1 files changed, 83 insertions, 0 deletions

diff --git a/ishtar_common/utils.py b/ishtar_common/utils.py
index bbed4e8a4..5536bc84b 100644
--- a/ishtar_common/utils.py
+++ b/ishtar_common/utils.py
@@ -414,6 +414,89 @@ class OwnPerms:
     """
     Manage special permissions for object's owner
     """
+    UPPER_PERMISSIONS = []
+
+    @classmethod
+    def _has_permission_query_for_upper_permissions(
+            cls, base_permissions, model, user_id):
+        ProfileType = apps.get_model("ishtar_common", "ProfileType")
+        permissions = list(set([
+            "_".join(permission.codename.split("_")[:-1])
+            + f"_{model._meta.model_name}"
+            for permission in base_permissions
+        ]))
+        q = ProfileType.objects.filter(
+            user_profiles__person__ishtaruser=user_id,
+            groups__permissions__codename__in=permissions
+        )
+        return q, permissions
+
+    @classmethod
+    def get_ids_from_upper_permissions(cls, user_id, base_permissions):
+        if not cls.UPPER_PERMISSIONS:
+            return []
+        UserObjectPermission = apps.get_model("guardian", "UserObjectPermission")
+        item_ids = []
+        full_permissions = []
+        for base_permission in base_permissions:
+            if "_own_" not in base_permission.codename:
+                full_permissions.append(base_permission)
+                continue
+            codename = base_permission.codename.replace("_own", "")
+            try:
+                full_permissions.append(
+                    Permission.objects.get(
+                        codename=codename,
+                        content_type=base_permission.content_type
+                    )
+                )
+            except Permission.DoesNotExist:
+                continue
+        for model, attr in cls.UPPER_PERMISSIONS:
+            if isinstance(model, tuple):
+                app_label, model_name = model
+                model = apps.get_model(app_label, model_name)
+
+            # check if has full permission
+            q_full, __ = cls._has_permission_query_for_upper_permissions(
+                full_permissions, model, user_id
+            )
+            has_full_permission = bool(q_full.count())
+            if has_full_permission:
+                item_ids += cls.objects.filter(
+                    **{f"{attr}__isnull": False}
+                ).values_list("pk", flat=True)
+                continue
+
+            q, permissions = cls._has_permission_query_for_upper_permissions(
+                base_permissions, model, user_id
+            )
+            lst = []
+            if not q.count():
+                # no permissions associated for upstream model get direct attachement
+                lst = model.objects.filter(
+                    ishtar_users__pk=user_id
+                ).values_list("pk", flat=True)
+            else:
+                perms = []
+                for codename in permissions:
+                    perms += [
+                        perm
+                        for perm in Permission.objects.filter(
+                            codename=codename).all()
+                    ]
+                lst = []
+                for permission in perms:
+                    lst += list(
+                        UserObjectPermission.objects.filter(
+                            permission=permission,
+                            user_id=user_id
+                        ).values_list("object_pk", flat=True)
+                    )
+            item_ids += cls.objects.filter(
+                **{f"{attr}__in": lst}
+            ).values_list("pk", flat=True)
+        return list(set(item_ids))
 
     @classmethod
     def get_query_owns(cls, ishtaruser):