a #e @sTddlmZddlmZddlZddlZddlmZd ddZdd d Z d d Z dS))ObjectDoesNotExist) exceptionsN)modelsZ view_projectcCsTz4tjjj|dd}|D]}|j||stqWntyNtYn0|S)ap Django comes with a standard `model level` permission system. You can check whether users are logged-in and have privileges to act on things model wise (can a user add a project? can a user view projects?). Django-guardian adds a `row level` permission system. Now not only can you decide whether a user can add a project or view projects, you can specify exactly which projects a user has or has not access to. This brings up the reason the following function: tasks are part of a project, and it would add a tremendous headache (and redundancy) to specify row level permissions for each task. Instead, we check the row level permissions of the project to which a task belongs to. Perhaps this could be added as a django-rest filter? Retrieves a project and raises an exception if the current user has no access to it. F)pkdeleting) rProjectobjectsgetuserhas_permrrNotFound)request project_pkpermsprojectpermr/webodm/app/api/common.pyget_and_check_projects rFcsdtdkr*|r"tdStdSz(tfdddD}|rN|d7}|WSty|rptdYStdYSYn0d S) zr Adapted from https://stackoverflow.com/questions/29643352/converting-hex-to-rgb-value-in-python/29643643 #)rrr)rrrc3s$|]}t||ddVqdS)N)int).0i hex_colorrr /zhex2rgb..)rr)rN)lstriplentuple ValueError)r with_alphavrrrhex2rgb$s    r)cCsR|j}|durd}tdd|dddd|r6dnd|}tdd|}|S)Nz[^0-9a-zA-Z-_]+ -/z-[-]+)nameresubreplace)taskassetr.filenamerrrget_asset_download_filename9s  .r5)r)F) django.core.exceptionsrrest_frameworkrosr/apprrr)r5rrrrs