U sf"@s2ddlTddlmZddlZGdddejZdS))*)cmf_project_perm_schemeNcseZdZdZfddZfddZfddZedd Zed d Z e e d d ddZ ede dddZede dddZZS)CmfProjectPermSchemeNc stj|jrtjjdd}ddddddd d d d d ddg }tjj||dD]6}t}||_|D]}t||t ||qb| qLt j ||S)Nsystem.open:defaultcodeproject_permissionaccess_project_roleaccess_membersaccess_local_user access_owneraccess_owner_assistant access_authoraccess_project_owneraccess_responsibleaccess_sdesk_clientaccess_anonymous access_guestaccess_sharelink_anonymousparentfields) modelsrtrigger_reloadis_newgetCmfProjectPermSchemeRulelistrsetattrgetattrsavesuper)selfargskwargsdefault_scheme rule_fields default_rulerulefield __class__3./modules/project/models/cmf_project_perm_scheme.pyr s*  zCmfProjectPermScheme.savec s|j}tj||}|rtjjdd}ddddddd d d d d ddg }tjj||dD]:}t}||_|D]} t || t || qj|j ddqT|S)Nrrrr r r r r rrrrrrrrT)Z save_import) rr! _save_importrrrrrrrrr ) r"r#r$rresr%r&r'r(r)r*r,r-r.3s,z!CmfProjectPermScheme._save_importcs|dd}|dsTtjj|dgd}|r~ddd|D}td|d d n*tjj|||d D]}d|_|jd d qftjj|||d D]}|j ||qt j ||S)NZTEXKOM_db_deleteFname)project_perm_schemerz, cSsg|]}d|jdqS)")r0).0pr,r,r- Lsz/CmfProjectPermScheme.delete..uНевозможно удалить Схему проектных прав, она используется в проектах: T)abort)r1include_deletedinclude_system)Z only_data)rr7r8) rr CmfProjectrjoin cmf_alertr1r rdeleter!)r"r#r$r7Z used_projectsZused_projects_strprojectr(r*r,r-r<Gs  zCmfProjectPermScheme.deletecCst}iiiiiiiiiiiid }i}tjjddddddgdD]}ttitttttttttd }i}i}tjjd d |gd d gd D]f}|jr|jsqg} |jD]4} | jdkr| j D]} | | qq| | q| sq| ||jj j <q|jj j |krZtjj|jdddddddddddddddddd d!gd"||jj j <||jj j D]} | jr|d| jjj | jr|d| jjj | jr|d| jjj | jr|d| jjj | jr|d| jjj | jr|d| jjj | jr2|d| jjj | jrN|d| jjj | jr|jrt|d#| jjj njtjjd$d%} | jjj |d&krt|d&| jjj <|| j j gD]"}|d&| jjj |j j q| jr|d| jjj | j r@tj!"}|j j |kr(t||j j <||j j | jjj | j#r\|d| jjj | j$r|j%j j |krt||j%j j <||j%j j | jjj | j&r|j'D]:}|j j |krt||j j <||j j | jjj q| j(r2|j)D]:}|j j |krt||j j <||j j | jjj q| j*r||j+D]:}|j j |kr`t||j j <||j j | jjj q@| j,r | j,D]}|jj -d'r|jj |krt||jj <||jj | jjj n4|j j |krt||j j <||j j | jjj q| j.rh| j.D]`}|j j |kr0q||j j D]:}|j j |kr\t||j j <||j j | jjj q<qqh|/D],\}}||kri||<||||j j <q|/D]\}}||||j j <qqD|t0_1t23d(t|d)dS)*N) r access_sdesk_publicaccess_sdesk_privater r rraccess_executorsaccess_spectatorsrraccess_list_ownerr1 cmf_ownercmf_owner_assistantsservicedesk_public spectators executorsrr=memberszproject_role.codefilterrZ CmfCompanyr r r r r rraccess_project_owner_assistantrr@project_permission.coderrrrArrBaccess_project_spectatorsaccess_project_executorsrr>zsdesk-client:defaultrr?zvar:zLoad time _PROJECT_PERM_DATA: Zsec)4timerr9rsetCmfProjectRoleAssignrJ project_role class_nameZpersonsloadappendidvaluer1rr addrrr r rrr@rArBrrEZCmfProjectRolerrrZCmfPersonGroupZ guest_grouprrrCrMrDrOrFrPrGr startswithr itemsr_PROJECT_PERM_DATAgdebug)clsZ start_timeZ perm_dataZloaded_scheme_rulesr=Z project_permsZproject_user_permsZproject_role_membersrZ_membersmr4r(Zsdesk_client_rolememberZguest_person_groupZroleZuser_idpermZperm_funr,r,r-load_project_permission_dataWs,              $ z1CmfProjectPermScheme.load_project_permission_datacCstdtdddS)Nz"project_permission::reload triggerCmfProjectPermScheme:changed)printZcmf_emit_server_event)r`r,r,r-r"sz#CmfProjectPermScheme.trigger_reloadrf)ZchannelcKs"dd}tddat|dS)Nc Ss~tdtdtrrtddatj>tj t j j dt tdddrftd tW5QRXntd dS) Nz*project_permission::reload handler spawnedz,project_permission::reload handler do reloadFz&project_permission::clear_jscache:lockTi)ZnxZpxz?project_permission::reload handler do CMF_CACHE.flush_jscache()z'project_permission::reload handler skip)rgrQsleep_project_permission_changedcmfZappZ cmf_contextrrreZREDIS_DBZredisrRstrosgetpidr^r_Z CMF_CACHEZ flush_jscacher,r,r,r-handler,s    zBCmfProjectPermScheme.on_project_permission_change..handlerz(project_permission::reload spawn handlerT)rgrjZgeventZspawn)_kwargsror,r,r-on_project_permission_change'sz1CmfProjectPermScheme.on_project_permission_changeT)rc Cs|dkrtj}|jtjjdd|jgdd|ggdddddd d d gd }|sRd S|jrb|jrbd S|j rv|tj krvd S|j r||j krd S|j s|js|js|jr|std|d|r|j r||j krd S|jr||jkrd S|jr||jkrd S|jr||jkrd S|jr,||jkr,d S|jrztjjdd|gdd|jggdgd }|D]}||jkr\d Sq\|sdStjj|dgd} td| jd|jd|dS)NrrIrNr r r r r rrrrKTu*DEV: check_project_role_access Право u_ разрешено для объектного поля, но объект не переданrTINrJFr0rrNУ пользователя нет Проектного разрешения "" в проекте  для объекта )r^ current_userr1rVrrrr user_localranonymous_userrrCr r rrr;Zcmf_owner_assistant cmf_author responsibler Z all_nestedr rSrrJCmfProjectPermPermissionCmfPermissionErrorr0) r`r=ruserobj raise_errorrdZ role_assignsZ role_assign perm_infor,r,r-check_project_role_access_old@sn         z2CmfProjectPermScheme.check_project_role_access_oldFc CsNtjs tjrdS|dkr&tj}tj} ntjj|dd} |sN|rNtj |dgd}t |t j j rb|j}|r|st |t j j r~|j}|} |}n|jdkrt|j} nz|jjr|jjs|ddg|jjr|jjr|jjr|s|jj} n|jj} n,|jjr|jjr|s|jj} n|jj} | |jdkrBtd |d | dS|jrb||jd | krbdS|jj|jkr| |j|jjkr||j|jj| krdS| D]<} | |jkr| |j| kr||j| | krdSq|tjkr||jd | krdS|rt |ts*|tjkrJ||jd | krJtj|krJdS||jd| kr|jjr|||jjkrdSn||jkrdS||jd| kr|j |jjr||jjkrdSn||jkrdS||jd| kr0t!|dr0|j" |j"jr ||j"jkr0dSn||j"kr0dS||jd| krt!|dr|j# |j#jr|j#jr||j#jkrdSn||j#krdS||jd| krPt!|drP|j$ |j$jr|j$jr||j$jkrdSn||j$krdS|j$jr.|j$jrPt%| t%dd|j$jD@rPdSn"t%| t%dd|j$D@rPdS||jd| krt!|dr|j&} |j&jr|j&j} | D]\}||jks||j#krdS| D]2} | |jjks| dd|j#DkrdSqq||jd| krt!|dr|j' |j'jr<|j'jrL||j'jkrLdSn||j'krLdS|j'jr|j'jrt%| t%dd|j'jD@rdSn"t%| t%dd|j'D@rdSdD]x}||jkr| |j|kr||j|| kr|(|}||krdS| D]"} | d d|DkrdSqqn|rD|d!d"krDt%}||jd| krj|)|*d#d||jd| kr|)|*d$d||jd| kr|)|*d%d||jd| kr|*dgD]}|)|d&q||jd| kr"|*dgD]}|)|d&q |j|kr2dSt%| |@rDdSd'}t!td(rrtj+r`d}t,j-.d)rrd}||jd*| kr|j/r|rdS||jd+| kr|jj|jd+| |kr|rdS| D]*} | |jd+| |kr|rdSq| s d'Sd,}|r|j0}tj1j*|d-gd.}t2d/|j0d0|d1|dS)2NT)Zid_onlyrCrHr9 project_id parent_idr uXПропустили проверку Проектных прав для объекта u3, т.к. проект еще не загружен r rrrrr{r rDr@rGcSsg|] }|jjqSr,rXrYr3er,r,r-r5szBCmfProjectPermScheme.check_project_role_access..cSsg|] }|jjqSr,rrr,r,r-r5srBlistscSsg|] }|jqSr,rXr3xr,r,r-r5srArFcSsg|] }|jjqSr,rrr,r,r-r5-scSsg|] }|jjqSr,rrr,r,r-r50s)zvar:responsiblez var:executorszvar:spectatorsz var:ownerzvar:owner_assistantszvar:project_ownerzvar:project_owner_assistantsz var:authorZvar_waiting_forzvar:component_ownerzvar:current_userzvar:all_related_usersz var:followersuvar:Подпискиzvar:project_usersz var:approverscSsg|] }|jqSr,rrr,r,r-r5CsrUZCmfTaskZ cmf_owner_idZ cmf_author_idZcmf_responsible_idrXFrequest_servicedeskz/filesr>r?r0rsrtrurv)3r^Zdisable_permissionsZacl_admin_moderwcurrent_person__member_ofrZ CmfAccessListZsubject_full_group_listZcmfutilZ get_obj_by_id isinstancerkrZCmfTyperYrUrlrXrZ is_definedrZ load_fieldsZ is_changedoldr]r_rxryZsharelink_anonymous_userZsharelink_access_objrCrzrVhasattrr{rDrGrRrrFZextract_var_objrZrrZrequestpathr[Zservicedesk_allowr0r|r})r`r=rr~rZobj_idZproject_id_simplecheckZobj_dict_simplecheckZuse_new_projectrrZ obj_parent_idZ container_idrlZ var_user_codeZ var_usersZsimple_check_allowed_idiZis_request_servicedeskZtmp_project_namerr,r,r-check_project_role_accesssJ                              *  $     *      z.CmfProjectPermScheme.check_project_role_access)NNT)NNNNNFT)__name__ __module__ __qualname__r]r r.r< classmethodrer staticmethodZon_server_eventrqrlrr __classcell__r,r,r*r-rs*    K  Hr)Z cmf.includeZmodules.project.fieldsrrQrr,r,r,r-s