`idddlddlmZddlZddlmZddlmZGddejZy))*)cmf_project_perm_schemeN)make_prof_point)Optionalc(eZdZdZej j dgzZdZgdZddZ ddd e ddffd Z dd e e ddffd Z fd ZfdZedZedZeeddZedde fdZe dde fdZxZS)CmfProjectPermSchemeug Класс схемы проектных прав Содержит атрибут _PROJECT_PERM_DATA - кэш прав по проектам Структура _PROJECT_PERM_DATA: { access_local_user = { - project_id 1 = set('PERM1', 'PERM2', ...) - project_id 2 = set(...) - ... } access_owner = { - project_id 1 = set(...) - project_id 2 = set(...) - ... } access_... user_id = { - project_id 1 = set(...) - project_id 2 = set(...) - ... } person_group/role/orgunit = { # Не раскрываем all_nested для экономии памяти - project_id 1 = set(...) - project_id 2 = set(...) - ... } copyN)project_permissionaccess_project_roleaccess_membersaccess_local_user access_owneraccess_owner_assistant access_authoraccess_project_owneraccess_responsibleaccess_sdesk_clientaccess_anonymous access_guestaccess_sharelink_anonymousaccess_spectatorsaccess_executorsaccess_list_owneraccess_project_owner_assistantaccess_project_spectatorsaccess_project_executorsreturncvtjj|dgD]}|j|y)uU Копирование правил из схемы source_scheme в текущую z***parentfieldsr N)modelsCmfProjectPermSchemeRulelistr )self source_scheme source_rules 3./modules/project/models/cmf_project_perm_scheme.py_copy_rules_from_schemez,CmfProjectPermScheme._copy_rules_from_scheme3s>"::??}^c]d?e *K   D  ) *system.open:default)default_scheme_coder-ctjj|jr2tjj |}|j |t ||i|S)u Сохранение схемы проектных прав При создании новой схемы (is_new=True) копируются правила из дефолтной схемы coder')r#rtrigger_reloadis_newgetr*supersave)r&r-argskwargsdefault_scheme __class__s r)r6zCmfProjectPermScheme.save9s_ ##224 ;;$88<>v> ++$+?r+c |j}t ||i|}|rtjj d}tj j||jD]R}tj |}|jD]}t||t|||jdT|S)u Сохранение схемы при импорте данных При создании новой схемы (is_new=True) копируются правила из дефолтной схемы с save_import=True r,r/rr"T) save_import) r3r5 _save_importr#rr4r$r%_COPY_RULE_FIELDSsetattrgetattrr6) r&r7r8r3resultr9 default_rulerulefieldr:s r)r@z!CmfProjectPermScheme._save_importOs %t6v6 $88<r(|dj!|j2j4|j@r(|dj!|j2j4|jBr(|dj!|j2j4|jDr|jFr)|dj!|j2j4n|j2j4|dvr$t|d|j2j4<|j |jjHgD]-}|d|j2j4j!|/|jJr(|dj!|j2j4|jLru|jjH|vr!t||jjH<||jjHj!|j2j4|jNr(|dj!|j2j4|jPrW|jR|vrt||jR<||jRj!|j2j4|jTrh|jVD]Y}|j|vrt||j<||jj!|j2j4[|jXrh|jZD]Y}|j|vrt||j<||jj!|j2j4[|j\rh|j^D]Y}|j|vrt||j<||jj!|j2j4[|j`r|j`D]}|j4jdrX|j4|vrt||j4<||j4j!|j2j4v|j|vrt||j<||jj!|j2j4|jbs|jbD]^}|j|vr||jD];}||vr t||<||j!|j2j4=`|jeD] \}}||vri||<||||j<"|jeD]\}}||||j<tj|z dkDr9t$j'dtj|z d tg||th_5t$j'd!tj|z d"tj|z d#kDr-t$j'd$tj|z |ycc}w)%Nload_project_permission_datai,) r access_sdesk_publicaccess_sdesk_privaterrrrrrrrrzsdesk-client:defaultr/) parent_idz members.idproject_role_idr!z CmfCompany:)companyg{Gz?zXPROF CmfProjectPermScheme.load_project_permission_data() CmfProjectRoleAssign.slist got )project_perm_scheme_id cmf_owner_idzcmf_owner_assistants.idservicedesk_publicz spectators.idz executors.idzcmf_project_admins.idzNPROF CmfProjectPermScheme.load_project_permission_data() CmfProject.slist got )zaccess_project_role.idzaccess_members.coder rrrrrrrproject_permission.coderrrrrrrrrz PPP-PR-BROWSEr rrrrrrrrZr[rrzvar:g?zNPROF CmfProjectPermScheme.load_project_permission_data() process projects got z count=zLoad time _PROJECT_PERM_DATA: secg333333?z=PROF CmfProjectPermScheme.load_project_permission_data() got )6rtimer#CmfPersonGroup guest_groupCmfProjectRoler4CmfProjectRoleAssignslistmembersr]r\setid startswith CmfPersonaddupdategdebugrPr`r$cmf_project_adminsr r r0rrrrrrrrrbvaluerrrrrarcmf_owner_assistantsr spectatorsr executorsr r itemslenr_PROJECT_PERM_DATA)cls prof_point start_time perm_dataguest_person_groupsdesk_client_rolecompany_persons_cacheloaded_scheme_rulesprof_stproject_role_membersr_membersmp_listrU project_listrW project_permsproject_user_permsproject_role_member_idspr_adminrF member_idmemberroleuser_idpermperm_funs r)rYz1CmfProjectPermScheme.load_project_permission_datavs $%CSI YY[ "$#%$&&("$ "!# "*,!# $22>>@"1155;Q5R " ))+!,,22:h2i RA99A$5$5 {{"6646$Q[[1uHYY '44??=1tt#88!'!1!1!7!7!7!EEK6Lqtt6L-add321448( Q(LL& '  (wzz*J'--5HHFLFeFeFkFk"998Gl G#G$B$BC$66 E;;&8869e&x{{3"8;;/33OD E ,G,J,JK^ \))!"56::4;R;R;W;WX$$!.155d6M6M6R6RS..!":;??@W@W@\@\]%%!/266t7N7N7S7ST**!"67;;D?CCDD[D[D`D`a,,++3EECF5*7+?+?@&w';';<@@AXAXA]A]^66")">">X!99,>>>>U>U>Z>Z[ \++ $ 8 8\#ww*AA$)@)I\I(0BB@C 29 =.y9==d>U>U>Z>Z[\\q^ \d"4!9!9!; 6 )+)+Ig&15 '"7::. 6 #0"5"5"7 7$26 (#GJJ/ 7Cb 7H 99; 3 & GGdeienenepszezd{|CDGHTDUCVW X2;/ 0Z1G0HLM 99; #c ) GGSTXT]T]T_blTlSmn o E7Mso>c2tdtddy)Nz"project_permission::reload triggerCmfProjectPermScheme:changed)printcmf_emit_server_event)r|s r)r2z#CmfProjectPermScheme.trigger_reloadfs 24.handlerps > @ JJqM*DF.3+WW((*2//LLN~~))*RTWXZXaXaXcTdimrw)x"ac!//1 22?A22s BC--C6z(project_permission::reload spawn handlerT)rrgeventspawn)_kwargsrs r)on_project_permission_changez1CmfProjectPermScheme.on_project_permission_changeks%  B 8:&*# Wr+r c|tj}|jjtj j dd|jgdd|gggd}|sy|jr |jry|jr|tjk(ry|jr||jk(ry|js$|js|js |j r|st#d|d|rp|jr||jk(ry|jr||j$k(ry|jr||j&k(ry|j r||j(k(ry|j*r||j*j-vry|j.rYtj0j3dd|gd d |j.ggd g}|D] }||j4j-vs y|sy tj6j |d g} t9d| j:d|j:d|)Nr =rc)r r r rrrrr)filterr!Tu*DEV: check_project_role_access Право u_ разрешено для объектного поля, но объект не передан project_roleINrkFr;r0r!NУ пользователя нет Проектного разрешения "" в проекте  для объекта )rr current_userrJloadr#r$r4r user_localranonymous_userr cmf_ownerrrrrrRcmf_owner_assistant cmf_author responsibler all_nestedr rir%rkCmfProjectPermPermissionCmfPermissionErrorr;) r|rWr userobj raise_errorr role_assigns role_assign perm_infos r)check_project_role_access_oldz2CmfProjectPermScheme.check_project_role_access_oldsm <>>D ##((*..22Hc7KfKf;g>)&&3??*   t**5577  # #!66;;XsT[D\>LdTXTlTl=mDoENK<QL , ;..99;; 3377=OY_X`7a  #qr{sAsArBB77>||nD[\_[`"bc cr+c tjstjry|!tj}tj} n!t j j|d} |s|rtj|dg}t|tjjr |j}|r8|s6t|tjjr |j}|} |}n2|jdk(rt!|j"} n |j$j&r|j(j&s|j+ddg|j$jr\|j$j,r/|j$j.r|s|j$j.} nr|j$j} n[|j(j,r/|j(j.r|s|j(j.} n|j(j} | |j0dvrtj3d |d | y|j4r||j0d | vry|j"j|j0vrN| |j0|j"jvr)||j0|j"j| vry| D]9} | |j0vs| |j0| vs$||j0| | vs9y|tj6k(r||j0d | vry|rt|t s|tj8k(r(||j0d | vrtj:|k(ry||j0d| vrL|j<j,r&|j>s||j<j.k(ry||j<k(ry||j0d| vrf|j@jC|j@j,r&|j>s||j@j.k(ry||j@k(ry||j0d| vrftE|drZ|jFjC|jFj,r||jFj.k(ry||jFk(ry||j0d| vrztE|drn|jHjC|jHj,r/|jHj.r(||jHj.vry||jHvry||j0d| vr9tE|dr,|jJjC|jJj,r/|jJj.r(||jJj.vry||jJvry|jJj,rd|jJj.rtM| tM|jJj.D cgc]} | j"jc} zrEytM| tM|jJD cgc]} | j"jc} zry||j0d| vrtE|dr|jN}|jNj,r|jNj.}|D]j}||j<k(s||jHvry| D]D} | |j<j"k(s'| |jHDcgc]}|j"c}vsCyl||j0d| vr9tE|dr,|jPjC|jPj,r/|jPj.r(||jPj.vry||jPvry|jPj,rd|jPj.rtM| tM|jPj.D cgc]} | j"jc} zrEytM| tM|jPD cgc]} | j"jc} zrydD]u}||j0vs| |j0|vs$||j0|| vs9|jS|}||vry| D]!} | |Dcgc]}|j"c}vs ywnH|rEtM}||j0d| vr!|jU|jWdd||j0d| vr!|jU|jWdd||j0d| vr!|jU|jWdd||j0d| vr+|jWdgD]}|jU|d||j0d| vr+|jWdgD]}|jU|d|j"|vrytM| |zry||j0d| vr |jXrtjZdk(ry||j0d | vrs|j"j|j0d | |vrtjZdk(ry| D]/} | |j0d | |vstjZdk(s/y| sy!d"}| r,t j\jW| d#g$j^}t j`jW|d#g%}tcd&|j^d'|d(|cc} wcc} wcc}wcc} wcc} wcc}w))NT)id_onlyrr^rP project_idr\ruXПропустили проверку Проектных прав для объекта u3, т.к. проект еще не загружен r rrrrrrrvrrxrlistsrrw)zvar:responsiblez var:executorszvar:spectatorsz var:ownerzvar:owner_assistantszvar:project_ownerzvar:project_owner_assistantsz var:authorzvar:waiting_forzvar:component_ownerzvar:current_userzvar:all_related_usersz var:followersuvar:Подпискиzvar:project_usersz var:approversra cmf_author_idresponsible_idrmrZsd_apir[Fr;)rmr!rrrr)2rrdisable_permissionsacl_admin_modercurrent_person__member_ofr# CmfAccessListsubject_full_group_listcmfutil get_obj_by_id isinstancerr!CmfTyperu class_namerrmr is_definedr\ load_fields is_changedoldr{rsrrsharelink_anonymous_usersharelink_access_objrr3rrhasattrrrvrxrlrrwextract_var_objrpr4servicedesk_allow api_scoperPr;rr)r|rWr rrobj_idproject_id_simplecheckobj_dict_simplecheckuse_new_projectrr obj_parent_id container_iderlx var_user_code var_userssimple_check_allowed_iditmp_project_namers r)check_project_role_accessz.CmfProjectPermScheme.check_project_role_accesss  A$4$4 <>>D()(C(C %(.(<(<(T(TUYcg(T(h %v'' }'EC c3::-- .))C !#0#**2D2DE)?)E)E&2M(C~~- #CFF ~~00 8P8POO\;$?@>>''~~00S^^5G5GP_(+(:(: (+(<(< }}//CMM4E4Eo(+ (9(9 (+ (;(;   6 6~ F F GGjknjopcdqcrs t ??"c&<&<=P&QR_&`` 77==C22 2 6 6tww}} EE%)?)? )N})]]5 $Ls555 C$:$:<$HH)S-C-CL-QR_-``#  $ 1## #(:c>T>TUg>hiv>w(w%ZS-Aq111*c.D.DEa.bcp.qq))S0!S%;%;N%KM%ZZ==++CJJs}}000#s}},#!S%;%;O%L]%[[##%>>,,SZZs~~111#s~~-#!S%;%;>9\\]\r\rMsWXaddMs=s#'(("S%;%;>,,~~))dcnn6H6H.H#s~~-#>>,,~~))c2K.LshkhvhvhzhzS{cdTUTXTXT^T^S{O|.|#45QTQ_Q_<`AQTTZZ<`8aa# "` 0 !C$:$::$(>(>}(MM-1G1G 1VWd1ee(+(;(;M(JI#y0'+0I0 #/)3LQADD3L#L+/0 0"'*e #!S%;%;N%KM%ZZ'++,@,D,D^UY,Z[!S%;%;O%L]%[['++,@,D,D_VZ,[\!S%;%;>JJfXUK* 6K -s -Yo -#CY./ mm^DD;<=.FcsFcFcPeijo.2xgCxgxgr+r) cmf.includemodules.project.fieldsrrecmf.util.cmfutilrtypingrrrr+r)rs+: ,} g2GG} gr+