def has_explicit_access_to_dashboard(user, obj): # pylint: disable=unused-argument """ Check that if request user has explicit access to `ENTERPRISE_DASHBOARD_ADMIN_ROLE` feature role. Returns: boolean: whether the request user has access or not """ return user_has_access_via_database(user, ENTERPRISE_DASHBOARD_ADMIN_ROLE, EnterpriseFeatureUserRoleAssignment)
def test_user_has_no_access_via_database(self): """ Access check should return false if RoleAssignment does not exist for user """ assert not user_has_access_via_database( self.user, 'coupon-manager', ConcreteUserRoleAssignment, )
def has_explicit_access_to_reporting_api(user, obj): """ Check that if request user has explicit access to `ENTERPRISE_REPORTING_CONFIG_ADMIN_ROLE` feature role. Returns: boolean: whether the request user has access or not """ return user_has_access_via_database( user, ENTERPRISE_REPORTING_CONFIG_ADMIN_ROLE, EnterpriseFeatureUserRoleAssignment, obj)
def has_explicit_access_to_catalog(user, obj): """ Check that if request user has explicit access to `ENTERPRISE_CATALOG_ADMIN_ROLE` feature role. Returns: boolean: whether the request user has access or not """ return user_has_access_via_database(user, ENTERPRISE_CATALOG_ADMIN_ROLE, EnterpriseFeatureUserRoleAssignment, obj)
def request_user_has_refund_access(user): """ Check that if request user has explicit access to `ORDER_MANAGER_ROLE` feature role. Returns: boolean: whether the request user has access or not """ if user.is_authenticated: return user_has_access_via_database(user, ORDER_MANAGER_ROLE, EcommerceFeatureRoleAssignment) return False
def request_user_has_explicit_access(user, context): """ Check that if request user has explicit access to `ENTERPRISE_COUPON_ADMIN_ROLE` feature role. Returns: boolean: whether the request user has access or not """ if not context: return False return user_has_access_via_database(user, ENTERPRISE_COUPON_ADMIN_ROLE, EcommerceFeatureRoleAssignment, context=context)
def test_user_has_access_via_database(self): """ Access check should return true if RoleAssignment exists for user """ ConcreteUserRoleAssignment.objects.create( user=self.user, role=self.role ) assert user_has_access_via_database( self.user, 'coupon-manager', ConcreteUserRoleAssignment, )
def has_explicit_access_to_catalog_learner(user, context): """ Check that if request user has explicit access to `ENTERPRISE_CATALOG_LEARNER_ROLE` feature role. Returns: boolean: whether the request user has access or not """ if not context: return False return user_has_access_via_database( user, ENTERPRISE_CATALOG_LEARNER_ROLE, EnterpriseCatalogRoleAssignment, context, )
def has_explicit_access_to_subscriptions_admin(user, subscription_plan): """ Check that if request user has explicit access to `SUBSCRIPTIONS_ADMIN_ROLE` feature role. Returns: boolean: whether the request user has access. """ if not subscription_plan: return False return user_has_access_via_database( user, constants.SUBSCRIPTIONS_ADMIN_ROLE, SubscriptionsRoleAssignment, str(subscription_plan.enterprise_customer_uuid), )
def test_user_has_access_via_database_with_context(self): """ Access check should return true if RoleAssignment exists for user. This case handles checking if the context matches. """ ConcreteUserRoleAssignment.objects.create( user=self.user, role=self.role ) assert user_has_access_via_database( self.user, 'coupon-manager', ConcreteUserRoleAssignment, 'a-test-context' )
def has_explicit_access_to_classroom_admin(user, school_uuid): """ Check that if request user has explicit access to `SUBSCRIPTIONS_ADMIN_ROLE` feature role. Returns: boolean: whether the request user has access. """ if not school_uuid: return False return user_has_access_via_database( user, constants.CLASSROOM_TEACHER_ROLE, ClassroomRoleAssignment, str(school_uuid), )
def request_user_has_explicit_access(*args, **kwargs): # pylint: disable=unused-argument """ Check that if request user has explicit access to `ENTERPRISE_DATA_ADMIN_ROLE` feature role. Returns: boolean: whether the request user has access or not """ request = crum.get_current_request() __, __, request_kwargs = resolve(request.path) enterprise_id_in_request = request_kwargs.get('enterprise_id') return user_has_access_via_database(request.user, ENTERPRISE_DATA_ADMIN_ROLE, EnterpriseDataRoleAssignment, enterprise_id_in_request)
def request_user_has_explicit_access(user, context): """ Check that if request user has explicit access to `ENTERPRISE_COUPON_ADMIN_ROLE` feature role. Returns: boolean: whether the request user has access or not """ if not waffle.switch_is_active(USE_ROLE_BASED_ACCESS_CONTROL): return True if not context: return False return user_has_access_via_database( user, ENTERPRISE_COUPON_ADMIN_ROLE, EcommerceFeatureRoleAssignment, context=context )
def test_user_has_no_access_via_database_no_context(self): """ Access check should return false if RoleAssignment does not exist for user. This case handles checking if the context matches. """ ConcreteUserRoleAssignmentNoContext.objects.create( user=self.user, role=self.role ) assert not user_has_access_via_database( self.user, 'coupon-manager', ConcreteUserRoleAssignment, 'not_the_right_context' )
def has_explicit_access_to_dashboard(user, obj): """ Check that if request user has explicit access to `ENTERPRISE_DASHBOARD_ADMIN_ROLE` feature role. Params: user: An ``auth.User`` instance. obj: An ``EnterpriseCustomer`` instance. Returns: boolean: whether the request user has access or not """ return user_has_access_via_database( user, ENTERPRISE_DASHBOARD_ADMIN_ROLE, EnterpriseFeatureUserRoleAssignment, obj, )
def test_user_has_access_via_database_with_all_access_context(self): """ Access check should return true if RoleAssignment exists for user. This case handles checking if the role assignement has `ALL_ACCESS_CONTEXT` context. """ ConcreteUserRoleAssignment.objects.create( user=self.user, role=self.role ) with patch('tests.models.ConcreteUserRoleAssignment.get_context', return_value=ALL_ACCESS_CONTEXT): assert user_has_access_via_database( self.user, 'coupon-manager', ConcreteUserRoleAssignment, 'some_context' )
def has_explicit_access_to_subscriptions_learner(user, enterprise_customer_uuid): """ Check that if request user has explicit access to `SUBSCRIPTIONS_LEARNER_ROLE` feature role. Returns: boolean: whether the request user has access. """ if not enterprise_customer_uuid: return False return user_has_access_via_database( user, constants.SUBSCRIPTIONS_LEARNER_ROLE, SubscriptionsRoleAssignment, str(enterprise_customer_uuid), )