fix: file structuring (#2797)

* fix: file structure changes * fix: pages update * fix: license imports changed
2023-11-20 11:59:20 +05:30 · 2023-11-20 11:59:20 +05:30 · ced5bfd930
commit ced5bfd930
parent 728213e3fd
113 changed files with 2306 additions and 1261 deletions
--- a/apiserver/plane/app/permissions/init.py
+++ b/apiserver/plane/app/permissions/init.py
@ -0,0 +1,17 @@
+
+from .workspace import (
+    WorkSpaceBasePermission,
+    WorkspaceOwnerPermission,
+    WorkSpaceAdminPermission,
+    WorkspaceEntityPermission,
+    WorkspaceViewerPermission,
+    WorkspaceUserPermission,
+)
+from .project import (
+    ProjectBasePermission,
+    ProjectEntityPermission,
+    ProjectMemberPermission,
+    ProjectLitePermission,
+)
+
+
--- a/apiserver/plane/app/permissions/project.py
+++ b/apiserver/plane/app/permissions/project.py
@ -0,0 +1,111 @@
+# Third Party imports
+from rest_framework.permissions import BasePermission, SAFE_METHODS
+
+# Module import
+from plane.db.models import WorkspaceMember, ProjectMember
+
+# Permission Mappings
+Admin = 20
+Member = 15
+Viewer = 10
+Guest = 5
+
+
+class ProjectBasePermission(BasePermission):
+    def has_permission(self, request, view):
+        if request.user.is_anonymous:
+            return False
+
+        ## Safe Methods -> Handle the filtering logic in queryset
+        if request.method in SAFE_METHODS:
+            return WorkspaceMember.objects.filter(
+                workspace__slug=view.workspace_slug,
+                member=request.user,
+                is_active=True,
+            ).exists()
+
+        ## Only workspace owners or admins can create the projects
+        if request.method == "POST":
+            return WorkspaceMember.objects.filter(
+                workspace__slug=view.workspace_slug,
+                member=request.user,
+                role__in=[Admin, Member],
+                is_active=True,
+            ).exists()
+
+        ## Only Project Admins can update project attributes
+        return ProjectMember.objects.filter(
+            workspace__slug=view.workspace_slug,
+            member=request.user,
+            role=Admin,
+            project_id=view.project_id,
+            is_active=True,
+        ).exists()
+
+
+class ProjectMemberPermission(BasePermission):
+    def has_permission(self, request, view):
+        if request.user.is_anonymous:
+            return False
+
+        ## Safe Methods -> Handle the filtering logic in queryset
+        if request.method in SAFE_METHODS:
+            return ProjectMember.objects.filter(
+                workspace__slug=view.workspace_slug,
+                member=request.user,
+                is_active=True,
+            ).exists()
+        ## Only workspace owners or admins can create the projects
+        if request.method == "POST":
+            return WorkspaceMember.objects.filter(
+                workspace__slug=view.workspace_slug,
+                member=request.user,
+                role__in=[Admin, Member],
+                is_active=True,
+            ).exists()
+
+        ## Only Project Admins can update project attributes
+        return ProjectMember.objects.filter(
+            workspace__slug=view.workspace_slug,
+            member=request.user,
+            role__in=[Admin, Member],
+            project_id=view.project_id,
+            is_active=True,
+        ).exists()
+
+
+class ProjectEntityPermission(BasePermission):
+    def has_permission(self, request, view):
+        if request.user.is_anonymous:
+            return False
+
+        ## Safe Methods -> Handle the filtering logic in queryset
+        if request.method in SAFE_METHODS:
+            return ProjectMember.objects.filter(
+                workspace__slug=view.workspace_slug,
+                member=request.user,
+                project_id=view.project_id,
+                is_active=True,
+            ).exists()
+
+        ## Only project members or admins can create and edit the project attributes
+        return ProjectMember.objects.filter(
+            workspace__slug=view.workspace_slug,
+            member=request.user,
+            role__in=[Admin, Member],
+            project_id=view.project_id,
+            is_active=True,
+        ).exists()
+
+
+class ProjectLitePermission(BasePermission):
+    def has_permission(self, request, view):
+        if request.user.is_anonymous:
+            return False
+
+        return ProjectMember.objects.filter(
+            workspace__slug=view.workspace_slug,
+            member=request.user,
+            project_id=view.project_id,
+            is_active=True,
+        ).exists()
--- a/apiserver/plane/app/permissions/workspace.py
+++ b/apiserver/plane/app/permissions/workspace.py
@ -0,0 +1,116 @@
+# Third Party imports
+from rest_framework.permissions import BasePermission, SAFE_METHODS
+
+# Module imports
+from plane.db.models import WorkspaceMember
+
+
+# Permission Mappings
+Owner = 20
+Admin = 15
+Member = 10
+Guest = 5
+
+
+# TODO: Move the below logic to python match - python v3.10
+class WorkSpaceBasePermission(BasePermission):
+    def has_permission(self, request, view):
+        # allow anyone to create a workspace
+        if request.user.is_anonymous:
+            return False
+
+        if request.method == "POST":
+            return True
+
+        ## Safe Methods
+        if request.method in SAFE_METHODS:
+            return True
+
+        # allow only admins and owners to update the workspace settings
+        if request.method in ["PUT", "PATCH"]:
+            return WorkspaceMember.objects.filter(
+                member=request.user,
+                workspace__slug=view.workspace_slug,
+                role__in=[Owner, Admin],
+                is_active=True,
+            ).exists()
+
+        # allow only owner to delete the workspace
+        if request.method == "DELETE":
+            return WorkspaceMember.objects.filter(
+                member=request.user,
+                workspace__slug=view.workspace_slug,
+                role=Owner,
+                is_active=True,
+            ).exists()
+
+
+class WorkspaceOwnerPermission(BasePermission):
+    def has_permission(self, request, view):
+        if request.user.is_anonymous:
+            return False
+
+        return WorkspaceMember.objects.filter(
+            workspace__slug=view.workspace_slug,
+            member=request.user,
+            role=Owner,
+        ).exists()
+
+
+class WorkSpaceAdminPermission(BasePermission):
+    def has_permission(self, request, view):
+        if request.user.is_anonymous:
+            return False
+
+        return WorkspaceMember.objects.filter(
+            member=request.user,
+            workspace__slug=view.workspace_slug,
+            role__in=[Owner, Admin],
+            is_active=True,
+        ).exists()
+
+
+class WorkspaceEntityPermission(BasePermission):
+    def has_permission(self, request, view):
+        if request.user.is_anonymous:
+            return False
+
+        ## Safe Methods -> Handle the filtering logic in queryset
+        if request.method in SAFE_METHODS:
+            return WorkspaceMember.objects.filter(
+                workspace__slug=view.workspace_slug,
+                member=request.user,
+                is_active=True,
+            ).exists()
+
+        return WorkspaceMember.objects.filter(
+            member=request.user,
+            workspace__slug=view.workspace_slug,
+            role__in=[Owner, Admin],
+            is_active=True,
+        ).exists()
+
+
+class WorkspaceViewerPermission(BasePermission):
+    def has_permission(self, request, view):
+        if request.user.is_anonymous:
+            return False
+
+        return WorkspaceMember.objects.filter(
+            member=request.user,
+            workspace__slug=view.workspace_slug,
+            role__gte=10,
+            is_active=True,
+        ).exists()
+
+
+class WorkspaceUserPermission(BasePermission):
+    def has_permission(self, request, view):
+        if request.user.is_anonymous:
+            return False
+
+        return WorkspaceMember.objects.filter(
+            member=request.user,
+            workspace__slug=view.workspace_slug,
+            is_active=True,
+        ).exists()