def has_sufficient_tier(held_roles: dict, required_role: str,
required_tier: str) -> bool:
if required_role not in ACCESS_ROLES:
raise RoleNotFoundException(
"Role '{}' not valid".format(required_role))
if required_role in held_roles:
held_tier = held_roles[required_role]
ranked_tiers = ACCESS_ROLES[required_role]
if required_tier == 'any':
return True
if required_tier not in ranked_tiers:
raise TierNotFoundException(
"Required tier {} not recognised for role {}".format(
required_tier, required_role))
has_sufficient = AccessControl._held_tier_meets_required_tier(
held_tier, required_tier, ranked_tiers)
if has_sufficient:
return True
return False
def _held_tier_meets_required_tier(held_tier: str, required_tier: str,
tier_list: list) -> bool:
if held_tier is None:
return False
try:
held_rank = tier_list.index(held_tier)
except ValueError:
raise TierNotFoundException(
"Held tier {} not recognised".format(held_tier))
try:
required_rank = tier_list.index(required_tier)
except ValueError:
raise TierNotFoundException(
"Required tier {} not recognised".format(required_tier))
# SMALLER ranks are more senior
return held_rank <= required_rank
def has_exact_role(held_roles: dict, required_role: str,
required_tier: str) -> bool:
if required_role not in ACCESS_ROLES:
raise RoleNotFoundException(
"Role '{}' not valid".format(required_role))
if required_tier not in ACCESS_ROLES[required_role]:
raise TierNotFoundException(
"Required tier {} not recognised".format(required_tier))
if isinstance(held_roles, dict):
return held_roles.get(required_role) == required_tier
else:
return AccessControl._get_tier_from_role_list(
held_roles, required_role) == required_tier
def set_held_role(self, role: str, tier: Union[str, None]):
if role not in ACCESS_ROLES:
raise RoleNotFoundException("Role '{}' not valid".format(role))
allowed_tiers = ACCESS_ROLES[role]
if tier is not None and tier not in allowed_tiers:
raise TierNotFoundException(
"Tier {} not recognised for role {}".format(tier, role))
if self._held_roles is None:
self._held_roles = {}
if tier is None:
self._held_roles.pop(role, None)
else:
self._held_roles[role] = tier
def set_admin_role_using_tier_string(self, tier):
tier = tier.lower()
if tier not in ALLOWED_ADMIN_TIERS:
raise TierNotFoundException('tier {} not found')
self.is_view = self.is_subadmin = self.is_admin = self.is_superadmin = False
if tier == 'superadmin':
self.is_superadmin = True
elif tier == 'admin':
self.is_admin = True
elif tier == 'subadmin':
self.is_subadmin = True
elif tier == 'view':
self.is_view = True
if self.is_admin:
return 'admin'