# By: Riasat Ullah # This file contains code that validates Http requests made to the web platform. from constants import var_names from taskcallweb import settings def user_in_session(request): ''' Checks if a user is in session or not :param request: Http request :return: (boolean) True if the user is in session; False otherwise ''' if var_names.token in request.session: return True return False def get_user_language(request): ''' Get the language in which the user's contents should be delivered. :param request: Http request :return: (str) language code ''' if var_names.language in request.COOKIES: return request.COOKIES.get(var_names.language) elif var_names.language in request.session: return request.session[var_names.language] else: return settings.LANGUAGE_CODE def get_host_region(request): ''' Get the region where the organization's data is hosted in. :param request: Http request :return: (str) name of the host region ''' if var_names.host_region in request.COOKIES: return request.COOKIES.get(var_names.host_region) else: return settings.REGION def get_nav_bar_components(request): ''' Gets the list of names of the components that should be generated on the html page as per this request. :param request: Http request :return: (list) of component names ''' if var_names.nav_bar_components in request.session: return request.session[var_names.nav_bar_components] else: return [] def get_component_features(request): ''' Gets the list of component features that a user has access to. :param request: Http request :return: (list) of component features ''' if var_names.component_features in request.session: return request.session[var_names.component_features] else: return [] def has_view_permission(request, component_name, components=None): ''' Using the permissions stored in session, checks if the user has the permission to edit a given component or not. :param request: Http request :param component_name: name of the component as used by the rest API :param components: list of components that are allowed in this request :return: (boolean) True if it is; False otherwise ''' if components is None: components = request.session[var_names.nav_bar_components] if component_name in components: return True return False def has_edit_permission(request, component_name): ''' Using the permissions stored in session, checks if the user has the permission to edit a given component or not. :param request: Http request :param component_name: name of the component as used by the rest API :return: (boolean) True if it is; False otherwise ''' if var_names.edit_permissions in request.session: editable_component_names = request.session[var_names.edit_permissions] if component_name in editable_component_names: return True return False def get_session_permission(request, component_name, components=None): ''' Using the permissions stored in session, checks if the user has the permission to edit a given component or not. :param request: Http request :param component_name: name of the component as used by the rest API :param components: list of components that are allowed in this request :return: (boolean) True if it is; False otherwise ''' view_perm = has_view_permission(request, component_name, components) edit_perm = has_edit_permission(request, component_name) return view_perm, edit_perm def get_team_permission_status(request): ''' Checks if the user's organization has team permission or not. This information should have been saved at the time of logging in. :param request: Http request :return: (boolean) True or False ''' if var_names.has_team_permission in request.session: return request.session[var_names.has_team_permission] return False