def evaluate_mapping_permission(
project_id: int, user_id: int, mapping_permission: int
):
allowed_roles = [
TeamRoles.MAPPER.value,
TeamRoles.VALIDATOR.value,
TeamRoles.PROJECT_MANAGER.value,
]
is_team_member = TeamService.check_team_membership(
project_id, allowed_roles, user_id
)
# mapping_permission = 1(level),2(teams),3(teamsAndLevel)
if mapping_permission == MappingPermission.TEAMS.value:
if not is_team_member:
return False, MappingNotAllowed.USER_NOT_TEAM_MEMBER
elif mapping_permission == MappingPermission.LEVEL.value:
if not ProjectService._is_user_intermediate_or_advanced(user_id):
return False, MappingNotAllowed.USER_NOT_CORRECT_MAPPING_LEVEL
elif mapping_permission == MappingPermission.TEAMS_LEVEL.value:
if not ProjectService._is_user_intermediate_or_advanced(user_id):
return False, MappingNotAllowed.USER_NOT_CORRECT_MAPPING_LEVEL
if not is_team_member:
return False, MappingNotAllowed.USER_NOT_TEAM_MEMBER
def get_project_dto_for_mapper(
project_id, current_user_id, locale="en", abbrev=False
) -> ProjectDTO:
"""
Get the project DTO for mappers
:param project_id: ID of the Project mapper has requested
:param locale: Locale the mapper has requested
:raises ProjectServiceError, NotFound
"""
project = ProjectService.get_project_by_id(project_id)
# if project is public and is not draft, we don't need to check permissions
if not project.private and not project.status == ProjectStatus.DRAFT.value:
return project.as_dto_for_mapping(current_user_id, locale, abbrev)
is_allowed_user = True
is_team_member = None
is_manager_permission = False
if current_user_id:
is_manager_permission = ProjectAdminService.is_user_action_permitted_on_project(
current_user_id, project_id
)
# Draft Projects - admins, authors, org admins & team managers permitted
if project.status == ProjectStatus.DRAFT.value:
if not is_manager_permission:
is_allowed_user = False
raise ProjectServiceError("Unable to fetch project")
# Private Projects - allowed_users, admins, org admins &
# assigned teams (mappers, validators, project managers), authors permitted
if project.private and not is_manager_permission:
is_allowed_user = False
if current_user_id:
is_allowed_user = (
len(
[
user
for user in project.allowed_users
if user.id == current_user_id
]
)
> 0
)
if not (is_allowed_user or is_manager_permission):
if current_user_id:
allowed_roles = [
TeamRoles.MAPPER.value,
TeamRoles.VALIDATOR.value,
TeamRoles.PROJECT_MANAGER.value,
]
is_team_member = TeamService.check_team_membership(
project_id, allowed_roles, current_user_id
)
if is_allowed_user or is_manager_permission or is_team_member:
return project.as_dto_for_mapping(current_user_id, locale, abbrev)
else:
raise ProjectServiceError("Unable to fetch project")
def post_message(chat_dto: ChatMessageDTO, project_id: int,
authenticated_user_id: int) -> ProjectChatDTO:
""" Save message to DB and return latest chat"""
current_app.logger.debug("Posting Chat Message")
if UserService.is_user_blocked(authenticated_user_id):
raise ValueError("User is on read only mode")
project = ProjectService.get_project_by_id(project_id)
is_allowed_user = True
is_manager_permission = ProjectAdminService.is_user_action_permitted_on_project(
authenticated_user_id, project_id)
is_team_member = False
# Draft (public/private) accessible only for is_manager_permission
if (ProjectStatus(project.status) == ProjectStatus.DRAFT
and not is_manager_permission):
raise ValueError("User not permitted to post Comment")
if project.private:
is_allowed_user = False
if not is_manager_permission:
allowed_roles = [
TeamRoles.PROJECT_MANAGER.value,
TeamRoles.VALIDATOR.value,
TeamRoles.MAPPER.value,
]
is_team_member = TeamService.check_team_membership(
project_id, allowed_roles, authenticated_user_id)
if not is_team_member:
is_allowed_user = (len([
user for user in project.allowed_users
if user.id == authenticated_user_id
]) > 0)
if is_manager_permission or is_team_member or is_allowed_user:
chat_message = ProjectChat.create_from_dto(chat_dto)
MessageService.send_message_after_chat(chat_dto.user_id,
chat_message.message,
chat_dto.project_id)
db.session.commit()
# Ensure we return latest messages after post
return ProjectChat.get_messages(chat_dto.project_id, 1)
else:
raise ValueError("User not permitted to post Comment")
def evaluate_validation_permission(
project_id: int, user_id: int, validation_permission: int
):
allowed_roles = [TeamRoles.VALIDATOR.value, TeamRoles.PROJECT_MANAGER.value]
is_team_member = TeamService.check_team_membership(
project_id, allowed_roles, user_id
)
# validation_permission = 1(level),2(teams),3(teamsAndLevel)
if validation_permission == ValidationPermission.TEAMS.value:
if not is_team_member:
return False, ValidatingNotAllowed.USER_NOT_TEAM_MEMBER
elif validation_permission == ValidationPermission.LEVEL.value:
if not ProjectService._is_user_intermediate_or_advanced(user_id):
return False, ValidatingNotAllowed.USER_IS_BEGINNER
elif validation_permission == ValidationPermission.TEAMS_LEVEL.value:
if not ProjectService._is_user_intermediate_or_advanced(user_id):
return False, ValidatingNotAllowed.USER_IS_BEGINNER
if not is_team_member:
return False, ValidatingNotAllowed.USER_NOT_TEAM_MEMBER
def is_user_action_permitted_on_project(authenticated_user_id: int,
project_id: int) -> bool:
""" Is user action permitted on project"""
project = Project.get(project_id)
author_id = project.author_id
allowed_roles = [TeamRoles.PROJECT_MANAGER.value]
is_admin = UserService.is_user_an_admin(authenticated_user_id)
is_author = UserService.is_user_the_project_author(
authenticated_user_id, author_id)
is_org_manager = False
is_manager_team = False
if not (is_admin or is_author):
if hasattr(project, "organisation_id") and project.organisation_id:
org_id = project.organisation_id
is_org_manager = OrganisationService.is_user_an_org_manager(
org_id, authenticated_user_id)
if not is_org_manager:
is_manager_team = TeamService.check_team_membership(
project_id, allowed_roles, authenticated_user_id)
return is_admin or is_author or is_org_manager or is_manager_team