51 lines
1.5 KiB
Python
51 lines
1.5 KiB
Python
import re
|
|
|
|
from django.utils import timezone
|
|
|
|
from api.utils import get_object
|
|
from users.models import SchoolClass
|
|
|
|
|
|
def set_hidden_for(block, visibility_list):
|
|
for v in visibility_list:
|
|
school_class = get_object(SchoolClass, v.school_class_id)
|
|
if v.hidden:
|
|
block.hidden_for.add(school_class)
|
|
else:
|
|
block.hidden_for.remove(school_class)
|
|
|
|
|
|
def set_visible_for(block, visibility_list):
|
|
for v in visibility_list:
|
|
school_class = get_object(SchoolClass, v.school_class_id)
|
|
if v.hidden:
|
|
block.visible_for.remove(school_class)
|
|
else:
|
|
block.visible_for.add(school_class)
|
|
|
|
|
|
def is_private_api_call_allowed(user, body):
|
|
# logged in users should only be able to access all resources if they have a valid license
|
|
# logged in users without valid license have only access to logout, me & coupon mutations
|
|
|
|
body_unicode = body.decode('utf-8')
|
|
|
|
try:
|
|
if not user.hep_id:
|
|
return True
|
|
except AttributeError:
|
|
return True
|
|
|
|
# logout, me and coupon resources are always allowed. Even if the user has no valid license
|
|
if re.search(r"mutation\s*.*\s*logout\s*{", body_unicode) or re.search(r"query\s*.*\s*me\s*{", body_unicode)\
|
|
or re.search(r"mutation\s*Coupon", body_unicode):
|
|
return True
|
|
|
|
license_expiry = user.license_expiry_date
|
|
|
|
# all other resources are denied if the license is not valid
|
|
if license_expiry is None or license_expiry < timezone.now():
|
|
return False
|
|
|
|
return True
|