def allowed_actions(user: User) -> List[Action]: ret = [] if user.has_role(Role.APP_ADMINISTRATOR): # King of the world ret.extend([ Action.CREATE_PROJECT, Action.ADMINISTRATE_APP, Action.ADMINISTRATE_USERS ]) else: if user.has_role(Role.PROJECT_CREATOR): ret.append(Action.CREATE_PROJECT) if user.has_role(Role.USERS_ADMINISTRATOR): ret.append(Action.ADMINISTRATE_USERS) return ret
def highest_right_on(user: User, prj_id: int) -> str: """ Return the highest right for this user onto this project. """ # Check if user.has_role(Role.APP_ADMINISTRATOR): # King of the world return ProjectPrivilegeBO.MANAGE else: a_priv: ProjectPrivilege # Collect privileges for user on project rights_on_proj = { a_priv.privilege for a_priv in user.privs_on_projects if a_priv.projid == prj_id } if ProjectPrivilegeBO.MANAGE in rights_on_proj: return ProjectPrivilegeBO.MANAGE elif ProjectPrivilegeBO.ANNOTATE in rights_on_proj: return ProjectPrivilegeBO.ANNOTATE elif ProjectPrivilegeBO.VIEW in rights_on_proj: return ProjectPrivilegeBO.VIEW return ""