def _is_admin_central() -> bool:
current_user = get_current_user()
if not current_user.is_authenticated:
return True
profile = current_user.profile
return profile.has_role(Role.ADMIN_CENTRAL)
def ensure_role(role: Role):
user = get_current_user()
if user.is_anonymous:
return
profile = user.profile
if not profile.has_role(role):
raise Forbidden()
def login():
current_user = get_current_user()
if not current_user.is_authenticated:
if _single_user():
return render_template("auth/single_user.j2")
return render_template("auth/login_cas.j2")
return render_template("auth/redirect.j2")
def _is_admin_local(structure: Structure) -> bool:
current_user = get_current_user()
if not current_user.is_authenticated:
return True
profile = current_user.profile
for ancestor in [structure] + structure.ancestors:
if profile.has_role(Role.ADMIN_LOCAL, ancestor):
return True
return False
def check_permission():
user = get_current_user()
if user.is_anonymous:
raise Forbidden()
profile = user.profile
allowed = False
if profile.has_role(Role.RESPONSABLE, "*"):
allowed = True
if profile.has_role(Role.ADMIN_CENTRAL):
allowed = True
if not allowed:
raise Forbidden()
def switch(app: Flask, request: Request):
user = get_current_user()
if user.is_anonymous:
raise Unauthorized()
profile = user.profile
testing = app.config.get("TESTING", False)
if not testing and not profile.has_role(Role.ADMIN_CENTRAL):
raise Unauthorized()
if request.args:
return do_switch(request.args)
gouvernance = get_users_by_login({"chambaz"})
gestionnaires = get_users_by_login(
{"pulcherie", "boyern", "courtoisi", "sos", "girardv"})
porteurs = get_users_by_login(
{"carapezzi", "duhieu", "lombard", "diasdeamorim", "valdes"})
directeurs = get_users_by_login({
"santiardbaro",
"charretier",
"sciandra",
"mercierc",
"mouchelj",
"stemmann",
})
dri = structure_repo.get_by_sigle("DR&I")
membres_dri = role_service.get_users_with_given_role(
Role.MEMBRE_AFFECTE, dri)
membres_dri = sort_by_name(membres_dri)
membres_dri_logins = [m.login for m in membres_dri if m.active]
membres_dri = get_users_by_login(membres_dri_logins)
groups = [
["Gouvernance", gouvernance],
["Gestionnaires", gestionnaires],
["Porteurs", porteurs],
["Directeurs", directeurs],
["DR&I", membres_dri],
]
return render_template("auth/login.j2", groups=groups)
def _can_be_deleted(self, structure):
if structure.children:
return False
if role_service.get_users_with_given_role(Role.MEMBRE, structure):
return False
# For tests
current_user = get_current_user()
if not current_user.is_authenticated:
return True
profile = current_user.profile
if profile.has_role(Role.ADMIN_CENTRAL):
return True
if structure.type in {DE, EQ}:
if profile.has_role(Role.ADMIN_LOCAL,
structure.parent) or profile.has_role(
Role.ADMIN_LOCAL, structure.parent.parent):
return True
return False