@rules.predicate def has_change_permissions(db_user, db_job): db_task = db_job.segment.task # A job can be annotated by any user if the task's assignee is None. has_rights = (db_task.assignee is None and not settings.RESTRICTIONS['reduce_task_visibility']) or is_task_assignee(db_user, db_task) if db_job.assignee is not None: has_rights |= (db_user == db_job.assignee) and (db_job.status == 'annotation') if db_job.reviewer is not None: has_rights |= (db_user == db_job.reviewer) and (db_job.status == 'validation') return has_rights rules.add_perm('engine.job.change', has_admin_role | is_job_owner | has_change_permissions) class TaskChangePermission(BasePermission): # pylint: disable=no-self-use def has_object_permission(self, request, view, obj): return request.user.has_perm('engine.task.change', obj)