def allowed_actions(user: User) -> List[Action]:
ret = []
if user.has_role(Role.APP_ADMINISTRATOR):
# King of the world
ret.extend([
Action.CREATE_PROJECT, Action.ADMINISTRATE_APP,
Action.ADMINISTRATE_USERS
])
else:
if user.has_role(Role.PROJECT_CREATOR):
ret.append(Action.CREATE_PROJECT)
if user.has_role(Role.USERS_ADMINISTRATOR):
ret.append(Action.ADMINISTRATE_USERS)
return ret
def highest_right_on(user: User, prj_id: int) -> str:
"""
Return the highest right for this user onto this project.
"""
# Check
if user.has_role(Role.APP_ADMINISTRATOR):
# King of the world
return ProjectPrivilegeBO.MANAGE
else:
a_priv: ProjectPrivilege
# Collect privileges for user on project
rights_on_proj = {
a_priv.privilege
for a_priv in user.privs_on_projects if a_priv.projid == prj_id
}
if ProjectPrivilegeBO.MANAGE in rights_on_proj:
return ProjectPrivilegeBO.MANAGE
elif ProjectPrivilegeBO.ANNOTATE in rights_on_proj:
return ProjectPrivilegeBO.ANNOTATE
elif ProjectPrivilegeBO.VIEW in rights_on_proj:
return ProjectPrivilegeBO.VIEW
return ""
