U e@s2ddlTddlmZddlZGdddejZdS))*)cmf_project_perm_schemeNcseZdZdZfddZfddZfddZedd Zed d Z e e d d ddZ ede dddZede dddZZS)CmfProjectPermSchemeNc stj|jrtjjdd}ddddddd d d d d ddg }tjj||dD]6}t}||_|D]}t||t ||qb| qLt j ||S)Nsystem:defaultcodeproject_permissionaccess_project_roleaccess_membersaccess_local_user access_owneraccess_owner_assistant access_authoraccess_project_owneraccess_responsibleaccess_sdesk_clientaccess_anonymous access_guestaccess_sharelink_anonymousparentfields) modelsrtrigger_reloadis_newgetCmfProjectPermSchemeRulelistrsetattrgetattrsavesuper)selfargskwargsdefault_scheme rule_fields default_rulerulefield __class__3./modules/project/models/cmf_project_perm_scheme.pyr s*  zCmfProjectPermScheme.savec s|j}tj||}|rtjjdd}ddddddd d d d d ddg }tjj||dD]:}t}||_|D]} t || t || qj|j ddqT|S)Nrrrr r r r r rrrrrrrrT)Z save_import) rr! _save_importrrrrrrrrr ) r"r#r$rresr%r&r'r(r)r*r,r-r.3s,z!CmfProjectPermScheme._save_importcs|dd}|dsTtjj|dgd}|r~ddd|D}td|d d n*tjj|||d D]}d|_|jd d qftjj|||d D]}|j ||qt j ||S)NZTEXKOM_db_deleteFname)project_perm_schemerz, cSsg|]}d|jdqS)")r0).0pr,r,r- Lsz/CmfProjectPermScheme.delete..uНевозможно удалить Схему проектных прав, она используется в проектах: T)abort)r1include_deletedinclude_system)Z only_data)rr7r8) rr CmfProjectrjoin cmf_alertr1r rdeleter!)r"r#r$r7Z used_projectsZused_projects_strprojectr(r*r,r-r<Gs  zCmfProjectPermScheme.deletecCsZt}iiiiiiiiiiiid }i}tjjddddgdD]}ttitttttttttd }i}i}tjjdd|gd d gd D]f}|jr|jsqg} |jD]4} | jd kr| j D]} | | qq| | q| sq| ||jj j <q|jj j |krPtjj|jd dddddddddddddddgd||jj j <||jj j D]x} | jr|d| jjj | jr|d| jjj | jr|d| jjj | jr|d| jjj | jr|d| jjj | jr |d| jjj | jr(|d| jjj | jrD|d| jjj | jr|jrj|d| jjj njtjjdd } | jjj |d!krt|d!| jjj <|| j j gD]"}|d!| jjj |j j q| jr|d| jjj | j r6tj!"}|j j |krt||j j <||j j | jjj | j#rR|d| jjj | j$r|j%j j |krzt||j%j j <||j%j j | jjj |j&D]:}|j j |krt||j j <||j j | jjj q| j'rf| j'D]}|jj (d"r.|jj |krt||jj <||jj | jjj n4|j j |krJt||j j <||j j | jjj q| j)r^| j)D]`}|j j |krqt||j j D]:}|j j |krt||j j <||j j | jjj qqtq^|*D],\}}||kri||<||||j j <q|*D]\}}||||j j <qq@|t+_,t-.d#t|d$dS)%N) r access_sdesk_publicaccess_sdesk_privater r rraccess_executorsaccess_followersrraccess_list_ownerr1 cmf_ownercmf_owner_assistantsservicedesk_publicrr=memberszproject_role.codefilterrZ CmfCompanyr r r r r rrrr@project_permission.coderrrrArrBrr>zsdesk-client:defaultrr?zvar:zLoad time _PROJECT_PERM_DATA: Zsec)/timerr9rsetCmfProjectRoleAssignrH project_role class_nameZpersonsloadappendidvaluer1rr addrrr r rrr@rArBrrEZCmfProjectRolerrrZCmfPersonGroupZ guest_grouprrrCrDr startswithr itemsr_PROJECT_PERM_DATAgdebug)clsZ start_timeZ perm_dataZloaded_scheme_rulesr=Z project_permsZproject_user_permsZproject_role_membersrZ_membersmr4r(Zsdesk_client_rolememberZguest_person_groupZproject_owner_assistantZroleZuser_idpermZperm_funr,r,r-load_project_permission_dataWs             $ z1CmfProjectPermScheme.load_project_permission_datacCstdtdddS)Nz"project_permission::reload triggerCmfProjectPermScheme:changed)printZcmf_emit_server_event)r[r,r,r-rsz#CmfProjectPermScheme.trigger_reloadra)ZchannelcKs"dd}tddat|dS)Nc Ss~tdtdtrrtddatj>tj t j j dt tdddrftd tW5QRXntd dS) Nz*project_permission::reload handler spawnedz,project_permission::reload handler do reloadFz&project_permission::clear_jscache:lockTi)ZnxZpxz?project_permission::reload handler do CMF_CACHE.flush_jscache()z'project_permission::reload handler skip)rbrLsleep_project_permission_changedcmfZappZ cmf_contextrrr`ZREDIS_DBZredisrMstrosgetpidrYrZZ CMF_CACHEZ flush_jscacher,r,r,r-handlers    zBCmfProjectPermScheme.on_project_permission_change..handlerz(project_permission::reload spawn handlerT)rbreZgeventZspawn)_kwargsrjr,r,r-on_project_permission_changesz1CmfProjectPermScheme.on_project_permission_changeT)rc Cs|dkrtj}|jtjjdd|jgdd|ggdddddd d d gd }|sRd S|jrb|jrbd S|j rv|tj krvd S|j r||j krd S|j s|js|js|jr|std|d|r|j r||j krd S|jr||jkrd S|jr||jkrd S|jr||jkrd S|jr,||jkr,d S|jrztjjdd|gdd|jggdgd }|D]}||jkr\d Sq\|sdStjj|dgd} td| jd|jd|dS)NrrGrKr r r r r rrrrITu*DEV: check_project_role_access Право u_ разрешено для объектного поля, но объект не переданrOINrHFr0rrNУ пользователя нет Проектного разрешения "" в проекте  для объекта )rY current_userr1rQrrrr user_localranonymous_userrrCr r rrr;Zcmf_owner_assistant cmf_author responsibler Z all_nestedr rNrrHCmfProjectPermPermissionCmfPermissionErrorr0) r[r=ruserobj raise_errorr_Z role_assignsZ role_assign perm_infor,r,r-check_project_role_access_old.sn         z2CmfProjectPermScheme.check_project_role_access_oldcCsJtjs tjrdS|dkr&tj}tj}ntjj|dd}|sN|rNtj |dgd}t |t j j rb|j}|rt |t j j rz|j}|} |}n|jdkrt|j} nl|jjr|jjs|ddg|jjr|jjr|jjr|jj} n|jj} n"|jjr|jjr|jj} n|jj} | |jdkr0td |d | dS|jrP||jd | krPdS|jj|jkr| |j|jjkr||j|jj| krdS|D]<} | |jkr| |j| kr||j| | krdSq|tjkr||jd | krdS|s@|tjkr,||jd | kr,tj|kr,dS||jd| krn|jjr^||jjkrndSn||jkrndS||jd| kr|j |jjr||jjkrdSn||jkrdS||jd| kr|j! |j!jr||j!jkrdSn||j!krdS||jd| kr\|j" |j"jrL|j"jr\||j"jkr\dSn||j"kr\dS||jd| kr|j# |j#jr|j#jr||j#jkrdSn||j#krdS|j#jr|j#jrt$|t$dd|j#jD@rdSn"t$|t$dd|j#D@rdS||jd| kr|j%} |j%jr:|j%j} | D]\} || jksZ|| j"kr`dS|D]2} | | jjks| dd| j"DkrddSqdq>||jd| kr||&krdSdD]x} | |jkr| |j| kr||j| | kr|'| }||krdS|D]"} | dd|DkrdSqqd}t(tdrntj)r\d}t*j+,drnd}||jd| kr|j-r|rdS||jd| kr|jj|jd| |kr|rdS|D]*} | |jd| |kr|rdSq|sdSd}|r|j.}tj/j0|d gd!}t1d"|j.d#|d$|dS)%NT)Zid_onlyrCrFr9root_parent_id parent_idr uXПропустили проверку Проектных прав для объекта u3, т.к. проект еще не загружен r rrrrr r@cSsg|] }|jjqSr,rSrTr3er,r,r-r5szBCmfProjectPermScheme.check_project_role_access..cSsg|] }|jjqSr,rrr,r,r-r5srBcSsg|] }|jqSr,rSr3xr,r,r-r5srA)zvar:responsiblez var:executorszvar:spectatorsz var:ownerzvar:owner_assistantszvar:project_ownerzvar:project_owner_assistantsz var:authorZvar_waiting_forzvar:component_ownerzvar:current_userzvar:all_related_usersz var:followersuvar:Подпискиzvar:project_usersz var:approverscSsg|] }|jqSr,rrr,r,r-r5 sFrequest_servicedeskz/filesr>r?r0rnrorprq)2rYZdisable_permissionsZacl_admin_moderrcurrent_person__member_ofrZ CmfAccessListZsubject_full_group_listZcmfutilZ get_obj_by_id isinstancerfrZCmfTyperTrPrgrSr~Z is_definedrZ load_fieldsZ is_changedoldrXrZrsrtZsharelink_anonymous_userZsharelink_access_objrCrurQrvrDZ executorsrMlistsZget_all_followersZextract_var_objhasattrrZrequestpathrVZservicedesk_allowr0rwrrx)r[r=rryrzZobj_idZproject_id_simplecheckr{rZ obj_parent_idZ container_idrlZ var_user_codeZ var_usersZis_request_servicedeskZtmp_project_namer|r,r,r-check_project_role_accessws                           * $     z.CmfProjectPermScheme.check_project_role_access)NNT)NNNNT)__name__ __module__ __qualname__rXr r.r< classmethodr`r staticmethodZon_server_eventrlrgr}r __classcell__r,r,r*r-rs&    9  Hr)Z cmf.includeZmodules.project.fieldsrrLrr,r,r,r-s