Skip to content

Permissions

hypha.apply.funds.permissions

permissions_map module-attribute 

permissions_map = {'submission_view': is_user_has_access_to_view_submission, 'submission_edit': can_edit_submission}

has_permission 

has_permission(action, user, object=None, raise_exception=True)
Source code in hypha/apply/funds/permissions.py 
 7
 8
 9
10
11
12
13
14
def has_permission(action, user, object=None, raise_exception=True):
    value, reason = permissions_map[action](user, object)

    # :todo: cache the permissions based on key action:user_id:object:id
    if raise_exception and not value:
        raise PermissionDenied(reason)

    return value, reason

can_edit_submission 

can_edit_submission(user, submission)
Source code in hypha/apply/funds/permissions.py 
17
18
19
20
21
22
23
24
def can_edit_submission(user, submission):
    if not user.is_authenticated:
        return False, "Login Required"

    if submission.is_archive:
        return False, "Archived Submission"

    return True, ""

can_bulk_delete_submissions 

can_bulk_delete_submissions(user)
Source code in hypha/apply/funds/permissions.py 
27
28
29
30
def can_bulk_delete_submissions(user) -> bool:
    if user.is_apply_staff:
        return True
    return False

get_archive_view_groups 

get_archive_view_groups()

Returns a list of groups that can view archived submissions

Source code in hypha/apply/funds/permissions.py 
33
34
35
36
37
38
39
40
41
42
43
44
45
def get_archive_view_groups() -> list:
    """
    Returns a list of groups that can view archived submissions
    """

    archive_access_view_groups = [SUPERADMIN]

    if settings.SUBMISSIONS_ARCHIVED_VIEW_ACCESS_STAFF:
        archive_access_view_groups.append(STAFF_GROUP_NAME)
    if settings.SUBMISSIONS_ARCHIVED_VIEW_ACCESS_STAFF_ADMIN:
        archive_access_view_groups.append(TEAMADMIN_GROUP_NAME)

    return archive_access_view_groups

can_view_archived_submissions 

can_view_archived_submissions(user)

Return a boolean based on if a user can view archived submissions

Source code in hypha/apply/funds/permissions.py 
48
49
50
51
52
53
54
55
56
57
58
def can_view_archived_submissions(user) -> bool:
    """
    Return a boolean based on if a user can view archived submissions
    """
    archive_view_groups = get_archive_view_groups()

    if user.is_apply_staff and STAFF_GROUP_NAME in archive_view_groups:
        return True
    if user.is_apply_staff_admin and TEAMADMIN_GROUP_NAME in archive_view_groups:
        return True
    return False

get_archive_alter_groups 

get_archive_alter_groups()

Returns a list of groups that can archive & unarchive submissions

Source code in hypha/apply/funds/permissions.py 
61
62
63
64
65
66
67
68
69
70
71
72
73
def get_archive_alter_groups() -> list:
    """
    Returns a list of groups that can archive & unarchive submissions
    """

    archive_access_groups = [SUPERADMIN]

    if settings.SUBMISSIONS_ARCHIVED_ACCESS_STAFF:
        archive_access_groups.append(STAFF_GROUP_NAME)
    if settings.SUBMISSIONS_ARCHIVED_ACCESS_STAFF_ADMIN:
        archive_access_groups.append(TEAMADMIN_GROUP_NAME)

    return archive_access_groups

can_alter_archived_submissions 

can_alter_archived_submissions(user)

Return a boolean based on if a user can alter archived submissions

Source code in hypha/apply/funds/permissions.py 
76
77
78
79
80
81
82
83
84
85
86
def can_alter_archived_submissions(user) -> bool:
    """
    Return a boolean based on if a user can alter archived submissions
    """
    archive_access_groups = get_archive_alter_groups()

    if user.is_apply_staff and STAFF_GROUP_NAME in archive_access_groups:
        return True
    if user.is_apply_staff_admin and TEAMADMIN_GROUP_NAME in archive_access_groups:
        return True
    return False

can_bulk_archive_submissions 

can_bulk_archive_submissions(user)
Source code in hypha/apply/funds/permissions.py 
89
90
91
92
93
def can_bulk_archive_submissions(user) -> bool:
    if can_alter_archived_submissions(user) and can_bulk_delete_submissions(user):
        return True

    return False

can_change_external_reviewers 

can_change_external_reviewers(user, submission)

External reviewers of a submission can be changed by lead and staff.

Staff can only change external reviewers if the GIVE_STAFF_LEAD_PERMS setting is enabled. Superusers can always change external reviewers.

Source code in hypha/apply/funds/permissions.py 
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
def can_change_external_reviewers(user, submission) -> bool:
    """
    External reviewers of a submission can be changed by lead and staff.

    Staff can only change external reviewers if the `GIVE_STAFF_LEAD_PERMS`
    setting is enabled. Superusers can always change external reviewers.
    """
    # check if all submissions have external review enabled
    if not submission.stage.has_external_review:
        return False

    if user.is_superuser:
        return True

    if settings.GIVE_STAFF_LEAD_PERMS and user.is_apply_staff:
        return True

    # only leads can change external reviewers
    if submission.lead.id == user.id:
        return True

    return False

can_access_drafts 

can_access_drafts(user)
Source code in hypha/apply/funds/permissions.py 
120
121
122
123
124
125
def can_access_drafts(user):
    if user.is_apply_staff and settings.SUBMISSIONS_DRAFT_ACCESS_STAFF:
        return True
    if user.is_apply_staff_admin and settings.SUBMISSIONS_DRAFT_ACCESS_STAFF_ADMIN:
        return True
    return False

can_export_submissions 

can_export_submissions(user)
Source code in hypha/apply/funds/permissions.py 
128
129
130
131
132
133
def can_export_submissions(user):
    if user.is_apply_staff and settings.SUBMISSIONS_EXPORT_ACCESS_STAFF:
        return True
    if user.is_apply_staff_admin and settings.SUBMISSIONS_EXPORT_ACCESS_STAFF_ADMIN:
        return True
    return False

is_user_has_access_to_view_submission 

is_user_has_access_to_view_submission(user, submission)
Source code in hypha/apply/funds/permissions.py 
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
def is_user_has_access_to_view_submission(user, submission):
    if not user.is_authenticated:
        return False, "Login Required"

    if submission.is_archive and not can_view_archived_submissions(user):
        return False, "Archived Submission"

    if user.is_apply_staff or submission.user == user or user.is_reviewer:
        return True, ""

    if user.is_partner and submission.partners.filter(pk=user.pk).exists():
        return True, ""

    if user.is_community_reviewer and submission.community_review:
        return True, ""

    return False, ""