Skip to content

Permissions

hypha.apply.funds.permissions

permissions_map module-attribute 

permissions_map = {'submission_view': is_user_has_access_to_view_submission, 'submission_edit': can_edit_submission, 'can_view_submission_screening': can_view_submission_screening, 'archive_alter': can_alter_archived_submissions}

has_permission 

has_permission(action, user, object=None, raise_exception=True)
Source code in hypha/apply/funds/permissions.py 
10
11
12
13
14
15
16
17
def has_permission(action, user, object=None, raise_exception=True):
    value, reason = permissions_map[action](user, object)

    # :todo: cache the permissions based on key action:user_id:object:id
    if raise_exception and not value:
        raise PermissionDenied(reason)

    return value, reason

can_edit_submission 

can_edit_submission(user, submission)
Source code in hypha/apply/funds/permissions.py 
20
21
22
23
24
25
26
27
def can_edit_submission(user, submission):
    if not user.is_authenticated:
        return False, "Login Required"

    if submission.is_archive:
        return False, "Archived Submission"

    return True, ""

delete_submission 

delete_submission(role, user, submission)

Determines if a user has permission to delete a submission.

Permissions are granted if: - User is a Superuser, or StaffAdmin - User has explicit delete_applicationsubmission permission - User is the applicant of the submission and it is in draft state

Source code in hypha/apply/funds/permissions.py 
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
@register_object_checker()
def delete_submission(role, user, submission) -> bool:
    """
    Determines if a user has permission to delete a submission.

    Permissions are granted if:
    - User is a Superuser, or StaffAdmin
    - User has explicit delete_applicationsubmission permission
    - User is the applicant of the submission and it is in draft state
    """
    if role == StaffAdmin:
        return True

    if user.has_perm("funds.delete_applicationsubmission"):
        return True

    # Allow the user to delete their own draft submissions
    if user == submission.user and submission.status == DRAFT_STATE:
        return True

    return False

can_bulk_delete_submissions 

can_bulk_delete_submissions(user)
Source code in hypha/apply/funds/permissions.py 
53
54
55
56
def can_bulk_delete_submissions(user) -> bool:
    if user.is_apply_staff:
        return True
    return False

can_bulk_update_submissions 

can_bulk_update_submissions(user)
Source code in hypha/apply/funds/permissions.py 
59
60
61
62
def can_bulk_update_submissions(user) -> bool:
    if user.is_apply_staff:
        return True
    return False

get_archive_view_groups 

get_archive_view_groups()

Returns a list of groups that can view archived submissions

Source code in hypha/apply/funds/permissions.py 
65
66
67
68
69
70
71
72
73
74
75
76
77
def get_archive_view_groups() -> list:
    """
    Returns a list of groups that can view archived submissions
    """

    archive_access_view_groups = [SUPERADMIN]

    if settings.SUBMISSIONS_ARCHIVED_VIEW_ACCESS_STAFF:
        archive_access_view_groups.append(STAFF_GROUP_NAME)
    if settings.SUBMISSIONS_ARCHIVED_VIEW_ACCESS_STAFF_ADMIN:
        archive_access_view_groups.append(TEAMADMIN_GROUP_NAME)

    return archive_access_view_groups

can_view_archived_submissions 

can_view_archived_submissions(user)

Return a boolean based on if a user can view archived submissions

Source code in hypha/apply/funds/permissions.py 
80
81
82
83
84
85
86
87
88
89
90
def can_view_archived_submissions(user) -> bool:
    """
    Return a boolean based on if a user can view archived submissions
    """
    archive_view_groups = get_archive_view_groups()

    if user.is_apply_staff and STAFF_GROUP_NAME in archive_view_groups:
        return True
    if user.is_apply_staff_admin and TEAMADMIN_GROUP_NAME in archive_view_groups:
        return True
    return False

get_archive_alter_groups 

get_archive_alter_groups()

Returns a list of groups that can archive & unarchive submissions

Source code in hypha/apply/funds/permissions.py 
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
def get_archive_alter_groups() -> list:
    """
    Returns a list of groups that can archive & unarchive submissions
    """

    archive_access_groups = [SUPERADMIN]

    if settings.SUBMISSIONS_ARCHIVED_ACCESS_STAFF:
        archive_access_groups.append(STAFF_GROUP_NAME)
    if settings.SUBMISSIONS_ARCHIVED_ACCESS_STAFF_ADMIN:
        archive_access_groups.append(TEAMADMIN_GROUP_NAME)

    return archive_access_groups

can_alter_archived_submissions 

can_alter_archived_submissions(user, submission=None)

Return a boolean based on if a user can alter archived submissions

Source code in hypha/apply/funds/permissions.py 
108
109
110
111
112
113
114
115
116
117
118
def can_alter_archived_submissions(user, submission=None) -> (bool, str):
    """
    Return a boolean based on if a user can alter archived submissions
    """
    archive_access_groups = get_archive_alter_groups()

    if user.is_apply_staff and STAFF_GROUP_NAME in archive_access_groups:
        return True, "Staff is set to alter archive"
    if user.is_apply_staff_admin and TEAMADMIN_GROUP_NAME in archive_access_groups:
        return True, "Staff Admin is set to alter archive"
    return False, "Forbidden Error"

can_bulk_archive_submissions 

can_bulk_archive_submissions(user)
Source code in hypha/apply/funds/permissions.py 
121
122
123
124
125
def can_bulk_archive_submissions(user) -> bool:
    if can_alter_archived_submissions(user) and can_bulk_delete_submissions(user):
        return True

    return False

can_change_external_reviewers 

can_change_external_reviewers(user, submission)

External reviewers of a submission can be changed by lead and staff.

Staff can only change external reviewers if the GIVE_STAFF_LEAD_PERMS setting is enabled. Superusers can always change external reviewers.

Source code in hypha/apply/funds/permissions.py 
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
def can_change_external_reviewers(user, submission) -> bool:
    """
    External reviewers of a submission can be changed by lead and staff.

    Staff can only change external reviewers if the `GIVE_STAFF_LEAD_PERMS`
    setting is enabled. Superusers can always change external reviewers.
    """
    # check if all submissions have external review enabled
    if not submission.stage.has_external_review:
        return False

    if user.is_superuser:
        return True

    if settings.GIVE_STAFF_LEAD_PERMS and user.is_apply_staff:
        return True

    # only leads can change external reviewers
    if submission.lead.id == user.id:
        return True

    return False

can_access_drafts 

can_access_drafts(user)
Source code in hypha/apply/funds/permissions.py 
152
153
154
155
156
157
def can_access_drafts(user) -> bool:
    if user.is_apply_staff and settings.SUBMISSIONS_DRAFT_ACCESS_STAFF:
        return True
    if user.is_apply_staff_admin and settings.SUBMISSIONS_DRAFT_ACCESS_STAFF_ADMIN:
        return True
    return False

can_export_submissions 

can_export_submissions(user)
Source code in hypha/apply/funds/permissions.py 
160
161
162
163
164
165
def can_export_submissions(user) -> bool:
    if user.is_apply_staff and settings.SUBMISSIONS_EXPORT_ACCESS_STAFF:
        return True
    if user.is_apply_staff_admin and settings.SUBMISSIONS_EXPORT_ACCESS_STAFF_ADMIN:
        return True
    return False

is_user_has_access_to_view_submission 

is_user_has_access_to_view_submission(user, submission)
Source code in hypha/apply/funds/permissions.py 
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
def is_user_has_access_to_view_submission(user, submission):
    if not user.is_authenticated:
        return False, "Login Required"

    if submission.is_archive and not can_view_archived_submissions(user):
        return False, "Archived Submission"

    if user.is_apply_staff or submission.user == user or user.is_reviewer:
        return True, ""

    if user.is_partner and submission.partners.filter(pk=user.pk).exists():
        return True, ""

    if user.is_community_reviewer and submission.community_review:
        return True, ""

    return False, ""

can_view_submission_screening 

can_view_submission_screening(user, submission)
Source code in hypha/apply/funds/permissions.py 
187
188
189
190
191
192
193
def can_view_submission_screening(user, submission):
    submission_view, _ = is_user_has_access_to_view_submission(user, submission)
    if not submission_view:
        return False, "No access to view submission"
    if submission.user == user:
        return False, "Applicant cannot view submission screening"
    return True, ""