def post(self, request_id): # check for request existence request = permissions.get_request_by_id(self.session, request_id) if not request: return self.notfound() # check that this user should be actioning this request user_requests, total = permissions.get_requests( self.session, status="pending", limit=None, offset=0, owner=self.current_user) user_request_ids = [ur.id for ur in user_requests.requests] if request.id not in user_request_ids: return self.forbidden() form = PermissionRequestUpdateForm(self.request.arguments) form.status.choices = self._get_choices(request.status) if not form.validate(): change_comment_list = [ (sc, user_requests.comment_by_status_change_id[sc.id]) for sc in user_requests.status_change_by_request_id[request.id] ] return self.render( "permission-request-update.html", form=form, request=request, change_comment_list=change_comment_list, statuses=REQUEST_STATUS_CHOICES, alerts=self.get_form_alerts(form.errors), ) try: permissions.update_request(self.session, request, self.current_user, form.status.data, form.reason.data) except UserNotAuditor as e: alerts = [Alert("danger", str(e))] change_comment_list = [ (sc, user_requests.comment_by_status_change_id[sc.id]) for sc in user_requests.status_change_by_request_id[request.id] ] return self.render( "permission-request-update.html", form=form, request=request, change_comment_list=change_comment_list, statuses=REQUEST_STATUS_CHOICES, alerts=alerts, ) return self.redirect("/permissions/requests?status=pending")
def do_action_requests(session, permissions, users, do_request_perms): # noqa: F811 # Action (approve) the request for PERM_WITH_GRANTER, and # cancel (deny) the request for PERM_NO_GRANTER. all_requests = session.query(PermissionRequest) for request in all_requests: if request.status == "pending" and request.permission.name == PERM_WITH_GRANTER: update_request(session, request, users[GRANTING_USER], "actioned", REASON) if request.status == "pending" and request.permission.name == PERM_NO_GRANTER: update_request(session, request, users[ADMIN_USER], "cancelled", REASON) session.commit()
def post(self, request_id): # check for request existence request = permissions.get_request_by_id(self.session, request_id) if not request: return self.notfound() # check that this user should be actioning this request user_requests, total = permissions.get_requests( self.session, status="pending", limit=None, offset=0, owner=self.current_user ) user_request_ids = [ur.id for ur in user_requests.requests] if request.id not in user_request_ids: return self.forbidden() form = PermissionRequestUpdateForm(self.request.arguments) form.status.choices = self._get_choices(request.status) if not form.validate(): change_comment_list = [ (sc, user_requests.comment_by_status_change_id[sc.id]) for sc in user_requests.status_change_by_request_id[request.id] ] return self.render( "permission-request-update.html", form=form, request=request, change_comment_list=change_comment_list, statuses=REQUEST_STATUS_CHOICES, alerts=self.get_form_alerts(form.errors), ) try: permissions.update_request( self.session, request, self.current_user, form.status.data, form.reason.data ) except UserNotAuditor as e: alerts = [Alert("danger", str(e))] change_comment_list = [ (sc, user_requests.comment_by_status_change_id[sc.id]) for sc in user_requests.status_change_by_request_id[request.id] ] return self.render( "permission-request-update.html", form=form, request=request, change_comment_list=change_comment_list, statuses=REQUEST_STATUS_CHOICES, alerts=alerts, ) return self.redirect("/permissions/requests?status=pending")
def action_permission_requests(setup: SetupTest) -> None: """Action (approve) the perm.hasgranter request, cancel (deny) the perm.nogranter request.""" granting_user = User.get(setup.session, name="*****@*****.**") assert granting_user admin_user = User.get(setup.session, name="*****@*****.**") assert admin_user with setup.transaction(): all_requests = setup.session.query(PermissionRequest) for request in all_requests: if request.status == "pending" and request.permission.name == "perm.hasgranter": update_request(setup.session, request, granting_user, "actioned", "reasons") if request.status == "pending" and request.permission.name == "perm.nogranter": update_request(setup.session, request, admin_user, "cancelled", "reasons")