def is_auditor(instance, **_):
"""Check if user has auditor role on the audit field of the instance"""
# pylint: disable=protected-access
return any(acl for acl in instance.audit.access_control_list
if acl.ac_role.name in "Auditors" and
acl.person == current_user) or \
find_permissions()._is_allowed_for(instance.audit, "update")
def is_allowed_based_on(instance, property_name, action, **_):
"""Check permissions based on permission seted up as attribute instance."""
related_object = getattr(instance, property_name, None)
if related_object is None:
return False
# pylint: disable=protected-access
# This is the proper way of getting permissions, but the function is private
# due to code debt
return find_permissions()._is_allowed_for(related_object, action)
def is_allowed_based_on(instance, property_name, action, **_):
"""Check permissions based on permission seted up as attribute instance."""
related_object = getattr(instance, property_name, None)
if related_object is None:
return False
# pylint: disable=protected-access
# This is the proper way of getting permissions, but the function is private
# due to code debt
return find_permissions()._is_allowed_for(related_object, action)
def is_auditor(instance, **_):
"""Check if user has auditor role on the audit field of the instance"""
# pylint: disable=protected-access
if not hasattr(instance, "audit"):
return False
if find_permissions()._is_allowed_for(instance.audit, "update"):
return True
exists_query = db.session.query(all_models.AccessControlList).join(
all_models.AccessControlRole).filter(
all_models.AccessControlList.person_id == current_user.id,
all_models.AccessControlList.object_type == instance.audit.type,
all_models.AccessControlList.object_id == instance.audit.id,
all_models.AccessControlRole.name == "Auditors",
).exists()
return db.session.query(exists_query).scalar()
def relationship_condition(instance, action, property_name, **_):
if getattr(instance, 'context') is not None:
context_id = getattr(instance.context, 'id')
else:
context_id = None
for prop in property_name.split(','):
obj = getattr(instance, prop)
if context_id is not None and \
getattr(obj, 'context') is not None and \
getattr(obj.context, 'id') == context_id and \
is_allowed_create('Relationship', None, context_id):
return True
# Mapping a person does not require a permission check on the Person object
if isinstance(obj, Person):
continue
if not find_permissions()._is_allowed_for(obj, action):
return False
return True
def is_auditor(instance, **_):
"""Check if user has auditor role on the audit field of the instance"""
# pylint: disable=protected-access
if not hasattr(instance, "audit"):
return False
if find_permissions()._is_allowed_for(instance.audit, "update"):
return True
exists_query = db.session.query(
all_models.AccessControlList
).join(
all_models.AccessControlRole
).filter(
all_models.AccessControlList.person_id == current_user.id,
all_models.AccessControlList.object_type == instance.audit.type,
all_models.AccessControlList.object_id == instance.audit.id,
all_models.AccessControlRole.name == "Auditors",
).exists()
return db.session.query(exists_query).scalar()
def relationship_condition(instance, action, property_name, **_):
if getattr(instance, 'context') is not None:
context_id = getattr(instance.context, 'id')
else:
context_id = None
for prop in property_name.split(','):
obj = getattr(instance, prop)
if context_id is not None and \
getattr(obj, 'context') is not None and \
getattr(obj.context, 'id') == context_id and \
is_allowed_create('Relationship', None, context_id):
return True
# Mapping a person does not require a permission check on the Person object
if isinstance(obj, Person):
continue
if not find_permissions()._is_allowed_for(obj, action):
return False
return True
