def can_view_sensitive_data(cls, user_id, target_type, target_id):
user = User.get(user_id)
if user and user.is_admin:
return True
if target_type == cls.TYPE_TEAM:
team = Team.get(target_id)
return team and team.check_is_admin(user_id)
if target_type in (cls.TYPE_APPLICATION, cls.TYPE_SERVICE,
cls.TYPE_CONFIG, cls.TYPE_SWITCH):
application = Application.get(target_id)
return application and application.check_auth(
Authority.READ, user_id)
return False
def _list_auth(db):
return sorted([{
'auth': auth.authority,
'name': Application.get(auth.application_id).application_name,
'user': User.get(auth.user_id).username,
} for auth in db.query(ApplicationAuth)])
