def get(self, name=None): # TODO: use cached data instead, add refresh to appropriate redirects. permission = Permission.get(self.session, name) if not permission: return self.notfound() can_change_audit_status = user_is_permission_admin(self.session, self.current_user) can_delete = user_is_permission_admin(self.session, self.current_user) mapped_groups = get_groups_by_permission(self.session, permission) log_entries = get_log_entries_by_permission(self.session, permission) self.render( "permission.html", permission=permission, can_delete=can_delete, mapped_groups=mapped_groups, log_entries=log_entries, can_change_audit_status=can_change_audit_status, )
def get(self, name=None): # TODO: use cached data instead, add refresh to appropriate redirects. permission = Permission.get(self.session, name) if not permission: return self.notfound() can_change_audit_status = user_is_permission_admin( self.session, self.current_user) can_delete = user_is_permission_admin(self.session, self.current_user) mapped_groups = get_groups_by_permission(self.session, permission) log_entries = get_log_entries_by_permission(self.session, permission) self.render( "permission.html", permission=permission, can_delete=can_delete, mapped_groups=mapped_groups, log_entries=log_entries, can_change_audit_status=can_change_audit_status, )
def post(self, user_id=None, name=None): if not user_is_permission_admin(self.session, self.current_user): return self.forbidden() try: disable_permission_auditing(self.session, name, self.current_user.id) except NoSuchPermission: return self.notfound() # No explicit refresh because handler queries SQL. return self.redirect("/permissions/{}".format(name))
def post(self, name=None): if not user_is_permission_admin(self.session, self.current_user): return self.forbidden() try: enable_permission_auditing(self.session, name, self.current_user.id) except NoSuchPermission: return self.notfound() # No explicit refresh because handler queries SQL. return self.redirect("/permissions/{}".format(name))
def post(self, *args: Any, **kwargs: Any) -> None: name = self.get_path_argument("name") if not (user_is_permission_admin(self.session, self.current_user) or user_has_permission(self.session, self.current_user, AUDIT_MANAGER)): return self.forbidden() try: disable_permission_auditing(self.session, name, self.current_user.id) except NoSuchPermission: return self.notfound() # No explicit refresh because handler queries SQL. return self.redirect("/permissions/{}".format(name))