def is_admin(group): security = get_service("security") is_admin = current_user in group.admins if not is_admin and "security" in current_app.extensions: is_admin = security.has_role(current_user, "admin") return is_admin
def condition(context: Dict[str, bool]) -> bool: return not current_user.is_anonymous and security.has_role( # pyre-fixme[6]: Expected `Principal` for 1st param but got # `LocalProxy`. current_user, AdminRole, )
def groups(): tab = request.args.get("tab", "all_groups") e = Env() if tab == 'all_groups': e.groups = Group.query.order_by(Group.name).all() if not security.has_role(g.user, "admin"): e.groups = [ group for group in e.groups if group.public or g.user in group.members ] else: e.groups = g.user.groups e.groups.sort(key=lambda x: x.name) return render_template("social/groups.html", **e)
def groups(): tab = request.args.get("tab", "all_groups") if tab == "all_groups": groups = Group.query.order_by(Group.name).all() if not security.has_role(current_user, "admin"): groups = [ group for group in groups if group.public or current_user in group.members ] else: groups = current_user.groups groups.sort(key=lambda x: x.name) return render_template("social/groups.html", groups=groups)
def check_read_access(obj): """ Checks the current user has appropriate read access on the given object. Will raise appropriates errors in case the object doesn't exist (404), or the current user doesn't have read access on the object (403). """ if not obj: raise NotFound() if not security.running: return True if security.has_role(g.user, Admin): return True if repository.has_access(g.user, obj): return True raise Forbidden()
def check_read_access(obj): """Checks the current user has appropriate read access on the given object. Will raise appropriates errors in case the object doesn't exist (404), or the current user doesn't have read access on the object (403). """ if not obj: raise NotFound() if not security.running: return True if security.has_role(current_user, Admin): return True if repository.has_access(current_user, obj): return True raise Forbidden()
def check_manage_access(obj): """ Checks the current user has appropriate manage access on the given object. Will raise appropriates errors in case the object doesn't exist (404), or the current user doesn't have manage access on the object (403). """ if not obj: raise NotFound() if not security.running: return if security.has_role(g.user, Admin): return if (repository.has_access(g.user, obj) and repository.has_permission(g.user, MANAGE, obj)): return raise Forbidden()
def __init__(self, *panels, **kwargs): self.app = None self.panels = [] self.breadcrumb_items = {} self.setup_blueprint() self.nav_root = NavGroup( 'admin', 'root', title=_l(u'Admin'), endpoint=None, condition=lambda context: (not current_user.is_anonymous() and security.has_role(current_user, AdminRole)) ) for panel in panels: self.register_panel(panel) app = kwargs.pop('app', None) if app is not None: self.init_app(app)
def check_manage_access(obj): """Checks the current user has appropriate manage access on the given object. Will raise appropriates errors in case the object doesn't exist (404), or the current user doesn't have manage access on the object (403). """ if not obj: raise NotFound() if not security.running: return if security.has_role(current_user, Admin): return if repository.has_access(current_user, obj) and repository.has_permission( current_user, MANAGE, obj ): return raise Forbidden()
def check_security(): user = current_user._get_current_object() if not security.has_role(user, "admin"): raise Forbidden()
def check_security(): user = unwrap(current_user) if not security.has_role(user, "admin"): raise Forbidden()
def check_security() -> None: user = unwrap(current_user) if not security.has_role(user, "admin"): raise Forbidden()
"documents:folder-listing", "change-owner", _l("Change owner"), icon="user", url="#modal-change-owner", modal=True, permission=MANAGE, ), # Folder left bar actions ########## # view RootFolderAction( "documents:content", "view", _l("List content"), icon="list", condition=(lambda ctx: security.has_role(current_user, "admin")), url=lambda ctx: url_for(".folder_view", folder_id=ctx["object"].id), ), # view FolderAction( "documents:content", "view", _l("List content"), icon="list", url=lambda ctx: url_for(".folder_view", folder_id=ctx["object"].id), ), # Descendants FolderAction( "documents:content", "descendants", _l("View descendants"),
css_class='btn-danger'), FolderButtonAction('documents:folder-listing', 'change-owner', _l(u'Change owner'), icon='user', url='#modal-change-owner', modal=True, permission=MANAGE), # Folder left bar actions ########## # view RootFolderAction( 'documents:content', 'view', _l(u'List content'), icon='list', condition=(lambda ctx: security.has_role(g.user, "admin")), url=lambda ctx: url_for(".folder_view", folder_id=ctx['object'].id), ), # view FolderAction( 'documents:content', 'view', _l(u'List content'), icon='list', url=lambda ctx: url_for(".folder_view", folder_id=ctx['object'].id), ), # Descendants FolderAction( 'documents:content', 'descendants', _l(u'View descendants'),
def condition(context: Dict[str, bool]) -> bool: return not current_user.is_anonymous and security.has_role( current_user, AdminRole)
def condition(context): return not current_user.is_anonymous and security.has_role( current_user, AdminRole )
def check_security(): user = current_user._get_current_object() if not security.has_role(user, "admin"): abort(403)