def post(self, request_id):
# check for request existence
request = permissions.get_request_by_id(self.session, request_id)
if not request:
return self.notfound()
# check that this user should be actioning this request
user_requests, total = permissions.get_requests(
self.session,
status="pending",
limit=None,
offset=0,
owner=self.current_user)
user_request_ids = [ur.id for ur in user_requests.requests]
if request.id not in user_request_ids:
return self.forbidden()
form = PermissionRequestUpdateForm(self.request.arguments)
form.status.choices = self._get_choices(request.status)
if not form.validate():
change_comment_list = [
(sc, user_requests.comment_by_status_change_id[sc.id])
for sc in user_requests.status_change_by_request_id[request.id]
]
return self.render(
"permission-request-update.html",
form=form,
request=request,
change_comment_list=change_comment_list,
statuses=REQUEST_STATUS_CHOICES,
alerts=self.get_form_alerts(form.errors),
)
try:
permissions.update_request(self.session, request,
self.current_user, form.status.data,
form.reason.data)
except UserNotAuditor as e:
alerts = [Alert("danger", str(e))]
change_comment_list = [
(sc, user_requests.comment_by_status_change_id[sc.id])
for sc in user_requests.status_change_by_request_id[request.id]
]
return self.render(
"permission-request-update.html",
form=form,
request=request,
change_comment_list=change_comment_list,
statuses=REQUEST_STATUS_CHOICES,
alerts=alerts,
)
return self.redirect("/permissions/requests?status=pending")
def do_action_requests(session, permissions, users, do_request_perms): # noqa: F811
# Action (approve) the request for PERM_WITH_GRANTER, and
# cancel (deny) the request for PERM_NO_GRANTER.
all_requests = session.query(PermissionRequest)
for request in all_requests:
if request.status == "pending" and request.permission.name == PERM_WITH_GRANTER:
update_request(session, request, users[GRANTING_USER], "actioned", REASON)
if request.status == "pending" and request.permission.name == PERM_NO_GRANTER:
update_request(session, request, users[ADMIN_USER], "cancelled", REASON)
session.commit()
def post(self, request_id):
# check for request existence
request = permissions.get_request_by_id(self.session, request_id)
if not request:
return self.notfound()
# check that this user should be actioning this request
user_requests, total = permissions.get_requests(
self.session, status="pending", limit=None, offset=0, owner=self.current_user
)
user_request_ids = [ur.id for ur in user_requests.requests]
if request.id not in user_request_ids:
return self.forbidden()
form = PermissionRequestUpdateForm(self.request.arguments)
form.status.choices = self._get_choices(request.status)
if not form.validate():
change_comment_list = [
(sc, user_requests.comment_by_status_change_id[sc.id])
for sc in user_requests.status_change_by_request_id[request.id]
]
return self.render(
"permission-request-update.html",
form=form,
request=request,
change_comment_list=change_comment_list,
statuses=REQUEST_STATUS_CHOICES,
alerts=self.get_form_alerts(form.errors),
)
try:
permissions.update_request(
self.session, request, self.current_user, form.status.data, form.reason.data
)
except UserNotAuditor as e:
alerts = [Alert("danger", str(e))]
change_comment_list = [
(sc, user_requests.comment_by_status_change_id[sc.id])
for sc in user_requests.status_change_by_request_id[request.id]
]
return self.render(
"permission-request-update.html",
form=form,
request=request,
change_comment_list=change_comment_list,
statuses=REQUEST_STATUS_CHOICES,
alerts=alerts,
)
return self.redirect("/permissions/requests?status=pending")
def do_action_requests(session, permissions, users,
do_request_perms): # noqa: F811
# Action (approve) the request for PERM_WITH_GRANTER, and
# cancel (deny) the request for PERM_NO_GRANTER.
all_requests = session.query(PermissionRequest)
for request in all_requests:
if request.status == "pending" and request.permission.name == PERM_WITH_GRANTER:
update_request(session, request, users[GRANTING_USER], "actioned",
REASON)
if request.status == "pending" and request.permission.name == PERM_NO_GRANTER:
update_request(session, request, users[ADMIN_USER], "cancelled",
REASON)
session.commit()
def action_permission_requests(setup: SetupTest) -> None:
"""Action (approve) the perm.hasgranter request, cancel (deny) the perm.nogranter request."""
granting_user = User.get(setup.session, name="*****@*****.**")
assert granting_user
admin_user = User.get(setup.session, name="*****@*****.**")
assert admin_user
with setup.transaction():
all_requests = setup.session.query(PermissionRequest)
for request in all_requests:
if request.status == "pending" and request.permission.name == "perm.hasgranter":
update_request(setup.session, request, granting_user, "actioned", "reasons")
if request.status == "pending" and request.permission.name == "perm.nogranter":
update_request(setup.session, request, admin_user, "cancelled", "reasons")