zou 0.19.14__py3-none-any.whl → 0.20.11__py3-none-any.whl

zou/app/blueprints/crud/comments.py

@@ -1,7 +1,5 @@
 from flask_jwt_extended import jwt_required
-from flask import current_app
 
-from sqlalchemy.exc import StatementError
 
 from zou.app.models.comment import Comment
 from zou.app.models.attachment_file import AttachmentFile
@@ -13,15 +11,12 @@ from zou.app.services import (
     persons_service,
     tasks_service,
     user_service,
+    projects_service,
 )
 from zou.app.utils import events, permissions
 
 from zou.app.blueprints.crud.base import BaseModelResource, BaseModelsResource
 
-from zou.app.services.exception import (
-    CommentNotFoundException,
-)
-
 
 class CommentsResource(BaseModelsResource):
     def __init__(self):
@@ -33,25 +28,8 @@ class CommentResource(BaseModelResource):
         BaseModelResource.__init__(self, Comment)
         self.protected_fields += ["mentions", "department_mentions"]
 
-    @jwt_required()
-    def get(self, instance_id):
-        """
-        Retrieve a model corresponding at given ID and return it as a JSON
-        object.
-        """
-        try:
-            instance = tasks_service.get_comment_with_relations(instance_id)
-            self.check_read_permissions(instance)
-            result = self.clean_get_result(instance)
-
-        except StatementError as exception:
-            current_app.logger.error(str(exception), exc_info=1)
-            return {"message": str(exception)}, 400
-
-        except ValueError:
-            raise CommentNotFoundException
-
-        return result, 200
+    def get_serialized_instance(self, instance_id, relations=True):
+        return tasks_service.get_comment(instance_id, relations=relations)
 
     def clean_get_result(self, result):
         if permissions.has_client_permissions():
@@ -105,11 +83,89 @@ class CommentResource(BaseModelResource):
         if permissions.has_admin_permissions():
             return True
         else:
-            comment = self.get_model_or_404(instance["id"])
-            current_user = persons_service.get_current_user()
-            if current_user["id"] != str(comment.person_id):
+            task = tasks_service.get_task(
+                instance["object_id"], relations=True
+            )
+            task_type = tasks_service.get_task_type(task["task_type_id"])
+            project = projects_service.get_project(
+                task["project_id"], relations=True
+            )
+            current_user = persons_service.get_current_user(relations=True)
+            if current_user["id"] not in project["team"]:
+                raise permissions.PermissionDenied
+
+            if permissions.has_manager_permissions():
+                return True
+
+            change_pinned = (
+                "pinned" in data.keys()
+                and data["pinned"] != instance["pinned"]
+            )
+            change_checklist = (
+                "checklist" in data.keys()
+                and data["checklist"] != instance["checklist"]
+            )
+            is_supervisor = permissions.has_supervisor_permissions()
+            is_supervisor_in_department = (
+                current_user["departments"] == []
+                or task_type["department_id"] in current_user["departments"]
+            )
+            is_assigned = current_user["id"] in task["assignees"]
+            comment_from_current_user = (
+                current_user["id"] == instance["person_id"]
+            )
+
+            if change_pinned and (
+                not is_supervisor or not is_supervisor_in_department
+            ):
+                raise permissions.PermissionDenied
+
+            if change_checklist and (
+                not comment_from_current_user
+                and (
+                    (
+                        is_supervisor
+                        and not (is_supervisor_in_department or is_assigned)
+                    )
+                    or (not is_supervisor and not is_assigned)
+                )
+                and (
+                    len(data["checklist"]) == len(instance["checklist"])
+                    and all(
+                        all(
+                            (
+                                k == "checked"
+                                or data["checklist"][i].get(k) == c[k]
+                            )
+                            for k in c.keys()
+                        )
+                        for i, c in enumerate(instance["checklist"])
+                    )
+                )
+            ):
+                raise permissions.PermissionDenied
+
+            if (
+                not comment_from_current_user
+                and len(set(data.keys()) - set(["pinned", "checklist"])) > 0
+            ):
+                raise permissions.PermissionDenied
+
+            if (
+                "person_id" in data.keys()
+                and data["person_id"] != current_user["id"]
+            ):
                 raise permissions.PermissionDenied
-            user_service.check_task_status_access(data["task_status_id"])
+
+            if (
+                "object_id" in data.keys()
+                and data["object_id"] != instance["object_id"]
+            ):
+                raise permissions.PermissionDenied
+
+            if "task_status_id" in data.keys():
+                user_service.check_task_status_access(data["task_status_id"])
+
             return True
 
     def pre_delete(self, comment):

zou/app/blueprints/crud/custom_action.py

@@ -9,7 +9,7 @@ class CustomActionsResource(BaseModelsResource):
     def __init__(self):
         BaseModelsResource.__init__(self, CustomAction)
 
-    def check_read_permissions(self):
+    def check_read_permissions(self, options=None):
         user_service.block_access_to_vendor()
         return True
 

zou/app/blueprints/crud/day_off.py

@@ -3,8 +3,11 @@ from zou.app.models.time_spent import TimeSpent
 
 from zou.app.blueprints.crud.base import BaseModelsResource, BaseModelResource
 
-from zou.app.services import user_service
-from zou.app.utils import date_helpers
+from zou.app.services import user_service, time_spents_service
+
+from zou.app.services.exception import WrongParameterException
+
+from zou.app.utils import permissions
 
 
 class DayOffsResource(BaseModelsResource):
@@ -14,14 +17,20 @@ class DayOffsResource(BaseModelsResource):
     def check_create_permissions(self, data):
         return user_service.check_day_off_access(data)
 
-    def update_data(self, data):
-        data = super().update_data(data)
-        data["date"] = date_helpers.get_date_from_string(data["date"])
+    def check_creation_integrity(self, data):
+        if time_spents_service.get_day_offs_between(
+            data["date"], data["end_date"], data["person_id"]
+        ):
+            raise WrongParameterException(
+                "Day off already exists for this period"
+            )
         return data
 
     def post_creation(self, instance):
-        time_spents = TimeSpent.delete_all_by(
-            person_id=instance.person_id, date=instance.date
+        TimeSpent.delete_all_by(
+            instance.date >= TimeSpent.date,
+            instance.end_date <= TimeSpent.date,
+            person_id=instance.person_id,
         )
         return instance.serialize()
 
@@ -33,5 +42,34 @@ class DayOffResource(BaseModelResource):
     def check_delete_permissions(self, instance_dict):
         return user_service.check_day_off_access(instance_dict)
 
-    def check_read_permissions(self, instance):
-        return user_service.check_day_off_access(instance)
+    def check_read_permissions(self, instance_dict):
+        return user_service.check_day_off_access(instance_dict)
+
+    def check_update_permissions(self, instance_dict, data):
+        if (
+            "person_id" in data.keys()
+            and instance_dict["person_id"] != data["person_id"]
+            and not permissions.has_admin_permissions()
+        ):
+            raise permissions.PermissionDenied()
+        return user_service.check_day_off_access(instance_dict)
+
+    def post_update(self, instance_dict, data):
+        TimeSpent.delete_all_by(
+            self.instance.date >= TimeSpent.date,
+            self.instance.end_date <= TimeSpent.date,
+            person_id=self.instance.person_id,
+        )
+        return instance_dict
+
+    def pre_update(self, instance_dict, data):
+        if time_spents_service.get_day_offs_between(
+            data.get("date", instance_dict["date"]),
+            data.get("end_date", instance_dict["end_date"]),
+            data.get("person_id", instance_dict["person_id"]),
+            exclude_id=instance_dict["id"],
+        ):
+            raise WrongParameterException(
+                "Day off already exists for this period"
+            )
+        return data

zou/app/blueprints/crud/department.py

@@ -3,32 +3,19 @@ from zou.app.blueprints.crud.base import BaseModelResource, BaseModelsResource
 from zou.app.models.department import Department
 
 from zou.app.services import tasks_service
-from zou.app.services.exception import (
-    ArgumentsException,
-)
 
 
 class DepartmentsResource(BaseModelsResource):
     def __init__(self):
         BaseModelsResource.__init__(self, Department)
 
-    def check_read_permissions(self):
+    def check_read_permissions(self, options=None):
         return True
 
     def post_creation(self, instance):
         tasks_service.clear_department_cache(str(instance.id))
         return instance.serialize()
 
-    def update_data(self, data):
-        data = super().update_data(data)
-        name = data.get("name", None)
-        department = Department.get_by(name=name)
-        if department is not None:
-            raise ArgumentsException(
-                "A department type with similar name already exists"
-            )
-        return data
-
 
 class DepartmentResource(BaseModelResource):
     def __init__(self):
@@ -37,17 +24,6 @@ class DepartmentResource(BaseModelResource):
     def check_read_permissions(self, instance):
         return True
 
-    def update_data(self, data, instance_id):
-        data = super().update_data(data, instance_id)
-        name = data.get("name", None)
-        if name is not None:
-            department = Department.get_by(name=name)
-            if department is not None and instance_id != str(department.id):
-                raise ArgumentsException(
-                    "A department with similar name already exists"
-                )
-        return data
-
     def post_update(self, instance_dict, data):
         tasks_service.clear_department_cache(instance_dict["id"])
         return instance_dict

zou/app/blueprints/crud/entity.py

@@ -10,8 +10,11 @@ from zou.app.models.entity import (
     EntityVersion,
     EntityLink,
     EntityConceptLink,
+    ENTITY_STATUSES,
 )
+from zou.app.models.project import Project
 from zou.app.models.subscription import Subscription
+from zou.app.models.task import Task
 from zou.app.services import (
     assets_service,
     breakdown_service,
@@ -23,7 +26,9 @@ from zou.app.services import (
     user_service,
     concepts_service,
 )
-from zou.app.utils import events, fields, date_helpers
+from zou.app.utils import date_helpers, events, permissions
+
+from zou.app.services.exception import WrongParameterException
 
 from werkzeug.exceptions import NotFound
 
@@ -56,11 +61,36 @@ class EntitiesResource(BaseModelsResource, EntityEventMixin):
     def emit_create_event(self, entity_dict):
         self.emit_event("new", entity_dict)
 
+    def check_read_permissions(self, options=None):
+        return True
+
+    def add_project_permission_filter(self, query):
+        if not permissions.has_admin_permissions():
+            query = query.join(Project).filter(
+                user_service.build_related_projects_filter()
+            )
+            if permissions.has_vendor_permissions():
+                query = query.join(Task).filter(
+                    user_service.build_assignee_filter()
+                )
+
+        return query
+
     def update_data(self, data):
         data = super().update_data(data)
         data["created_by"] = persons_service.get_current_user()["id"]
         return data
 
+    def check_creation_integrity(self, data):
+        """
+        Check if entity has a valid status.
+        """
+        if "status" in data:
+            types = [entity_status for entity_status, _ in ENTITY_STATUSES]
+            if data["status"] not in types:
+                raise WrongParameterException("Invalid status")
+        return True
+
     def all_entries(self, query=None, relations=False):
         entities = BaseModelsResource.all_entries(
             self, query=query, relations=relations
@@ -187,11 +217,11 @@ class EntityResource(BaseModelResource, EntityEventMixin):
         version = None
         if frame_in != pframe_in or frame_out != pframe_out or name != pname:
             current_user_id = persons_service.get_current_user()["id"]
-            previous_updated_at = fields.get_date_object(
-                previous_shot["updated_at"], date_format="%Y-%m-%dT%H:%M:%S"
+            previous_updated_at = date_helpers.get_datetime_from_string(
+                previous_shot["updated_at"]
             )
-            updated_at = fields.get_date_object(
-                shot["updated_at"], date_format="%Y-%m-%dT%H:%M:%S"
+            updated_at = date_helpers.get_datetime_from_string(
+                shot["updated_at"]
             )
             if (
                 date_helpers.get_date_diff(previous_updated_at, updated_at)
@@ -216,3 +246,14 @@ class EntityResource(BaseModelResource, EntityEventMixin):
             index_service.remove_asset_index(entity_dict["id"])
         elif shots_service.is_shot(entity_dict):
             index_service.remove_shot_index(entity_dict["id"])
+
+    def update_data(self, data, instance_id):
+        """
+        Check if the entity has a valid status.
+        """
+        data = super().update_data(data, instance_id)
+        if "status" in data:
+            types = [entity_status for entity_status, _ in ENTITY_STATUSES]
+            if data["status"] not in types:
+                raise WrongParameterException("Invalid status")
+        return data

zou/app/blueprints/crud/entity_type.py

@@ -4,6 +4,8 @@ from zou.app.models.entity_type import EntityType
 from zou.app.utils import events
 from zou.app.services import entities_service, assets_service
 
+from zou.app.services.exception import WrongParameterException
+
 
 class EntityTypesResource(BaseModelsResource):
     def __init__(self):
@@ -18,7 +20,7 @@ class EntityTypesResource(BaseModelsResource):
             for asset_type in query.all()
         ]
 
-    def check_read_permissions(self):
+    def check_read_permissions(self, options=None):
         return True
 
     def emit_create_event(self, instance_dict):
@@ -28,6 +30,16 @@ class EntityTypesResource(BaseModelsResource):
         assets_service.clear_asset_type_cache()
         return instance.serialize(relations=True)
 
+    def check_creation_integrity(self, data):
+        entity_type = EntityType.query.filter(
+            EntityType.name.ilike(data.get("name", ""))
+        ).first()
+        if entity_type is not None:
+            raise WrongParameterException(
+                "Entity type with this name already exists"
+            )
+        return data
+
 
 class EntityTypeResource(BaseModelResource):
     def __init__(self):

zou/app/blueprints/crud/event.py

@@ -11,7 +11,7 @@ class EventsResource(BaseModelsResource):
         if query is None:
             query = self.model.query
 
-        return self.model.serialize_list(
+        return self.serialize_list(
             query.limit(1000).all(), relations=relations
         )
 

zou/app/blueprints/crud/file_status.py

@@ -6,7 +6,7 @@ class FileStatusesResource(BaseModelsResource):
     def __init__(self):
         BaseModelsResource.__init__(self, FileStatus)
 
-    def check_read_permissions(self):
+    def check_read_permissions(self, options=None):
         return True
 
 

zou/app/blueprints/crud/metadata_descriptor.py

@@ -4,9 +4,12 @@ from zou.app.models.metadata_descriptor import (
 )
 
 from zou.app.blueprints.crud.base import BaseModelResource, BaseModelsResource
+from zou.app.utils import permissions
+from zou.app.models.project import Project
+from zou.app.services import user_service
 
 from zou.app.services.exception import (
-    ArgumentsException,
+    WrongParameterException,
 )
 
 
@@ -14,14 +17,15 @@ class MetadataDescriptorsResource(BaseModelsResource):
     def __init__(self):
         BaseModelsResource.__init__(self, MetadataDescriptor)
 
-    def all_entries(self, query=None, relations=True):
-        if query is None:
-            query = self.model.query
+    def check_read_permissions(self, options=None):
+        return not permissions.has_vendor_permissions()
 
-        return [
-            metadata_descriptor.serialize(relations=relations)
-            for metadata_descriptor in query.all()
-        ]
+    def add_project_permission_filter(self, query):
+        if not permissions.has_admin_permissions():
+            query = query.join(Project).filter(
+                user_service.build_related_projects_filter()
+            )
+        return query
 
     def check_creation_integrity(self, data):
         """
@@ -30,11 +34,21 @@ class MetadataDescriptorsResource(BaseModelsResource):
         if "data_type" in data:
             types = [type_name for type_name, _ in METADATA_DESCRIPTOR_TYPES]
             if data["data_type"] not in types:
-                raise ArgumentsException("Invalid data_type")
+                raise WrongParameterException("Invalid data_type")
         return True
 
+    def all_entries(self, query=None, relations=True):
+        if query is None:
+            query = self.model.query
+
+        return [
+            metadata_descriptor.serialize(relations=relations)
+            for metadata_descriptor in query.all()
+        ]
+
 
 class MetadataDescriptorResource(BaseModelResource):
+
     def __init__(self):
         BaseModelResource.__init__(self, MetadataDescriptor)
 
@@ -47,5 +61,5 @@ class MetadataDescriptorResource(BaseModelResource):
         if "data_type" in data:
             types = [type_name for type_name, _ in METADATA_DESCRIPTOR_TYPES]
             if data["data_type"] not in types:
-                raise ArgumentsException("Invalid data_type")
+                raise WrongParameterException("Invalid data_type")
         return data

zou/app/blueprints/crud/organisation.py

@@ -1,16 +1,15 @@
 from zou.app.models.organisation import Organisation
-from zou.app.utils import fields
 from zou.app.blueprints.crud.base import BaseModelResource, BaseModelsResource
 
+from zou.app.services import persons_service
+from zou.app.utils.permissions import has_admin_permissions
+
 
 class OrganisationsResource(BaseModelsResource):
     def __init__(self):
         BaseModelsResource.__init__(self, Organisation)
 
-    def get(self):
-        return fields.serialize_list(Organisation.query.all())
-
-    def check_read_permissions(self):
+    def check_read_permissions(self, options=None):
         return True
 
 
@@ -25,3 +24,21 @@ class OrganisationResource(BaseModelResource):
         if "hours_by_day" in data:
             data["hours_by_day"] = float(data["hours_by_day"])
         return data
+
+    def serialize_instance(self, data, relations=True):
+        return data.serialize(
+            relations=relations,
+            ignored_attrs=(
+                []
+                if has_admin_permissions()
+                else [
+                    "chat_token_slack",
+                    "chat_webhook_mattermost",
+                    "chat_token_discord",
+                ]
+            ),
+        )
+
+    def post_update(self, instance_dict, data):
+        persons_service.clear_organisation_cache()
+        return instance_dict

zou/app/blueprints/crud/output_file.py

@@ -17,7 +17,7 @@ class OutputFilesResource(BaseModelsResource):
     def __init__(self):
         BaseModelsResource.__init__(self, OutputFile)
 
-    def check_read_permissions(self):
+    def check_read_permissions(self, options=None):
         user_service.block_access_to_vendor()
         return True
 

zou/app/blueprints/crud/output_type.py

@@ -12,7 +12,7 @@ class OutputTypesResource(BaseModelsResource):
     def __init__(self):
         BaseModelsResource.__init__(self, OutputType)
 
-    def check_read_permissions(self):
+    def check_read_permissions(self, options=None):
         return True