def is_auditor(instance, **_): """Check if user has auditor role on the audit field of the instance""" # pylint: disable=protected-access return any(acl for acl in instance.audit.access_control_list if acl.ac_role.name in "Auditors" and acl.person == current_user) or \ find_permissions()._is_allowed_for(instance.audit, "update")
def is_allowed_based_on(instance, property_name, action, **_): """Check permissions based on permission seted up as attribute instance.""" related_object = getattr(instance, property_name, None) if related_object is None: return False # pylint: disable=protected-access # This is the proper way of getting permissions, but the function is private # due to code debt return find_permissions()._is_allowed_for(related_object, action)
def is_auditor(instance, **_): """Check if user has auditor role on the audit field of the instance""" # pylint: disable=protected-access if not hasattr(instance, "audit"): return False if find_permissions()._is_allowed_for(instance.audit, "update"): return True exists_query = db.session.query(all_models.AccessControlList).join( all_models.AccessControlRole).filter( all_models.AccessControlList.person_id == current_user.id, all_models.AccessControlList.object_type == instance.audit.type, all_models.AccessControlList.object_id == instance.audit.id, all_models.AccessControlRole.name == "Auditors", ).exists() return db.session.query(exists_query).scalar()
def relationship_condition(instance, action, property_name, **_): if getattr(instance, 'context') is not None: context_id = getattr(instance.context, 'id') else: context_id = None for prop in property_name.split(','): obj = getattr(instance, prop) if context_id is not None and \ getattr(obj, 'context') is not None and \ getattr(obj.context, 'id') == context_id and \ is_allowed_create('Relationship', None, context_id): return True # Mapping a person does not require a permission check on the Person object if isinstance(obj, Person): continue if not find_permissions()._is_allowed_for(obj, action): return False return True
def is_auditor(instance, **_): """Check if user has auditor role on the audit field of the instance""" # pylint: disable=protected-access if not hasattr(instance, "audit"): return False if find_permissions()._is_allowed_for(instance.audit, "update"): return True exists_query = db.session.query( all_models.AccessControlList ).join( all_models.AccessControlRole ).filter( all_models.AccessControlList.person_id == current_user.id, all_models.AccessControlList.object_type == instance.audit.type, all_models.AccessControlList.object_id == instance.audit.id, all_models.AccessControlRole.name == "Auditors", ).exists() return db.session.query(exists_query).scalar()