From 36bfa92d8bf5864e7d5327ecfcb04d9aceb29ce1 Mon Sep 17 00:00:00 2001
From: Horilla <teamhorilla@gmail.com>
Date: Sat, 16 Dec 2023 09:29:22 +0530
Subject: [PATCH] [ADD] BASE: Decorator to identify owner of record

---
 horilla/decorators.py  | 121 ++++++++++++++++++++++++++++++++---------
 templates/no_perm.html |  39 +++++++++++++
 2 files changed, 135 insertions(+), 25 deletions(-)
 create mode 100644 templates/no_perm.html

diff --git a/horilla/decorators.py b/horilla/decorators.py
index 96fd23f0d..6315f771a 100755
--- a/horilla/decorators.py
+++ b/horilla/decorators.py
@@ -1,94 +1,165 @@
-import logging
+import logging, os
 from urllib.parse import urlencode
-from django.http import HttpResponse,HttpResponseRedirect, Http404
+from django.http import HttpResponse, HttpResponseRedirect, Http404
 from django.core.exceptions import ObjectDoesNotExist
 from django.shortcuts import redirect
 from django.urls import reverse
 from employee.models import Employee, EmployeeWorkInformation
 from django.contrib import messages
 from django.shortcuts import render
+from horilla.settings import TEMPLATES, BASE_DIR
+from horilla import settings
+
 
 logger = logging.getLogger(__name__)
 
+TEMPLATES[0]["DIRS"] = [os.path.join(BASE_DIR, "templates")]
+
+decorator_with_arguments = (
+    lambda decorator: lambda *args, **kwargs: lambda func: decorator(
+        func, *args, **kwargs
+    )
+)
+
+
+def check_manager(employee, instance):
+    try:
+        if isinstance(instance, Employee):
+            return instance.employee_work_info.reporting_manager_id == employee
+        return employee == instance.employee_id.employee_work_info.reporting_manager_id
+    except:
+        return False
+
 
-decorator_with_arguments = lambda decorator: lambda *args, **kwargs: lambda func: decorator(func, *args, **kwargs)
 @decorator_with_arguments
 def permission_required(function, perm):
     def _function(request, *args, **kwargs):
         if request.user.has_perm(perm):
             return function(request, *args, **kwargs)
         else:
-            messages.info(request,'You dont have permission.')
-            return HttpResponseRedirect(request. META. get('HTTP_REFERER', '/'))
+            messages.info(request, "You dont have permission.")
+            return HttpResponseRedirect(request.META.get("HTTP_REFERER", "/"))
 
     return _function
 
 
-decorator_with_arguments = lambda decorator: lambda *args, **kwargs: lambda func: decorator(func, *args, **kwargs)
+decorator_with_arguments = (
+    lambda decorator: lambda *args, **kwargs: lambda func: decorator(
+        func, *args, **kwargs
+    )
+)
+
+
 @decorator_with_arguments
 def delete_permission(function):
     def _function(request, *args, **kwargs):
-        if request.user.has_perm( kwargs["model"]._meta.app_label + ".delete_" +  kwargs["model"]._meta.model_name):
+        if request.user.has_perm(
+            kwargs["model"]._meta.app_label
+            + ".delete_"
+            + kwargs["model"]._meta.model_name
+        ):
             return function(request, *args, **kwargs)
         else:
-            messages.info(request,'You dont have permission for delete.')
-            return HttpResponseRedirect(request. META. get('HTTP_REFERER', '/'))
+            messages.info(request, "You dont have permission for delete.")
+            return HttpResponseRedirect(request.META.get("HTTP_REFERER", "/"))
 
     return _function
 
 
+decorator_with_arguments = (
+    lambda decorator: lambda *args, **kwargs: lambda func: decorator(
+        func, *args, **kwargs
+    )
+)
+
 
-decorator_with_arguments = lambda decorator: lambda *args, **kwargs: lambda func: decorator(func, *args, **kwargs)
 @decorator_with_arguments
 def manager_can_enter(function, perm):
     """
     This method is used to check permission to employee for enter to the function if the employee
     do not have permission also checks, has reporting manager.
     """
+
     def _function(request, *args, **kwargs):
         user = request.user
         employee = Employee.objects.filter(employee_user_id=user).first()
-        is_manager = EmployeeWorkInformation.objects.filter(reporting_manager_id=employee).exists()
+        is_manager = EmployeeWorkInformation.objects.filter(
+            reporting_manager_id=employee
+        ).exists()
         if user.has_perm(perm) or is_manager:
             return function(request, *args, **kwargs)
         else:
-            messages.info(request,'You dont have permission.')
-            return HttpResponseRedirect(request. META. get('HTTP_REFERER', '/'))
+            messages.info(request, "You dont have permission.")
+            return HttpResponseRedirect(request.META.get("HTTP_REFERER", "/"))
+
     return _function
 
 
 def login_required(view_func):
     def wrapped_view(request, *args, **kwargs):
         path = request.path
-        res = path.split('/', 2)[1].capitalize().replace('-',' ').upper()
-        if res =='PMS':
-            res ="Performance"
-        request.session['title'] = res
-        if path == '' or path == '/':
-            request.session['title'] = 'Dashboard'.upper()
+        res = path.split("/", 2)[1].capitalize().replace("-", " ").upper()
+        if res == "PMS":
+            res = "Performance"
+        request.session["title"] = res
+        if path == "" or path == "/":
+            request.session["title"] = "Dashboard".upper()
         if not request.user.is_authenticated:
-            login_url = reverse('login')
+            login_url = reverse("login")
             params = urlencode(request.GET)
-            url = f'{login_url}?next={request.path}'
+            url = f"{login_url}?next={request.path}"
             if params:
-                url += f'&{params}'
+                url += f"&{params}"
             return redirect(url)
         try:
             func = view_func(request, *args, **kwargs)
         except Exception as e:
             logger.exception(e)
-            return render(request,"404.html")
+            if not settings.DEBUG:
+                return render(request,"went_wrong.html")
+            return view_func(request, *args, **kwargs)
         return func
+
     return wrapped_view
 
+
 def hx_request_required(view_func):
     def wrapped_view(request, *args, **kwargs):
-        key = 'HTTP_HX_REQUEST'
+        key = "HTTP_HX_REQUEST"
         if key not in request.META.keys():
-            return HttpResponse('method not allowed...')
+            return HttpResponse("method not allowed...")
         return view_func(request, *args, **kwargs)
+
     return wrapped_view
 
 
+@decorator_with_arguments
+def owner_can_enter(function, perm: str, model: object, manager_access=False):
+    """
+    Only the users with permission, or the owner, or employees manager can enter,
+    If manager_access:True then all the managers can enter
+    """
 
+    def _function(request, *args, **kwargs):
+        instance_id = kwargs[list(kwargs.keys())[0]]
+        if model == Employee:
+            employee = Employee.objects.get(id=instance_id)
+        else:
+            employee = model.objects.get(id=instance_id).employee_id
+        can_enter = (
+            request.user.employee_get == employee
+            or request.user.has_perm(perm)
+            or check_manager(request.user.employee_get, employee)
+            or (
+                EmployeeWorkInformation.objects.filter(
+                    reporting_manager_id__employee_user_id=request.user
+                ).exists()
+                if manager_access
+                else False
+            )
+        )
+        if can_enter:
+            return function(request, *args, **kwargs)
+        return render(request, "no_perm.html")
 
+    return _function
diff --git a/templates/no_perm.html b/templates/no_perm.html
new file mode 100644
index 000000000..91b5696f6
--- /dev/null
+++ b/templates/no_perm.html
@@ -0,0 +1,39 @@
+{% load static %}
+<!DOCTYPE html>
+<html lang="en">
+  <head>
+    <meta charset="UTF-8" />
+    <meta http-equiv="X-UA-Compatible" content="IE=edge" />
+    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
+    <title>Page Not Found - Horilla</title>
+    <link rel="stylesheet" href="/static/build/css/style.min.css" />
+
+  </head>
+
+  <body>
+    <div
+      class="oh-wrapper-main"
+    >
+      <div
+        id="sidebar"
+    
+      ></div>
+      <div id="main">
+        <!-- Navigation -->
+        <div id="mainNav"></div>
+        <!-- End of Navigation -->
+        <main :class="sidebarOpen ? 'oh-main__sidebar-visible' : ''">
+
+          <div class="oh-wrapper">
+            <div class="oh-404">
+                <img src="{% static 'images/ui/not-found.svg' %}" class="oh-404__image" alt="Page not found. 404."/>
+                <h1 class="oh-404__title">Access Denied.</h1>
+                <p class="oh-404__subtitle">The page you were looking for could not be found.</p>
+            </div>
+          </div>
+        </main>
+      </div>
+    </div>
+
+  </body>
+</html>
\ No newline at end of file