def _is_read_only_and_reason_from_backlog(self, req, backlog): resource = backlog_resource(Key.SPRINT_BACKLOG) if backlog.is_sprint_backlog(): if backlog.sprint().is_closed: return (True, _('Cannot modify sprints that have ended.')) # if sprint backlog: has ended or team member role required elif not (req.perm.has_permission(Action.BACKLOG_EDIT, resource) or req.perm.has_permission(Role.TEAM_MEMBER)): return (True, _('Not enough permissions to modify this sprint.')) # must be a global backlog elif not (req.perm.has_permission(Action.BACKLOG_EDIT, resource) or req.perm.has_permission(Role.PRODUCT_OWNER)): return (True, _('Not enough permissions to modify this backlog.')) return (False, '')
def _assert_can_view_backlog(self, req): scope = req.args.get('scope') or req.args.get('bscope') name = req.args['name'] resource = backlog_resource(Key.SPRINT_BACKLOG, scope, name) req.perm.assert_permission(Action.BACKLOG_VIEW, resource)