelsr modelsrrrrrr$rJrrhr{r~rrrrrrrrrrrrrrrrrrsF           3